A company is implementing an application on Amazon EC2 instances.

The application
needs to process incoming transactions. When the application detects a transaction that is
not valid, the application must send a chat message to the company's support team. To
send the message, the application needs to retrieve the access token to authenticate by
using the chat API.
A developer needs to implement a solution to store the access token. The access token
must be encrypted at rest and in transit. The access token must also be accessible from
other AWS accounts.
Which solution will meet these requirements with the LEAST management overhead?

 A. Use an AWS Systems Manager Parameter Store SecureString parameter that uses
an AWS Key Management Service (AWS KMS) AWS managed key to store the access
token. Add a resource-based policy to the parameter to allow access from other
accounts. Update the IAM role of the EC2 instances with permissions to access
Parameter Store. Retrieve the token from Parameter Store with the decrypt flag
enabled. Use the decrypted access token to send the message to the chat.

 B. Encrypt the access token by using an AWS Key Management Service (AWS KMS)
customer managed key. Store the access token in an Amazon DynamoDB table.
Update the IAM role of the EC2 instances with permissions to access DynamoDB
and AWS KMS. Retrieve the token from DynamoDDecrypt the token by using AWS
KMS on the EC2 instances. Use the decrypted access token to send the message to
the chat.

 C. Use AWS Secrets Manager with an AWS Key Management Service (AWS KMS)
customer managed key to store the access token. Add a resource-based policy to
the secret to allow access from other accounts. Update the IAM role of the EC2
instances with permissions to access Secrets Manager. Retrieve the token from
Secrets Manager. Use the decrypted access token to send the message to the
chat. Most Voted

 D. Encrypt the access token by using an AWS Key Management Service (AWS KMS)
AWS managed key. Store the access token in an Amazon S3 bucket. Add a bucket
policy to the S3 bucket to allow access from other accounts. Update the IAM role of
the EC2 instances with permissions to access Amazon S3 and AWS KMS. Retrieve
the token from the S3 bucket. Decrypt the token by using AWS KMS on the EC2
instances. Use the decrypted access token to send the massage to the chat.

Hide Solution Discussion 45

Correct Answer: C 🗳

Community vote distribution

C (86%)

9%

Question #2Topic 1

A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs
to implement an application that collects all the lifecycle events of the EC2 instances. The
application needs to store the lifecycle events in a single Amazon Simple Queue Service
(Amazon SQS) queue in the company's main AWS account for further processing.
Which solution will meet these requirements?

 A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all
accounts to the Amazon EventBridge event bus of the main account. Add an
EventBridge rule to the event bus of the main account that matches all EC2 instance
lifecycle events. Add the SQS queue as a target of the rule.

 B. Use the resource policies of the SQS queue in the main account to give each
account permissions to write to that SQS queue. Add to the Amazon EventBridge
event bus of each account an EventBridge rule that matches all EC2 instance
lifecycle events. Add the SQS queue in the main account as a target of the rule.

 C. Write an AWS Lambda function that scans through all EC2 instances in the
company accounts to detect EC2 instance lifecycle changes. Configure the Lambda
function to write a notification message to the SQS queue in the main account if the
function detects an EC2 instance lifecycle change. Add an Amazon EventBridge
scheduled rule that invokes the Lambda function every minute.

 D. Configure the permissions on the main account event bus to receive events from
all accounts. Create an Amazon EventBridge rule in each account to send all the
EC2 instance lifecycle events to the main account event bus. Add an EventBridge
rule to the main account event bus that matches all EC2 instance lifecycle events.
Set the SQS queue as a target for the rule. Most Voted

Hide Solution Discussion 21

Correct Answer: D 🗳
Community vote distribution

D (81%)

Other

Question #3Topic 1

An application is using Amazon Cognito user pools and identity pools for secure access. A
developer wants to integrate the user-specific file upload and download features in the
application with Amazon S3. The developer must ensure that the files are saved and
retrieved in a secure manner and that users can access only their own files. The file sizes
range from 3 KB to 300 MB.
Which option will meet these requirements with the HIGHEST level of security?

 A. Use S3 Event Notifications to validate the file upload and download requests and
update the user interface (UI).

 B. Save the details of the uploaded files in a separate Amazon DynamoDB table.
Filter the list of files in the user interface (UI) by comparing the current user ID with
the user ID associated with the file in the table.

 C. Use Amazon API Gateway and an AWS Lambda function to upload and download
files. Validate each request in the Lambda function before performing the requested
operation.

 D. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to
use their own folders in Amazon S3. Most Voted

Hide Solution Discussion 14

Correct Answer: D 🗳

Community vote distribution

D (91%)

4%

Question #4Topic 1

A company is building a scalable data management solution by using AWS services to

improve the speed and agility of development. The solution will ingest large volumes of
data from various sources and will process this data through multiple business rules and
transformations.
The solution requires business rules to run in sequence and to handle reprocessing of data
if errors occur when the business rules run. The company needs the solution to be scalable
and to require the least possible maintenance.
Which AWS service should the company use to manage and automate the orchestration of
the data flows to meet these requirements?

 A. AWS Batch

 B. AWS Step Functions Most Voted

 C. AWS Glue

 D. AWS Lambda

Hide Solution Discussion 36

Correct Answer: B 🗳

Community vote distribution

B (88%)

6%

Question #5Topic 1

A developer has created an AWS Lambda function that is written in Python. The Lambda
function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB
table. The function is successfully invoked from an S3 event notification when an object is
created. However, the function fails when it attempts to write to the DynamoDB table.
What is the MOST likely cause of this issue?

 A. The Lambda function's concurrency limit has been exceeded.

 B. DynamoDB table requires a global secondary index (GSI) to support writes.

 C. The Lambda function does not have IAM permissions to write to

DynamoDB. Most Voted

 D. The DynamoDB table is not running in the same Availability Zone as the Lambda
function.

Hide Solution Discussion 31

Correct Answer: C 🗳
Community vote distribution

C (100%)

Question #6Topic 1

A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances

across multiple AWS accounts. The developer must choose the EC2 instances from a list of
approved instance types.
How can the developer incorporate the list of approved instance types in the
CloudFormation template?

 A. Create a separate CloudFormation template for each EC2 instance type in the
list.

 B. In the Resources section of the CloudFormation template, create resources for

each EC2 instance type in the list.

 C. In the CloudFormation template, create a separate parameter for each EC2

instance type in the list.

 D. In the CloudFormation template, create a parameter with the list of EC2 instance
types as AllowedValues. Most Voted

Hide Solution Discussion 16

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #7Topic 1

A developer has an application that makes batch requests directly to Amazon DynamoDB
by using the BatchGetItem low-level API operation. The responses frequently return values
in the UnprocessedKeys element.
Which actions should the developer take to increase the resiliency of the application when
the batch response includes values in UnprocessedKeys? (Choose two.)

 A. Retry the batch operation immediately.

 B. Retry the batch operation with exponential backo and randomized delay. Most
Voted
  C. Update the application to use an AWS software development kit (AWS SDK) to
make the requests.

 D. Increase the provisioned read capacity of the DynamoDB tables that the
operation accesses. Most Voted

 E. Increase the provisioned write capacity of the DynamoDB tables that the
operation accesses.

Hide Solution Discussion 59

Correct Answer: BD 🗳

Community vote distribution

BD (59%)

BC (38%)

3%

Question #8Topic 1

A company is running a custom application on a set of on-premises Linux servers that are
accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test
stage.
How can a developer enable X-Ray tracing on the on-premises servers with the LEAST
amount of configuration?

 A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the
data to the X-Ray service.

 B. Install and run the X-Ray daemon on the on-premises servers to capture and relay
the data to the X-Ray service. Most Voted

 C. Capture incoming requests on-premises and configure an AWS Lambda function

to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API
call.

 D. Capture incoming requests on-premises and configure an AWS Lambda function

to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API
call.

Hide Solution Discussion 14

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #9Topic 1

A company wants to share information with a third party. The third party has an HTTP API
endpoint that the company can use to share the information. The company has the
required API key to access the HTTP API.
The company needs a way to manage the API key by using code. The integration of the API
key with the application code cannot a ect application performance.
Which solution will meet these requirements MOST securely?

 A. Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at
runtime by using the AWS SDK. Use the credentials to make the API call. Most
Voted

 B. Store the API credentials in a local code variable. Push the code to a secure Git
repository. Use the local code variable at runtime to make the API call.

 C. Store the API credentials as an object in a private Amazon S3 bucket. Restrict

access to the S3 object by using IAM policies. Retrieve the API credentials at
runtime by using the AWS SDK. Use the credentials to make the API call.

 D. Store the API credentials in an Amazon DynamoDB table. Restrict access to the
table by using resource-based policies. Retrieve the API credentials at runtime by
using the AWS SDK. Use the credentials to make the API call.

Hide Solution Discussion 32

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #10Topic 1

A developer is deploying a new application to Amazon Elastic Container Service (Amazon

ECS). The developer needs to securely store and retrieve di erent types of variables. These
variables include authentication information for a remote API, the URL for the API, and
credentials. The authentication information and API URL must be available to all current
and future deployed versions of the application across development, testing, and
production environments.
How should the developer retrieve the variables with the FEWEST application changes?

 A. Update the application to retrieve the variables from AWS Systems Manager
Parameter Store. Use unique paths in Parameter Store for each variable in each
environment. Store the credentials in AWS Secrets Manager in each
environment. Most Voted

 B. Update the application to retrieve the variables from AWS Key Management
Service (AWS KMS). Store the API URL and credentials as unique keys for each
environment.

 C. Update the application to retrieve the variables from an encrypted file that is
stored with the application. Store the API URL and credentials in unique files for
each environment.

 D. Update the application to retrieve the variables from each of the deployed
environments. Define the authentication information and API URL in the ECS task
definition as unique names during the deployment process.

Hide Solution Discussion 16

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #11Topic 1

A company is migrating legacy internal applications to AWS. Leadership wants to rewrite

the internal employee directory to use native AWS services. A developer needs to create a
solution for storing employee contact details and high-resolution photos for use with the
new application.
Which solution will enable the search and retrieval of each employee's individual details
and high-resolution photos using AWS APIs?

 A. Encode each employee's contact information and photos using Base64. Store the
information in an Amazon DynamoDB table using a sort key.
  B. Store each employee's contact information in an Amazon DynamoDB table along
with the object keys for the photos stored in Amazon S3. Most Voted

 C. Use Amazon Cognito user pools to implement the employee directory in a fully
managed software-as-a-service (SaaS) method.

 D. Store employee contact information in an Amazon RDS DB instance with the

photos stored in Amazon Elastic File System (Amazon EFS).

Hide Solution Discussion 11

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #12Topic 1

A developer is creating an application that will give users the ability to store photos from
their cellphones in the cloud. The application needs to support tens of thousands of users.
The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda
functions to process the photos. The application stores details about the photos in Amazon
DynamoDB.
Users need to create an account to access the application. In the application, users must
be able to upload photos and retrieve previously uploaded photos. The photos will range in
size from 300 KB to 5 MB.
Which solution will meet these requirements with the LEAST operational overhead?

 A. Use Amazon Cognito user pools to manage user accounts. Create an Amazon
Cognito user pool authorizer in API Gateway to control access to the API. Use the
Lambda function to store the photos and details in the DynamoDB table. Retrieve
previously uploaded photos directly from the DynamoDB table.

 B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon
Cognito user pool authorizer in API Gateway to control access to the API. Use the
Lambda function to store the photos in Amazon S3. Store the object's S3 key as part
of the photo details in the DynamoDB table. Retrieve previously uploaded photos by
querying DynamoDB for the S3 key. Most Voted

 C. Create an IAM user for each user of the application during the sign-up process.
Use IAM authentication to access the API Gateway API. Use the Lambda function to
store the photos in Amazon S3. Store the object's S3 key as part of the photo details
 in the DynamoDB table. Retrieve previously uploaded photos by querying
DynamoDB for the S3 key.

 D. Create a users table in DynamoDB. Use the table to manage user accounts.
Create a Lambda authorizer that validates user credentials against the users table.
Integrate the Lambda authorizer with API Gateway to control access to the API. Use
the Lambda function to store the photos in Amazon S3. Store the object's S3 key as
par of the photo details in the DynamoDB table. Retrieve previously uploaded
photos by querying DynamoDB for the S3 key.

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #13Topic 1

A company receives food orders from multiple partners. The company has a microservices
application that uses Amazon API Gateway APIs with AWS Lambda integration. Each
partner sends orders by calling a customized API that is exposed through API Gateway. The
API call invokes a shared Lambda function to process the orders.
Partners need to be notified after the Lambda function processes the orders. Each partner
must receive updates for only the partner's own orders. The company wants to add new
partners in the future with the fewest code changes possible.
Which solution will meet these requirements in the MOST scalable way?

 A. Create a di erent Amazon Simple Notification Service (Amazon SNS) topic for
each partner. Configure the Lambda function to publish messages for each partner
to the partner's SNS topic.

 B. Create a di erent Lambda function for each partner. Configure the Lambda
function to notify each partner's service endpoint directly.

 C. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the
Lambda function to publish messages with specific attributes to the SNS topic.
Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the
topic subscriptions. Most Voted

 D. Create one Amazon Simple Notification Service (Amazon SNS) topic. Subscribe
all partners to the SNS topic.
Hide Solution Discussion 27

Correct Answer: C 🗳

Community vote distribution

C (78%)

A (22%)

Question #14Topic 1

A financial company must store original customer records for 10 years for legal reasons. A
complete record contains personally identifiable information (PII). According to local
regulations, PII is available to only certain people in the company and must not be shared
with third parties. The company needs to make the records available to third-party
organizations for statistical analysis without sharing the PII.
A developer wants to store the original immutable record in Amazon S3. Depending on who
accesses the S3 document, the document should be returned as is or with all the PII
removed. The developer has written an AWS Lambda function to remove the PII from the
document. The function is named removePii.
What should the developer do so that the company can meet the PII requirements while
maintaining only one copy of the document?

 A. Set up an S3 event notification that invokes the removePii function when an S3

GET request is made. Call Amazon S3 by using a GET request to access the object
without PII.

 B. Set up an S3 event notification that invokes the removePii function when an S3

PUT request is made. Call Amazon S3 by using a PUT request to access the object
without PII.

 C. Create an S3 Object Lambda access point from the S3 console. Select the
removePii function. Use S3 Access Points to access the object without PII. Most
Voted

 D. Create an S3 access point from the S3 console. Use the access point name to
call the GetObjectLegalHold S3 API function. Pass in the removePii function name
to access the object without PII.

Hide Solution Discussion 12

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #15Topic 1

A developer is deploying an AWS Lambda function The developer wants the ability to return
to older versions of the function quickly and seamlessly.
How can the developer achieve this goal with the LEAST operational overhead?

 A. Use AWS OpsWorks to perform blue/green deployments.

 B. Use a function alias with di erent versions. Most Voted

 C. Maintain deployment packages for older versions in Amazon S3.

 D. Use AWS CodePipeline for deployments and rollbacks.

Hide Solution Discussion 8

Correct Answer: B 🗳

Community vote distribution

B (94%)

6%

Question #16Topic 1

A developer has written an AWS Lambda function. The function is CPU-bound. The
developer wants to ensure that the function returns responses quickly.
How can the developer improve the function's performance?

 A. Increase the function's CPU core count.

 B. Increase the function's memory. Most Voted

 C. Increase the function's reserved concurrency.

 D. Increase the function's timeout.

Hide Solution Discussion 15

Correct Answer: B 🗳

Community vote distribution

B (98%)

2%

Question #17Topic 1

For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place
deployments?

 A. BeforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall

 B. ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart Most Voted

 C. BeforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart

 D. ApplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart

Hide Solution Discussion 26

Correct Answer: B 🗳

Community vote distribution

B (88%)

12%

Question #18Topic 1

A company is building a serverless application on AWS. The application uses an AWS

Lambda function to process customer orders 24 hours a day, 7 days a week. The Lambda
function calls an external vendor's HTTP API to process payments.
During load tests, a developer discovers that the external vendor payment processing API
occasionally times out and returns errors. The company expects that some payment
processing API calls will return errors.
The company wants the support team to receive notifications in near real time only when
the payment processing external API error rate exceed 5% of the total number of
transactions in an hour. Developers need to use an existing Amazon Simple Notification
Service (Amazon SNS) topic that is configured to notify the support team.
Which solution will meet these requirements?
  A. Write the results of payment processing API calls to Amazon CloudWatch. Use
Amazon CloudWatch Logs Insights to query the CloudWatch logs. Schedule the
Lambda function to check the CloudWatch logs and notify the existing SNS topic.

 B. Publish custom metrics to CloudWatch that record the failures of the external
payment processing API calls. Configure a CloudWatch alarm to notify the existing
SNS topic when error rate exceeds the specified rate. Most Voted

 C. Publish the results of the external payment processing API calls to a new Amazon
SNS topic. Subscribe the support team members to the new SNS topic.

 D. Write the results of the external payment processing API calls to Amazon S3.
Schedule an Amazon Athena query to run at regular intervals. Configure Athena to
send notifications to the existing SNS topic when the error rate exceeds the
specified rate.

Hide Solution Discussion 8

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #19Topic 1

A company is o ering APIs as a service over the internet to provide unauthenticated read
access to statistical information that is updated daily. The company uses Amazon API
Gateway and AWS Lambda to develop the APIs. The service has become popular, and the
company wants to enhance the responsiveness of the APIs.
Which action can help the company achieve this goal?

 A. Enable API caching in API Gateway. Most Voted

 B. Configure API Gateway to use an interface VPC endpoint.

 C. Enable cross-origin resource sharing (CORS) for the APIs.

 D. Configure usage plans and API keys in API Gateway.

Hide Solution Discussion 9

Correct Answer: A 🗳
Community vote distribution

A (100%)

Question #20Topic 1

A developer wants to store information about movies. Each movie has a title, release year,
and genre. The movie information also can include additional properties about the cast and
production crew. This additional information is inconsistent across movies. For example,
one movie might have an assistant director, and another movie might have an animal
trainer.
The developer needs to implement a solution to support the following use cases:
For a given title and release year, get all details about the movie that has that title and
release year.
For a given title, get all details about all movies that have that title.
For a given genre, get all details about all movies in that genre.
Which data store configuration will meet these requirements?

 A. Create an Amazon DynamoDB table. Configure the table with a primary key that
consists of the title as the partition key and the release year as the sort key. Create a
global secondary index that uses the genre as the partition key and the title as the
sort key. Most Voted

 B. Create an Amazon DynamoDB table. Configure the table with a primary key that
consists of the genre as the partition key and the release year as the sort key. Create
a global secondary index that uses the title as the partition key.

 C. On an Amazon RDS DB instance, create a table that contains columns for title,
release year, and genre. Configure the title as the primary key.

 D. On an Amazon RDS DB instance, create a table where the primary key is the title
and all other data is encoded into JSON format as one additional column.

Hide Solution Discussion 10

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #21Topic 1
A developer maintains an Amazon API Gateway REST API. Customers use the API through a
frontend UI and Amazon Cognito authentication.
The developer has a new version of the API that contains new endpoints and backward-
incompatible interface changes. The developer needs to provide beta access to other
developers on the team without a ecting customers.
Which solution will meet these requirements with the LEAST operational overhead?

 A. Define a development stage on the API Gateway API. Instruct the other
developers to point the endpoints to the development stage. Most Voted

 B. Define a new API Gateway API that points to the new API application code.
Instruct the other developers to point the endpoints to the new API.

 C. Implement a query parameter in the API application code that determines which
code version to call.

 D. Specify new API Gateway endpoints for the API endpoints that the developer
wants to add.

Hide Solution Discussion 17

Correct Answer: A 🗳

Community vote distribution

A (83%)

B (17%)

Question #22Topic 1

A developer is creating an application that will store personal health information (PHI). The
PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance
is storing the data. The developer wants to increase the performance of the application by
caching frequently accessed data while adding the ability to sort or rank the cached
datasets.
Which solution will meet these requirements?

 A. Create an Amazon ElastiCache for Redis instance. Enable encryption of data in

transit and at rest. Store frequently accessed data in the cache. Most Voted

 B. Create an Amazon ElastiCache for Memcached instance. Enable encryption of

data in transit and at rest. Store frequently accessed data in the cache.
  C. Create an Amazon RDS for MySQL read replica. Connect to the read replica by
using SSL. Configure the read replica to store frequently accessed data.

 D. Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster

for the table. Store frequently accessed data in the DynamoDB table.

Hide Solution Discussion 11

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #23Topic 1

A company has a multi-node Windows legacy application that runs on premises. The
application uses a network shared folder as a centralized configuration repository to store
configuration files in .xml format. The company is migrating the application to Amazon EC2
instances. As part of the migration to AWS, a developer must identify a solution that
provides high availability for the repository.
Which solution will meet this requirement MOST cost-e ectively?

 A. Mount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2
instances. Deploy a file system on the EBS volume. Use the host operating system to
share a folder. Update the application code to read and write configuration files
from the shared folder.

 B. Deploy a micro EC2 instance with an instance store volume. Use the host
operating system to share a folder. Update the application code to read and write
configuration files from the shared folder.

 C. Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files
to the S3 bucket. Update the application code to use the AWS SDK to read and write
configuration files from Amazon S3. Most Voted

 D. Create an Amazon S3 bucket to host the repository. Migrate the existing .xml files
to the S3 bucket. Mount the S3 bucket to the EC2 instances as a local volume.
Update the application code to read and write configuration files from the disk.

Hide Solution Discussion 27

Correct Answer: C 🗳

Community vote distribution

C (72%)

D (28%)

Question #24Topic 1

A company wants to deploy and maintain static websites on AWS. Each website's source
code is hosted in one of several version control systems, including AWS CodeCommit,
Bitbucket, and GitHub.
The company wants to implement phased releases by using development, staging, user
acceptance testing, and production environments in the AWS Cloud. Deployments to each
environment must be started by code merges on the relevant Git branch. The company
wants to use HTTPS for all data exchange. The company needs a solution that does not
require servers to run continuously.
Which solution will meet these requirements with the LEAST operational overhead?

 A. Host each website by using AWS Amplify with a serverless backend. Conned the
repository branches that correspond to each of the desired environments. Start
deployments by merging code changes to a desired branch. Most Voted

 B. Host each website in AWS Elastic Beanstalk with multiple environments. Use the
EB CLI to link each repository branch. Integrate AWS CodePipeline to automate
deployments from version control code merges.

 C. Host each website in di erent Amazon S3 buckets for each environment.

Configure AWS CodePipeline to pull source code from version control. Add an AWS
CodeBuild stage to copy source code to Amazon S3.

 D. Host each website on its own Amazon EC2 instance. Write a custom deployment
script to bundle each website's static assets. Copy the assets to Amazon EC2. Set
up a workflow to run the script when code is merged.

Hide Solution Discussion 12

Correct Answer: A 🗳

Community vote distribution

A (89%)

11%

Question #25Topic 1

A company is migrating an on-premises database to Amazon RDS for MySQL. The company
has read-heavy workloads. The company wants to refactor the code to achieve optimum
read performance for queries.
Which solution will meet this requirement with LEAST current and future e ort?

 A. Use a multi-AZ Amazon RDS deployment. Increase the number of connections

that the code makes to the database or increase the connection pool size if a
connection pool is in use.

 B. Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access
the secondary RDS instance.

 C. Deploy Amazon RDS with one or more read replicas. Modify the application code
so that queries use the URL for the read replicas. Most Voted

 D. Use open source replication software to create a copy of the MySQL database on
an Amazon EC2 instance. Modify the application code so that queries use the IP
address of the EC2 instance.

Hide Solution Discussion 24

Correct Answer: C 🗳

Community vote distribution

C (94%)

6%

Question #26Topic 1

A developer is creating an application that will be deployed on IoT devices. The application
will send data to a RESTful API that is deployed as an AWS Lambda function. The
application will assign each API request a unique identifier. The volume of API requests
from the application can randomly increase at any given time of day.
During periods of request throttling, the application might need to retry requests. The API
must be able to handle duplicate requests without inconsistencies or data loss.
Which solution will meet these requirements?
  A. Create an Amazon RDS for MySQL DB instance. Store the unique identifier for
each request in a database table. Modify the Lambda function to check the table for
the identifier before processing the request.

 B. Create an Amazon DynamoDB table. Store the unique identifier for each request
in the table. Modify the Lambda function to check the table for the identifier before
processing the request. Most Voted

 C. Create an Amazon DynamoDB table. Store the unique identifier for each request
in the table. Modify the Lambda function to return a client error response when the
function receives a duplicate request.

 D. Create an Amazon ElastiCache for Memcached instance. Store the unique

identifier for each request in the cache. Modify the Lambda function to check the
cache for the identifier before processing the request.

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (98%)

2%

Question #27Topic 1

A developer wants to expand an application to run in multiple AWS Regions. The developer
wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new
application stack in the destination Region. According to company requirements, all AMIs
must be encrypted in all Regions. However, not all the AMIs that the company uses are
encrypted.
How can the developer expand the application to run in the destination Region while
meeting the encryption requirement?

 A. Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs
to the destination Region. Delete the unencrypted AMIs. Most Voted

 B. Use AWS Key Management Service (AWS KMS) to enable encryption on the
unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

 C. Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted

AMIs. Copy the encrypted AMIs to the destination Region.
  D. Copy the unencrypted AMIs to the destination Region. Enable encryption by
default in the destination Region.

Hide Solution Discussion 30

Correct Answer: A 🗳

Community vote distribution

A (75%)

B (25%)

Question #28Topic 1

A company hosts a client-side web application for one of its subsidiaries on Amazon S3.
The web application can be accessed through Amazon CloudFront from
https://www.example.com. After a successful rollout, the company wants to host three
more client-side web applications for its remaining subsidiaries on three separate S3
buckets.
To achieve this goal, a developer moves all the common JavaScript files and web fonts to a
central S3 bucket that serves the web applications. However, during testing, the developer
notices that the browser blocks the JavaScript files and web fonts.
What should the developer do to prevent the browser from blocking the JavaScript files and
web fonts?

 A. Create four access points that allow access to the central S3 bucket. Assign an
access point to each web application bucket.

 B. Create a bucket policy that allows access to the central S3 bucket. Attach the
bucket policy to the central S3 bucket

 C. Create a cross-origin resource sharing (CORS) configuration that allows access

to the central S3 bucket. Add the CORS configuration to the central S3 bucket. Most
Voted

 D. Create a Content-MD5 header that provides a message integrity check for the
central S3 bucket. Insert the Content-MD5 header for each web application request.

Hide Solution Discussion 6

Correct Answer: C 🗳
Community vote distribution

C (100%)

Question #29Topic 1

An application is processing clickstream data using Amazon Kinesis. The clickstream data
feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails
and the logs show that the failed call returns the response shown below:

Which techniques will help mitigate this exception? (Choose two.)

 A. Implement retries with exponential backo . Most Voted

 B. Use a PutRecord API instead of PutRecords.

 C. Reduce the frequency and/or size of the requests. Most Voted

 D. Use Amazon SNS instead of Kinesis.

 E. Reduce the number of KCL consumers.

Hide Solution Discussion 10

Correct Answer: AC 🗳

Community vote distribution

AC (82%)

BC (18%)
Question #30Topic 1

A company has an application that uses Amazon Cognito user pools as an identity provider.
The company must secure access to user records. The company has set up multi-factor
authentication (MFA). The company also wants to send a login activity notification by email
every time a user logs in.
What is the MOST operationally e icient solution that meets this requirement?

 A. Create an AWS Lambda function that uses Amazon Simple Email Service
(Amazon SES) to send the email notification. Add an Amazon API Gateway API to
invoke the function. Call the API from the client side when login confirmation is
received.

 B. Create an AWS Lambda function that uses Amazon Simple Email Service
(Amazon SES) to send the email notification. Add an Amazon Cognito post
authentication Lambda trigger for the function. Most Voted

 C. Create an AWS Lambda function that uses Amazon Simple Email Service
(Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs
log subscription filter to invoke the function based on the login status.

 D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose.
Create an AWS Lambda function to process the streamed logs and to send the
email notification based on the login status of each user.

Hide Solution Discussion 7

Correct Answer: B 🗳

Community vote distribution

B (91%)

9%

Question #31Topic 1

A developer has an application that stores data in an Amazon S3 bucket. The application
uses an HTTP API to store and retrieve objects. When the PutObject API operation adds
objects to the S3 bucket the developer must encrypt these objects at rest by using server-
side encryption with Amazon S3 managed keys (SSE-S3).
Which solution will meet this requirement?
  A. Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to
the S3 bucket.

 B. Set the x-amz-server-side-encryption header when invoking the PutObject API

operation. Most Voted

 C. Provide the encryption key in the HTTP header of every request.

 D. Apply TLS to encrypt the tra ic to the S3 bucket.

Hide Solution Discussion 14

Correct Answer: B 🗳

Community vote distribution

B (94%)

6%

Question #32Topic 1

A developer needs to perform geographic load testing of an API. The developer must deploy
resources to multiple AWS Regions to support the load testing of the API.
How can the developer meet these requirements without additional application code?

 A. Create and deploy an AWS Lambda function in each desired Region. Configure
the Lambda function to create a stack from an AWS CloudFormation template in
that Region when the function is invoked.

 B. Create an AWS CloudFormation template that defines the load test resources.
Use the AWS CLI create-stack-set command to create a stack set in the desired
Regions. Most Voted

 C. Create an AWS Systems Manager document that defines the resources. Use the
document to create the resources in the desired Regions.

 D. Create an AWS CloudFormation template that defines the load test resources.
Use the AWS CLI deploy command to create a stack from the template in each
Region.

Hide Solution Discussion 7

Correct Answer: B 🗳
Community vote distribution

B (96%)

4%

Question #33Topic 1

A developer is creating an application that includes an Amazon API Gateway REST API in
the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom
domain name for the API. The developer has acquired an SSL/TLS certificate for the domain
from a third-party provider.
How should the developer configure the custom domain for the application?

 A. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same
Region as the API. Create a DNS A record for the custom domain.

 B. Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for
the custom domain.

 C. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same
Region as the API. Create a DNS CNAME record for the custom domain.

 D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-
1 Region. Create a DNS CNAME record for the custom domain. Most Voted

Hide Solution Discussion 17

Correct Answer: D 🗳

Community vote distribution

D (86%)

14%

Question #34Topic 1

A developer is creating a template that uses AWS CloudFormation to deploy an

application. The application is serverless and uses Amazon API Gateway, Amazon
DynamoDB, and AWS Lambda.
Which AWS service or tool should the developer use to define serverless resources in
YAML?

 A. CloudFormation serverless intrinsic functions

  B. AWS Elastic Beanstalk

 C. AWS Serverless Application Model (AWS SAM) Most Voted

 D. AWS Cloud Development Kit (AWS CDK)

Hide Solution Discussion 6

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #35Topic 1

A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file
is added to an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?

 A. Create an event with Amazon EventBridge that will monitor the S3 bucket and
then insert the records into DynamoDB.

 B. Configure an S3 event to invoke an AWS Lambda function that inserts records into
DynamoDB. Most Voted

 C. Create an AWS Lambda function that will poll the S3 bucket and then insert the
records into DynamoDB.

 D. Create a cron job that will run at a scheduled time and insert the records into
DynamoDB.

Hide Solution Discussion 5

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #36Topic 1

A development team maintains a web application by using a single AWS CloudFormation

template. The template defines web servers and an Amazon RDS database. The team uses
the Cloud Formation template to deploy the Cloud Formation stack to di erent
environments.
During a recent application deployment, a developer caused the primary development
database to be dropped and recreated. The result of this incident was a loss of data. The
team needs to avoid accidental database deletion in the future.
Which solutions will meet these requirements? (Choose two.)

 A. Add a CloudFormation Deletion Policy attribute with the Retain value to the
database resource. Most Voted

 B. Update the CloudFormation stack policy to prevent updates to the

database. Most Voted

 C. Modify the database to use a Multi-AZ deployment.

 D. Create a CloudFormation stack set for the web application and database
deployments.

 E. Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

Hide Solution Discussion 15

Correct Answer: AB 🗳

Community vote distribution

AB (100%)

Question #37Topic 1

A company has an Amazon S3 bucket that contains sensitive data. The data must be
encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using
an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other
AWS accounts the permission to use the S3 GetObject operation to retrieve the data from
the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in
transit?

 A. Define a resource-based policy on the S3 bucket to deny access when a request

meets the condition “aws:SecureTransport”: “false”. Most Voted

 B. Define a resource-based policy on the S3 bucket to allow access when a request

meets the condition “aws:SecureTransport”: “false”.
  C. Define a role-based policy on the other accounts' roles to deny access when a
request meets the condition of “aws:SecureTransport”: “false”.

 D. Define a resource-based policy on the KMS key to deny access when a request
meets the condition of “aws:SecureTransport”: “false”.

Hide Solution Discussion 9

Correct Answer: A 🗳

Community vote distribution

A (89%)

11%

Question #38Topic 1

An application that is hosted on an Amazon EC2 instance needs access to files that are
stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3
bucket and displays a table to the user. During testing, a developer discovers that the
application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

 A. Update the IAM instance profile that is attached to the EC2 instance to include
the S3:* permission for the S3 bucket.

 B. Update the IAM instance profile that is attached to the EC2 instance to include
the S3:ListBucket permission for the S3 bucket. Most Voted

 C. Update the developer's user permissions to include the S3:ListBucket permission

for the S3 bucket.

 D. Update the S3 bucket policy by including the S3:ListBucket permission and by

setting the Principal element to specify the account number of the EC2 instance.

Hide Solution Discussion 16

Correct Answer: B 🗳

Community vote distribution

B (81%)

A (19%)
Question #39Topic 1

A company is planning to securely manage one-time fixed license keys in AWS. The
company's development team needs to access the license keys in automaton scripts that
run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-e ectively?

 A. Amazon S3 with encrypted files prefixed with “config”

 B. AWS Secrets Manager secrets with a tag that is named SecretString

 C. AWS Systems Manager Parameter Store SecureString parameters Most Voted

 D. CloudFormation NoEcho parameters

Hide Solution Discussion 7

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #40Topic 1

A company has deployed infrastructure on AWS. A development team wants to create an

AWS Lambda function that will retrieve data from an Amazon Aurora database. The
Amazon Aurora database is in a private subnet in company's VPC. The VPC is named VPC1.
The data is relational in nature. The Lambda function needs to access the data securely.
Which solution will meet these requirements?

 A. Create the Lambda function. Configure VPC1 access for the function. Attach a
security group named SG1 to both the Lambda function and the database.
Configure the security group inbound and outbound rules to allow TCP tra ic on
Port 3306. Most Voted

 B. Create and launch a Lambda function in a new public subnet that is in a new VPC
named VPC2. Create a peering connection between VPC1 and VPC2.

 C. Create the Lambda function. Configure VPC1 access for the function. Assign a
security group named SG1 to the Lambda function. Assign a second security group
named SG2 to the database. Add an inbound rule to SG1 to allow TCP tra ic from
Port 3306.
  D. Export the data from the Aurora database to Amazon S3. Create and launch a
Lambda function in VPC1. Configure the Lambda function query the data from
Amazon S3.

Hide Solution Discussion 43

Correct Answer: A 🗳

Community vote distribution

A (64%)

C (29%)

7%

Question #41Topic 1

A developer is building a web application that uses Amazon API Gateway to expose an AWS
Lambda function to process requests from clients. During testing, the developer notices
that the API Gateway times out even though the Lambda function finishes under the set
time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the developer
troubleshoot the issue? (Choose two.)

 A. CacheHitCount

 B. IntegrationLatency Most Voted

 C. CacheMissCount

 D. Latency Most Voted

 E. Count

Hide Solution Discussion 4

Correct Answer: BD 🗳

Community vote distribution

BD (100%)

Question #42Topic 1
A development team wants to build a continuous integration/continuous delivery (CI/CD)
pipeline. The team is using AWS CodePipeline to automate the code build and deployment.
The team wants to store the program code to prepare for the CI/CD pipeline.
Which AWS service should the team use to store the program code?

 A. AWS CodeDeploy

 B. AWS CodeArtifact

 C. AWS CodeCommit Most Voted

 D. Amazon CodeGuru

Hide Solution Discussion 5

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #43Topic 1

A developer is designing an AWS Lambda function that creates temporary files that are less
than 10 MB during invocation. The temporary files will be accessed and modified multiple
times during invocation. The developer has no need to save or retrieve these files in the
future.
Where should the temporary files be stored?

 A. the /tmp directory Most Voted

 B. Amazon Elastic File System (Amazon EFS)

 C. Amazon Elastic Block Store (Amazon EBS)

 D. Amazon S3

Hide Solution Discussion 3

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #44Topic 1
A developer is designing a serverless application with two AWS Lambda functions to
process photos. One Lambda function stores objects in an Amazon S3 bucket and stores
the associated metadata in an Amazon DynamoDB table. The other Lambda function
fetches the objects from the S3 bucket by using the metadata from the DynamoDB table.
Both Lambda functions use the same Python library to perform complex computations and
are approaching the quota for the maximum size of zipped deployment packages.
What should the developer do to reduce the size of the Lambda deployment packages with
the LEAST operational overhead?

 A. Package each Python library in its own .zip file archive. Deploy each Lambda
function with its own copy of the library.

 B. Create a Lambda layer with the required Python library. Use the Lambda layer in
both Lambda functions. Most Voted

 C. Combine the two Lambda functions into one Lambda function. Deploy the
Lambda function as a single .zip file archive.

 D. Download the Python library to an S3 bucket. Program the Lambda functions to

reference the object URLs.

Hide Solution Discussion 5

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #45Topic 1

A developer is writing an AWS Lambda function. The developer wants to log key events that
occur while the Lambda function runs. The developer wants to include a unique identifier
to associate the events with a specific function invocation. The developer adds the
following code to the Lambda function:

Which solution will meet this requirement?

 A. Obtain the request identifier from the AWS request ID field in the context object.
Configure the application to write logs to standard output. Most Voted
  B. Obtain the request identifier from the AWS request ID field in the event object.
Configure the application to write logs to a file.

 C. Obtain the request identifier from the AWS request ID field in the event object.
Configure the application to write logs to standard output.

 D. Obtain the request identifier from the AWS request ID field in the context object.
Configure the application to write logs to a file.

Hide Solution Discussion 18

Correct Answer: A 🗳

Community vote distribution

A (93%)

7%

Question #46Topic 1

A developer is working on a serverless application that needs to process any changes to an

Amazon DynamoDB table with an AWS Lambda function.
How should the developer configure the Lambda function to detect changes to the
DynamoDB table?

 A. Create an Amazon Kinesis data stream, and attach it to the DynamoDB table.
Create a trigger to connect the data stream to the Lambda function.

 B. Create an Amazon EventBridge rule to invoke the Lambda function on a regular

schedule. Conned to the DynamoDB table from the Lambda function to detect
changes.

 C. Enable DynamoDB Streams on the table. Create a trigger to connect the

DynamoDB stream to the Lambda function. Most Voted

 D. Create an Amazon Kinesis Data Firehose delivery stream, and attach it to the
DynamoDB table. Configure the delivery stream destination as the Lambda
function.

Hide Solution Discussion 6

Correct Answer: C 🗳
Community vote distribution

C (100%)

Question #47Topic 1

An application uses an Amazon EC2 Auto Scaling group. A developer notices that EC2
instances are taking a long time to become available during scale-out events. The
UserData script is taking a long time to run.
The developer must implement a solution to decrease the time that elapses before an EC2
instance becomes available. The solution must make the most recent version of the
application available at all times and must apply all available security updates. The
solution also must minimize the number of images that are created. The images must be
validated.
Which combination of steps should the developer take to meet these requirements?
(Choose two.)

 A. Use EC2 Image Builder to create an Amazon Machine Image (AMI). Install all the
patches and agents that are needed to manage and run the application. Update the
Auto Scaling group launch configuration to use the AMI. Most Voted

 B. Use EC2 Image Builder to create an Amazon Machine Image (AMI). Install the
latest version of the application and all the patches and agents that are needed to
manage and run the application. Update the Auto Scaling group launch
configuration to use the AMI.

 C. Set up AWS CodeDeploy to deploy the most recent version of the application at
runtime. Most Voted

 D. Set up AWS CodePipeline to deploy the most recent version of the application at
runtime.

 E. Remove any commands that perform operating system patching from the
UserData script.

Hide Solution Discussion 57

Correct Answer: AC 🗳

Community vote distribution

AC (41%)

AE (38%)
BE (17%)

2%

Question #48Topic 1

A developer is creating an AWS Lambda function that needs credentials to connect to an

Amazon RDS for MySQL database. An Amazon S3 bucket currently stores the credentials.
The developer needs to improve the existing solution by implementing credential rotation
and secure storage. The developer also needs to provide integration with the Lambda
function.
Which solution should the developer use to store and retrieve the credentials with the
LEAST management overhead?

 A. Store the credentials in AWS Systems Manager Parameter Store. Select the
database that the parameter will access. Use the default AWS Key Management
Service (AWS KMS) key to encrypt the parameter. Enable automatic rotation for the
parameter. Use the parameter from Parameter Store on the Lambda function to
connect to the database.

 B. Encrypt the credentials with the default AWS Key Management Service (AWS
KMS) key. Store the credentials as environment variables for the Lambda function.
Create a second Lambda function to generate new credentials and to rotate the
credentials by updating the environment variables of the first Lambda function.
Invoke the second Lambda function by using an Amazon EventBridge rule that runs
on a schedule. Update the database to use the new credentials. On the first Lambda
function, retrieve the credentials from the environment variables. Decrypt the
credentials by using AWS KMS, Connect to the database.

 C. Store the credentials in AWS Secrets Manager. Set the secret type to Credentials
for Amazon RDS database. Select the database that the secret will access. Use the
default AWS Key Management Service (AWS KMS) key to encrypt the secret. Enable
automatic rotation for the secret. Use the secret from Secrets Manager on the
Lambda function to connect to the database. Most Voted

 D. Encrypt the credentials by using AWS Key Management Service (AWS KMS). Store
the credentials in an Amazon DynamoDB table. Create a second Lambda function
to rotate the credentials. Invoke the second Lambda function by using an Amazon
EventBridge rule that runs on a schedule. Update the DynamoDB table. Update the
database to use the generated credentials. Retrieve the credentials from
DynamoDB with the first Lambda function. Connect to the database.
Hide Solution Discussion 7

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #49Topic 1

A developer has written the following IAM policy to provide access to an Amazon S3 bucket:

Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?

 A. Access on all buckets except the “DOC-EXAMPLE-BUCKET” bucket

 B. Access on all buckets that start with “DOC-EXAMPLE-BUCKET” except the “DOC-
EXAMPLE-BUCKET/secrets” bucket

 C. Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket along with access

to all S3 actions for objects in the “DOC-EXAMPLE-BUCKET” bucket that start with
“secrets”

 D. Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket except on objects

that start with “secrets” Most Voted

Hide Solution Discussion 4

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #50Topic 1

A developer is creating a mobile app that calls a backend service by using an Amazon API
Gateway REST API. For integration testing during the development phase, the developer
wants to simulate di erent backend responses without invoking the backend service.
Which solution will meet these requirements with the LEAST operational overhead?

 A. Create an AWS Lambda function. Use API Gateway proxy integration to return
constant HTTP responses.

 B. Create an Amazon EC2 instance that serves the backend REST API by using an
AWS CloudFormation template.

 C. Customize the API Gateway stage to select a response type based on the
request.

 D. Use a request mapping template to select the mock integration response. Most
Voted

Hide Solution Discussion 9

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #51Topic 1

A developer has a legacy application that is hosted on-premises. Other applications hosted
on AWS depend on the on-premises application for proper functioning. In case of any
application errors, the developer wants to be able to use Amazon CloudWatch to monitor
and troubleshoot all applications from one place.
How can the developer accomplish this?

 A. Install an AWS SDK on the on-premises server to automatically send logs to

CloudWatch.
  B. Download the CloudWatch agent to the on-premises server. Configure the agent
to use IAM user credentials with permissions for CloudWatch. Most Voted

 C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch
read the files.

 D. Upload log files from the on-premises server to an Amazon EC2 instance and
have the instance forward the logs to CloudWatch.

Hide Solution Discussion 5

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #52Topic 1

An Amazon Kinesis Data Firehose delivery stream is receiving customer data that contains
personally identifiable information. A developer needs to remove pattern-based customer
identifiers from the data and store the modified data in an Amazon S3 bucket.
What should the developer do to meet these requirements?

 A. Implement Kinesis Data Firehose data transformation as an AWS Lambda

function. Configure the function to remove the customer identifiers. Set an Amazon
S3 bucket as the destination of the delivery stream. Most Voted

 B. Launch an Amazon EC2 instance. Set the EC2 instance as the destination of the
delivery stream. Run an application on the EC2 instance to remove the customer
identifiers. Store the transformed data in an Amazon S3 bucket.

 C. Create an Amazon OpenSearch Service instance. Set the OpenSearch Service

instance as the destination of the delivery stream. Use search and replace to
remove the customer identifiers. Export the data to an Amazon S3 bucket.

 D. Create an AWS Step Functions workflow to remove the customer identifiers. As

the last step in the workflow, store the transformed data in an Amazon S3 bucket.
Set the workflow as the destination of the delivery stream.

Hide Solution Discussion 3

Correct Answer: A 🗳
Community vote distribution

A (100%)

Question #53Topic 1

A developer is using an AWS Lambda function to generate avatars for profile pictures that
are uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for
profile pictures that are saved under the /original/ S3 prefix. The developer notices that
some pictures cause the Lambda function to time out. The developer wants to implement
a fallback mechanism by using another Lambda function that resizes the profile picture.
Which solution will meet these requirements with the LEAST development e ort?

 A. Set the image resize Lambda function as a destination of the avatar generator
Lambda function for the events that fail processing. Most Voted

 B. Create an Amazon Simple Queue Service (Amazon SQS) queue. Set the SQS
queue as a destination with an on failure condition for the avatar generator Lambda
function. Configure the image resize Lambda function to poll from the SQS queue.

 C. Create an AWS Step Functions state machine that invokes the avatar generator
Lambda function and uses the image resize Lambda function as a fallback. Create
an Amazon EventBridge rule that matches events from the S3 bucket to invoke the
state machine.

 D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Set the SNS
topic as a destination with an on failure condition for the avatar generator Lambda
function. Subscribe the image resize Lambda function to the SNS topic.

Hide Solution Discussion 32

Correct Answer: A 🗳

Community vote distribution

A (64%)

C (19%)

B (17%)

Question #54Topic 1

A developer needs to migrate an online retail application to AWS to handle an anticipated

increase in tra ic. The application currently runs on two servers: one server for the web
application and another server for the database. The web server renders webpages and
manages session state in memory. The database server hosts a MySQL database that
contains order details. When tra ic to the application is heavy, the memory usage for the
web server approaches 100% and the application slows down considerably.
The developer has found that most of the memory increase and performance decrease is
related to the load of managing additional user sessions. For the web server migration, the
developer will use Amazon EC2 instances with an Auto Scaling group behind an
Application Load Balancer.
Which additional set of changes should the developer make to the application to improve
the application's performance?

 A. Use an EC2 instance to host the MySQL database. Store the session data and the
application data in the MySQL database.

 B. Use Amazon ElastiCache for Memcached to store and manage the session data.
Use an Amazon RDS for MySQL DB instance to store the application data. Most
Voted

 C. Use Amazon ElastiCache for Memcached to store and manage the session data
and the application data.

 D. Use the EC2 instance store to manage the session data. Use an Amazon RDS for
MySQL DB instance to store the application data.

Hide Solution Discussion 8

Correct Answer: B 🗳

Community vote distribution

B (97%)

3%

Question #55Topic 1

An application uses Lambda functions to extract metadata from files uploaded to an S3

bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving
unexpectedly, and the developer wants to examine the logs of the Lambda function code
for errors.
Based on this system configuration, where would the developer find the logs?

 A. Amazon S3
  B. AWS CloudTrail

 C. Amazon CloudWatch Most Voted

 D. Amazon DynamoDB

Hide Solution Discussion 4

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #56Topic 1

A company is using an AWS Lambda function to process records from an Amazon Kinesis
data stream. The company recently observed slow processing of the records. A developer
notices that the iterator age metric for the function is increasing and that the Lambda run
duration is constantly above normal.
Which actions should the developer take to increase the processing speed? (Choose two.)

 A. Increase the number of shards of the Kinesis data stream. Most Voted

 B. Decrease the timeout of the Lambda function.

 C. Increase the memory that is allocated to the Lambda function. Most Voted

 D. Decrease the number of shards of the Kinesis data stream.

 E. Increase the timeout of the Lambda function.

Hide Solution Discussion 6

Correct Answer: AC 🗳

Community vote distribution

AC (100%)

Question #57Topic 1

A company needs to harden its container images before the images are in a running state.
The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an
image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS
CodePipeline pipeline that orchestrates a continuous integration and continuous delivery
(CI/CD) workflow.
Dynamic application security testing occurs in the final stage of the pipeline after a new
image is deployed to a development namespace in the EKS cluster. A developer needs to
place an analysis stage before this deployment to analyze the container image earlier in the
CI/CD pipeline.
Which solution will meet these requirements with the MOST operational e iciency?

 A. Build the container image and run the docker scan command locally. Mitigate any
findings before pushing changes to the source code repository. Write a pre-commit
hook that enforces the use of this workflow before commit.

 B. Create a new CodePipeline stage that occurs after the container image is built.
Configure ECR basic image scanning to scan on image push. Use an AWS Lambda
function as the action provider. Configure the Lambda function to check the scan
results and to fail the pipeline if there are findings. Most Voted

 C. Create a new CodePipeline stage that occurs after source code has been
retrieved from its repository. Run a security scanner on the latest revision of the
source code. Fail the pipeline if there are findings.

 D. Add an action to the deployment stage of the pipeline so that the action occurs
before the deployment to the EKS cluster. Configure ECR basic image scanning to
scan on image push. Use an AWS Lambda function as the action provider. Configure
the Lambda function to check the scan results and to fail the pipeline if there are
findings.

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (81%)

D (19%)

Question #58Topic 1

A developer is testing a new file storage application that uses an Amazon CloudFront
distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3
bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny
access to all other users.
The application prompts users to authenticate on a login page and then uses signed
cookies to allow users to access their personal storage directories. The developer has
configured the distribution to use its default cache behavior with restricted viewer access
and has set the origin to point to the S3 bucket. However, when the developer tries to
navigate to the login page, the developer receives a 403 Forbidden error.
The developer needs to implement a solution to allow unauthenticated access to the login
page. The solution also must keep all private content secure.
Which solution will meet these requirements?

 A. Add a second cache behavior to the distribution with the same origin as the
default cache behavior. Set the path pattern for the second cache behavior to the
path of the login page, and make viewer access unrestricted. Keep the default cache
behavior's settings unchanged. Most Voted

 B. Add a second cache behavior to the distribution with the same origin as the
default cache behavior. Set the path pattern for the second cache behavior to *, and
make viewer access restricted. Change the default cache behavior's path pattern to
the path of the login page, and make viewer access unrestricted.

 C. Add a second origin as a failover origin to the default cache behavior. Point the
failover origin to the S3 bucket. Set the path pattern for the primary origin to *, and
make viewer access restricted. Set the path pattern for the failover origin to the path
of the login page, and make viewer access unrestricted.

 D. Add a bucket policy to the S3 bucket to allow read access. Set the resource on
the policy to the Amazon Resource Name (ARN) of the login page object in the S3
bucket. Add a CloudFront function to the default cache behavior to redirect
unauthorized requests to the login page's S3 URL.

Hide Solution Discussion 7

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #59Topic 1

A developer is using AWS Amplify Hosting to build and deploy an application. The
developer is receiving an increased number of bug reports from users. The developer wants
to add end-to-end testing to the application to eliminate as many bugs as possible before
the bugs reach production.
Which solution should the developer implement to meet these requirements?

 A. Run the amplify add test command in the Amplify CLI.

 B. Create unit tests in the application. Deploy the unit tests by using the amplify
push command in the Amplify CLI.

 C. Add a test phase to the amplify.yml build settings for the application. Most Voted

 D. Add a test phase to the aws-exports.js file for the application.

Hide Solution Discussion 8

Correct Answer: C 🗳

Community vote distribution

C (90%)

10%

Question #60Topic 1

An ecommerce company is using an AWS Lambda function behind Amazon API Gateway
as its application tier. To process orders during checkout, the application calls a POST API
from the frontend. The POST API invokes the Lambda function asynchronously. In rare
situations, the application has not processed orders. The Lambda application logs show no
errors or failures.
What should a developer do to solve this problem?

 A. Inspect the frontend logs for API failures. Call the POST API manually by using the
requests from the log file.

 B. Create and inspect the Lambda dead-letter queue. Troubleshoot the failed
functions. Reprocess the events. Most Voted

 C. Inspect the Lambda logs in Amazon CloudWatch for possible errors. Fix the
errors.

 D. Make sure that caching is disabled for the POST API in API Gateway.

Hide Solution Discussion 28

Correct Answer: B 🗳
Community vote distribution

B (54%)

A (30%)

Other

Question #61Topic 1

A company is building a web application on AWS. When a customer sends a request, the
application will generate reports and then make the reports available to the customer
within one hour. Reports should be accessible to the customer for 8 hours. Some reports
are larger than 1 MB. Each report is unique to the customer. The application should delete
all reports that are older than 2 days.
Which solution will meet these requirements with the LEAST operational overhead?

 A. Generate the reports and then store the reports as Amazon DynamoDB items that
have a specified TTL. Generate a URL that retrieves the reports from DynamoDB.
Provide the URL to customers through the web application.

 B. Generate the reports and then store the reports in an Amazon S3 bucket that uses
server-side encryption. Attach the reports to an Amazon Simple Notification Service
(Amazon SNS) message. Subscribe the customer to email notifications from
Amazon SNS.

 C. Generate the reports and then store the reports in an Amazon S3 bucket that uses
server-side encryption. Generate a presigned URL that contains an expiration date
Provide the URL to customers through the web application. Add S3 Lifecycle
configuration rules to the S3 bucket to delete old reports. Most Voted

 D. Generate the reports and then store the reports in an Amazon RDS database with
a date stamp. Generate an URL that retrieves the reports from the RDS database.
Provide the URL to customers through the web application. Schedule an hourly AWS
Lambda function to delete database records that have expired date stamps.

Hide Solution Discussion 8

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #62Topic 1

A company has deployed an application on AWS Elastic Beanstalk. The company has
configured the Auto Scaling group that is associated with the Elastic Beanstalk
environment to have five Amazon EC2 instances. If the capacity is fewer than four EC2
instances during the deployment, application performance degrades. The company is
using the all-at-once deployment policy.
What is the MOST cost-e ective way to solve the deployment issue?

 A. Change the Auto Scaling group to six desired instances.

 B. Change the deployment policy to tra ic splitting. Specify an evaluation time of 1

hour.

 C. Change the deployment policy to rolling with additional batch. Specify a batch
size of 1. Most Voted

 D. Change the deployment policy to rolling. Specify a batch size of 2.

Hide Solution Discussion 12

Correct Answer: C 🗳

Community vote distribution

C (95%)

5%

Question #63Topic 1

A developer is incorporating AWS X-Ray into an application that handles personal

identifiable information (PII). The application is hosted on Amazon EC2 instances. The
application trace messages include encrypted PII and go to Amazon CloudWatch. The
developer needs to ensure that no PII goes outside of the EC2 instances.
Which solution will meet these requirements?

 A. Manually instrument the X-Ray SDK in the application code. Most Voted

 B. Use the X-Ray auto-instrumentation agent.

 C. Use Amazon Macie to detect and hide PII. Call the X-Ray API from AWS Lambda.

 D. Use AWS Distro for Open Telemetry.

Hide Solution Discussion 21

Correct Answer: A 🗳

Community vote distribution

A (82%)

B (18%)

Question #64Topic 1

A developer is migrating some features from a legacy monolithic application to use AWS
Lambda functions instead. The application currently stores data in an Amazon Aurora DB
cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The
Lambda functions and the DB cluster are deployed in the same AWS Region in the same
AWS account.
The developer needs to ensure that the Lambda functions can securely access the DB
cluster without crossing the public internet.
Which solution will meet these requirements?

 A. Configure the DB cluster's public access setting to Yes.

 B. Configure an Amazon RDS database proxy for he Lambda functions.

 C. Configure a NAT gateway and a security group for the Lambda functions.

 D. Configure the VPC, subnets, and a security group for the Lambda functions. Most
Voted

Hide Solution Discussion 11

Correct Answer: D 🗳

Community vote distribution

D (91%)

9%

Question #65Topic 1

A developer is building a new application on AWS. The application uses an AWS Lambda
function that retrieves information from an Amazon DynamoDB table. The developer hard
coded the DynamoDB table name into the Lambda function code. The table name might
change over time. The developer does not want to modify the Lambda code if the table
name changes.
Which solution will meet these requirements MOST e iciently?

 A. Create a Lambda environment variable to store the table name. Use the standard
method for the programming language to retrieve the variable. Most Voted

 B. Store the table name in a file. Store the file in the /tmp folder. Use the SDK for the
programming language to retrieve the table name.

 C. Create a file to store the table name. Zip the file and upload the file to the
Lambda layer. Use the SDK for the programming language to retrieve the table
name.

 D. Create a global variable that is outside the handler in the Lambda function to
store the table name.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #66Topic 1

A company has a critical application on AWS. The application exposes an HTTP API by
using Amazon API Gateway. The API is integrated with an AWS Lambda function. The
application stores data in an Amazon RDS for MySQL DB instance with 2 virtual CPUs
(vCPUs) and 64 GB of RAM.

Customers have reported that some of the API calls return HTTP 500 Internal Server Error
responses. Amazon CloudWatch Logs shows errors for “too many connections.” The errors
occur during peak usage times that are unpredictable.

The company needs to make the application resilient. The database cannot be down
outside of scheduled maintenance hours.

Which solution will meet these requirements?

 A. Decrease the number of vCPUs for the DB instance. Increase the

max_connections setting.
  B. Use Amazon RDS Proxy to create a proxy that connects to the DB instance.
Update the Lambda function to connect to the proxy. Most Voted

 C. Add a CloudWatch alarm that changes the DB instance class when the number of
connections increases to more than 1,000.

 D. Add an Amazon EventBridge rule that increases the max_connections setting of

the DB instance when CPU utilization is above 75%.

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (92%)

8%

Question #67Topic 1

A company has installed smart meters in all its customer locations. The smart meters
measure power usage at 1-minute intervals and send the usage readings to a remote
endpoint for collection. The company needs to create an endpoint that will receive the
smart meter readings and store the readings in a database. The company wants to store the
location ID and timestamp information.

The company wants to give its customers low-latency access to their current usage and
historical usage on demand. The company expects demand to increase significantly. The
solution must not impact performance or include downtime while scaling.

Which solution will meet these requirements MOST cost-e ectively?

 A. Store the smart meter readings in an Amazon RDS database. Create an index on
the location ID and timestamp columns. Use the columns to filter on the customers'
data.

 B. Store the smart meter readings in an Amazon DynamoDB table. Create a

composite key by using the location ID and timestamp columns. Use the columns
to filter on the customers' data. Most Voted
  C. Store the smart meter readings in Amazon ElastiCache for Redis. Create a
SortedSet key by using the location ID and timestamp columns. Use the columns to
filter on the customers' data.

 D. Store the smart meter readings in Amazon S3. Partition the data by using the
location ID and timestamp columns. Use Amazon Athena to filter on the customers'
data.

Hide Solution Discussion 7

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #68Topic 1

A company is building a serverless application that uses AWS Lambda functions. The
company needs to create a set of test events to test Lambda functions in a development
environment. The test events will be created once and then will be used by all the
developers in an IAM developer group. The test events must be editable by any of the IAM
users in the IAM developer group.

Which solution will meet these requirements?

 A. Create and store the test events in Amazon S3 as JSON objects. Allow S3 bucket
access to all IAM users.

 B. Create the test events. Configure the event sharing settings to make the test
events shareable. Most Voted

 C. Create and store the test events in Amazon DynamoDB. Allow access to
DynamoDB by using IAM roles.

 D. Create the test events. Configure the event sharing settings to make the test
events private.

Hide Solution Discussion 18

Correct Answer: B 🗳

Community vote distribution

B (80%)

A (18%)

2%

Question #69Topic 1

A developer is configuring an application's deployment environment in AWS CodePipeline.

The application code is stored in a GitHub repository. The developer wants to ensure that
the repository package's unit tests run in the new deployment environment. The developer
has already set the pipeline's source provider to GitHub and has specified the repository
and branch to use in the deployment.

Which combination of steps should the developer take next to meet these requirements
with the LEAST overhead? (Choose two.)

 A. Create an AWS CodeCommit project. Add the repository package's build and test
commands to the project's buildspec.

 B. Create an AWS CodeBuild project. Add the repository package's build and test
commands to the project's buildspec. Most Voted

 C. Create an AWS CodeDeploy project. Add the repository package's build and test
commands to the project's buildspec.

 D. Add an action to the source stage. Specify the newly created project as the action
provider. Specify the build artifact as the action's input artifact.

 E. Add a new stage to the pipeline after the source stage. Add an action to the new
stage. Specify the newly created project as the action provider. Specify the source
artifact as the action's input artifact. Most Voted

Hide Solution Discussion 9

Correct Answer: BE 🗳

Community vote distribution

BE (95%)

5%

Question #70Topic 1
An engineer created an A/B test of a new feature on an Amazon CloudWatch Evidently
project. The engineer configured two variations of the feature (Variation A and Variation B)
for the test. The engineer wants to work exclusively with Variation A. The engineer needs to
make updates so that Variation A is the only variation that appears when the engineer hits
the application's endpoint.

Which solution will meet this requirement?

 A. Add an override to the feature. Set the identifier of the override to the engineer's
user ID. Set the variation to Variation A. Most Voted

 B. Add an override to the feature. Set the identifier of the override to Variation A. Set
the variation to 100%.

 C. Add an experiment to the project. Set the identifier of the experiment to Variation
B. Set the variation to 0%.

 D. Add an experiment to the project. Set the identifier of the experiment to the AWS
account's account ISet the variation to Variation A.

Hide Solution Discussion 9

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #71Topic 1

A developer is working on an existing application that uses Amazon DynamoDB as its data
store. The DynamoDB table has the following attributes: partNumber (partition key), vendor
(sort key), description, productFamily, and productType. When the developer analyzes the
usage patterns, the developer notices that there are application modules that frequently
look for a list of products based on the productFamily and productType attributes.

The developer wants to make changes to the application to improve performance of the
query operations.

Which solution will meet these requirements?

 A. Create a global secondary index (GSI) with productFamily as the partition key and
productType as the sort key. Most Voted
  B. Create a local secondary index (LSI) with productFamily as the partition key and
productType as the sort key.

 C. Recreate the table. Add partNumber as the partition key and vendor as the sort
key. During table creation, add a local secondary index (LSI) with productFamily as
the partition key and productType as the sort key.

 D. Update the queries to use Scan operations with productFamily as the partition
key and productType as the sort key.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (96%)

4%

Question #72Topic 1

A developer creates a VPC named VPC-A that has public and private subnets. The
developer also creates an Amazon RDS database inside the private subnet of VPC-A. To
perform some queries, the developer creates an AWS Lambda function in the default VPC.
The Lambda function has code to access the RDS database. When the Lambda function
runs, an error message indicates that the function cannot connect to the RDS database.

How can the developer solve this problem?

 A. Modify the RDS security group. Add a rule to allow tra ic from all the ports from
the VPC CIDR block.

 B. Redeploy the Lambda function in the same subnet as the RDS instance. Ensure
that the RDS security group allows tra ic from the Lambda function. Most Voted

 C. Create a security group for the Lambda function. Add a new rule in the RDS
security group to allow tra ic from the new Lambda security group.

 D. Create an IAM role. Attach a policy that allows access to the RDS database.
Attach the role to the Lambda function.

Hide Solution Discussion 35

Correct Answer: B 🗳

Community vote distribution

B (72%)

C (28%)

Question #73Topic 1

A company runs an application on AWS. The company deployed the application on Amazon
EC2 instances. The application stores data on Amazon Aurora.

The application recently logged multiple application-specific custom DECRYP_ERROR

errors to Amazon CloudWatch logs. The company did not detect the issue until the
automated tests that run every 30 minutes failed. A developer must implement a solution
that will monitor for the custom errors and alert a development team in real time when
these errors occur in the production environment.

Which solution will meet these requirements with the LEAST operational overhead?

 A. Configure the application to create a custom metric and to push the metric to
CloudWatch. Create an AWS CloudTrail alarm. Configure the CloudTrail alarm to
use an Amazon Simple Notification Service (Amazon SNS) topic to send
notifications.

 B. Create an AWS Lambda function to run every 5 minutes to scan the CloudWatch
logs for the keyword DECRYP_ERROR. Configure the Lambda function to use
Amazon Simple Notification Service (Amazon SNS) to send a notification.

 C. Use Amazon CloudWatch Logs to create a metric filter that has a filter pattern for
DECRYP_ERROR. Create a CloudWatch alarm on this metric for a threshold >=1.
Configure the alarm to send Amazon Simple Notification Service (Amazon SNS)
notifications. Most Voted

 D. Install the CloudWatch unified agent on the EC2 instance. Configure the
application to generate a metric for the keyword DECRYP_ERROR errors. Configure
the agent to send Amazon Simple Notification Service (Amazon SNS) notifications.

Hide Solution Discussion 6

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #74Topic 1

A developer created an AWS Lambda function that accesses resources in a VPC. The
Lambda function polls an Amazon Simple Queue Service (Amazon SQS) queue for new
messages through a VPC endpoint. Then the function calculates a rolling average of the
numeric values that are contained in the messages. After initial tests of the Lambda
function, the developer found that the value of the rolling average that the function
returned was not accurate.

How can the developer ensure that the function calculates an accurate rolling average?

 A. Set the function's reserved concurrency to 1. Calculate the rolling average in the
function. Store the calculated rolling average in Amazon ElastiCache. Most Voted

 B. Modify the function to store the values in Amazon ElastiCache. When the function
initializes, use the previous values from the cache to calculate the rolling average.

 C. Set the function's provisioned concurrency to 1. Calculate the rolling average in

the function. Store the calculated rolling average in Amazon ElastiCache.

 D. Modify the function to store the values in the function's layers. When the function
initializes, use the previously stored values to calculate the rolling average.

Hide Solution Discussion 36

Correct Answer: A 🗳

Community vote distribution

A (57%)

B (42%)

1%

Question #75Topic 1
A developer is writing unit tests for a new application that will be deployed on AWS. The
developer wants to validate all pull requests with unit tests and merge the code with the
main branch only when all tests pass.

The developer stores the code in AWS CodeCommit and sets up AWS CodeBuild to run the
unit tests. The developer creates an AWS Lambda function to start the CodeBuild task. The
developer needs to identify the CodeCommit events in an Amazon EventBridge event that
can invoke the Lambda function when a pull request is created or updated.

Which CodeCommit event will meet these requirements?

 A.

 B.

 C.

Most Voted

 D.
Hide Solution Discussion 10

Correct Answer: C 🗳

Community vote distribution

C (86%)

14%

Question #76Topic 1

A developer deployed an application to an Amazon EC2 instance. The application needs to

know the public IPv4 address of the instance.

How can the application find this information?

 A. Query the instance metadata from http://169.254.169.254/latest/meta-

data/. Most Voted

 B. Query the instance user data from http://169.254.169.254/latest/user-data/.

 C. Query the Amazon Machine Image (AMI) information from

http://169.254.169.254/latest/meta-data/ami/.

 D. Check the hosts file of the operating system.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #77Topic 1

An application under development is required to store hundreds of video files. The data
must be encrypted within the application prior to storage, with a unique key for each video
file.

How should the developer code the application?

 A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and
data.
  B. Use a cryptography library to generate an encryption key for the application. Use
the encryption key to encrypt the data. Store the encrypted data.

 C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the
data key. Store the encrypted data key and data. Most Voted

 D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS
key.

Hide Solution Discussion 5

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #78Topic 1

A company is planning to deploy an application on AWS behind an Elastic Load Balancer.

The application uses an HTTP/HTTPS listener and must access the client IP addresses.

Which load-balancing solution meets these requirements?

 A. Use an Application Load Balancer and the X-Forwarded-For headers. Most Voted

 B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB
and the target application.

 C. Use an Application Load Balancer. Register the targets by the instance ID.

 D. Use a Network Load Balancer and the X-Forwarded-For headers.

Hide Solution Discussion 5

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #79Topic 1

A developer wants to debug an application by searching and filtering log data. The
application logs are stored in Amazon CloudWatch Logs. The developer creates a new
metric filter to count exceptions in the application logs. However, no results are returned
from the logs.

What is the reason that no filtered results are being returned?

 A. A setup of the Amazon CloudWatch interface VPC endpoint is required for

filtering the CloudWatch Logs in the VPC.

 B. CloudWatch Logs only publishes metric data for events that happen after the
filter is created. Most Voted

 C. The log group for CloudWatch Logs should be first streamed to Amazon
OpenSearch Service before metric filtering returns the results.

 D. Metric data points for logs groups can be filtered only after they are exported to
an Amazon S3 bucket.

Hide Solution Discussion 4

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #80Topic 1

A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic

Container Service (Amazon ECS). During the deployment of a new version of the
application, the company initially must expose only 10% of live tra ic to the new version of
the deployed application. Then, after 15 minutes elapse, the company must route all the
remaining live tra ic to the new version of the deployed application.

Which CodeDeploy predefined configuration will meet these requirements?

 A. CodeDeployDefault.ECSCanary10Percent15Minutes Most Voted

 B. CodeDeployDefault.LambdaCanary10Percent5Minutes

 C. CodeDeployDefault.LambdaCanary10Percentl15Minutes

 D. CodeDeployDefault.ECSLinear10PercentEvery1Minutes

Hide Solution Discussion 4

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #81Topic 1

A company hosts a batch processing application on AWS Elastic Beanstalk with instances
that run the most recent version of Amazon Linux. The application sorts and processes
large datasets.

In recent weeks, the application's performance has decreased significantly during a peak
period for tra ic. A developer suspects that the application issues are related to the
memory usage. The developer checks the Elastic Beanstalk console and notices that
memory usage is not being tracked.

How should the developer gather more information about the application performance
issues?

 A. Configure the Amazon CloudWatch agent to push logs to Amazon CloudWatch

Logs by using port 443.

 B. Configure the Elastic Beanstalk .ebextensions directory to track the memory

usage of the instances.

 C. Configure the Amazon CloudWatch agent to track the memory usage of the
instances. Most Voted

 D. Configure an Amazon CloudWatch dashboard to track the memory usage of the

instances.

Hide Solution Discussion 28

Correct Answer: C 🗳

Community vote distribution

C (60%)

B (40%)

Question #82Topic 1
A developer is building a highly secure healthcare application using serverless
components. This application requires writing temporary data to /tmp storage on an AWS
Lambda function.

How should the developer encrypt this data?

 A. Enable Amazon EBS volume encryption with an AWS KMS key in the Lambda
function configuration so that all storage attached to the Lambda function is
encrypted.

 B. Set up the Lambda function with a role and key policy to access an AWS KMS key.
Use the key to generate a data key used to encrypt all data prior to writing to /tmp
storage. Most Voted

 C. Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use

this key to encrypt the data prior to writing to /tmp.

 D. Use an on-premises hardware security module (HSM) to generate keys, where the
Lambda function requests a data key from the HSM and uses that to encrypt data on
all requests to the function.

Hide Solution Discussion 7

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #83Topic 1

A developer has created an AWS Lambda function to provide notification through Amazon
Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is
larger than 50 MB. The developer has deployed and tested the Lambda function by using
the CLI. However, when the event notification is added to the S3 bucket and a 3,000 MB file
is uploaded, the Lambda function does not launch.

Which of the following is a possible reason for the Lambda function's inability to launch?

 A. The S3 event notification does not activate for files that are larger than 1,000 MB.

 B. The resource-based policy for the Lambda function does not have the required
permissions to be invoked by Amazon S3. Most Voted
  C. Lambda functions cannot be invoked directly from an S3 event.

 D. The S3 bucket needs to be made public.

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (93%)

7%

Question #84Topic 1

A developer is creating a Ruby application and needs to automate the deployment, scaling,
and management of an environment without requiring knowledge of the underlying
infrastructure.

Which service would best accomplish this task?

 A. AWS CodeDeploy

 B. AWS CloudFormation

 C. AWS OpsWorks

 D. AWS Elastic Beanstalk Most Voted

Hide Solution Discussion 5

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #85Topic 1

A company has a web application that is deployed on AWS. The application uses an
Amazon API Gateway API and an AWS Lambda function as its backend.

The application recently demonstrated unexpected behavior. A developer examines the

Lambda function code, finds an error, and modifies the code to resolve the problem. Before
deploying the change to production, the developer needs to run tests to validate that the
application operates properly.

The application has only a production environment available. The developer must create a
new development environment to test the code changes. The developer must also prevent
other developers from overwriting these changes during the test cycle.

Which combination of steps will meet these requirements with the LEAST development
e ort? (Choose two.)

 A. Create a new resource in the current stage. Create a new method with Lambda
proxy integration. Select the Lambda function. Add the hotfix alias. Redeploy the
current stage. Test the backend.

 B. Update the Lambda function in the API Gateway API integration request to use the
hotfix alias. Deploy the API Gateway API to a new stage named hotfix. Test the
backend. Most Voted

 C. Modify the Lambda function by fixing the code. Test the Lambda function. Create
the alias hotfix. Point the alias to the $LATEST version.

 D. Modify the Lambda function by fixing the code. Test the Lambda function. When
the Lambda function is working as expected, publish the Lambda function as a new
version. Create the alias hotfix. Point the alias to the new version. Most Voted

 E. Create a new API Gateway API for the development environment. Add a resource
and method with Lambda integration. Choose the Lambda function and the hotfix
alias. Deploy to a new stage. Test the backend.

Hide Solution Discussion 9

Correct Answer: BD 🗳

Community vote distribution

BD (95%)

5%

Question #86Topic 1

A developer is implementing an AWS Cloud Development Kit (AWS CDK) serverless

application. The developer will provision several AWS Lambda functions and Amazon API
Gateway APIs during AWS CloudFormation stack creation. The developer's workstation has
the AWS Serverless Application Model (AWS SAM) and the AWS CDK installed locally.

How can the developer test a specific Lambda function locally?

 A. Run the sam package and sam deploy commands. Create a Lambda test event
from the AWS Management Console. Test the Lambda function.

 B. Run the cdk synth and cdk deploy commands. Create a Lambda test event from
the AWS Management Console. Test the Lambda function.

 C. Run the cdk synth and sam local invoke commands with the function construct
identifier and the path to the synthesized CloudFormation template. Most Voted

 D. Run the cdk synth and sam local start-lambda commands with the function
construct identifier and the path to the synthesized CloudFormation template.

Hide Solution Discussion 10

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #87Topic 1

A company's new mobile app uses Amazon API Gateway. As the development team
completes a new release of its APIs, a developer must safely and transparently roll out the
API change.

What is the SIMPLEST solution for the developer to use for rolling out the new API version to
a limited number of users through API Gateway?

 A. Create a new API in API Gateway. Direct a portion of the tra ic to the new API
using an Amazon Route 53 weighted routing policy.

 B. Validate the new API version and promote it to production during the window of
lowest expected utilization.

 C. Implement an Amazon CloudWatch alarm to trigger a rollback if the observed

HTTP 500 status code rate exceeds a predetermined threshold.
  D. Use the canary release deployment option in API Gateway. Direct a percentage of
the API tra ic using the canarySettings setting. Most Voted

Hide Solution Discussion 3

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #88Topic 1

A company caches session information for a web application in an Amazon DynamoDB

table. The company wants an automated way to delete old items from the table.

What is the simplest way to do this?

 A. Write a script that deletes old records; schedule the script as a cron job on an
Amazon EC2 instance.

 B. Add an attribute with the expiration time; enable the Time To Live feature based
on that attribute. Most Voted

 C. Each day, create a new table to hold session data; delete the previous day's table.

 D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Hide Solution Discussion 4

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #89Topic 1

A company is using an Amazon API Gateway REST API endpoint as a webhook to publish
events from an on-premises source control management (SCM) system to Amazon
EventBridge. The company has configured an EventBridge rule to listen for the events and
to control application deployment in a central AWS account. The company needs to
receive the same events across multiple receiver AWS accounts.
How can a developer meet these requirements without changing the configuration of the
SCM system?

 A. Deploy the API Gateway REST API to all the required AWS accounts. Use the same
custom domain name for all the gateway endpoints so that a single SCM webhook
can be used for all events from all accounts.

 B. Deploy the API Gateway REST API to all the receiver AWS accounts. Create as
many SCM webhooks as the number of AWS accounts.

 C. Grant permission to the central AWS account for EventBridge to access the
receiver AWS accounts. Add an EventBridge event bus on the receiver AWS
accounts as the targets to the existing EventBridge rule. Most Voted

 D. Convert the API Gateway type from REST API to HTTP API.

Hide Solution Discussion 2

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #90Topic 1

A company moved some of its secure files to a private Amazon S3 bucket that has no
public access. The company wants to develop a serverless application that gives its
employees the ability to log in and securely share the files with other users.

Which AWS feature should the company use to share and access the files securely?

 A. Amazon Cognito user pool

 B. S3 presigned URLs Most Voted

 C. S3 bucket policy

 D. Amazon Cognito identity pool

Hide Solution Discussion 39

Correct Answer: B 🗳

Community vote distribution

B (60%)

A (22%)

D (18%)

Question #91Topic 1

A company needs to develop a proof of concept for a web service application. The
application will show the weather forecast for one of the company's o ice locations. The
application will provide a REST endpoint that clients can call. Where possible, the
application should use caching features provided by AWS to limit the number of requests
to the backend service. The application backend will receive a small amount of tra ic only
during testing.

Which approach should the developer take to provide the REST endpoint MOST cost-
e ectively?

 A. Create a container image. Deploy the container image by using Amazon Elastic
Kubernetes Service (Amazon EKS). Expose the functionality by using Amazon API
Gateway.

 B. Create an AWS Lambda function by using the AWS Serverless Application Model
(AWS SAM). Expose the Lambda functionality by using Amazon API Gateway. Most
Voted

 C. Create a container image. Deploy the container image by using Amazon Elastic
Container Service (Amazon ECS). Expose the functionality by using Amazon API
Gateway.

 D. Create a microservices application. Deploy the application to AWS Elastic

Beanstalk. Expose the AWS Lambda functionality by using an Application Load
Balancer.

Hide Solution Discussion 6

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #92Topic 1
An e-commerce web application that shares session state on-premises is being migrated
to AWS. The application must be fault tolerant, natively highly scalable, and any service
interruption should not a ect the user experience.

What is the best option to store the session state?

 A. Store the session state in Amazon ElastiCache. Most Voted

 B. Store the session state in Amazon CloudFront.

 C. Store the session state in Amazon S3.

 D. Enable session stickiness using elastic load balancers.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #93Topic 1

A developer is building an application that uses Amazon DynamoDB. The developer wants
to retrieve multiple specific items from the database with a single API call.

Which DynamoDB API call will meet these requirements with the MINIMUM impact on the
database?

 A. BatchGetItem Most Voted

 B. GetItem

 C. Scan

 D. Query

Hide Solution Discussion 10

Correct Answer: A 🗳

Community vote distribution

A (100%)
Question #94Topic 1

A developer has written an application that runs on Amazon EC2 instances. The developer
is adding functionality for the application to write objects to an Amazon S3 bucket.

Which policy must the developer modify to allow the instances to write these objects?

 A. The IAM policy that is attached to the EC2 instance profile role Most Voted

 B. The session policy that is applied to the EC2 instance role session

 C. The AWS Key Management Service (AWS KMS) key policy that is attached to the
EC2 instance profile role

 D. The Amazon VPC endpoint policy

Hide Solution Discussion 5

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #95Topic 1

A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to

connect from on-premises to Amazon EC2 instances in the developer's account. The
developer is able to access an EC2 instance in subnet A, but is unable to access an EC2
instance in subnet B in the same VPC.

Which logs can the developer use to verify whether the tra ic is reaching subnet B?

 A. VPN logs

 B. BGP logs

 C. VPC Flow Logs Most Voted

 D. AWS CloudTrail logs

Hide Solution Discussion 6

Correct Answer: C 🗳
Community vote distribution

C (100%)

Question #96Topic 1

A developer is creating a service that uses an Amazon S3 bucket for image uploads. The
service will use an AWS Lambda function to create a thumbnail of each image. Each time
an image is uploaded, the service needs to send an email notification and create the
thumbnail. The developer needs to configure the image processing and email notifications
setup.

Which solution will meet these requirements?

 A. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure S3

event notifications with a destination of the SNS topic. Subscribe the Lambda
function to the SNS topic. Create an email notification subscription to the SNS
topic. Most Voted

 B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure S3

event notifications with a destination of the SNS topic. Subscribe the Lambda
function to the SNS topic. Create an Amazon Simple Queue Service (Amazon SQS)
queue. Subscribe the SQS queue to the SNS topic. Create an email notification
subscription to the SQS queue.

 C. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure S3

event notifications with a destination of the SQS queue. Subscribe the Lambda
function to the SQS queue. Create an email notification subscription to the SQS
queue.

 D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Send S3 event
notifications to Amazon EventBridge. Create an EventBridge rule that runs the
Lambda function when images are uploaded to the S3 bucket. Create an
EventBridge rule that sends notifications to the SQS queue. Create an email
notification subscription to the SQS queue.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)
Question #97Topic 1

A developer has designed an application to store incoming data as JSON files in Amazon S3
objects. Custom business logic in an AWS Lambda function then transforms the objects,
and the Lambda function loads the data into an Amazon DynamoDB table. Recently, the
workload has experienced sudden and significant changes in tra ic. The flow of data to the
DynamoDB table is becoming throttled.

The developer needs to implement a solution to eliminate the throttling and load the data
into the DynamoDB table more consistently.

Which solution will meet these requirements?

 A. Refactor the Lambda function into two functions. Configure one function to
transform the data and one function to load the data into the DynamoDB table.
Create an Amazon Simple Queue Service (Amazon SQS) queue in between the
functions to hold the items as messages and to invoke the second function. Most
Voted

 B. Turn on auto scaling for the DynamoDB table. Use Amazon CloudWatch to
monitor the table's read and write capacity metrics and to track consumed capacity.

 C. Create an alias for the Lambda function. Configure provisioned concurrency for
the application to use.

 D. Refactor the Lambda function into two functions. Configure one function to store
the data in the DynamoDB table. Configure the second function to process the data
and update the items after the data is stored in DynamoDB. Create a DynamoDB
stream to invoke the second function after the data is stored.

Hide Solution Discussion 39

Correct Answer: A 🗳

Community vote distribution

A (60%)

B (26%)

14%

Question #98Topic 1
A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will
invoke the Lambda function when an object is uploaded into an S3 bucket. The Lambda
function will process the object and produce some analytic results that will be recorded
into a file. Each processed object will also generate a log entry that will be recorded into a
file.

Other Lambda functions, AWS services, and on-premises resources must have access to
the result files and log file. Each log entry must also be appended to the same shared log
file. The developer needs a solution that can share files and append results into an existing
file.

Which solution should the developer use to meet these requirements?

 A. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS
file system in Lambda. Store the result files and log file in the mount point. Append
the log entries to the log file. Most Voted

 B. Create an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled

volume. Attach the EBS volume to all Lambda functions. Update the Lambda
function code to download the log file, append the log entries, and upload the
modified log file to Amazon EBS.

 C. Create a reference to the /tmp local directory. Store the result files and log file by
using the directory reference. Append the log entry to the log file.

 D. Create a reference to the /opt storage directory. Store the result files and log file
by using the directory reference. Append the log entry to the log file.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #99Topic 1

A company has an AWS Lambda function that processes incoming requests from an
Amazon API Gateway API. The API calls the Lambda function by using a Lambda alias. A
developer updated the Lambda function code to handle more details related to the
incoming requests. The developer wants to deploy the new Lambda function for more
testing by other developers with no impact to customers that use the API.

Which solution will meet these requirements with the LEAST operational overhead?

 A. Create a new version of the Lambda function. Create a new stage on API Gateway
with integration to the new Lambda version. Use the new API Gateway stage to test
the Lambda function. Most Voted

 B. Update the existing Lambda alias used by API Gateway to a weighted alias. Add
the new Lambda version as an additional Lambda function with a weight of 10%.
Use the existing API Gateway stage for testing.

 C. Create a new version of the Lambda function. Create and deploy a second
Lambda function to filter incoming requests from API Gateway. If the filtering
Lambda function detects a test request, the filtering Lambda function will invoke
the new Lambda version of the code. For other requests, the filtering Lambda
function will invoke the old Lambda version. Update the API Gateway API to use the
filtering Lambda function.

 D. Create a new version of the Lambda function. Create a new API Gateway API for
testing purposes. Update the integration of the new API with the new Lambda
version. Use the new API for testing.

Hide Solution Discussion 19

Correct Answer: A 🗳

Community vote distribution

A (90%)

5%

Question #100Topic 1

A company uses AWS Lambda functions and an Amazon S3 trigger to process images into
an S3 bucket. A development team set up multiple environments in a single AWS account.

After a recent production deployment, the development team observed that the
development S3 buckets invoked the production environment Lambda functions. These
invocations caused unwanted execution of development S3 files by using production
Lambda functions. The development team must prevent these invocations. The team must
follow security best practices.
Which solution will meet these requirements?

 A. Update the Lambda execution role for the production Lambda function to add a
policy that allows the execution role to read from only the production environment
S3 bucket.

 B. Move the development and production environments into separate AWS

accounts. Add a resource policy to each Lambda function to allow only S3 buckets
that are within the same account to invoke the function. Most Voted

 C. Add a resource policy to the production Lambda function to allow only the
production environment S3 bucket to invoke the function.

 D. Move the development and production environments into separate AWS

accounts. Update the Lambda execution role for each function to add a policy that
allows the execution role to read from the S3 bucket that is within the same
account.

Hide Solution Discussion 36

Correct Answer: B 🗳

Community vote distribution

B (57%)

C (39%)

Question #101Topic 1

A developer is creating an application. New users of the application must be able to create
an account and register by using their own social media accounts.

Which AWS service or resource should the developer use to meet these requirements?

 A. IAM role

 B. Amazon Cognito identity pools

 C. Amazon Cognito user pools Most Voted

 D. AWS Directory Service

Hide Solution Discussion 19

Correct Answer: C 🗳

Community vote distribution

C (74%)

B (26%)

Question #102Topic 1

A social media application uses the AWS SDK for JavaScript on the frontend to get user
credentials from AWS Security Token Service (AWS STS). The application stores its assets in
an Amazon S3 bucket. The application serves its content by using an Amazon CloudFront
distribution with the origin set to the S3 bucket.

The credentials for the role that the application assumes to make the SDK calls are stored
in plaintext in a JSON file within the application code. The developer needs to implement a
solution that will allow the application to get user credentials without having any
credentials hardcoded in the application code.

Which solution will meet these requirements?

 A. Add a Lambda@Edge function to the distribution. Invoke the function on viewer

request. Add permissions to the function's execution role to allow the function to
access AWS STS. Move all SDK calls from the frontend into the function. Most Voted

 B. Add a CloudFront function to the distribution. Invoke the function on viewer

request. Add permissions to the function's execution role to allow the function to
access AWS STS. Move all SDK calls from the frontend into the function.

 C. Add a Lambda@Edge function to the distribution. Invoke the function on viewer

request. Move the credentials from the JSON file into the function. Move all SDK
calls from the frontend into the function.

 D. Add a CloudFront function to the distribution. Invoke the function on viewer

request. Move the credentials from the JSON file into the function. Move all SDK
calls from the frontend into the function.

Hide Solution Discussion 13

Correct Answer: A 🗳

Community vote distribution

A (88%)

13%

Question #103Topic 1

An ecommerce website uses an AWS Lambda function and an Amazon RDS for MySQL
database for an order fulfillment service. The service needs to return order confirmation
immediately.

During a marketing campaign that caused an increase in the number of orders, the
website's operations team noticed errors for “too many connections” from Amazon RDS.
However, the RDS DB cluster metrics are healthy. CPU and memory capacity are still
available.

What should a developer do to resolve the errors?

 A. Initialize the database connection outside the handler function. Increase the
max_user_connections value on the parameter group of the DB cluster. Restart the
DB cluster.

 B. Initialize the database connection outside the handler function. Use RDS Proxy
instead of connecting directly to the DB cluster. Most Voted

 C. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the
orders. Ingest the orders into the database. Set the Lambda function's concurrency
to a value that equals the number of available database connections.

 D. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the
orders. Ingest the orders into the database. Set the Lambda function's concurrency
to a value that is less than the number of available database connections.

Hide Solution Discussion 10

Correct Answer: B 🗳

Community vote distribution

B (92%)

8%

Question #104Topic 1

A company stores its data in data tables in a series of Amazon S3 buckets. The company
received an alert that customer credit card information might have been exposed in a data
table on one of the company's public applications. A developer needs to identify all
potential exposures within the application environment.

Which solution will meet these requirements?

 A. Use Amazon Athena to run a job on the S3 buckets that contain the a ected data.
Filter the findings by using the SensitiveData:S3Object/Personal finding type.

 B. Use Amazon Macie to run a job on the S3 buckets that contain the a ected data.
Filter the findings by using the SensitiveData:S3Object/Financial finding type. Most
Voted

 C. Use Amazon Macie to run a job on the S3 buckets that contain the a ected data.
Filter the findings by using the SensitiveData:S3Object/Personal finding type.

 D. Use Amazon Athena to run a job on the S3 buckets that contain the a ected data.
Filter the findings by using the SensitiveData:S3Object/Financial finding type.

Hide Solution Discussion 8

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #105Topic 1

A software company is launching a multimedia application. The application will allow guest
users to access sample content before the users decide if they want to create an account
to gain full access. The company wants to implement an authentication process that can
identify users who have already created an account. The company also needs to keep track
of the number of guest users who eventually create an account.

Which combination of steps will meet these requirements? (Choose two.)

  A. Create an Amazon Cognito user pool. Configure the user pool to allow
unauthenticated users. Exchange user tokens for temporary credentials that allow
authenticated users to assume a role.

 B. Create an Amazon Cognito identity pool. Configure the identity pool to allow
unauthenticated users. Exchange unique identity for temporary credentials that
allow all users to assume a role. Most Voted

 C. Create an Amazon CloudFront distribution. Configure the distribution to allow

unauthenticated users. Exchange user tokens for temporary credentials that allow
all users to assume a role.

 D. Create a role for authenticated users that allows access to all content. Create a
role for unauthenticated users that allows access to only the sample content. Most
Voted

 E. Allow all users to access the sample content by default. Create a role for
authenticated users that allows access to the other content.

Hide Solution Discussion 5

Correct Answer: BD 🗳

Community vote distribution

BD (100%)

Question #106Topic 1

A company is updating an application to move the backend of the application from Amazon
EC2 instances to a serverless model. The application uses an Amazon RDS for MySQL DB
instance and runs in a single VPC on AWS. The application and the DB instance are
deployed in a private subnet in the VPC.

The company needs to connect AWS Lambda functions to the DB instance.

Which solution will meet these requirements?

 A. Create Lambda functions inside the VPC with the

AWSLambdaBasicExecutionRole policy attached to the Lambda execution role.
Modify the RDS security group to allow inbound access from the Lambda security
group.
  B. Create Lambda functions inside the VPC with the
AWSLambdaVPCAccessExecutionRole policy attached to the Lambda execution
role. Modify the RDS security group to allow inbound access from the Lambda
security group. Most Voted

 C. Create Lambda functions with the AWSLambdaBasicExecutionRole policy

attached to the Lambda execution role. Create an interface VPC endpoint for the
Lambda functions. Configure the interface endpoint policy to allow the
lambda:InvokeFunclion action for each Lambda function's Amazon Resource Name
(ARN).

 D. Create Lambda functions with the AWSLambdaVPCAccessExecutionRole policy

attached to the Lambda execution role. Create an interface VPC endpoint for the
Lambda functions. Configure the interface endpoint policy to allow the
lambda:InvokeFunction action for each Lambda function's Amazon Resource Name
(ARN).

Hide Solution Discussion 9

Correct Answer: B 🗳

Community vote distribution

B (81%)

D (19%)

Question #107Topic 1

A company has a web application that runs on Amazon EC2 instances with a custom
Amazon Machine Image (AMI). The company uses AWS CloudFormation to provision the
application. The application runs in the us-east-1 Region, and the company needs to
deploy the application to the us-west-1 Region.

An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message
states that the AMI ID does not exist. A developer must resolve this error with a solution
that uses the least amount of operational overhead.

Which solution meets these requirements?

 A. Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use
an AWS AMI. Relaunch the stack for both Regions.
  B. Copy the custom AMI from us-east-1 to us-west-1. Update the AWS
CloudFormation template for us-west-1 to refer to AMI ID for the copied AMI.
Relaunch the stack. Most Voted

 C. Build the custom AMI in us-west-1. Create a new AWS CloudFormation template
to launch the stack in us-west-1 with the new AMI ID.

 D. Manually deploy the application outside AWS CloudFormation in us-west-1.

Hide Solution Discussion 4

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #108Topic 1

A developer is updating several AWS Lambda functions and notices that all the Lambda
functions share the same custom libraries. The developer wants to centralize all the
libraries, update the libraries in a convenient way, and keep the libraries versioned.

Which solution will meet these requirements with the LEAST development e ort?

 A. Create an AWS CodeArtifact repository that contains all the custom libraries.

 B. Create a custom container image for the Lambda functions to save all the custom
libraries.

 C. Create a Lambda layer that contains all the custom libraries. Most Voted

 D. Create an Amazon Elastic File System (Amazon EFS) file system to store all the
custom libraries.

Hide Solution Discussion 9

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #109Topic 1
A developer wants to use AWS Elastic Beanstalk to test a new version of an application in a
test environment.

Which deployment method o ers the FASTEST deployment?

 A. Immutable

 B. Rolling

 C. Rolling with additional batch

 D. All at once Most Voted

Hide Solution Discussion 3

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #110Topic 1

A company is providing read access to objects in an Amazon S3 bucket for di erent

customers. The company uses IAM permissions to restrict access to the S3 bucket. The
customers can access only their own files.

Due to a regulation requirement, the company needs to enforce encryption in transit for
interactions with Amazon S3.

Which solution will meet these requirements?

 A. Add a bucket policy to the S3 bucket to deny S3 actions when the

aws:SecureTransport condition is equal to false. Most Voted

 B. Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl
condition is equal to public-read.

 C. Add an IAM policy to the IAM users to enforce the usage of the AWS SDK.

 D. Add an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl
condition is equal to bucket-owner-read.

Hide Solution Discussion 5

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #111Topic 1

A company has an image storage web application that runs on AWS. The company hosts
the application on Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group
acts as the target group for an Application Load Balancer (ALB) and uses an Amazon S3
bucket to store the images for sale.

The company wants to develop a feature to test system requests. The feature will direct
requests to a separate target group that hosts a new beta version of the application.

Which solution will meet this requirement with the LEAST e ort?

 A. Create a new Auto Scaling group and target group for the beta version of the
application. Update the ALB routing rule with a condition that looks for a cookie
named version that has a value of beta. Update the test system code to use this
cookie to test the beta version of the application. Most Voted

 B. Create a new ALB, Auto Scaling group, and target group for the beta version of the
application. Configure an alternate Amazon Route 53 record for the new ALB
endpoint. Use the alternate Route 53 endpoint in the test system requests to test
the beta version of the application.

 C. Create a new ALB, Auto Scaling group, and target group for the beta version of the
application. Use Amazon CloudFront with Lambda@Edge to determine which
specific request will go to the new ALB. Use the CloudFront endpoint to send the
test system requests to test the beta version of the application.

 D. Create a new Auto Scaling group and target group for the beta version of the
application. Update the ALB routing rule with a condition that looks for a cookie
named version that has a value of beta. Use Amazon CloudFront with
Lambda@Edge to update the test system requests to add the required cookie when
the requests go to the ALB.

Hide Solution Discussion 21

Correct Answer: A 🗳

Community vote distribution

A (51%)

B (37%)

11%

Question #112Topic 1

A team is developing an application that is deployed on Amazon EC2 instances. During

testing, the team receives an error. The EC2 instances are unable to access an Amazon S3
bucket.

Which steps should the team take to troubleshoot this issue? (Choose two.)

 A. Check whether the policy that is assigned to the IAM role that is attached to the
EC2 instances grants access to Amazon S3. Most Voted

 B. Check the S3 bucket policy to validate the access permissions for the S3
bucket. Most Voted

 C. Check whether the policy that is assigned to the IAM user that is attached to the
EC2 instances grants access to Amazon S3.

 D. Check the S3 Lifecycle policy to validate the permissions that are assigned to the
S3 bucket.

 E. Check the security groups that are assigned to the EC2 instances. Make sure that
a rule is not blocking the access to Amazon S3.

Hide Solution Discussion 14

Correct Answer: AB 🗳

Community vote distribution

AB (91%)

9%

Question #113Topic 1
A developer is working on an ecommerce website. The developer wants to review server
logs without logging in to each of the application servers individually. The website runs on
multiple Amazon EC2 instances, is written in Python, and needs to be highly available.

How can the developer update the application to meet these requirements with MINIMUM
changes?

 A. Rewrite the application to be cloud native and to run on AWS Lambda, where the
logs can be reviewed in Amazon CloudWatch.

 B. Set up centralized logging by using Amazon OpenSearch Service, Logstash, and

OpenSearch Dashboards.

 C. Scale down the application to one larger EC2 instance where only one instance is
recording logs.

 D. Install the unified Amazon CloudWatch agent on the EC2 instances. Configure
the agent to push the application logs to CloudWatch. Most Voted

Hide Solution Discussion 4

Correct Answer: D 🗳

Community vote distribution

D (100%)

Question #114Topic 1

A company is creating an application that processes .csv files from Amazon S3. A
developer has created an S3 bucket. The developer has also created an AWS Lambda
function to process the .csv files from the S3 bucket.

Which combination of steps will invoke the Lambda function when a .csv file is uploaded to
Amazon S3? (Choose two.)

 A. Create an Amazon EventBridge rule. Configure the rule with a pattern to match
the S3 object created event. Most Voted

 B. Schedule an Amazon EventBridge rule to run a new Lambda function to scan the
S3 bucket.

 C. Add a trigger to the existing Lambda function. Set the trigger type to EventBridge.
Select the Amazon EventBridge rule. Most Voted
  D. Create a new Lambda function to scan the S3 bucket for recently added S3
objects.

 E. Add S3 Lifecycle rules to invoke the existing Lambda function.

Hide Solution Discussion 11

Correct Answer: AC 🗳

Community vote distribution

AC (92%)

4%

Question #115Topic 1

A developer needs to build an AWS CloudFormation template that self-populates the AWS
Region variable that deploys the CloudFormation template.

What is the MOST operationally e icient way to determine the Region in which the template
is being deployed?

 A. Use the AWS::Region pseudo parameter. Most Voted

 B. Require the Region as a CloudFormation parameter.

 C. Find the Region from the AWS::StackId pseudo parameter by using the Fn::Split
intrinsic function.

 D. Dynamically import the Region by referencing the relevant parameter in AWS

Systems Manager Parameter Store.

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #116Topic 1

A company has hundreds of AWS Lambda functions that the company's QA team needs to
test by using the Lambda function URLs. A developer needs to configure the authentication
of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda
functions by using the public URLs.

Which solution will meet these requirements?

 A. Create a CLI script that loops on the Lambda functions to add a Lambda function
URL with the AWS_IAM auth type. Run another script to create an IAM identity-based
policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function
Amazon Resource Names (ARNs). Attach the policy to the QA IAM group. Most
Voted

 B. Create a CLI script that loops on the Lambda functions to add a Lambda function
URL with the NONE auth type. Run another script to create an IAM resource-based
policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function
Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.

 C. Create a CLI script that loops on the Lambda functions to add a Lambda function
URL with the AWS_IAM auth type. Run another script to loop on the Lambda
functions to create an IAM identity-based policy that allows the
lambda:InvokeFunctionUrl action from the QA IAM group's Amazon Resource Name
(ARN).

 D. Create a CLI script that loops on the Lambda functions to add a Lambda function
URL with the NONE auth type. Run another script to loop on the Lambda functions
to create an IAM resource-based policy that allows the lambda:InvokeFunctionUrl
action from the QA IAM group's Amazon Resource Name (ARN).

Hide Solution Discussion 14

Correct Answer: A 🗳

Community vote distribution

A (74%)

C (26%)

Question #117Topic 1

A developer maintains a critical business application that uses Amazon DynamoDB as the
primary data store. The DynamoDB table contains millions of documents and receives 30-
60 requests each minute. The developer needs to perform processing in near-real time on
the documents when they are added or updated in the DynamoDB table.
How can the developer implement this feature with the LEAST amount of change to the
existing application code?

 A. Set up a cron job on an Amazon EC2 instance. Run a script every hour to query
the table for changes and process the documents.

 B. Enable a DynamoDB stream on the table. Invoke an AWS Lambda function to

process the documents. Most Voted

 C. Update the application to send a PutEvents request to Amazon EventBridge.

Create an EventBridge rule to invoke an AWS Lambda function to process the
documents.

 D. Update the application to synchronously process the documents directly after

the DynamoDB write.

Hide Solution Discussion 4

Correct Answer: B 🗳

Community vote distribution

B (100%)

Question #118Topic 1

A developer is writing an application for a company. The application will be deployed on

Amazon EC2 and will use an Amazon RDS for Microsoft SQL Server database. The
company's security team requires that database credentials are rotated at least weekly.

How should the developer configure the database credentials for this application?

 A. Create a database user. Store the user name and password in an AWS Systems
Manager Parameter Store secure string parameter. Enable rotation of the AWS Key
Management Service (AWS KMS) key that is used to encrypt the parameter.

 B. Enable IAM authentication for the database. Create a database user for use with
IAM authentication. Enable password rotation.

 C. Create a database user. Store the user name and password in an AWS Secrets
Manager secret that has daily rotation enabled. Most Voted
  D. Use the EC2 user data to create a database user. Provide the user name and
password in environment variables to the application.

Hide Solution Discussion 7

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #119Topic 1

A real-time messaging application uses Amazon API Gateway WebSocket APIs with
backend HTTP service. A developer needs to build a feature in the application to identify a
client that keeps connecting to and disconnecting from the WebSocket connection. The
developer also needs the ability to remove the client.

Which combination of changes should the developer make to the application to meet
these requirements? (Choose two.)

 A. Switch to HTTP APIs in the backend service.

 B. Switch to REST APIs in the backend service.

 C. Use the callback URL to disconnect the client from the backend service.

 D. Add code to track the client status in Amazon ElastiCache in the backend
service. Most Voted

 E. Implement $connect and $disconnect routes in the backend service. Most Voted

Hide Solution Discussion 23

Correct Answer: DE 🗳

Community vote distribution

DE (50%)

CE (45%)

5%

Question #120Topic 1
A developer has written code for an application and wants to share it with other developers
on the team to receive feedback. The shared application code needs to be stored long-term
with multiple versions and batch change tracking.

Which AWS service should the developer use?

 A. AWS CodeBuild

 B. Amazon S3

 C. AWS CodeCommit Most Voted

 D. AWS Cloud9

Hide Solution Discussion 5

Correct Answer: C 🗳

Community vote distribution

C (100%)

Question #121Topic 1

A company's developer is building a static website to be deployed in Amazon S3 for a

production environment. The website integrates with an Amazon Aurora PostgreSQL
database by using an AWS Lambda function. The website that is deployed to production
will use a Lambda alias that points to a specific version of the Lambda function.

The company must rotate the database credentials every 2 weeks. Lambda functions that
the company deployed previously must be able to use the most recent credentials.

Which solution will meet these requirements?

 A. Store the database credentials in AWS Secrets Manager. Turn on rotation. Write
code in the Lambda function to retrieve the credentials from Secrets Manager. Most
Voted

 B. Include the database credentials as part of the Lambda function code. Update
the credentials periodically and deploy the new Lambda function.

 C. Use Lambda environment variables. Update the environment variables when new
credentials are available.
  D. Store the database credentials in AWS Systems Manager Parameter Store. Turn
on rotation. Write code in the Lambda function to retrieve the credentials from
Systems Manager Parameter Store.

Hide Solution Discussion 5

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #122Topic 1

A developer is developing an application that uses signed requests (Signature Version 4) to

call other AWS services. The developer has created a canonical request, has created the
string to sign, and has calculated signing information.

Which methods could the developer use to complete a signed request? (Choose two.)

 A. Add the signature to an HTTP header that is named Authorization. Most Voted

 B. Add the signature to a session cookie.

 C. Add the signature to an HTTP header that is named Authentication.

 D. Add the signature to a query string parameter that is named X-Amz-

Signature. Most Voted

 E. Add the signature to an HTTP header that is named WWW-Authenticate.

Hide Solution Discussion 6

Correct Answer: AD 🗳

Community vote distribution

AD (100%)

Question #123Topic 1

A company must deploy all its Amazon RDS DB instances by using AWS CloudFormation
templates as part of AWS CodePipeline continuous integration and continuous delivery
(CI/CD) automation. The primary password for the DB instance must be automatically
generated as part of the deployment process.
Which solution will meet these requirements with the LEAST development e ort?

 A. Create an AWS Lambda-backed CloudFormation custom resource. Write

Lambda code that generates a secure string. Return the value of the secure string as
a data field of the custom resource response object. Use the CloudFormation
Fn::GetAtt intrinsic function to get the value of the secure string. Use the value to
create the DB instance.

 B. Use the AWS CodeBuild action of CodePipeline to generate a secure string by

using the following AWS CLI command: aws secretsmanager get-random-password.
Pass the generated secure string as a CloudFormation parameter with the NoEcho
attribute set to true. Use the parameter reference to create the DB instance.

 C. Create an AWS Lambda-backed CloudFormation custom resource. Write

Lambda code that generates a secure string. Return the value of the secure string as
a data field of the custom resource response object. Use the CloudFormation
Fn::GetAtt intrinsic function to get a value of the secure string. Create secrets in
AWS Secrets Manager. Use the secretsmanager dynamic reference to use the value
stored in the secret to create the DB instance.

 D. Use the AWS::SecretsManager::Secret resource to generate a secure string. Store

the secure string as a secret in AWS Secrets Manager. Use the secretsmanager
dynamic reference to use the value stored in the secret to create the DB
instance. Most Voted

Hide Solution Discussion 14

Correct Answer: D 🗳

Community vote distribution

D (75%)

B (25%)

Question #124Topic 1

An organization is storing large files in Amazon S3, and is writing a web application to
display meta-data about the files to end-users. Based on the metadata a user selects an
object to download. The organization needs a mechanism to index the files and provide
single-digit millisecond latency retrieval for the metadata.
What AWS service should be used to accomplish this?

 A. Amazon DynamoDB Most Voted

 B. Amazon EC2

 C. AWS Lambda

 D. Amazon RDS

Hide Solution Discussion 6

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #125Topic 1

A developer is creating an AWS Serverless Application Model (AWS SAM) template. The
AWS SAM template contains the definition of multiple AWS Lambda functions, an Amazon
S3 bucket, and an Amazon CloudFront distribution. One of the Lambda functions runs on
Lambda@Edge in the CloudFront distribution. The S3 bucket is configured as an origin for
the CloudFront distribution.

When the developer deploys the AWS SAM template in the eu-west-1 Region, the creation
of the stack fails.

Which of the following could be the reason for this issue?

 A. CloudFront distributions can be created only in the us-east-1 Region.

 B. Lambda@Edge functions can be created only in the us-east-1 Region. Most

Voted

 C. A single AWS SAM template cannot contain multiple Lambda functions.

 D. The CloudFront distribution and the S3 bucket cannot be created in the same
Region.

Hide Solution Discussion 7

Correct Answer: B 🗳

Community vote distribution

B (93%)

7%

Question #126Topic 1

A developer is integrating Amazon ElastiCache in an application. The cache will store data
from a database. The cached data must populate real-time dashboards.

Which caching strategy will meet these requirements?

 A. A read-through cache

 B. A write-behind cache

 C. A lazy-loading cache

 D. A write-through cache Most Voted

Hide Solution Discussion 10

Correct Answer: D 🗳

Community vote distribution

D (96%)

4%

Question #127Topic 1

A developer is creating an AWS Lambda function. The Lambda function needs an external
library to connect to a third-party solution. The external library is a collection of files with a
total size of 100 MB. The developer needs to make the external library available to the
Lambda execution environment and reduce the Lambda package space.

Which solution will meet these requirements with the LEAST operational overhead?

 A. Create a Lambda layer to store the external library. Configure the Lambda
function to use the layer. Most Voted
  B. Create an Amazon S3 bucket. Upload the external library into the S3 bucket.
Mount the S3 bucket folder in the Lambda function. Import the library by using the
proper folder in the mount point.

 C. Load the external library to the Lambda function's /tmp directory during
deployment of the Lambda package. Import the library from the /tmp directory.

 D. Create an Amazon Elastic File System (Amazon EFS) volume. Upload the external
library to the EFS volume. Mount the EFS volume in the Lambda function. Import the
library by using the proper folder in the mount point.

Hide Solution Discussion 10

Correct Answer: A 🗳

Community vote distribution

A (100%)

Question #128Topic 1

A company has a front-end application that runs on four Amazon EC2 instances behind an
Elastic Load Balancer (ELB) in a production environment that is provisioned by AWS Elastic
Beanstalk. A developer needs to deploy and test new application code while updating the
Elastic Beanstalk platform from the current version to a newer version of Node.js. The
solution must result in zero downtime for the application.

Which solution meets these requirements?

 A. Clone the production environment to a di erent platform version. Deploy the new
application code, and test it. Swap the environment URLs upon verification.

 B. Deploy the new application code in an all-at-once deployment to the existing EC2
instances. Test the code. Redeploy the previous code if verification fails.

 C. Perform an immutable update to deploy the new application code to new EC2
instances. Serve tra ic to the new instances after they pass health checks. Most
Voted

 D. Use a rolling deployment for the new application code. Apply the code to a subset
of EC2 instances until the tests pass. Redeploy the previous code if the tests fail.

Hide Solution Discussion 31

Correct Answer: C 🗳

Community vote distribution

C (49%)

A (38%)

14%

Question #129Topic 1

A developer is creating an AWS Lambda function. The Lambda function will consume
messages from an Amazon Simple Queue Service (Amazon SQS) queue. The developer
wants to integrate unit testing as part of the function's continuous integration and
continuous delivery (CI/CD) process.

How can the developer unit test the function?

 A. Create an AWS CloudFormation template that creates an SQS queue and deploys
the Lambda function. Create a stack from the template during the CI/CD process.
Invoke the deployed function. Verify the output.

 B. Create an SQS event for tests. Use a test that consumes messages from the SQS
queue during the function's Cl/CD process.

 C. Create an SQS queue for tests. Use this SQS queue in the application's unit test.
Run the unit tests during the CI/CD process.

 D. Use the aws lambda invoke command with a test event during the CIICD
process. Most Voted

Hide Solution Discussion 22

Correct Answer: D 🗳

Community vote distribution

D (41%)

C (40%)

B (19%)

Question #130Topic 1
A developer is working on a web application that uses Amazon DynamoDB as its data store.
The application has two DynamoDB tables: one table that is named artists and one table
that is named songs. The artists table has artistName as the partition key. The songs table
has songName as the partition key and artistName as the sort key.

The table usage patterns include the retrieval of multiple songs and artists in a single
database operation from the webpage. The developer needs a way to retrieve this
information with minimal network tra ic and optimal application performance.

Which solution will meet these requirements?

 A. Perform a BatchGetltem operation that returns items from the two tables. Use the
list of songName/artistName keys for the songs table and the list of artistName key
for the artists table. Most Voted

 B. Create a local secondary index (LSI) on the songs table that uses artistName as
the partition key. Perform a query operation for each artistName on the songs table
that filters by the list of songName. Perform a query operation for each artistName
on the artists table.

 C. Perform a BatchGetitem operation on the songs table that uses the

songName/artistName keys. Perform a BatchGetltem operation on the artists table
that uses artistName as the key.

 D. Perform a Scan operation on each table that filters by the list of

songName/artistName for the songs table and the list of artistName in the artists
table.

Hide Solution Discussion 12

Correct Answer: A 🗳

Community vote distribution

A (90%)

5%
- Expert Verified, Online, Free.

 Custom View Settings

Question #1 Topic 1

When launching containers in Amazon ECS, where may PortMapping be defined?

A. Security groups

B. Amazon Elastic Container Registry (Amazon ECR)

C. Container agent

D. Task definition

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonECS/latest/userguide/task_definition_parameters.html

Community vote distribution

D (100%)

Question #2 Topic 1

How should access keys be handled in AWS according to best practices? (Select two.)

A. Use the same access key in all applications for consistency.

B. Delete all access keys for the account root user.

C. Leave unused access keys in the account for tracking purposes.

D. Embed and encrypt access keys in code for continuous deployment.

E. Use Amazon IAM roles instead of access keys where possible.

Correct Answer: BE
Reference:
https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#iam-user-access-keys
Question #3 Topic 1

What is the run order of the hooks for in-place deployments in an AWS CodeDeploy deployment?

A. Before Install -> Application Stop -> Application Start -> After Install

B. Application Stop -> Before Install -> After Install -> Application Start

C. Before Install -> Application Stop -> Validate Service -> Application Start

D. Application Stop -> Before Install -> Validate Service -> Application Start

Correct Answer: B
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html

Community vote distribution

B (100%)

Question #4 Topic 1

Data is read from an Amazon DynamoDB database by an application. The program gets several ProvisionedThroughputExceeded errors many
times a day for a duration of 15 seconds.

What should be done with this exception?

A. Create a new global secondary index for the table to help with the additional requests.

B. Retry the failed read requests with exponential backoff.

C. Immediately retry the failed read requests.

D. Use the DynamoDB ‫ג‬€UpdateItem‫ג‬€ API to increase the provisioned throughput capacity of the table.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-query-scan.html

Community vote distribution

B (100%)
Question #5 Topic 1

All data in transit between an EC2 instance and an Amazon EBS volume must be secured for a physician's office management application.

Which one of the following strategies satisfies this criterion? (Select two.)

A. Create encrypted snapshots into Amazon S3.

B. Use Amazon RDS with encryption.

C. Use IAM roles to limit access to the Amazon EBS volume.

D. Enable EBS encryption.

E. Leverage OS-level encryption.

Correct Answer: AD
Reference:
https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/

Community vote distribution

CD (67%) DE (33%)

Question #6 Topic 1

What section of the document root must be included in an AWS CloudFormation template to include objects specified by the AWS Serverless
Application Model (SAM) in addition to Resources?

A. Conditions

B. Globals

C. Transform

D. Properties

Correct Answer: D
Reference:
https://docs.aws.amazon.com/cloud9/latest/user-guide/lambda-functions.html

Community vote distribution

C (100%)
Question #7 Topic 1

A developer recognizes the need for centralized storage of application-level logs while designing an application that runs on Amazon EC2 in an
Amazon VPC.

Which AWS service can be utilized to store these logs securely?

A. Amazon EC2 VPC Flow Logs

B. Amazon CloudWatch Logs

C. Amazon CloudSearch

D. AWS CloudTrail

Correct Answer: B
Reference:
https://aws.amazon.com/answers/logging/centralized-logging/

Community vote distribution

B (100%)

Question #8 Topic 1

What are the requirements for configuring container instances in an AWS Elastic Beanstalk multi-container Docker environment?

A. An Amazon ECS task definition

B. An Amazon ECS cluster

C. A Dockerfile in an application package

D. A CLI for Elastic Beanstalk

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html

Community vote distribution

A (50%) C (50%)

Question #9 Topic 1

A developer must install a serverless RESTful API on AWS regularly and consistently.

Which strategies will be effective? (Select two.)

A. Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.

B. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.

C. Deploy a SAM template with an inline Swagger definition.

D. Define a Swagger file. Deploy a SAM template that references the Swagger file.

E. Define an inline Swagger definition in a Lambda function. Invoke the Lambda function.

Correct Answer: DE

Community vote distribution

CD (100%)
Question #10 Topic 1

Amazon Kinesis is used to load data into a stock market monitoring application. The Kinesis stream cannot keep up with the incoming data during
simulated peak data rates testing.

What step will enable Kinesis to handle peak-hour traffic?

A. Install the Kinesis Producer Library (KPL) for ingesting data into the stream.

B. Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod.

C. Increase the shard count of the stream using UpdateShardCount.

D. Ingest multiple records into the stream in a single call using PutRecords.

Correct Answer: A
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Community vote distribution

C (100%)

Question #11 Topic 1

AWS services must be accessed and API calls must be made by an application running on an Amazon EC2 instance.
What is the SAFEST approach to grant access to AWS services with the least amount of administration overhead?

A. Use AWS KMS to store and retrieve credentials.

B. Use EC2 instance profiles.

C. Use AWS root user to make requests to the application.

D. Store and retrieve credentials from AWS CodeCommit.

Correct Answer: B

Community vote distribution

B (100%)

Question #12 Topic 1

With production-distributed applications created as AWS Lambda functions, a developer must investigate performance issues. Other components
of the applications are invoked by these distributed Lambda applications.
What is the best way for a developer to discover and resolve the root cause of production performance issues?

A. Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.

B. Use AWS CloudTrail and then examine the logs.

C. Use AWS X-Ray, then examine the segments and errors.

D. Run Amazon Inspector agents and then analyze performance.

Correct Answer: C

Community vote distribution

C (100%)
Question #13 Topic 1

What is the advantage of instantiating AWS clients outside the scope of the handler when constructing a Lambda function?

A. Legibility and stylistic convention

B. Taking advantage of connection re-use

C. Better error handling

D. Creating a new instance per invocation

Correct Answer: B
Reference:
https://www.jeremydaly.com/reuse-database-connections-aws-lambda/

Community vote distribution

B (100%)

Question #14 Topic 1

Thousands of sensitive audio and video data must be stored in an Amazon S3 bucket. All data written to this bucket must be encrypted according
to organizational security rules.

How can this policy's compliance be ensured?

A. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.

B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.

C. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.

D. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.

Correct Answer: B

Community vote distribution

B (100%)

Question #15 Topic 1

Before code is released into the production environment, the release process workflow of an application needs human review.

What is the MOST EFFECTIVE method to do this using AWS CodePipeline?

A. Use multiple pipelines to allow approval

B. Use an approval action in a stage

C. Disable the stage transition to allow manual approval

D. Disable a stage just prior the deployment stage

Correct Answer: D

Community vote distribution

B (100%)
Question #16 Topic 1

When attempting to start or stop an Amazon EC2 instance using a boto3 script, the developer gets the following error message.

What is the developer's responsibility in resolving this error message?

A. Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of the client.

B. Implement an exponential backoff algorithm for optimizing the number of API requests made to Amazon EC2.

C. Increase the overall network bandwidth to handle higher API request rates.

D. Upgrade to the latest AWS CLI version so that boto3 can handle higher request rates.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/general/latest/gr/api-retries.html

Community vote distribution

B (100%)

Question #17 Topic 1

On an EC2 instance, an application is executing. The developer wishes to keep a statistic about his program in Amazon CloudWatch.

How should this requirement be implemented optimally?

A. Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to
CloudWatch.

B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to
CloudWatch.

C. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API
call.

D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role
to enable the API call.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mon-scripts.html

Community vote distribution

D (86%) 14%
Question #18 Topic 1

What are the best practices for using bespoke libraries in AWS Lambda?

A. Host the library on Amazon S3 and reference to it from the Lambda function.

B. Install the library locally and upload a ZIP file of the Lambda function.

C. Import the necessary Lambda blueprint when creating the function.

D. Modify the function runtime to include the necessary library.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

Community vote distribution

B (100%)

Question #19 Topic 1

The application components of a big firm are scattered across several AWS accounts. The organization must gather and display account-level
trace data.

What materials should be utilized to achieve these specifications?

A. AWS X-Ray

B. Amazon CloudWatch

C. Amazon VPC flow logs

D. Amazon Elasticsearch Service

Correct Answer: A
Reference:
https://aws.amazon.com/xray/

Community vote distribution

A (100%)
Question #20 Topic 1

Amazon DynamoDB is used by an application that is deployed on Amazon EC2. The program makes a REST API request to DynamoDB.
Periodically, when the application writes to a DynamoDB table, it gets a ProvisionedThroughputExceededException error.

Which solutions will most effectively prevent this error? (Select two.)

A. Modify the application code to perform exponential backoff when the error is received.

B. Modify the application to use the AWS SDKs for DynamoDB.

C. Increase the read and write throughput of the DynamoDB table.

D. Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.

E. Create a second DynamoDB table. Distribute the reads and writes between two tables.

Correct Answer: AB
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html

Community vote distribution

AB (100%)

Question #21 Topic 1

Amazon DynamoDB is used by a corporation to manage and track orders. The order date is used to split the DynamoDB table. During a sales
event, the company receives a large spike in orders, forcing DynamoDB writes to choke, and the used throughput is considerably lower than the
permitted throughput.
How can this issue be rectified with MINIMAL expenses, according to AWS best practices?

A. Create a new DynamoDB table for every order date.

B. Increase the read and write capacity units of the DynamoDB table.

C. Add a random number suffix to the partition key values.

D. Add a global secondary index to the DynamoDB table.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/throttled-ddb/

Community vote distribution

C (100%)
Question #22 Topic 1

An Amazon S3 bucket is used to host a static website. JavaScript is used on many HTML pages on the site to retrieve photos from another
Amazon S3 bucket. When people explore the site, certain photos are not shown.

What may be the underlying source of the problem?

A. The referenced Amazon S3 bucket is in another region.

B. The images must be stored in the same Amazon S3 bucket.

C. Port 80 must be opened on the security group in which the Amazon S3 bucket is located.

D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.

Correct Answer: D

Question #23 Topic 1

Amazon Elastic Container Service is used to deploy a microservices application across several containers (Amazon ECS). A developer want to
collect trace information across microservices and view the microservices architecture in order to optimize performance.

Which solution will satisfy these criteria?

A. Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application.

B. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the
microservices.

C. Install the AWS X-Ray daemon on each of the ECS instances.

D. Configure AWS CloudTrail data events to capture the traffic between the microservices.

Correct Answer: C

Community vote distribution

A (100%)

Question #24 Topic 1

Each hour, a business must consume terabytes of data from hundreds of sources, which arrive practically continuously throughout the day. The
quantity of texts produced changes during the day. For fraud detection and live operating dashboards, messages must be sent in real time.

Which strategy will satisfy these criteria?

A. Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances

B. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift

C. Use AWS Data Pipeline to automate the movement and transformation of data

D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Community vote distribution

D (100%)
Question #25 Topic 1

A business processes papers that arrive through an Amazon S3 bucket. Through a web user interface, users may upload documents to an S3
bucket. When files are received in S3, an AWS Lambda function is executed to handle them, however the Lambda function periodically times out.

What happens to the S3 event if the Lambda function is setup with the default settings?

A. Notification of a failed S3 event is send as an email through Amazon SNS.

B. The S3 event is sent to the default Dead Letter Queue.

C. The S3 event is processed until it is successful.

D. The S3 event is discarded after the event is retried twice.

Correct Answer: A

Community vote distribution

D (100%)

Question #26 Topic 1

On AWS Elastic Beanstalk, a gaming firm has created a web portal. Occasionally, the organization must deliver new versions three or four times
every day.
The organization must rapidly roll out new features to all users. The solution's performance effect must be kept to a minimum and its availability
must be maximized.

Which solution will satisfy these criteria?

A. Use a rolling deployment policy to deploy to Amazon EC2 instances.

B. Use an immutable deployment policy to deploy to Amazon EC2 instances.

C. Use an all-at-once deployment policy to deploy to Amazon EC2 instances.

D. Use a canary deployment strategy to deploy changes to Amazon EC2 instances.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

Community vote distribution

B (100%)
Question #27 Topic 1

A considerable amount of read capacity is being used by queries to an Amazon DynamoDB database. There are a high number of huge
characteristics in the table. The program does not need the whole set of attribute data.

How may DynamoDB expenses be lowered while application performance be maximized?

A. Batch all the writes, and perform the write operations when no or few reads are being performed.

B. Create a global secondary index with a minimum set of projected attributes.

C. Implement exponential backoffs in the application.

D. Load balance the reads to the table using an Application Load Balancer.

Correct Answer: B

Community vote distribution

B (100%)

Question #28 Topic 1

Data is stored in an S3 bucket by an application operating on EC2 instances. All data must be encrypted in transit, according to security rules.

How can the developer encrypt all traffic to the S3 bucket?

A. Install certificates on the EC2 instances.

B. Create a bucket policy that allows traffic where SecureTransport is true.

C. Create an HTTPS redirect on the EC2 instances.

D. Create a bucket policy that denies traffic where SecureTransport is false.

Correct Answer: B

Community vote distribution

D (100%)
Question #29 Topic 1

A corporation is employing an Amazon CloudFront distribution to provide private media content from Amazon S3. A developer must use the
signed URL to encrypt the media content.

What should the developer do to comply with this stipulation?

A. Use an access Key and a secret access key to generate an S3 presigned URL. Replace the S3 hostname with a CloudFront distribution name
in the URL.

B. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a public key and key ID
to sign the CloudFront URL.

C. Create an SSH-2 DSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key
ID to sign the CloudFront URL.

D. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key
ID to sign the CloudFront URL.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html

Community vote distribution

D (86%) 14%

Question #30 Topic 1

A business is processing records from an Amazon Kinesis data stream using an AWS Lambda function. The firm suddenly noticed that records
were being processed slowly. A developer finds that the function's iterator age metric is growing and the Lambda run time is consistently more
than expected.

Which activities should the developer do to boost the performance of the processor? (Select two.)

A. Increase the number of shards of the Kinesis data stream.

B. Decrease the timeout of the Lambda function.

C. Increase the memory that is allocated to the Lambda function.

D. Decrease the number of shards of the Kinesis data stream.

E. Increase the timeout of the Lambda function.

Correct Answer: AC
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-iterator-age/

Community vote distribution

AC (75%) AE (25%)
Question #31 Topic 1

An program overwrites an item in Amazon S3, then reads the identical object instantaneously.

Why might the program sometimes get an object's previous version?

A. S3 overwrite PUTS are eventually consistent, so the application may read the old object.

B. The application needs to add extra metadata to label the latest version when uploading to Amazon S3.

C. All S3 PUTS are eventually consistent, so the application may read the old object.

D. The application needs to explicitly specify latest version when retrieving the object.

Correct Answer: A

Question #32 Topic 1

A legacy service has a SOAP interface that is XML-based. The developer want to use the Amazon API Gateway to expose the service's capabilities
to external customers.

Which approach is necessary to do this?

A. Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping
templates.

B. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.

C. Create a SOAP API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.

D. Create a SOAP API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping
templates.

Correct Answer: A

Community vote distribution

A (100%)
Question #33 Topic 1

As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is
handled by old bespoke code that is prone to failure.

Which AWS Service can assist with state machine refactoring and management?

A. AWS Data Pipeline

B. AWS SNS with AWS SQS

C. Amazon Elastic MapReduce

D. AWS Step Functions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-creating-lambda-state-machine.html

Community vote distribution

D (100%)

Question #34 Topic 1

A business is building a new online game using the Amazon ECS platform. The design will have four separate Amazon ECS services, each of
which will need unique permissions to various AWS services. By bin packing the containers depending on memory reservation, the business hopes
to optimize the utilization of the underlying Amazon EC2 instances.

Which configuration would enable the Development team to accomplish these criteria in the most secure manner possible?

A. Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services,
then associate that instance role with the underlying EC2 instances.

B. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to
reference the associated IAM role.

C. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and
configure the ECS cluster to reference that group.

D. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task
definition to referenׁe the associated IAM role.

Correct Answer: C

Community vote distribution

D (100%)
Question #35 Topic 1

A developer wishes to search and filter log data in order to troubleshoot an application. Amazon CloudWatch Logs stores the application logs. To
count exceptions in the application logs, the Developer sets a new metric filter. The logs, on the other hand, return no results.
What is the cause for the absence of filtered results?

A. A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC

B. CloudWatch Logs only publishes metric data for events that happen after the filter is created

C. The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results

D. Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringLogData.html

Question #36 Topic 1

The processing of an Amazon SQS message by an application takes longer than planned.

What should the developer do to ensure that other instances of the program do not get the same message?

A. Make a ReceiveMessage call to get the same message again from the queue

B. Issue a DeleteMessage call to delete the message from the queue

C. Use SendMessage to pass the message to the dead letter queue

D. Send a ChangeMessageVisibility call to extend VisibilityTimeout

Correct Answer: A

Community vote distribution

D (100%)

Question #37 Topic 1

For its application database tier, a corporation uses Amazon RDS MySQL instances, and for its web tier, Apache Tomcat servers. Repeated read
requests make up the majority of database queries from web apps.
Which AWS service would benefit from the addition of an in-memory store for repeated read queries?

A. Amazon RDS Multi-AZ

B. Amazon SQS

C. Amazon ElastiCache

D. Amazon RDS read replica

Correct Answer: C

Community vote distribution

C (100%)
Question #38 Topic 1

A business is deploying AWS resources using AWS CloudFormation templates. The organization requires an upgrade to one of its Amazon Web
Services CloudFormation stacks.

What can the business do to ascertain the effect of the adjustments on the operating resources?

A. Investigate the change sets.

B. Investigate the stack policies.

C. Investigate the Metadata section.

D. Investigate the Resources section.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html

Community vote distribution

A (86%) 14%

Question #39 Topic 1

A developer is trying to upload an object to an S3 bucket that has default encryption enabled using the Amazon S3 PutObject API action. A 400
Bad Request error is sent to the developer.

Which of the following is the most probable source of this error?

A. The API operation cannot access the encryption key.

B. The HTTP Content-Length header is missing.

C. The object exceeds the maximum object size that is allowed.

D. The S3 bucket exceeds the maximum storage capacity that is allowed.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/API/API_Error.html

Community vote distribution

C (100%)
Question #40 Topic 1

As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is
handled by old bespoke code that is prone to failure.

Which AWS Service can assist with state machine refactoring and management?

A. AWS Data Pipeline

B. AWS SNS with AWS SQS

C. Amazon Elastic MapReduce

D. AWS Step Functions

Correct Answer: D

Community vote distribution

D (100%)

Question #41 Topic 1

A business uses Amazon EC2 instances to execute a bespoke web application behind an Application Load Balancer. The instances are managed
as part of an Auto Scaling group. The company's development team deploys all services through AWS CloudFormation. When the development
team runs a new instance of the program, it takes time to install and setup.

Which sequence of actions should a developer follow to improve efficiency while launching a new instance? (Select two.)

A. Use an AWS Marketplace Amazon Machine Image (AMI) with a prebuilt application.

B. Create a prebuilt Amazon Machine Image (AMI) with the application installed and configured.

C. Update the launch template resource in the CloudFormation template.

D. Use AWS Systems Manager Run Command to install and configure the application.

E. Use CloudFormation helper scripts to install and configure the application.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html

Community vote distribution

BC (60%) CE (40%)
Question #42 Topic 1

An API Gateway and AWS Lambda are used in a serverless application.

Where should the Lambda function's session data be stored between function calls?

A. In an Amazon DynamoDB table

B. In an Amazon SQS queue

C. In the local filesystem

D. In an SQLite session table using ‫ג‬€"DSQLITE_ENABLE_SESSION

Correct Answer: A

Community vote distribution

A (100%)

Question #43 Topic 1

A Linux, Apache, MySQL, and PHP (LAMP) stack is used to construct an on-premises application. The developer want to host this application on
Amazon Web Services.

Which of the following AWS service sets is appropriate for running this stack?

A. Amazon API Gateway, Amazon S3

B. AWS Lambda, Amazon DynamoDB

C. Amazon EC2, Amazon Aurora

D. Amazon Cognito, Amazon RDS

E. Amazon ECS, Amazon EBS

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/php-ha-tutorial.html?icmpid=docs_tutorial_projects

Community vote distribution

E (50%) C (50%)
Question #44 Topic 1

When a developer calls the Amazon CloudWatch API, he receives HTTP 400: ThrottlingException errors sporadically. When a call is not successful,
no data is obtained.

Which best practice should be implemented first in order to remedy this issue?

A. Contact AWS Support for a limit increase.

B. Use the AWS CLI to get the metrics

C. Analyze the applications and remove the API call

D. Retry the call with exponential backoff

Correct Answer: B

Community vote distribution

D (100%)

Question #45 Topic 1

A developer is in the process of developing an event handling system. The developer established a normal Amazon SQS queue to process
messages asynchronously. According to quality assurance testing, some events were handled several times.

What is the preferred method for preventing events from being handled multiple times?

A. Change long polling to short polling.

B. Use a FIFO queue and configure deduplication.

C. Convert the standard SQS queue into a FIFO queue.

D. Send the messages with message timers.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html

Community vote distribution

B (100%)

Question #46 Topic 1

Where in the application source bundle should an Elastic Beanstalk configuration file called healthcheckur1.config be placed?

A. In the root of the application

B. In the bin folder

C. In healthcheckur1.config.ebextension under root

D. In the .ebextensions folder

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
Question #47 Topic 1

Before data is sent to a downstream service, it is processed by a Lambda function. Each byte of data is around 1MB in size. Following a security
assessment, the function must now encrypt data prior to transmitting it downstream.

Which API call is necessary to encrypt the data?

A. Pass the data to the KMS ReEncrvpt API for encryption.

B. Use the KMS GenerateDataKev API to get an encryption key.

C. Use the KMS GenerateDataKeyWithoutPlainText API to get an encryption key.

D. Pass the data to KMS as part of the Encrypt API for encryption.

Correct Answer: B

Community vote distribution

B (100%)

Question #48 Topic 1

A corporation uses Amazon API Gateway and the API Gateway native API key validation to maintain a REST service. Users can now join up for the
service through a new registration website that was recently developed by the corporation. The registration page uses CreateApiKey to generate a
new API key and sends it to the user. The user receives a 403 Forbidden error when attempting to call the API with this key. Existing API users are
unaffected and can continue to utilize it.
What changes to the code will allow these additional users to access the API?

A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.

B. The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key.

C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Correct Answer: C

Community vote distribution

D (100%)
Question #49 Topic 1

Multiple EC2 instances are used to execute an application behind an ELB.

Where is the ideal place to store session data so that it can be consistently delivered over numerous requests?

A. Write data to Amazon ElastiCache

B. Write data to Amazon Elastic Block Store.

C. Write data to Amazon EC2 Instance Store.

D. Write data to the root filesystem.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/microservices-on-aws/microservices-on-aws.pdf?
icmpid=link_from_whitepapers_page
(14)

Community vote distribution

A (100%)

Question #50 Topic 1

A development team is now supporting an application that saves cumulative gaming outcomes in an in-memory store. A database is used to keep
individual outcomes. The team must employ automated scaling as part of the migration to AWS. The team is aware that this will result in uneven
outcomes.

Where should the team keep these gathered game outcomes in order to achieve the highest level of consistency without jeopardizing
performance?

A. Amazon S3

B. Amazon RDS

C. Amazon ElastiCache

D. Amazon Kinesis

Correct Answer: C
Question #51 Topic 1

A developer is developing an application for Amazon EC2 instances. To read and write records, the application must establish a connection to an
Amazon DynamoDB database. The security staff must change access keys on a regular basis.
Which technique will meet these criteria?

A. Create an IAM role with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the
application as environment variables.

B. Create an IAM user with read and write access to the DynamoDB table. Store the user name and password in the application and generate
access keys using an AWS SDK.

C. Create an IAM role, configure read and write access for the DynamoDB table, and attach to the EC2 instances.

D. Create an IAM user with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the
application as a credentials file.

Correct Answer: D

Community vote distribution

C ( 00%)

Question #52 Topic 1

A developer is using Amazon S3 to store critical documents that need encryption at rest. At the very least, the encryption keys must be cycled
yearly.

What is the simplest method for doing this?

A. Encrypt the data before sending it to Amazon S3

B. Import a custom key into AWS KMS with annual rotation enabled

C. Use AWS KMS with automatic key rotation

D. Export a key from AWS KMS to encrypt the data

Correct Answer: B

Community vote distribution

C (83%) B (17%)

Question #53 Topic 1

A business delivers APIs as a service and binds all of its users to a service level agreement (SLA).

What should the organization do to ensure compliance with each SLA?

A. Enable throttling limits for each method in Amazon API Gateway

B. Create a usage plan for each user and request API keys to access the APIs

C. Enable API rate limiting in Amazon Cognito for each user

D. Enable default throttling limits for each stage after deploying the APIs

Correct Answer: D

Community vote distribution

B (100%)
Question #54 Topic 1

A developer created a static website hosted on Amazon S3 that uses Amazon API Gateway and AWS Lambda to conduct web service queries. The
site is now displaying an error message that reads as follows:
The requested resource does not have an Access-Control-Allow-Origin€TM header. As a result, origin € null€TM is denied access. ‫ג‬€

What is the Developer's responsibility in resolving this issue?

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

B. Enable cross-origin resource sharing (CORS) for the method in API Gateway

C. Add the Access-Control-Request-Method header to the request

D. Add the Access-Control-Request-Headers header to the request

Correct Answer: B
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=252972

Community vote distribution

B (75%) A (25%)
Question #55 Topic 1

Returning consumers may log in to see personalized web pages on an e-commerce site. The process is shown below:

On EC2 instances, an application is executing. The database that records user accounts and preferences is hosted on Amazon RDS. While waiting
for the login stage to finish, the website freezes or loads slowly. The remainder of the site's components are properly optimized.

Which of the following strategies will effectively fix this situation? (Select two.)

A. Implement the user login page as an asynchronous Lambda function.

B. Use Amazon ElastiCache for MemCached to cache user data.

C. Use an Amazon Application Load Balancer to load balance the traffic to the website.

D. Call the database asynchronously so the code can continue executing.

E. Batch login requests from hundreds of users together as a single read request to the database.

Correct Answer: BD

Community vote distribution

BD (67%) BC (33%)
Question #56 Topic 1

A vast number of tiny messages are ingested by an application and stored in a database. AWS Lambda is used to power the application. A
development team is making adjustments to the processing logic of the program. Each message is processing more than 15 minutes in testing.
The team is worried that the present backend will fail to function properly.

Which improvements to the backend system should be implemented to guarantee that each message is treated in the most scalable manner
possible?

A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the queue and process messages as they arrive.

B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the
messages as they arrive.

C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increased processing time.

D. Change the application to directly insert the body of the message into an Amazon RDS database.

Correct Answer: B

Community vote distribution

B (100%)

Question #57 Topic 1

An application developer is tasked with integrating Amazon CloudWatch into an on-premises environment.

According to AWS security best practices, how should the application use CloudWatch?

A. Configure AWS credentials in the application server with an AWS SDK

B. Implement and proxy API-calls through an EC2 instance

C. Store IAM credentials in the source code to enable access

D. Add the application server SSH-key to AWS

Correct Answer: A

Community vote distribution

A (100%)
Question #58 Topic 1

A developer attempts to use the command aws configure after installing the AWS CLI and gets the following error:
aws: command not found Error: aws: command not found

Which of the following is the most probable source of this error?

A. The aws executable is not in the PATH environment variable.

B. Access to the aws executable has been denied to the installer.

C. Incorrect AWS credentials were provided.

D. The aws script does not have an executable file mode.

Correct Answer: A

Community vote distribution

A (100%)

Question #59 Topic 1

A business utilizes AWS CodeBuild and AWS CodeCommit to implement a continuous build process. Developers routinely submit code throughout
the development period, resulting in large build failures. The firm is looking for a solution that would generate code prior to developers pushing it
to the main branch.

Which option best fits these criteria in terms of cost-effectiveness?

A. Configure am Amazon EC2 instance with the CodeBuild agent to build the code.

B. Configure CodeBuild jobs on AWS for each branch build process.

C. Configure the CodeBuild agent to build the code in the local system.

D. Configure a Jenkins plugin for CodeBuild to run the code build process

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/use-codebuild-agent.html

Community vote distribution

C (100%)
Question #60 Topic 1

In an Amazon DynamoDB database, a game holds user game data. Individual users should not have access to the gaming data of other players.

How is this possible?

A. Encrypt the game data with individual user keys.

B. Restrict access to specific items based on certain primary key values.

C. Stage data in SQS queues to inject metadata before accessing DynamoDB.

D. Read records from DynamoDB and discard irrelevant data client-side.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html

Question #61 Topic 1

A multi-Amazon EC2 instance application reads messages from a typical Amazon SQS queue. All communications must be encrypted at rest as a
requirement of the program.
When feasible, developers are urged to employ approaches that enable centralized key management and reduce support needs.

Which of the following solutions adheres to these specifications?

A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.

B. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.

C. Create an SQS queue, and encrypt the queue by using sewer-side encryption with AWS KMS.

D. Create an SQS queue, and encrypt the queue by using client-side encryption.

Correct Answer: B

Community vote distribution

C (100%)

Question #62 Topic 1

A business operates an e-commerce website that makes use of Amazon DynamoDB to dynamically adjust the price of products in real time. At any
one moment, numerous changes to price information for a specific product may occur concurrently. This results in the overwriting of the original
editor's modifications without a thorough review procedure.

Which write option in DynamoDB should be used to avoid this overwriting?

A. Concurrent writes

B. Conditional writes

C. Atomic writes

D. Batch writes

Correct Answer: B

Community vote distribution

B (100%)
Question #63 Topic 1

A developer must use an AWS CloudFormation template to launch a new AWS Lambda function.

Which processes are responsible for deploying Lambda functions? (Select two.)

A. Upload the code to an AWS CodeCommit repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

B. Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template.

C. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the
template.

D. Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to it in an AWS::Lambda::Function resource in
the template.

E. Upload the function code to a private Git repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

Correct Answer: BD

Community vote distribution

BC (100%)

Question #64 Topic 1

A developer want to utilize AWS X-Ray to monitor the end-to-end performance of a user request across the whole software stack. The developer
modified the program, tested it, and discovered that it is capable of sending traces to AWS X-Ray. The traces, on the other hand, are not accessible
when the program is deployed to an EC2 instance.

Which of the following is most likely to result in this situation? (Select two.)

A. The traces are reaching X-Ray, but the Developer does not have access to view the records.

B. The X-Ray daemon is not installed on the EC2 instance.

C. The X-Ray endpoint specified in the application configuration is incorrect.

D. The instance role does not have ‫ג‬€xray:BatchGetTraces‫ג‬€ and ‫ג‬€xray:GetTraceGraph‫ג‬€ permissions.

E. The instance role does not have ‫ג‬€xray:PutTraceSegments‫ג‬€ and ‫ג‬€xray:PutTelemetryRecords‫ג‬€ permissions.

Correct Answer: BE

Community vote distribution

BE (100%)
Question #65 Topic 1

An application extracts metadata from files uploaded to an S3 bucket using Lambda functions; the information is then saved in Amazon
DynamoDB. The program begins to behave strangely, and the developer want to investigate the Lambda function code's logs for faults.

Where would the Developer look for logs based on this system configuration?

A. Amazon S3

B. AWS CloudTrail

C. Amazon CloudWatch

D. Amazon DynamoDB

Correct Answer: C

Community vote distribution

C (100%)

Question #66 Topic 1

What is the purpose of an Amazon SQS delay queue?

A. Messages are hidden for a configurable amount of time when they are first added to the queue.

B. Messages are hidden for a configurable amount of time after they are consumed from the queue.

C. The consumer can poll the queue for a configurable amount of time before retrieving a message.

D. Message cannot be deleted for a configurable amount of time after they are consumed from the queue.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-delay-queues.html

Community vote distribution

A (100%)
Question #67 Topic 1

A business is developing an ecommerce website, and the static data will be stored on Amazon S3. The business anticipates roughly 1,000 GET
and PUT requests per second (TPS). All queries must be logged and maintained for auditing reasons.

Which approach is the MOST cost-effective?

A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon
S3 Glacier in 90 days.

B. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.

C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.

D. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-request-identification.html

Community vote distribution

A (60%) D (40%)

Question #68 Topic 1

A business has an application in which reading items from Amazon S3 is conditional on the user type. There are two sorts of users: registered and
visitor. The firm now has 25,000 users and is expanding at a rapid pace. Depending on the user type, data is fetched from an S3 bucket.

Which techniques are advised for accommodating both sorts of users? (Select two.)

A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to
the objects.

B. Use S3 bucket policies to restrict read access to specific IAM users.

C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.

D. Create a new IAM user for each user and grant read access.

E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole
action depending on the type of user and provide read access to Amazon S3 using the assumed role.

Correct Answer: AB

Community vote distribution

CE (100%)
Question #69 Topic 1

Using Amazon API Gateway, a developer has established a REST API. The developer want to keep track of which callers and how they utilize the
API. Additionally, the developer want to have control over the duration of the logs.

What actions should the developer take to ensure compliance with these requirements?

A. Enable API Gateway execution logging. Delete old logs using API Gateway retention settings.

B. Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs.

C. Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring AWS Lambda function.

D. Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function.

Correct Answer: C

Community vote distribution

B (100%)

Question #70 Topic 1

A huge e-commerce site is being developed that will use Amazon S3 to distribute static items. More than 300 GET requests per second will be
served from the Amazon S3 bucket.

What changes should be made to improve performance? (Select two.)

A. Integrate Amazon CloudFront with Amazon S3.

B. Enable Amazon S3 cross-region replication.

C. Delete expired Amazon S3 server log files.

D. Configure Amazon S3 lifecycle rules.

E. Randomize Amazon S3 key name prefixes.

Correct Answer: AB
Reference:
http://jayendrapatil.com/aws-s3-best-practices/

Community vote distribution

AB (50%) AE (50%)
Question #71 Topic 1

A business in the us-east-1 Region has installed web servers on Amazon EC2 instances running Amazon Linux. Amazon Elastic Block Store is
used to back up the EC2 instances (Amazon EBS). A developer want to guarantee that all of these instances use an AWS Key Management Service
(AWS KMS) key to offer encryption at rest.

How can a developer use an AWS KMS key to enable encryption at rest on existing and new instances?

A. Use AWS Certificate Manager (ACM) to generate a TLS certificate. Store the private key in AWS KMS. Use AWS KMS on the instances to
enable TLS encryption.

B. Manually enable EBS encryption with AWS KMS on running instances. Then enable EBS encryption by default for new instances.

C. Enable EBS encryption by default. Create snapshots from the running instances. Replace running instances with new instances from
snapshots.

D. Export the AWS KMS key to the application. Encrypt all application data by using the exported key. Enable EBS encryption by default to
encrypt all other data.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/

Community vote distribution

C (100%)

Question #72 Topic 1

A developer is developing an application that will use Amazon S3 to store data. Before data is transmitted to Amazon S3 for storage, management
requires that it be secured. The Security team is responsible for managing the encryption keys.

Which strategy should the developer use to satisfy these requirements?

A. Implement server-side encryption using customer-provided encryption keys (SSE-C).

B. Implement server-side encryption by using a client-side master key.

C. Implement client-side encryption using an AWS KMS managed customer master key (CMK).

D. Implement client-side encryption using Amazon S3 managed keys.

Correct Answer: D
Reference:
https://aws.amazon.com/s3/faqs/

Community vote distribution

C (67%) A (33%)
Question #73 Topic 1

A developer has designed a software package that will be distributed utilizing IAM roles across many EC2 servers.

What measures may be taken to validate IAM access to Amazon Kinesis Streams records? (Select two.)

A. Use the AWS CLI to retrieve the IAM group.

B. Query Amazon EC2 metadata for in-line IAM policies.

C. Request a token from AWS STS, and perform a describe action.

D. Perform a get action using the ‫ג‬€"-dry-run argument.

E. Validate the IAM role policy with the IAM policy simulator.

Correct Answer: BE

Community vote distribution

DE (63%) BE (38%)

Question #74 Topic 1

A developer must verify that an application's IAM credentials are not abused or exploited when running on Amazon EC2.

What should the developer do to ensure the security of user credentials?

A. Environment variables

B. AWS credentials file

C. Instance profile credentials

D. Command line options

Correct Answer: D

Community vote distribution

C (100%)
Question #75 Topic 1

A developer has created an Amazon S3 bucket to store JSON data. The developer want to share an item with a select set of individuals in a safe
manner.

How can the developer allow temporary access to the items stored in the S3 bucket in a safe manner?

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the
bucket's S3 URL.

B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.

C. Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL.

D. Configure static web hosting on the S3 bucket. Provide the bucket's web URL.

Correct Answer: B
Reference:
https://blog.pics.io/everything-you-need-to-know-about-amazon-s3-bucket/

Community vote distribution

B (100%)

Question #76 Topic 1

Page load times on a website steadily increase as more people visit the system concurrently. According to the analysis, a user profile is being
loaded from a database on each web page viewed by a user, which increases database load and page load delay. The developer chooses to cache
the user profile data in order to remedy this problem.

Which caching approach would most effectively solve this situation?

A. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through
caching strategy.

B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.

C. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy.

D. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy.

Correct Answer: B

Community vote distribution

B (67%) D (33%)
Question #77 Topic 1

A business is developing a Java application that will be deployed to Amazon Web Services. The firm creates a pipeline for the project using AWS
CodePipeline. CodePipeline must build and deploy the application on the AWS Cloud whenever a team member makes changes to the source
code.

Which AWS services combination does the business need to utilize to achieve these requirements?

A. Amazon S3, AWS CodeBuild, and AWS CodeCommit

B. Amazon S3, AWS CodeBuild, and Amazon Elastic Container Service (Amazon ECS)

C. AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy

D. Amazon CodeGuru, AWS CodeCommit, and AWS CodeBuild

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/devops/complete-ci-cd-with-aws-codecommit-aws-codebuild-aws-codedeploy-and-aws-codepipeline/

Community vote distribution

C (100%)

Question #78 Topic 1

A developer is about to launch an AWS Lambda function that will use a substantial amount of CPU.

Which technique will minimize the function's average runtime?

A. Deploy the function into multiple AWS Regions.

B. Deploy the function into multiple Availability Zones.

C. Deploy the function using Lambda layers.

D. Deploy the function with its memory allocation set to the maximum amount.

Correct Answer: C
Layers let you keep your deployment package small, which makes development easier. You can avoid errors that can occur when you install and
package dependencies with your function code.
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
(86)

Community vote distribution

D (100%)
Question #79 Topic 1

A business is operating an application that is powered by AWS Lambda services. When a Lambda function is required to download a 50MB file
from the Internet on each run, performance difficulties arise. Multiple times per second, this function is invoked.

Which approach would result in the greatest performance boost?

A. Cache the file in the /tmp directory

B. Increase the Lambda maximum execution time

C. Put an Elastic Load Balancer in front of the Lambda function

D. Cache the file in Amazon S3

Correct Answer: A

Community vote distribution

A (100%)

Question #80 Topic 1

An HTTPS clone URL for an AWS CodeCommit repository is supplied to a developer.

What configuration is required prior to cloning this repository?

A. Use AWS KMS to set up public and private keys for use with AWS CodeCommit.

B. Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories.

C. Use AWS Certificate Manager to provision public and private SSL/TLS certificates.

D. Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommitl.

Correct Answer: B
AWS credential profile, and enabling the Git credential helper to send the path to repositories:
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html

Community vote distribution

B (100%)
Question #81 Topic 1

A Linux EC2 instance operating on Amazon Web Services requires management of the AWS architecture.

How may an Amazon EC2 instance be configured to perform secure AWS API calls?

A. Sign the AWS CLI command using the signature version 4 process.

B. Run the aws configure AWS CLI command and specify the access key id and secret access key.

C. Specify a role for the EC2 instance with the necessary privileges.

D. Pass the access key id and secret access key as parameters for each AWS CLI command.

Correct Answer: C

Community vote distribution

C (100%)

Question #82 Topic 1

What is needed to use AWS X-Ray to trace Lambda-based applications?

A. Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray.

B. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray.

C. Use an IAM execution role to give the Lambda function permissions and enable tracing.

D. Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace.

Correct Answer: C

Community vote distribution

C (100%)

Question #83 Topic 1

A developer wishes to lower the execution time of a complete Amazon DynamoDB database scan during off-peak hours without impairing typical
workloads. During non-peak hours, workloads average around half of the highly constant read capacity units.

How would the Developer optimize this scan if he or she were the developer?

A. Use parallel scans while limiting the rate

B. Use sequential scans

C. Increase read capacity units during the scan operation

D. Change consistency to eventually consistent during the scan operation

Correct Answer: B

Community vote distribution

A (100%)
Question #84 Topic 1

A developer has an on-premises legacy application. Other AWS-hosted apps rely on the on-premises application for optimal operation.
In the event of any application failures, the Developer want to be able to monitor and debug all apps from a single location using Amazon
CloudWatch.

How is this accomplished by the Developer?

A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

B. Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for
CloudWatch.

C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-premise.html

Community vote distribution

B (100%)

Question #85 Topic 1

Amazon API Gateway is being used by a developer to act as an HTTP proxy for a backend endpoint. Three distinct settings exist: development,
testing, and production. Each environment has a step in the API that corresponds to it.
Without building a new API for each step, the developer must route traffic to distinct backend destinations.

Which solution will satisfy these criteria?

A. Add a model to the API. Add a schema to differentiate the different backend endpoints

B. Create stage variables. Configure the variables in the HTTP integration request of the API.

C. Use API custom authorizers to create an authorizer for each of the different stages.

D. Update the integration response of the API to add different backend endpoint.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html
Question #86 Topic 1

A development team has released ten applications that are operating on Amazon EC2 instances. A graphical representation of the data is required
by the Operations team.
For each application, there is one critical performance metric. For convenient monitoring, all of these metrics should be presented on a single
screen.
Which actions should the developer take to use Amazon CloudWatch to do this?

A. Create a custom namespace with a unique metric name for each application.

B. Create a custom dimension with a unique metric name for each application.

C. Create a custom event with a unique metric name for each application.

D. Create a custom alarm with a unique metric name for each application.

Correct Answer: B
Reference:
http://jayendrapatil.com/tag/cloudwatch/

Community vote distribution

A (75%) B (25%)

Question #87 Topic 1

On AWS, a business hosts a multi-tiered web application. During a recent increase in traffic, one of Amazon RDS's key relational databases was
unable to handle the volume. Certain read queries for frequently visited objects failed, resulting in error messages being shown to users.

What can be done to reduce the effect of future traffic surges on database read queries most efficiently?

A. Use Amazon S3 to cache database query results.

B. Use Amazon RDS as a custom origin for Amazon CloudFront.

C. Use local storage and memory on Amazon EC2 instances to cache data.

D. Use Amazon ElastiCache in front of the primary database to cache data.

Correct Answer: B

Community vote distribution

D (100%)
Question #88 Topic 1

Due to increasing demand, an application is having performance challenges. This increasing demand is for read-only historical records that are
extracted using bespoke views and queries from an Amazon RDS-hosted database. A developer's objective is to optimize performance without
altering the database's structure.

Which technique will maximize performance while minimizing management costs?

A. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB.

B. Deploy Amazon ElastiCache for Redis and cache the data for the application.

C. Deploy Memcached on Amazon EC2 and cache the data for the application.

D. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance.

Correct Answer: B

Community vote distribution

B (100%)

Question #89 Topic 1

A business must send firmware upgrades to all of its consumers worldwide.

Which solution will provide simple and secure control of download access at the lowest possible cost?

A. Use Amazon CloudFront with signed URLs for Amazon S3

B. Create a dedicated Amazon CloudFront Distribution for each customer

C. Use Amazon CloudFront with AWS Lambda@Edge

D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

Correct Answer: A

Community vote distribution

A (100%)

Question #90 Topic 1

A business want to use Amazon API Gateway to enable authentication for its new REST service. Each request must include HTTP headers
including a client ID and a user ID in order to authenticate the calls. These credentials must be matched to data stored in an Amazon DynamoDB
database for authentication.

What actions MUST the company take to implement this authorization in the API global Gateway?

A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table

B. Create a model that requires the credentials, then grant API Gateway access to the authentication table

C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table

D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table

Correct Answer: D

Community vote distribution

A (60%) D (40%)
Question #91 Topic 1

A developer is in the process of transferring legacy apps to AWS. These apps will be launched on Amazon EC2 instances and will utilize MongoDB
as their main data storage. Management expects developers to make minimal modifications to apps while using AWS services.

Which option should the developer use to host MongoDB on Amazon Web Services (AWS)?

A. Install MongoDB on the same instance where the application is running.

B. Deploy Amazon DocumentDB in MongoDB compatibility mode.

C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB.

D. Replicate the existing MongoDB workload to Amazon DynamoDB.

Correct Answer: D

Community vote distribution

B (100%)

Question #92 Topic 1

Through an API, a company's fleet of Amazon EC2 instances collects data from millions of consumers. To guarantee high access rates, the
servers batch the data, create an object for each user, and upload the objects to an S3 bucket. Customer ID, Server ID, TS-Server (TimeStamp and
Server ID), the object's size, and a timestamp are the object's properties. A developer wishes to locate all items gathered for a particular user
during a certain time period.

How can the developer accomplish this need after establishing an S3 object created event?

A. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with
the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

B. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the
Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

C. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with
the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

D. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the
Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

Correct Answer: C

Community vote distribution

C (100%)
Question #93 Topic 1

A business need a fully managed source control solution that is compatible with AWS. By sharing sets of changes peer-to-peer, the service must
guarantee that revision control synchronizes various dispersed repositories. All users must be productive regardless of whether they are
connected to a network.

Which version control system should I use?

A. Subversion

B. AWS CodeBuild

C. AWS CodeCommit

D. AWS CodeStar

Correct Answer: C

Community vote distribution

C (100%)

Question #94 Topic 1

A developer is tasked with the responsibility of creating a cache layer in front of Amazon RDS. In the event of a service outage, it is costly to
regenerate cached material.

Which of the following implementations would work best in terms of uptime?

A. Implement Amazon ElastiCache Redis in Cluster Mode

B. Install Redis on an Amazon EC2 instance.

C. Implement Amazon ElastiCache Memcached.

D. Migrate the database to Amazon Redshift.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/database/automating-sql-caching-for-amazon-elasticache-and-amazon-rds/

Community vote distribution

A (100%)
Question #95 Topic 1

On an Amazon EC2 instance, a developer is executing an application. When the program attempts to read from an Amazon S3 bucket, it fails. The
developer discovers that the S3 read permission is missing from the related IAM role. The developer must enable the application to read from the
S3 bucket.

Which solution satisfies this need with the MINIMUM amount of application downtime?

A. Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance

B. Add the permission to the role so that the change will take effect automatically

C. Add the permission to the role. Hibernate and restart the existing EC2 instance.

D. Add the permission to the S3 bucket. Restart the EC2 instance.

Correct Answer: D
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-access-s3-bucket/

Community vote distribution

B (71%) C (29%)

Question #96 Topic 1

A developer wishes to get a list of objects from an Amazon DynamoDB table's global secondary index.

Which DynamoDB API call should the developer use to utilize the fewest read capacity units possible?

A. Scan operation using eventually-consistent reads

B. Query operation using strongly-consistent reads

C. Query operation using eventually-consistent reads

D. Scan operation using strongly-consistent reads

Correct Answer: C

Community vote distribution

C (100%)
Question #97 Topic 1

A corporation is deploying one of their apps using AWS CodePipeline. The delivery pipeline is triggered by modifications to the master branch of
an AWS CodeCommit repository and utilizes AWS CodeBuild for the test and build phases, as well as AWS CodeDeploy for application deployment.
For many months, the pipeline has operated effectively with no adjustments. AWS CodeDeploy failed to deploy the updated application as planned
after a recent modification to the application's source code.

What may be the underlying causes? (Select two.)

A. The change was not made in the master branch of the AWS CodeCommit repository.

B. One of the earlier stages in the pipeline failed and the pipeline has terminated.

C. One of the Amazon EC2 instances in the company's AWS CodePipeline cluster is inactive.

D. The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.

E. AWS CodePipeline does not have permissions to access AWS CodeCommit.

Correct Answer: BC

Community vote distribution

AB (67%) BC (33%)

Question #98 Topic 1

A developer is attempting to use the SDK to perform API requests. The application's IAM user credentials need multi-factor authentication for all
API requests.

Which mechanism does the developer use to get access to the API that is protected by multi-factor authentication?

A. GetFederationToken

B. GetCallerIdentity

C. GetSessionToken

D. DecodeAuthorizationMessage

Correct Answer: C

Community vote distribution

C (100%)
Question #99 Topic 1

There are two categories of members on a video-hosting website: those who pay a charge and those who do not. Each video upload creates a
message in Amazon Simple Queue Service (SQS). Each video is processed by a fleet of Amazon EC2 instances that poll Amazon SQS.
The developer must guarantee that the developer processes the films submitted by paying users first.

How is the developer to achieve this criterion?

A. Create two SQS queues: one for paying members, and one for non-paying members. Poll the paying member queue first and then poll the
non-paying member queue.

B. Use SQS to set priorities on individual items within a single queue; give the paying members' videos the highest priority.

C. Use SQS to set priorities on individual items within a single queue and use Amazon SNS to encode the videos.

D. Create two Amazon SNS topics: one for paying members and one for non-paying members. Use SNS topic subscription priorities to
differentiate between the two types of members.

Correct Answer: B

Community vote distribution

A (100%)

Question #100 Topic 1

A development team is composed of ten individuals. The manager want to offer access to user-specific folders in an Amazon S3 bucket, similar to
a home directory for each team member. The sample of the IAM policy for the team member with the username €TeamMemberX€ is as follows:

Rather of generating unique policies for each team member, how may this policy excerpt be made general for all team members?

A. Use IAM policy condition

B. Use IAM policy principal

C. Use IAM policy variables

D. Use IAM policy resource

Correct Answer: A

Community vote distribution

C (83%) A (17%)
Question #101 Topic 1

The development team is now hard at work developing an API that will be provided through the Amazon API gateway. Three environments will
service the API: development, test, and production. All three phases of the API Gateway are set to consume 237 GB of cache.

Which deployment option is the MOST cost-effective?

A. Create a single API Gateway with all three stages.

B. Create three API Gateways, one for each stage in a single AWS account.

C. Create an API Gateway in three separate AWS accounts.

D. Enable the cache for development and test environments only when needed.

Correct Answer: D

Question #102 Topic 1

On Amazon EC2 ECS, two containerized microservices are hosted. The first microservice reads a database instance from Amazon RDS Aurora,
while the second microservice reads a table from Amazon DynamoDB.

How can the bare minimal rights be provided to each microservice?

A. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS agent configuration file. Run the first microservice with an IAM role
for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only
access to DynamoDB.

B. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-
only access to the Aurora database and DynamoDB.

C. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Run the first microservice with an IAM
role for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only
access to DynamoDB.

D. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only
access to the Aurora database and DynamoDB.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ecs-iam-task-roles-config-errors/

Community vote distribution

C (100%)
Question #103 Topic 1

A developer is debugging a three-tier application hosted on Amazon EC2 instances. Between the application servers and database servers, there
is a connection issue.

Which Amazon Web Services (AWS) services or tools should be utilized to determine which component is faulty? (Make a selection of at least
two.)

A. AWS CloudTrail

B. AWS Trusted Advisor

C. Amazon VPC Flow Logs

D. Network access control lists

E. AWS Config rules

Correct Answer: CD

Community vote distribution

CD (67%) A (33%)

Question #104 Topic 1

A program inserts data into an Amazon DynamoDB database. As the application expands to thousands of instances, intermittent
ThrottlingException problems are thrown by calls to the DynamoDB API. The application is written in a language that is not supported by the AWS
SDK.

What procedure should be followed in the event of an error?

A. Add exponential backoff to the application logic

B. Use Amazon SQS as an API message bus

C. Pass API calls through Amazon API Gateway

D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

Correct Answer: A
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html
Question #105 Topic 1

A developer is using serverless components to create a highly secure healthcare application. This application involves writing temporary data to
an AWS Lambda function's /tmp storage.

How should this data be encrypted by the developer?

A. Enable Amazon EBS volume encryption with an AWS KMS CMK in the Lambda function configuration so that all storage attached to the
Lambda function is encrypted.

B. Set up the Lambda function with a role and key policy to access an AWS KMS CMK. Use the CMK to generate a data key used to encrypt all
data prior to writing to /tmp storage.

C. Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp storage.

D. Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and
uses that to encrypt data on all requests to the function.

Correct Answer: B
Reference:
https://aws.amazon.com/kms/faqs/

Community vote distribution

B (100%)

Question #106 Topic 1

A business requires security for its current website, which is hosted behind an Elastic Load Balancer. Amazon EC2 instances hosting the website
are CPU restricted.

How can the website be secured without raising the CPU burden on the Amazon EC2 web servers? (Select two.)

A. Configure an Elastic Load Balancer with SSL pass-through.

B. Configure SSL certificates on an Elastic Load Balancer.

C. Configure an Elastic Load Balancer with a Loadable Storage System.

D. Install SSL certificates on the EC2 instances.

E. Configure an Elastic Load Balancer with SSL termination.

Correct Answer: BD

Community vote distribution

BE (100%)
Question #107 Topic 1

A software engineer created a Node.js AWS Lambda function to do CPU-intensive data processing. The Lambda function takes around 5 minutes
to finish with the default parameters.

Which strategy should a developer employ to expedite the finishing process?

A. Instead of using Node.js, rewrite the Lambda function using Python.

B. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function.

C. Allocate the maximum available CPU units to the function.

D. Increase the available memory to the function.

Correct Answer: D
Reference:
https://serverless.zone/my-accidental-3-5x-speed-increase-of-aws-lambda-functions-6d95351197f3

Community vote distribution

D (100%)

Question #108 Topic 1

A developer will handle AWS services through the AWS CLI on a local development server.

What can be done to guarantee that the CLI executes commands using the Developer's IAM permissions?

A. Specify the Developer's IAM access key ID and secret access key as parameters for each CLI command.

B. Run the aws configure CLI command, and provide the Developer's IAM access key ID and secret access key.

C. Specify the Developer's IAM user name and password as parameters for each CLI command.

D. Use the Developer's IAM role when making the CLI command.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
Question #109 Topic 1

A client wishes to host its source code on AWS Elastic Beanstalk. The client should undertake deployment with minimum downtime and should
keep application access logs exclusively on existing instances.

Which deployment strategy would meet these criteria?

A. Rolling

B. All at once

C. Rolling with an additional batch

D. Immutable

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rollingupdates.html

Community vote distribution

A (100%)

Question #110 Topic 1

A development team chooses to use AWS CodePipeline and AWS CodeCommit to implement a continuous integration/continuous delivery (CI/CD)
method for a new application. Management, on the other hand, requires a human to evaluate and approve the code prior to it being released to
production.

How can the development team include a manual approver into the continuous integration/continuous delivery pipeline?

A. Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or
reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.

B. If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy
approved commits without interruption.

C. Add an approval step to CodeCommit. Commits will not be saved until approved.

D. Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The
pipeline execution will stop and wait for an approval.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-action-add.html

Community vote distribution

D (100%)
Question #111 Topic 1

A developer is now working on a serverless Java app. Initial testing indicates that a cold start for AWS Lambda functions takes around 8 seconds
on average.

What should the developer do to lessen the time required for a cold start? (Select two.)

A. Add the Spring Framework to the project and enable dependency injection.

B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.

C. Increase the memory allocation setting for the Lambda function.

D. Increase the timeout setting for the Lambda function.

E. Change the Lambda invocation mode from synchronous to asynchronous.

Correct Answer: AE
Reference:
https://github.com/awslabs/aws-serverless-java-container/wiki/Quick-start---Spring-Boot

Community vote distribution

BC (83%) A (17%)

Question #112 Topic 1

A business created an online event platform. The firm conducts quizzes and creates leaderboards based on the quiz results for each event. The
organization maintains leaderboard data in Amazon DynamoDB and preserves it for 30 days after the conclusion of an event. The firm then
deletes the outdated leaderboard data through a scheduled process.
The DynamoDB table has a fixed write capacity defined. When the scheduled deletion task runs during months with a high volume of events, the
DynamoDB write API calls are throttled.
A developer must construct a long-term solution that permanently deletes historical leaderboard data and maximizes write performance.

Which solution satisfies these criteria?

A. Configure a TTL attribute for the leaderboard data.

B. Use DynamoDB Streams to schedule and delete the leaderboard data.

C. Use AWS Step Functions to schedule and delete the leaderboard data.

D. Set a higher write capacity when the scheduled delete job runs.

Correct Answer: C
Reference:
https://aws.amazon.com/getting-started/hands-on/scheduling-a-serverless-workflow-step-functions-cloudwatch-events/

Community vote distribution

A (100%)
Question #113 Topic 1

A programmer is developing a new application that will make use of an Amazon DynamoDB database. All objects older than 48 hours must be
eliminated, according to the standard.

Which solution will satisfy this criterion?

A. Create a new attribute that has the Number data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration
of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

B. Create a new attribute that has the String data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration
of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

C. Create a new attribute that has the Number data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the
value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.

D. Create a new attribute that has the String data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the
value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/howitworks-ttl.html

Community vote distribution

C (100%)
Question #114 Topic 1

Amazon Kinesis is being used to handle clickstream data for an application. Periodic spikes occur in the clickstream data flow into Kinesis.
Occasionally, the PutRecords API request fails, and the logs indicate that the unsuccessful call provides the following response:

Which approaches will aid in mitigating this circumstance? (Select two.)

A. Implement retries with exponential backoff.

B. Use a PutRecord API instead of PutRecords.

C. Reduce the frequency and/or size of the requests.

D. Use Amazon SNS instead of Kinesis.

E. Reduce the number of KCL consumers.

Correct Answer: BC

Community vote distribution

AC (90%) 10%

Question #115 Topic 1

AWS Lambda functions must connect to an external site using a user name and password that are rotated on a regular basis. These elements
must be securely stored and cannot be included inside the function code.

Which AWS services may be utilized in conjunction with one another to achieve this? (Select two.)

A. AWS Certificate Manager (ACM)

B. AWS Systems Manager Parameter Store

C. AWS Trusted Advisor

D. AWS KMS

E. Amazon GuardDuty

Correct Answer: BD
Question #116 Topic 1

A development team is hard at work on a mobile application that will enable users to submit images to Amazon S3. The company anticipates that
hundreds of thousands of people will use the app concurrently during a single event. After the images are submitted, the backend service scans
and parses them for objectionable material.

Which strategy is the MOST robust way to accomplish this aim while also smoothing out transitory backend service traffic spikes?

A. Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploaded pictures are detected, the Lambda function
will scan and parse them.

B. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event source to trigger an AWS
Lambda function. In the Lambda function, scan and parse the picture.

C. When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda function to scan and
parse the picture.

D. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected, invoke an AWS
Lambda function to scan and parse it.

Correct Answer: B

Community vote distribution

B (100%)

Question #117 Topic 1

A developer has developed a web application that will be hosted on Amazon EC2 instances. The program creates and uploads thousands of new
items to the same AWS Region's Amazon S3 bucket. Each item is less than 1 MB in size. The program is taking an excessive amount of time to
operate.

How might the application's performance be enhanced?

A. Use the S3 Multipart Upload API.

B. Use S3 Transfer Acceleration.

C. Upload the objects in parallel to Amazon S3.

D. Add a random prefix to the object Keys.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/upload-objects.html

Community vote distribution

C (71%) D (29%)
Question #118 Topic 1

In an Amazon DynamoDB database, a business caches session information for a web application. The organization want to automate the process
of deleting obsolete entries from the table.

What is the easiest method for doing this?

A. Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.

B. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.

C. Each day, create a new table to hold session data; delete the previous day's table.

D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Correct Answer: B
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-automatic-item-expiration-with-time-to-live-ttl/

Community vote distribution

B (100%)

Question #119 Topic 1

Two Amazon DynamoDB tables are accessed using an AWS Lambda function. A developer wishes to optimize the Lambda function's performance
by finding bottlenecks inside the function.

How can a developer determine the duration of DynamoDB API calls?

A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics.

B. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs.

C. Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console.

D. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html
Question #120 Topic 1

When new items are produced in a bucket, a developer uses Amazon S3 as the event source to run a Lambda function. The bucket notification
configuration stores the information about the event source mapping. The developer is experimenting with various Lambda function versions and
is constantly required to alter notification settings to ensure that Amazon S3 invokes the proper version.

What is the MOSTefficient and effective method for mapping the S3 event to Lambda?

A. Use a different Lambda trigger.

B. Use Lambda environment variables.

C. Use a Lambda alias.

D. Use Lambda tags.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-s3-event-configuration-error/

Community vote distribution

C ( 00%)

Question #121 Topic 1

On a local development workstation, a developer has constructed a Node.js web application. The developer want to host the website on AWS. The
developer desires a solution that has the fewest operational overhead and requires no code modifications.

Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements?

A. AWS Elastic Beanstalk

B. Amazon EC2

C. AWS Lambda

D. Amazon Elastic Kubernetes Service (Amazon EKS)

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-devenv.html

Community vote distribution

A (100%)
Question #122 Topic 1

A business operates an application on AWS Lambda@Edge. The application offers material that adapts according on the device being used by the
viewer.
The number of hits by device type is written to logs in Amazon CloudWatch Logs that are saved in a log group. For each device type, the
organization must provide an Amazon CloudWatch custom metric.

Which strategy will satisfy these criteria?

A. Create a CloudWatch Logs Insights query to extract the device type information from the logs and to create a custom metric with device
type as a dimension.

B. Create a CloudWatch metric filter to extract metrics from the log files with device type as a dimension.

C. Update the application to write its logs in the CloudWatch embedded metric format with device type as a dimension.

D. Configure the CloudWatch Logs agent for Lambda integration. Update the application to use the StatsD protocol to emit the metrics.

Correct Answer: D
Reference:
https://aws.amazon.com/lambda/faqs/

Community vote distribution

B (100%)

Question #123 Topic 1

A programmer is developing a new application that will make advantage of Amazon S3. To comply with regulatory standards, the Developer must
encrypt data in transit.

How is this accomplished by the Developer?

A. Use s3:x-amz-acl as a condition in the S3 bucket policy.

B. Use Amazon RDS with default encryption.

C. Use aws:SecureTransport as a condition in the S3 bucket policy.

D. Turn on S3 default encryption for the S3 bucket.

Correct Answer: D

Community vote distribution

C (58%) D (25%) B (17%)
Question #124 Topic 1

On Amazon EC2, a developer is developing an application. During testing, the developer experienced a €Access Denied€ error on many API
requests to AWS services. The developer must alter the permissions previously granted to the instance.

How can these needs be accomplished with the fewest possible adjustments and downtime?

A. Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance.

B. Delete the existing IAM role. Attach a new IAM role with the needed permissions.

C. Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance.

D. Update the attached IAM role adding the needed permissions.

Correct Answer: B

Community vote distribution

D (100%)

Question #125 Topic 1

A developing program requires the storage of hundreds of video files. Prior to storage, the data must be encrypted inside the program using a
unique key for each video file.

How should the application's developer code it?

A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.

B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted
data.

C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.

D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.

Correct Answer: B

Community vote distribution

C (100%)
Question #126 Topic 1

An existing serverless application handles picture files that have been uploaded. At the moment, the process is implemented using a single
Lambda function that accepts an image file, processes it, and saves it in Amazon S3. The application's users now demand picture thumbnail
production. Users desire to minimize the time required to complete picture uploads.

How can thumbnail creation be integrated into an application while still adhering to user expectations and requiring little modifications to current
code?

A. Change the existing Lambda function handling the uploads to create thumbnails at the time of upload. Have the function store both the
image and thumbnail in Amazon S3.

B. Create a second Lambda function that handles thumbnail generation and storage. Change the existing Lambda function to invoke it
asynchronously.

C. Create an S3 event notification with a Lambda function destination. Create a new Lambda function to generate and store thumbnails.

D. Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function that processes the queue, and generates and stores
thumbnails.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-s3-example.html

Community vote distribution

C (100%)

Question #127 Topic 1

A developer wishes to give systems administrators access to the log data of an application operating on an EC2 instance.
In Amazon CloudWatch, which of the following provides monitoring of this metric?

A. Retrieve the log data from CloudWatch using the GetMetricData API call.

B. Retrieve the log data from AWS CloudTrail using the LookupEvents API call.

C. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application.

D. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

Correct Answer: D

Community vote distribution

D (100%)
Question #128 Topic 1

A business is creating an application that will operate on several Amazon EC2 instances in an Auto Scaling group and will have access to an
Amazon EC2 database. The program must save the credentials necessary to connect to the database. Periodic secret rotation must be supported
in the application, and the program should remain unchanged when a secret changes.

How can these needs be met in the SAFEST manner possible?

A. Associate an IAM role to the EC2 instance where the application is running with permission to access the database.

B. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.

C. Configure the application to store secrets in Amazon S3 object metadata.

D. Hard code the database secrets in the application code itself.

Correct Answer: A

Community vote distribution

B (100%)

Question #129 Topic 1

A developer used a CLI command to register an AWS Lambda function as a target for an Application Load Balancer (ALB). However, when the
client submits requests via the ALB, the Lambda function is not called.

Why isn't the Lambda function called?

A. A Lambda function cannot be registered as a target for an ALB.

B. A Lambda function can be registered with an ALB using AWS Management Console only.

C. The permissions to invoke the Lambda function are missing.

D. Cross-zone is not enabled on the ALB.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html
Question #130 Topic 1

A corporation has numerous developers stationed across the world who are progressively upgrading code for a development project. When
developers upload code simultaneously, internet connection is poor, and uploading code for deployment in AWS Elastic Beanstalk takes a long
time.

Which approach will result in the smallest amount of administrative work and the shortest upload and deployment times?

A. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.

B. Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.

C. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.

D. Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the
instance to Elastic Beanstalk.

Correct Answer: C

Community vote distribution

C (100%)

Question #131 Topic 1

A development team deploys a Java-based web application using AWS Elastic Beanstalk. The team want to guarantee that any modifications to
the source code or settings are automatically distributed to new instances. The team configures Elastic Beanstalk such that immutable updates
are used. However, an issue occurs the first time the new update policy is used to deploy a modification.

Which of the following is the MOST LIKELY CAUSE of this problem?

A. Immutable updates are not supported for Java-based applications.

B. The account has reached its on-demand instance limit.

C. Immutable updates are only supported for m4.large and larger instance types.

D. The developer must also modify the .ebextensions/immutable-updates.config file to enable immutable updates.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environmentmgmt-updates-immutable.html

Community vote distribution

D (50%) B (50%)
Question #132 Topic 1

What are the procedures for launching a templatized serverless application using the AWS CLI?

A. Use AWS CloudFormation get-template then CloudFormation execute-change-set.

B. Use AWS CloudFormation validate-template then CloudFormation create-change-set.

C. Use AWS CloudFormation package then CloudFormation deploy.

D. Use AWS CloudFormation create-stack then CloudFormation update-stack.

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli

Question #133 Topic 1

A cluster of Amazon EC2 instances hosts an application. When attempting to read items encrypted using server-side encryption using AWS KMS
managed keys (SSE-KMS) from a single Amazon S3 bucket, the application encounters the following error:

Which measures should be made in combination to avoid this failure? (Select two.)

A. Contact AWS Support to request an AWS KMS rate limit increase.

B. Perform error retries with exponential backoff in the application code.

C. Contact AWS Support to request a S3 rate limit increase.

D. Import a customer master key (CMK) with a larger key size.

E. Use more than one customer master key (CMK) to encrypt S3 data.

Correct Answer: CD

Community vote distribution

AB (100%)
Question #134 Topic 1

AWS Lambda functions need read/write access to an Amazon S3 bucket and to an Amazon DynamoDB database. The appropriate IAM policy is
already in place.

How can I allow the Lambda function access to the S3 bucket and DynamoDB database in the MOST SECURE manner possible?

A. Attach the existing IAM policy to the Lambda function.

B. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.

C. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key
as environment variables in the Lambda function.

D. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-execution-role-s3-bucket/

Community vote distribution

B (100%)

Question #135 Topic 1

The developer is developing a web application that uses a POST request to capture highly controlled and private user data. Amazon CloudFront is
used to serve the web application. User names and phone numbers must be encrypted at the edge of the application stack and must stay
encrypted throughout.

What is the SECUREST method for meeting these requirements?

A. Enforce Match Viewer with HTTPS Only on CloudFront.

B. Use only the newest TLS security policy on CloudFront.

C. Enforce a signed URL on CloudFront on the front end.

D. Use field-level encryption on CloudFront.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html
Question #136 Topic 1

Numerous apps make use of an Amazon RDS database instance to seek for previous data. The pace of queries is quite steady. When historical
data is updated daily, the associated write traffic degrades the speed of read queries, affecting all application users.

What can be done to minimize the effect on application users' performance?

A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.

B. Create an RDS Read Replica and direct all read traffic to the replica.

C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.

D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

Correct Answer: B

Community vote distribution

B (100%)

Question #137 Topic 1

A marketing firm maintains a dynamic website that receives a high volume of visitors. The firm want to shift the website infrastructure to AWS,
which will manage all aspects of the website except development.

Which option BEST satisfies these criteria?

A. Use AWS VM Import to migrate a web server image to AWS. Launch the image on a compute-optimized Amazon EC2 instance.

B. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the website on those instances.

C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instances.

D. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the content at scale.

Correct Answer: C
Reference:
https://aws.amazon.com/elasticbeanstalk/

Community vote distribution

C (100%)
Question #138 Topic 1

A program is supposed to process a large number of files. Each file processes an AWS Lambda call in four minutes. The Lambda function returns
no useful data.

What is the quickest method for processing all of the files?

A. First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.

B. Make synchronous RequestResponse Lambda invocations and process the files one by one.

C. Make asynchronous Event Lambda invocations and process the files in parallel.

D. First join all the files, then process it all at once with an asynchronous Event Lambda invocation.

Correct Answer: C

Community vote distribution

C (100%)

Question #139 Topic 1

An online retailer used AWS CloudFormation to construct a serverless application utilizing AWS Lambda, Amazon API Gateway, Amazon S3, and
Amazon DynamoDB. The firm released a new version with significant enhancements to the Lambda function and put it to production. Following
that, the application ceased to function.

Which approach should be used to restart the program as soon as possible?

A. Redeploy the application on Amazon EC2 so the Lambda function can resolve dependencies

B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function

C. Roll back the Lambda function to the previous version

D. Deploy the latest Lambda function in a different Region

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli/issues/1654

Community vote distribution

C (100%)
Question #140 Topic 1

A Global Secondary Index (GSI) is used by Amazon DynamoDB to facilitate read queries. The main table is heavily utilized for write operations,
while the GSI is heavily used for read activities. When the Developer examines Amazon CloudWatch analytics, he observes that write operations to
the main table are regularly throttled during periods of high write activity. However, write capacity units to the primary table remain accessible and
unutilized.

What is the reason for the table's throttling?

A. The GSI write capacity units are underprovisioned

B. There are not enough read capacity units on the primary table

C. Amazon DynamoDB Streams is not enabled on the table

D. A large write operation is being performed against another table

Correct Answer: D

Community vote distribution

A (100%)

Question #141 Topic 1

AWS Organizations enables a business to manage many accounts. Account A utilizes an Amazon EC2 instance to host an application. The
program makes advantage of the AWS command line interface to do automatic deployments in Account '. By using an EC2 IAM service role in
Account A and an IAM role in Account ', an administrator established cross-account access.
The application attempts to take the IAM role in Account' using the following command but is unable to deploy anything in Account'.

Assume aws sts

-
-role —role-arn :aws:iam::AccountB-ID>:role/AccountB-Role€am:aws:iam::AccountB-ID>:role/AccountB-Role
AccountB-Role-Session-Name € —role-session-name

Which action is required next to enable the application to effectively utilise the credentials obtained via the usage of Account B's role?

A. Configure the access key and secret access key of a valid IAM user from Account ‫ ’׀‬in the environment variables.

B. Configure the access key, secret access key, and token from the assume-role command in the environment variables.

C. Create a CLI profile for the EC2 IAM service role in the AWS configuration file.

D. Delete any access keys and secret access keys in the environment variables.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/

Community vote distribution

B (100%)
Question #142 Topic 1

A business is developing a REST service utilizing an Amazon API Gateway integrated with AWS Lambda. For testing reasons, the service must run
several versions.

What is the MOST EFFECTIVE approach to do this?

A. Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)

B. Create an API Gateway Lambda authorizer to route API clients to the correct API version

C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)

D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

Correct Answer: C

Community vote distribution

D (100%)

Question #143 Topic 1

A developer has created a web application that is accessible to customers and is running on an Amazon EC2 instance. Every request made to the
program is logged. Normally, the program operates without incident, but a traffic surge creates numerous logs, causing the disk to fill up and
finally run out of memory. According to company policy, all historical logs must be consolidated for analysis.

Which long-term remedy should the developer use to avoid a recurrence of the issue?

A. Set up log rotation to rotate the file every day. Also set up log rotation to rotate after every 100 MB and compress the file.

B. Install the Amazon CloudWatch agent on the instance to send the logs to CloudWatch. Delete the logs from the instance once they are sent
to CloudWatch.

C. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to automatically add volumes to the instance when it reaches a
specified threshold.

D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs from the instance. Configure the rule to delete the logs
after they have been pulled.

Correct Answer: C

Community vote distribution

B (80%) C (20%)
Question #144 Topic 1

An application must handle the client's IP address. The application has been transferred to Amazon Web Services and is now protected by an
Application Load Balancer (ALB). However, it seems as if all client IP addresses have become identical. The application must retain its horizontal
scalability.

What is the MOST cost-effective solution to this issue based on this scenario?

A. Remove the application from the ALB. Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application.

B. Remove the application from the ALB. Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol.

C. Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can work properly if a list of IP addresses is passed
in the header.

D. Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.

Correct Answer: C

Community vote distribution

C (100%)

Question #145 Topic 1

A developer is attempting to use AWS CodeDeploy to deploy a serverless application. The application has been upgraded and requires re-
deployment.

What file does the developer need to edit to enable CodeDeploy to submit the change?

A. dockerrun.aws.json

B. buildspec.yml

C. appspec.yml

D. ebextensions.config

Correct Answer: C
Question #146 Topic 1

All personally identifiable information (PII) is stored by a corporation in an Amazon DynamoDB database called PII in Account A. Access to the PII
database is required by an application operating on Amazon EC2 instances in Account B. Account A's administrator established an IAM role called
AccessPII with access credentials to the PII database and added Account B as a trusted entity.

Which extra actions need developers take in order to have access to the table? (Select two.)

A. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role.

B. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control
policies.

C. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control
policies.

D. Include the AssumeRole API in the application code logic to obtain credentials to access the PII table.

E. Include the GetSessionToken API in the application code logic to obtain credentials to access the PII table.

Correct Answer: CE

Community vote distribution

AD (67%) B (17%) BD (17%)

Question #147 Topic 1

Users will be required to access AWS services and will be able to update their own passwords, according to an application being developed by a
business.
Which of the following would allow the organization to manage users and authorization while allowing users to change their passwords on their
own?

A. Amazon Cognito identify pools and AWS STS

B. Amazon Cognito identity pools and AWS IAM

C. Amazon Cognito user pools and AWS KMS

D. Amazon Cognito user pools and identity pools

Correct Answer: B

Community vote distribution

D (100%)
Question #148 Topic 1

A developer enhanced an application that runs on an Amazon EC2 instance and makes use of Amazon SQS. The developer observed a large spike
in Amazon SQS prices upon deployment. When monitoring the Amazon SQS metrics using Amazon CloudWatch, the developer saw that this queue
receives an average of one message every minute.

What can be done to lower this application's Amazon SQS costs?

A. Increase the Amazon SQS queue polling timeout.

B. Scale down the Amazon SQS queue to the appropriate size for low traffic demand.

C. Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue.

D. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.

Correct Answer: A

Community vote distribution

A (100%)

Question #149 Topic 1

A developer has configured an Amazon Kinesis Stream with four shards to accept records at a rate of up to 2500 per second. To handle these
records, a Lambda function has been configured.

Which records will be processed first?

A. Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method

B. Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first-in, first-out) method.

C. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no
guarantee of order across shards.

D. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API.

Correct Answer: C

Community vote distribution

C (100%)
Question #150 Topic 1

A developer is doing testing on a Docker-based application that communicates with Amazon DynamoDB using the AWS SDK. The program utilized
IAM access credentials in the local development environment. The application is now prepared for ECS cluster deployment.

In production, how should the application authenticate with AWS services?

A. Configure an ECS task IAM role for the application to use

B. Refactor the application to call AWS STS AssumeRole based on an instance role

C. Configure AWS access key/secret access key environment variables with new credentials

D. Configure the credentials file with a new access key/secret access key

Correct Answer: A

Community vote distribution

A (100%)

Question #151 Topic 1

A developer is developing a website that will be hosted on Amazon's S3 service. Secure browser connections must be supported by the website.

Which steps must the developer perform in combination to satisfy this requirement? (Select two.)

A. Create an Elastic Load Balancer (ELB). Configure the ELB to direct traffic to the S3 bucket.

B. Create an Amazon CloudFront distribution. Set the S3 bucket as an origin.

C. Configure the Elastic Load Balancer with an SSL/TLS certificate.

D. Configure the Amazon CloudFront distribution with an SSL/TLS certificate.

E. Configure the S3 bucket with an SSL/TLS certificate.

Correct Answer: BE

Community vote distribution

BD (100%)

Question #152 Topic 1

An application has been created by a developer that publishes data to Amazon DynamoDB. Conditional writes have been enabled for the
DynamoDB table. Writes are failing during high demand periods owing to a ConditionalCheckFailedException problem.

How can the developer improve the dependability of the program when numerous clients try to write to the same record?

A. Write data to an Amazon SNS topic.

B. Increase the amount of write capacity for the table to anticipate short-term spikes or bursts in write operations.

C. Implement a caching solution, such as DynamoDB Accelerator or Amazon ElastiCache.

D. Implement error retries and exponential backoff with jitter.

Correct Answer: D

Community vote distribution

C (80%) D (20%)
Question #153 Topic 1

A developer is automating the deployment of a new application using AWS Serverless Application Model (AWS SAM). One AWS Lambda function
and one Amazon S3 bucket are included in the new application. The Lambda function must have read-only access to the S3 bucket.

How should the developer setup AWS SAM to provide the S3 bucket the appropriate read permissions?

A. Reference a second Lambda authorizer function.

B. Add a custom S3 bucket policy to the Lambda function.

C. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads. Reference the topic in the template.

D. Add the S3ReadPolicy template to the Lambda function's execution role.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html

Community vote distribution

D (100%)

Question #154 Topic 1

A developer must use AWS KMS to encrypt a 100 GB object.

What is the BEST course of action?

A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)

B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material

C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data

D. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data

Correct Answer: D

Community vote distribution

C (100%)

Question #155 Topic 1

A real-time application processes millions of events that are received over an API.

Which service might be utilized to enable concurrent processing of data by several users in the most cost-effective manner possible?

A. Amazon SNS with fanout to an SQS queue for each application

B. Amazon SNS with fanout to an SQS FIFO (first-in, first-out) queue for each application

C. Amazon Kinesis Firehose

D. Amazon Kinesis Streams

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/getting-started/
Question #156 Topic 1

A developer has created a serverless application that makes use of a variety of AWS services. The business logic is implemented using Lambda
functions that rely on third-party libraries. Amazon API Gateway will be used to provide the Lambda function endpoints. The Lambda function will
be used to store the data in Amazon DynamoDB. Although the developer is prepared to launch the program, he or she must have the ability to turn
back.

How, given these criteria, can this deployment be automated?

A. Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package.

B. Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template.

C. Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource.

D. Create a bash script which uses AWS CLI to package and deploy the application.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html

Community vote distribution

C (100%)

Question #157 Topic 1

A firm is developing an application that will use an Amazon DynamoDB database to monitor athlete performance. A partition key (user id) and a
sort key (sport name) uniquely identify each item in the database. The following illustration depicts the table's design:

(Please note that not all table characteristics are shown.)

A developer is requested to create a leaderboard application that would show the best performers (user id) for each sport name depending on
their score.

Which approach will enable the developer to most effectively retrieve results from the DynamoDB table?

A. Use a DynamoDB query operation with the key attributes of user_id and sport_name and order the results based on the score attribute.

B. Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results

C. Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and order the results based on the score attribute.

D. Create a local secondary index with a primary key of sport_name and a sort key of score and get the results based on the score attribute.

Correct Answer: D

Community vote distribution

B (100%)
Question #158 Topic 1

On Amazon EC2 instances in a VPC, a corporation runs a standard three-tier application, including its NoSQL database. The business want to
transition to Amazon DynamoDB.
A developer observes during testing that the application running on the EC2 instances is unable to write data to the DynamoDB database. The
developer must securely provide the application write access to the DynamoDB table.

Which combination of acts satisfies these criteria? (Select two.)

A. Create a gateway VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter.

B. Create an interface VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter.

C. Create an IAM user that allows write access to the DynamoDB table. Add the user to the EC2 Instances.

D. Create an IAM role that allows write access to the DynamoDB table. Add the role to the EC2 instances.

E. Create an IAM group that allows write access to the DynamoDB table. Add the group to the EC2 instances.

Correct Answer: AC
Reference:
https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-gateway.html

Community vote distribution

AD (100%)

Question #159 Topic 1

A developer is developing a serverless application that needs every ten minutes invocation of an AWS Lambda function.

How can the function be triggered in an automated and serverless manner?

A. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda
function.

B. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

C. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.

D. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/architecture/a-serverless-solution-for-invoking-aws-lambda-at-a-sub-minute-frequency/

Community vote distribution

C (100%)
Question #160 Topic 1

A developer has submitted an update to an application that is delivered through Amazon CloudFront to a worldwide user base. Users are not able
to view the latest modifications once the application is deployed.

How can the Developer address this concern?

A. Remove the origin from the CloudFront configuration and add it again.

B. Disable forwarding of query strings and request headers from the CloudFront distribution configuration.

C. Invalidate all the application objects from the edge caches.

D. Disable the CloudFront distribution and enable it again to update all the edge locations.

Correct Answer: A

Community vote distribution

C (100%)

Question #161 Topic 1

Images are stored in an S3 bucket by an application. Notifications from Amazon S3 are utilized to invoke a Lambda code that resizes the pictures.
Each photograph is processed in less than a second.

How will AWS Lambda deal with the increased traffic?

A. Lambda will scale out to execute the requests concurrently.

B. Lambda will handle the requests sequentially in the order received.

C. Lambda will process multiple images in a single execution.

D. Lambda will add more compute to each execution to reduce processing time.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/scaling.html

Community vote distribution

A (100%)
Question #162 Topic 1

A developer is doing a refactoring operation on a monolithic application. The program does many activities in response to a POST request. Some
processes are carried out in concurrently, while others are carried out sequentially. These operations have been decoupled and repurposed as
AWS Lambda functions. Amazon API Gateway will process the POST request.

How should the developer launch the Lambda functions using API Gateway in the same order?

A. Use Amazon SQS to invoke the Lambda functions

B. Use an AWS Step Functions activity to run the Lambda functions

C. Use Amazon SNS to trigger the Lambda functions

D. Use an AWS Step Functions state machine to orchestrate the Lambda functions

Correct Answer: D
Reference:
https://aws.amazon.com/step-functions/

Community vote distribution

D (100%)

Question #163 Topic 1

A retailer's developer must include a fraud detection solution into the order processing system. Verification of an order by the fraud detection
solution takes between ten and thirty minutes. At its height, the website can process up to 100 orders per minute.

How can the fraud detection technology be integrated into the order processing pipeline in the most scalable manner?

A. Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution
installed on them to pull orders from this queue. Update the order with a pass or fails status.

B. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a
dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this
queue. Update the order with a pass or fails status.

C. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis
Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.

D. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders. Subscribe a Lambda function to
automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update
the order with a pass or fail status.

Correct Answer: D

Community vote distribution

B (100%)
Question #164 Topic 1

A developer is required to create an application that makes advantage of Amazon DynamoDB. The criteria include that the DynamoDB table's
contents must be 7KB in size and that reads must be highly consistent. The read pace is limited to three items per second, whereas the write rate
is limited to ten things per second.

What size DynamoDB table should the developer create to satisfy these requirements?

A. Read: 3 read capacity units Write: 70 write capacity units

B. Read: 6 read capacity units Write: 70 write capacity units

C. Read: 6 read capacity units Write: 10 write capacity units

D. Read: 3 read capacity units Write: 10 write capacity units

Correct Answer: B

Community vote distribution

B (100%)

Question #165 Topic 1

A business has a REST application made up of an Amazon API Gateway API and many AWS Lambda services. A developer is reacting to a warning
that the HTTP response error rate for the API Gateway API has suddenly risen. The developer must rapidly discover which Lambda function is
misbehaving.

Which solution will satisfy these criteria?

A. Implement error handling in the functions to write error logs to the AWS X-Ray API. Use the X-Ray console to query the logs.

B. Enable Amazon CloudWatch Logs and detailed CloudWatch metrics. Use CloudWatch Logs Insights to query the API Gateway logs.

C. Download the API Gateway logs and Lambda invocation logs from Amazon S3. Perform a line-by-line search against them.

D. Export the API Gateway logs and Lambda invocation logs from Amazon EventBridge (Amazon CloudWatch Events) and Amazon
CloudWatch Logs. Perform a line-by-line search against them.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/compute/error-handling-patterns-in-amazon-api-gateway-and-aws-lambda/

Community vote distribution

B (63%) A (38%)
Question #166 Topic 1

An application becomes unresponsive due to the following error: The bucket given does not exist.

Where IS THE BEST PLACE TO START THE ANALYSIS OF THE ROOT CAUSES?

A. Check the Elastic Load Balancer logs for DeleteBucket requests.

B. Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors.

C. Check AWS X-Ray for Amazon S3 DeleteBucket alarms.

D. Check AWS CloudTrail for a DeleteBucket event.

Correct Answer: D
Reference:
https://github.com/serverless/serverless-graphql/issues/72

Community vote distribution

D (100%)

Question #167 Topic 1

A developer is testing an application that asynchronously executes an AWS Lambda function. The Lambda function fails to process after two
retries during the testing phase.

How can the developer debug the error?

A. Configure AWS CloudTrail logging to investigate the invocation failures

B. Configure Dead Letter Queues by sending events to Amazon SQS for investigation

C. Configure Amazon Simple Workflow Service to process any direct unprocessed events

D. Configure AWS Config to process any direct unprocessed events

Correct Answer: B
Reference:
https://www.concurrencylabs.com/blog/how-to-operate-aws-lambda/

Community vote distribution

B (100%)
Question #168 Topic 1

A developer has an on-premises stateful web server that is being transferred to AWS. The developer's flexibility in the new design must be
increased.

How should the developer approach refactoring the program to increase its elasticity? (Select two.)

A. Use pessimistic concurrency on Amazon DynamoDB

B. Use Amazon CloudFront with an Auto Scaling group

C. Use Amazon CloudFront with an AWS Web Application Firewall

D. Store session state data in an Amazon DynamoDB table

E. Use an ELB with an Auto Scaling group

Correct Answer: DE

Question #169 Topic 1

Amazon API Gateway is being used by a media business to handle microservices configured as AWS Lambda functions. The development team of
the corporation intends to release a new version of its API. To prevent impacting current customers when the new API is launched, the firm intends
to provide all users a three-month grace period during which they may migrate from the old API to the new API.

Which implementation technique should the business utilize to accomplish this objective?

A. Update the Lambda functions. Configure the API to use Lambda proxy integration.

B. Update the Lambda functions. Provide the API client with the new Lambda endpoints.

C. Use API Gateway to deploy a new stage that uses updated Lambda functions and provides users with a new URL.

D. Use API Gateway to redirect requests based on a request header to updated Lambda functions. Configure a 90-day expiration on the old
API.

Correct Answer: C
Question #170 Topic 1

A business wishes to establish continuous integration for its AWS workloads. The firm wishes to activate unit tests in its pipeline in response to
updates to its code repository and to be alerted of pipeline failure events.

How are these stipulations to be met?

A. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of
failure events.

B. Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events.

C. Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure
events.

D. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification
of failure events.

Correct Answer: A

Community vote distribution

A (100%)

Question #171 Topic 1

A business is designing a report that will be performed through AWS Step Functions. Amazon CloudWatch detects issues in the Task State
Machine for Step Functions. To debug each operation, the state input must be included in the state output, along with the error message.

Which coding technique preserves both the original input and the state error?

A. Use ResultPath in a Catch statement to include the error with the original input.

B. Use InputPath in a Catch statement and set the value to null.

C. Use ErrorEquals in a Retry statement to include the error with the original input.

D. Use OutputPath in a Retry statement and set the value to $.

Correct Answer: A
Use ResultPath in a Catch to include the error with the original input.
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/input-output-resultpath.html
Question #172 Topic 1

A company uses AWS CodePipeline to manage continuous integration/continuous delivery (CI/CD) pipelines for its application. Before staging
artifacts for testing, a developer must create unit tests and execute them as part of the process.

How should the developer implement unit tests into their continuous integration/continuous delivery pipelines?

A. Create a separate CodePipeline pipeline to run unit tests

B. Update the AWS CodeBuild specification to include a phase for running unit tests

C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests

D. Create a testing branch in AWS CodeCommit to run unit tests

Correct Answer: D

Community vote distribution

B (100%)

Question #173 Topic 1

A status dashboard is shown by an application. A 1 KB message from a SQS queue is used to update the status. Although the status changes
seldom, the Developer must keep the time between the message's arrival in the queue and the dashboard update as short as possible.

Which strategy results in the smallest delay between dashboard updates?

A. Retrieve the messages from the queue using long polling every 20 seconds.

B. Reduce the size of the messages by compressing them before sending.

C. Retrieve the messages from the queue using short polling every 10 seconds.

D. Reduce the size of each message payload by sending it in two parts.

Correct Answer: A

Community vote distribution

A (100%)
Question #174 Topic 1

A firm is introducing the option to save currency (or gift cards) to its very successful casual gaming website. Users must be able to exchange this
value for the goods of other users on the site. This would involve either updating both users' information in a single transaction or totally rolling
back both users' records.

Which AWS database choices provide the needed transactional capabilities for this new feature? (Select two.)

A. Amazon DynamoDB with operations made with the ConsistentRead parameter set to true

B. Amazon ElastiCache for Memcached with operations made within a transaction block

C. Amazon Aurora MySQL with operations made within a transaction block

D. Amazon DynamoDB with reads and writes made using Transact* operations

E. Amazon Redshift with operations made within a transaction block.

Correct Answer: BD

Community vote distribution

CD (100%)

Question #175 Topic 1

On Amazon ECS, a corporation is running a Docker application. The application's load must be scaled depending on the past 15 seconds' user
activity.

How should a developer instrument code to ensure it satisfies the requirement?

A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

Correct Answer: B

Question #176 Topic 1

A developer must construct an AWS application that will consume Amazon SQS messages ranging in size from 1KB to 1GB.

How should Amazon Simple Queue Service (SQS) messages be managed?

A. Use Amazon S3 and the Amazon SQS CLI.

B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.

C. Use Amazon EBS and the Amazon SQS CLI.

D. Use Amazon EFS and the Amazon SQS CLI.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html

Community vote distribution

B (100%)
Question #177 Topic 1

A developer is using AWS CLI, however it is stalling out when performing list commands on a large number of resources.

How can this time-out be avoided?

A. Use pagination

B. Use shorthand syntax

C. Use parameter values

D. Use quoting strings

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-pagination.html

Community vote distribution

A (100%)

Question #178 Topic 1

A developer has developed a Lambda function and is discovering that it is taking longer than planned to execute. The Developer determined that
increasing computing capacity might enhance performance after some debugging.
What is the best way for the developer to boost Lambda computing resources?

A. Run on a larger instance size with more compute capacity.

B. Increase the maximum execution time.

C. Specify a larger compute capacity when calling the Lambda function.

D. Increase the allocated memory for the Lambda function.

Correct Answer: D

Community vote distribution

D (100%)
Question #179 Topic 1

A business builds, bundles, and packages its apps on-premises and stores them locally using a third-party technology. The firm runs its front-end
apps on Amazon EC2 instances.

How does one deploy an application from the source control system to the EC2 instances?

A. Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle in a .zip, .tar, or .tar.gz format.

B. Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.

C. Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances.

D. Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances.

Correct Answer: A
Reference:
https://aws.amazon.com/codedeploy/faqs/

Community vote distribution

B (100%)

Question #180 Topic 1

A developer is using Amazon API Gateway to create a WebSocket API. The payload submitted to this API is JSON with an action key included. This
key may take on one of three values: create, update, or delete. The developer must interact with several routes dependent on the value of the
incoming JSON payload's action key.

How can the developer execute this operation using the LESS settings possible?

A. Deploy the WebSocket API to three stages for the respective routes: create, update, and remove

B. Create a new route key and set the name as action

C. Set the value of the route selection expression to action

D. Set the value of the route selection expression to $request.body.action

Correct Answer: B

Community vote distribution

D (100%)
Question #181 Topic 1

Amazon Kinesis Data Streams enables an application to ingest and handle huge streams of data records in real time. Utilizing the Amazon Kinesis
Client Library, Amazon EC2 instances ingest and process data from the shards of the Kinesis data stream (KCL). The program manages failure
situations and eliminates the need for backup personnel. The program indicates that a particular shard is getting much more data than
anticipated. The €hot€ shard is resharded to react to variations in the pace of data flow.

If the initial number of shards in the Kinesis data stream is four, and the number of shards increases to six after resharding, what is the maximum
number of EC2 instances that can be deployed to process data from all the shards?

A. 12

B. 6

C. 4

D. 1

Correct Answer: B

Community vote distribution

B (100%)

Question #182 Topic 1

A developer is constructing a template for the AWS Serverless Application Model (AWS SAM). Multiple AWS Lambda functions, an Amazon S3
bucket, and an Amazon CloudFront distribution are defined in the AWS SAM template. One of the Lambda functions is executed on the CloudFront
distribution's Lambda@Edge. The S3 bucket is specified as the CloudFront distribution's origin.

While the developer installs the AWS SAM template in the eu-west-1 Region, the developer encounters an error when attempting to create the
stack.
What may have precipitated this problem?

A. CloudFront distributions can be created only in the us-east-1 Region.

B. Lambda@Edge functions can be created only in the us-east-1 Region.

C. A single AWS SAM template cannot contain multiple Lambda functions.

D. The CloudFront distribution and the S3 bucket cannot be created in the same Region.

Correct Answer: C
Reference:
https://itnext.io/creating-aws-lambda-applications-with-sam-dd13258c16dd?gi=dc8343f6c2ba

Community vote distribution

B (100%)
Question #183 Topic 1

A business provides services to a large number of downstream customers. Each customer has the option of connecting to one or more services.
As a result, a complicated architecture that is difficult to manage and scales poorly has emerged. To administer various customer services, the
organization requires a single interface.
Which AWS service should this architecture be refactored with?

A. AWS Lambda

B. AWS X-Ray

C. Amazon SQS

D. Amazon API Gateway

Correct Answer: D

Question #184 Topic 1

A corporation has automated their release pipelines using AWS CodePipeline. The development team is currently developing an AWS Lambda
function that will deliver alerts when the status of each stage's action changes.

How do I correlate the Lambda function with the event source?

A. Create a trigger that invokes the Lambda function from the Lambda console by selecting CodePipeline as the event source.

B. Create an event trigger and specify the Lambda function from the CodePipeline console.

C. Create an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function.

D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/devops/using-aws-step-functions-state-machines-to-handle-workflow-driven-aws-codepipeline-actions/

Community vote distribution

D (67%) B (33%)
Question #185 Topic 1

On the website of a worldwide ecommerce corporation, users are encouraged to post evaluations for things they have bought. Seasonal products
are available. Products are popular for a brief period of time and then go out of favor the following season.
Customers provide feedback in their native tongue. A developer is using Amazon Translate to construct a new function that will translate
customer feedback into more languages. The website now features hundreds of thousands of goods and millions of reviews. The majority of
reviews will be seen in one or two languages.

How can this new feature be implemented in the MOST cost-effective manner possible?

A. Update the application code that writes the review to the database to translate the review into all supported languages. Persist a copy of
each translation in the database for future visitors.

B. Update the application code that reads the review from the database to check an Amazon ElastiCache cluster for translated reviews. If a
visitor is requesting a review and language combination that is not in the cache, configure the application to translate it and store it in the
cache with a TTL of 1 month.

C. Update the application code that reads the review from the database to translate the review in real time and return the translated version
without persisting it.

D. Set up a database change stream to write events to a stream each time a customer writes a review. Configure an AWS Lambda function to
read the events from the stream, translate the review into all supported languages, and update the review database to include all translations
for future visitors.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html

Community vote distribution

B (64%) C (36%)

Question #186 Topic 1

A custom library is used by an application to perform HTTP calls directly to AWS service endpoints. The program is suffering transitory problems,
which cause processes to halt when they are encountered for the first time. The application has been requested to be more robust by adding error
retries and exponential backoff.

How should a developer apply the modifications with the LITTLEEST amount of custom code possible?

A. Add a Retry-After HTTP header to API requests

B. Use the AWS CLI to configure the retry settings in a named profile

C. Change the custom library to retry on 5xx errors only

D. Use an AWS SDK and set retry-specific configurations

Correct Answer: B
Reference:
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html

Community vote distribution

C (50%) D (50%)
Question #187 Topic 1

A business demands that AWS Lambda functions built by developers record problems in order for System Administrators to resolve issues more
efficiently.

What should developers do to address this need?

A. Publish errors to a dedicated Amazon SQS queue.

B. Create an Amazon CloudWatch Events event trigger based on certain Lambda events.

C. Report errors through logging statements in Lambda function code.

D. Set up an Amazon SNS topic that sends logging statements upon failure.

Correct Answer: B

Community vote distribution

C (100%)

Question #188 Topic 1

In the console, a developer transformed an existing application to an AWS Lambda function. While the application works OK on a local laptop, it
fails to import a module when evaluated in the Lambda interface.

Which of the following may be used to correct the error?

A. Install the missing module and specify the current directory as the target. Create a ZIP file to include all files under the current directory,
and upload the ZIP file.

B. Install the missing module in a lib directory. Create a ZIP file to include all files under the lib directory, and upload the ZIP file as dependency
file.

C. In the Lambda code, invoke a Linux command to install the missing modules under the /usr/lib directory.

D. In the Lambda console, create a LB_LIBRARY_PATH environment and specify the value for the system library path.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf

Community vote distribution

A (100%)
Question #189 Topic 1

A gaming business is in the process of creating a mobile game application for the iOS and Android operating systems. This mobile game encrypts
user data and keeps it locally on the device. The business wants consumers to be able to play the game on numerous devices. Without developing
a backend application, the organization needs to synchronize user data across devices.

Which Amazon Web Services (AWS) offering or functionality should the business use to achieve these requirements?

A. AWS Lambda@Edge

B. Amazon S3 Transfer Acceleration

C. Amazon DynamoDB Accelerator (DAX)

D. AWS Amplify with AWS AppSync

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/mobile/appsync-microservices/

Question #190 Topic 1

There are three separate environments in a company: development, quality assurance, and production. The company wishes to deploy its code in
three stages: development, QA, and finally production.
What AWS service may be used to fulfill this need?

A. Use AWS CodeCommit to create multiple repositories to deploy the application.

B. Use AWS CodeBuild to create, configure, and deploy multiple build application projects.

C. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.

D. Use AWS CodeDeploy to create multiple deployment groups.

Correct Answer: C

Community vote distribution

D (71%) B (29%)
Question #191 Topic 1

An application is composed of two components: one for handling HTTP requests and another for doing background processing operations. Each
component must be self-scaling. The developer want to use AWS Elastic Beanstalk to deploy this application.

How, in light of these criteria, should this application be deployed?

A. Deploy the application in a single Elastic Beanstalk environment.

B. Deploy each component in a separate Elastic Beanstalk environment.

C. Use multiple Elastic Beanstalk environments for the HTTP component, but one environment for the background task component.

D. Use multiple Elastic Beanstalk environments for the background task component, but one environment for the HTTP component.

Correct Answer: D

Community vote distribution

B (100%)

Question #192 Topic 1

A business runs a bespoke application on a series of on-premises Linux servers that are connected to Amazon API Gateway through Amazon API
Gateway. On the API test stage, AWS X-Ray tracing has been enabled.

How can a developer implement X-Ray tracing with the LEAST amount of setup on on-premises servers?

A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

B. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

C. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the
PutTraceSegments API call.

D. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the
PutTelemetryRecords API call.

Correct Answer: A

Community vote distribution

B (100%)
Question #193 Topic 1

An organization is hosting huge files in Amazon S3 and developing a web application to provide end users with meta-data about the files. A user
picks an item to download based on its information. The company requires a technique for indexing files and retrieving metadata with a single-
digit millisecond delay.

Which Amazon Web Services (AWS) service should be utilized to do this?

A. Amazon DynamoDB

B. Amazon EC2

C. AWS Lambda

D. Amazon RDS

Correct Answer: A
Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at
any scale. It is a fully managed database and supports both document and key-value data models. Its flexible data model and reliable
performance make it a great fit for mobile, web, gaming, ad-tech, Internet of Things (IoT), and many other applications.
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/database-services.html

Community vote distribution

A (100%)

Question #194 Topic 1

A developer has created a web application and want to swiftly deploy it on an AWS Tomcat server. The developer want to be free of the
responsibility of managing the underlying infrastructure.

According to these criteria, what is the simplest approach to deploy the application?

A. AWS CloudFormation

B. AWS Elastic Beanstalk

C. Amazon S3

D. AWS CodePipeline

Correct Answer: B
Reference:
https://aws.amazon.com/answers/web-applications/aws-web-app-deployment-java/

Community vote distribution

B (100%)
Question #195 Topic 1

A developer uses Amazon ECS to host an e-commerce API. The application's fluctuating and spiking demand is causing order processing to take
an excessive amount of time. The program manages Amazon Simple Queue Service (SQS) queues. Throughout the day, the
ApproximateNumberOfMessagesVisible metric jumps to very high levels, resulting in Amazon CloudWatch alert violations. Other ECS metrics for
API containers are within acceptable ranges.

What measures can the developer take to boost performance while keeping costs down?

A. Target tracking scaling policy

B. Docker Swarm

C. Service scheduler

D. Step scaling policy

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/

Community vote distribution

D (75%) A (25%)

Question #196 Topic 1

A developer is configuring the Amazon API Gateway to support their business's goods. Registered developers may use the API to query and
change their environments. For financial and security concerns, the organization want to restrict the number of requests that end users may
submit. Management want to provide registered developers with the option of purchasing bigger packages that support a greater number of
requests.

How can the developer do this with the LEAST amount of management overhead?

A. Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If a registered user chooses a larger package,
create a stage for them, adjust the values, and share the new URL with them.

B. Set up Amazon CloudWatch API logging in API Gateway. Create a filter based on the user and requestTime fields and create an alarm on
this filter. Write an AWS Lambda function to analyze the values and requester information, and respond accordingly. Set up the function as the
target for the alarm. If a registered user chooses a larger package, update the Lambda code with the values.

C. Enable Amazon CloudWatch metrics for the API Gateway stage. Set up CloudWatch alarms based off the Count metric and the ApiName,
Method, Resource, and Stage dimensions to alerts when request rates pass the threshold. Set the alarm action to Deny. If a registered user
chooses a larger package, create a user-specific alarm and adjust the values.

D. Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage. If a registered user chooses a
larger package, create a custom plan with the appropriate values and associate the plan with the user.

Correct Answer: D

Community vote distribution

D (100%)
Question #197 Topic 1

A developer must re-implement the order fulfillment system's business logic. To determine where to acquire an item, the business logic must make
queries to several sellers. The whole procedure might take up to a week.

What is the MOST EFFECTIVE and SIMPLICIT method of implementing a system that satisfies these requirements?

A. Use AWS Step Functions to execute parallel Lambda functions, and join the results.

B. Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results.

C. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results.

D. Use Amazon CloudWatch Events to orchestrate the Lambda functions.

Correct Answer: D

Community vote distribution

A (100%)

Question #198 Topic 1

A business is moving from a monolithic architecture to one based on microservices. The developers must redesign the program in such a way that
the many microservices may interact asynchronously without compromising performance.

Which managed Amazon Web Services (AWS) services will offer asynchronous message passing? (Select two.)

A. Amazon SQS

B. Amazon Cognito

C. Amazon Kinesis

D. Amazon SNS

E. Amazon ElastiCache

Correct Answer: AD

Community vote distribution

AD (100%)

Question #199 Topic 1

A small internet business is gearing up for its yearly sales extravaganza. As traffic to the company's application grows, the development team
wishes to be alerted when the CPU usage of the Amazon EC2 instance surpasses 80%.

Which solution will satisfy this criterion?

A. Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

B. Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

C. Create a cron job on the EC2 instance that executes the --describe-instance-information command on the host instance every 15 minutes
and sends the results to an Amazon SNS topic.

D. Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a
notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

Correct Answer: A
Question #200 Topic 1

Amazon S3 is structured as follows: S3:/BUCKET/FOLDERNAME/FILENAME.zip

Which S3 best practice would enhance speed when a single bucket receives thousands of PUT requests per second?

A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip

B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip

C. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip

D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip

Correct Answer: B
Reference:
http://jayendrapatil.com/aws-s3-best-practices/

Community vote distribution

D (60%) B (40%)

Question #201 Topic 1

Amazon API Gateway is used in a company's new mobile application. As the development team completes a new version of its APIs, a developer
must roll out the API modification securely and transparently.

What is the SIMPLEST method for a developer to deploy a new API version to a restricted number of consumers using API Gateway?

A. Create a new API in API Gateway. Direct a portion of the traffic to the new API using an Amazon Route 53 weighted routing policy.

B. Validate the new API version and promote it to production during the window of lowest expected utilization.

C. Implement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined
threshold.

D. Use the canary release deployment option in API Gateway. Direct a percentage of the API traffic using the canarySettings setting.

Correct Answer: D

Community vote distribution

D (100%)
Question #202 Topic 1

A programmer is developing a REST API that will allow users to add goods to a shopping list. The service is developed on Amazon API Gateway
and integrates with AWS Lambda. The shopping list items are sent to the function as query string arguments.

How should the developer transform query string parameters to Lambda function arguments?

A. Enable request validation

B. Include the Amazon Resource Name (ARN) of the Lambda function

C. Change the integration type

D. Create a mapping template

Correct Answer: C
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html

Community vote distribution

D (100%)

Question #203 Topic 1

A firm is compiling a website using AWS CodeBuild from source code saved in AWS CodeCommit. Due to a recent modification to the source code,
the CodeBuild project is unable to assemble the website correctly.

How is the developer to determine the root cause of the failures?

A. Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.

B. Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.

C. Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.

D. Manually re-run the build process on a local machine so that the output can be visualized.

Correct Answer: A

Community vote distribution

C (100%)
Question #204 Topic 1

Over SSH, a developer connects to AWS CodeCommit. The SSH keys used to connect to AWS CodeCommit are associated with the following user:

The developer is responsible for creating and deleting branches.

Which particular IAM permissions, based on the concept of least privilege, should be added?

A. ‫ג‬€codecommit:CreateBranch‫ ג‬€‫ג‬€codecommit:DeleteBranch‫ג‬€

B. ‫ג‬€codecommit:Put*‫ג‬€

C. ‫ג‬€codecommit:Update*‫ג‬€

D. ‫ג‬€codecommit:*‫ג‬€

Correct Answer: C

Community vote distribution

A (100%)
Question #205 Topic 1

A developer is attempting to monitor the status of an application by running a cron job that returns 1 when the service is up and 0 when it is down.
The developer wrote code to publish the custom metrics to Amazon CloudWatch and set an alert using the AWS CLI put-metric-alarm function.
The Developer, on the other hand, is unable to issue an alert since the custom metrics are not visible in the CloudWatch interface.

What is the source of this problem?

A. Sending custom metrics using the CLI is not supported.

B. The Developer needs to use the put-metric-data command.

C. The Developer must use a unified CloudWatch agent to publish custom metrics.

D. The code is not running on an Amazon EC2 instance.

Correct Answer: B

Community vote distribution

B (100%)

Question #206 Topic 1

Amazon Kinesis Streams is being used by a web application to store clickstream data that may not be utilized for up to 12 hours.

How can the developer encrypt data in the Kinesis Streams at rest?

A. Enable SSL connections to Kinesis

B. Use Amazon Kinesis Consumer Library

C. Encrypt the data once it is at rest with a Lambda function

D. Enable server-side encryption in Kinesis Streams

Correct Answer: D
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/07/amazon-kinesis-streams-introduces-server-side-encryption/
Question #207 Topic 1

A business is building a web application that will enable workers to submit their profile pictures to a private Amazon S3 bucket. There is no
restriction on the size of the profile images that should be shown each time an employee checks in. The images cannot be made publicly available
for security reasons.

What is a long-term feasible solution to this situation?

A. Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when
the employee logs in.

B. Save the picture's S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures
once they log in.

C. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a
picture.

D. Save the picture's S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return
the URL to the browser.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/

Community vote distribution

D (100%)

Question #208 Topic 1

A company's ecommerce website is experiencing large traffic surges, resulting in database performance issues. Users remark that viewing the
website takes an excessive amount of time.
A developer want to use Amazon ElastiCache to construct a caching layer. The website must be responsive regardless of whatever product a user
visits, and product information and pricing must be updated consistently.

Which policy for writing to the cache will meet these requirements?

A. Write to the cache directly and sync the backend at a later time

B. Write to the backend first and wait for the cache to expire

C. Write to the cache and the backend at the same time

D. Write to the backend first and invalidate the cache

Correct Answer: A
Reference:
https://aws.amazon.com/elasticache/faqs/

Community vote distribution

D (60%) C (40%)
Question #209 Topic 1

A business is developing a stock trading application. The program requires a latency of less than one millisecond to handle trading requests. The
firm stores all trade data in Amazon DynamoDB, which is utilized to perform each trading request.
A development team conducts load testing on the application and discovers that the time required to get data is longer than intended. The
development team need a solution that significantly improves data retrieval time with the least amount of work feasible.

Which solution satisfies these criteria?

A. Add local secondary indexes (LSIs) for trading data.

B. Store trading data in Amazon S3 and use Transfer Acceleration.

C. Add retries with exponential back-off for DynamoDB queries

D. Use DynamoDB Accelerator to cache trading data.

Correct Answer: A

Community vote distribution

D (100%)

Question #210 Topic 1

A business runs an application that makes use of an Amazon RDS DB instance as the database. A developer must implement database encryption
at rest.

Which measures should the developer perform in combination to satisfy this requirement? (Select two.)

A. Enable encryption on the DB instance in the AWS Management Console.

B. Stop the DB instance.

C. Restore the DB instance from the encrypted snapshot.

D. Take a snapshot of the DB instance, and create an encrypted copy of the snapshot.

E. Create a customer managed key in AWS Key Management Service (AWS KMS).

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Community vote distribution

BD (50%) CD (50%)
Question #211 Topic 1

Amazon CloudFront is being used by an organization to guarantee that its users have low-latency access to their online application. The business
determined that all communication between users and CloudFront, as well as all traffic between CloudFront and the web application, should be
encrypted.

How are these stipulations to be met? (Select two.)

A. Use AWS KMS to encrypt traffic between CloudFront and the web application.

B. Set the Origin Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€.

C. Set the Origin's HTTP Port to 443.

D. Set the Viewer Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€ or ‫ג‬€Redirect HTTP to HTTPS‫ג‬€.

E. Enable the CloudFront option Restrict Viewer Access.

Correct Answer: CD

Community vote distribution

BD (100%)

Question #212 Topic 1

A developer is transferring an application from on-premises to AWS. Currently, the program accepts user uploads and stores them to a server-side
local directory. All uploads must be preserved and instantly accessible to all instances within an Auto Scaling group.

Which strategy will satisfy these criteria?

A. Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.

B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.

C. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).

D. Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.

Correct Answer: D

Community vote distribution

B (100%)
Question #213 Topic 1

The Amazon API Gateway exposes a collection of APIs to clients. The API Gateway has enabled caching for these APIs. Customers have
requested an option to clear this cache for each API.

What may be done to enable API clients to invalidate the API Cache?

A. Ask customers to use AWS credentials to call the InvalidateCache API.

B. Ask customers to invoke an AWS API endpoint which invalidates the cache.

C. Ask customers to pass an HTTP header called Cache-Control:max-age=0.

D. Ask customers to add a query string parameter called ‫ג‬€INVALIDATE_CACHE‫ג‬€ when making an API call.

Correct Answer: B

Community vote distribution

C (100%)

Question #214 Topic 1

A programmer is now working on an ecommerce website. The developer want to inspect server logs without having to log in to each application
server separately. The website is built in Python and operates on numerous Amazon EC2 instances. It must be extremely available.

How can the developer upgrade the program with the fewest possible modifications to fulfill these requirements?

A. Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch.

B. Set up centralized logging by using Amazon Elasticsearch Service (Amazon ES), Logstash, and Kibana.

C. Scale down the application to one larger EC2 instance where only one instance is recording logs.

D. Install the unified Amazon CloudWatch agent on the EC2 instances. Configure the agent to push the application logs to CloudWatch.

Correct Answer: D

Community vote distribution

D (100%)
Question #215 Topic 1

A developer is updating a bespoke application that is currently running on AWS Elastic Beanstalk.
What solutions will update the Elastic Beanstalk environment with the new application version after the Developer completes the changes? (Select
two.)

A. Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console

B. Package the application code into a .tar file, create a new application version from the AWS Management Console, then update the
environment by using AWS CLI

C. Package the application code into a .tar file, and upload and deploy the packaged application from the AWS Management Console

D. Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update
the environment by using AWS CLI

E. Package the application code into a .zip file, create a new application version from the AWS Management Console, then rebuild the
environment by using AWS CLI

Correct Answer: CD

Community vote distribution

AD (100%)

Question #216 Topic 1

A developer has been requested to write an AWS Lambda function that is called whenever objects in an Amazon DynamoDB database are updated.
The function has been built, and the Lambda execution role has been granted the necessary permissions. Although Amazon DynamoDB streams
have been enabled for the table, the function continues to fail to execute.

Which option would allow the Lambda function to be triggered by DynamoDB database updates?

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table

B. Configure event source mapping for the Lambda function

C. Map an Amazon SNS topic to the DynamoDB streams

D. Increase the maximum execution time (timeout) setting of the Lambda function

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html

Community vote distribution

B (100%)
Question #217 Topic 1

A developer is debugging connection difficulties between an Amazon Web Services Lambda function and an Amazon EC2 machine running
Amazon Linux 2. Even if the Lambda function is enabled to access resources on the EC2 instance's network, the Lambda function and the EC2
instance are unable to interact.

How can the developer see the network traffic between the Lambda function and the Amazon Elastic Compute Cloud instance?

A. Inspect the VPC flow logs for network activity.

B. Use the traceroute command on the EC2 instance to check connectivity.

C. Analyze the Amazon CloudWatch metrics for network traffic.

D. Use the telnet command on the EC2 instance to check connectivity.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

Community vote distribution

A (100%)

Question #218 Topic 1

Amazon API Gateway is used by a business to manage access to a collection of microservices built as AWS Lambda functions. The corporation
makes a small breaking update to one of the APIs in response to a bug report.
To minimize the effect of the new API's deployment on current customers, the business intends to provide clients six months to transition from v1
to v2.

Which strategy should the developer use to deal with this change?

A. Update the underlying Lambda function and provide clients with the new Lambda invocation URL.

B. Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.

C. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.

D. Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.

Correct Answer: C

Community vote distribution

C (100%)
Question #219 Topic 1

A program may have hundreds of users. Each user may access the application through various devices. The Developer want to give these users
unique IDs regardless of the device they are using.

Which mechanism should be utilized to generate unique identifiers?

A. Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.

B. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.

C. Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.

D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.

Correct Answer: D

Community vote distribution

C (100%)

Question #220 Topic 1

A business wishes to transition an imaging service to Amazon EC2 while adhering to industry best practices for security. The photos are obtained
and read from an Amazon S3 bucket that is not publicly accessible.

What actions should a developer take to ensure compliance with these requirements?

A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the Amazon EBS volume of the
EC2 instance.

B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2
instance.

C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.

D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

Community vote distribution

C (100%)
Question #221 Topic 1

A business makes use of continuous integration and delivery platforms. A developer now wants to automate the distribution of software packages
to both Amazon EC2 instances and on-premises virtual machines.

Which AWS service should be utilized for this purpose?

A. AWS CodePipeline

B. AWS CodeBuild

C. AWS Elastic Beanstalk

D. AWS CodeDeploy

Correct Answer: D

Community vote distribution

D (100%)

Question #222 Topic 1

How does AWS KMS's Envelope Encryption work?

A. The Customer Master Key is used to encrypt/decrypt a data key. The Plaintext Data Key is used to encrypt customer data.

B. Two encryption keys are used. The Customer Master Key encrypts customer data. The Data Key is used to re-encrypt the encrypted data.

C. Two encryption keys are used. The Data Key encrypts customer data. The ‫¡׀‬ustomer Master Key is used to re-encrypt the encrypted data.

D. The Customer Master Key is used to encrypt/decrypt a data key. The Encrypted Data Key is used to encrypt customer data.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Community vote distribution

A (100%)

Question #223 Topic 1

A developer must construct an application that supports SAML and Facebook authentication. Additionally, it must provide access to AWS services
such as Amazon DynamoDB.

Which AWS service or feature will allow for the LEAST amount of extra code to achieve these requirements?

A. AWS AppSync

B. Amazon Cognito identity pools

C. Amazon Cognito user pools

D. Amazon Lambda@Edge

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-saml/

Community vote distribution

B (100%)
Question #224 Topic 1

A developer is troubleshooting an AWS Lambda function that is being used in conjunction with an Amazon API Gateway. HTTP status code 200 is
returned whenever the API Gateway endpoint is contacted, despite the fact that AWS Lambda is logging a 4xx error.

What modification is required to deliver an appropriate error code through the API Gateway?

A. Enable CORS in the API Gateway method settings

B. Use a Lambda proxy integration to return HTTP codes and headers

C. Enable API Gateway error pass-through.

D. Return the value in the header x-Amzn-ErrorType.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Community vote distribution

B (100%)

Question #225 Topic 1

A developer is developing a three-tier web application that must support at least 5000 requests per minute. According to the requirements, the
web layer should be fully stateless, whereas the application should keep user session data.

How may session data be externalized while minimizing latency?

A. Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database
instance for session data storage

B. Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application
level to leverage the shared file system for session data storage

C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for
session data storage

D. Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage

Correct Answer: A

Community vote distribution

C (100%)
Question #226 Topic 1

A development team is now working on a case management system that will enable the processing and evaluation of medical claims. Users log in
to share medical and financial information.
Sensitive data such as medical records, medical imaging, bank statements, and invoices are uploaded to Amazon S3 as part of the program. All
papers must be sent and kept securely. All access to documents must be documented for auditing purposes.

Which technique is the MOST SECURE?

A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.

B. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.

C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Correct Answer: D

Community vote distribution

D (67%) C (33%)

Question #227 Topic 1

A developer is developing a web application that will allow end users to exchange encrypted documents. The papers are saved on Amazon S3 in a
private bucket. Only verified users should be able to download certain documents when requested, and only for a period of 15 minutes.

How is the developer to adhere to these specifications?

A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

Community vote distribution

B (100%)
Question #228 Topic 1

A front-end web application handles user authentication with Amazon Cognito user pools. Using the AWS SDK for JavaScript, a developer
integrates Amazon DynamoDB into the application.

How might a developer contact the API safely without disclosing the access or secret keys?

A. Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.

B. Run the web application in an Amazon EC2 instance with the instance profile configured.

C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.

D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html

Community vote distribution

A (100%)

Question #229 Topic 1

A business administers a website that is hosted on Amazon EC2 instances that are routed via an Elastic Load Balancer. CPU use is limited on EC2
Instances. The technical staff at the organization is responsible for securing incoming internet traffic.

Which combination of actions will satisfy these criteria? (Select two.)

A. Configure the Elastic Load Balancer with SSL passthrough.

B. Configure SSL certificates on the Elastic Load Balancer.

C. Configure the Elastic Load Balancer with a Loadable Storage System.

D. Install SSL certificates on the EC2 instances.

E. Configure the Elastic Load Balancer with SSL termination.

Correct Answer: BE
Reference:
https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/

Community vote distribution

BE (100%)
Question #230 Topic 1

In AWS Lambda, a developer is developing an application. To facilitate testing and deployments, the Developer need the ability to change the
database connection string without affecting the Lambda code.

How is this criterion to be met?

A. Store the connection string as a secret in AWS Secrets Manager.

B. Store the connection string in an IAM user account.

C. Store the connection string in AWS KMS.

D. Store the connection string as a Lambda layer.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/developer/net-core-configuration-provider-for-aws-systems-manager/

Community vote distribution

A (100%)

Question #231 Topic 1

A developer wants to monitor an application that is deployed on Amazon EC2 instances using AWS X-Ray.

What procedures must be taken to do the monitoring?

A. Deploy the X-Ray SDK with the application and use X-Ray annotation.

B. Install the X-Ray daemon and instrument the application code.

C. Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events.

D. Deploy the X-Ray SDK with the application and instrument the application code.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/aws/category/aws-x-ray/

Community vote distribution

B (100%)
Question #232 Topic 1

When deploying new application versions on AWS Elastic Beanstalk, an application's error rate increases, resulting in service deterioration for
customers. This, the Development team thinks, is due to the capacity loss throughout the deployment processes. The team want to update the
environment's deployment policy configuration to one that maintains full capacity during deployment while using current instances.

Which deployment strategy will satisfy these criteria while using current instances?

A. All at once

B. Rolling

C. Rolling with additional batch

D. Immutable

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/developer/version-2-of-the-aws-elastic-beanstalk-windows-server-platform/

Community vote distribution

C (100%)

Question #233 Topic 1

A business has a web application that is authenticated by an Amazon Cognito user pool. The business want to construct a login page including
the business's logo.

What actions should a developer take to ensure compliance with these requirements?

A. Create a hosted user interface in Amazon Cognito and customize it with the company logo.

B. Create a login page with the company logo and upload it to Amazon Cognito.

C. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito.

D. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.

Correct Answer: D
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-hosted-web-ui/

Community vote distribution

A (80%) D (20%)
Question #234 Topic 1

A programmer is developing a serverless ecommerce application using AWS Lambda. An asynchronous workflow is responsible for managing the
checkout process and must arrange the execution of many Lambda functions. Each item in the shopping cart triggers a separate function in the
process. The developer orchestrates the process using AWS Step Functions.
The checkout process is currently executing the Lambda functions serially, and the developer want to optimize the procedure's speed.

What actions should the developer take to ensure compliance with these requirements?

A. Use a Choice state to identify the size of the cart and invoke a specific Lambda function with the entire cart content.

B. Use a Retry field for a second run to process all the items that failed.

C. Use a Parallel state to iterate over all the items in parallel.

D. Use a Map state to iterate over all the items in the cart.

Correct Answer: D

Community vote distribution

C (54%) D (46%)

Question #235 Topic 1

To increase read speed, an application makes use of a single-node Amazon ElastiCache for Redis instance. Demand for the application has grown
significantly over time, putting an increasing strain on the ElastiCache instance. It is vital that this cache layer is capable of handling the load and
being robust in the event of a node failure.

What can be done by the developer to meet load and resilience requirements?

A. Add a read replica instance.

B. Migrate to a Memcached cluster.

C. Migrate to an Amazon Elasticsearch Service cluster.

D. Vertically scale the ElastiCache instance.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis.Groups.html

Community vote distribution

A (100%)
Question #236 Topic 1

A developer intends to create a REST API via the usage of an Amazon API Gateway and AWS Lambda. The developer will be responsible for
managing three unique environments: development, test, and production.

How should the application be delivered with the least amount of resources possible?

A. Create a separate API Gateway and separate Lambda function for each environment in the same Region.

B. Assign a Region for each environment and deploy API Gateway and Lambda to each Region.

C. Create one API Gateway with multiple stages with one Lambda function with multiple aliases.

D. Create one API Gateway and one Lambda function, and use a REST parameter to identify the environment.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/compute/using-api-gateway-stage-variables-to-manage-lambda-functions/

Community vote distribution

C (100%)

Question #237 Topic 1

A corporation is transferring its on-premises web application from a single server to AWS. To balance the demand, the firm wants to deploy
numerous servers behind an Elastic Load Balancer (ELB) and to keep session data in memory on the web server. The organization does not want
to lose session data in the event of a server failure or outage, and it also wants to minimize user downtime.

Where should the organization relocate session data to most effectively decrease downtime and increase the fault tolerance of customers'
session data?

A. An Amazon ElastiCache for Redis cluster

B. A second Amazon EBS volume

C. The web server's primary disk

D. An Amazon EC2 instance dedicated to session data

Correct Answer: A

Community vote distribution

A (100%)
Question #238 Topic 1

A development team is deploying a two-tier application in production using AWS Elastic Beanstalk. The application comprises of a load-balanced
web tier and an Amazon RDS database layer. The team want to partition the RDS instance from the Elastic Beanstalk instance.

How is this possible?

A. Use the Elastic Beanstalk CLI to disassociate the database.

B. Use the AWS CLI to disassociate the database.

C. Change the deployment policy to disassociate the database.

D. Recreate a new Elastic Beanstalk environment without Amazon RDS.

Correct Answer: C

Community vote distribution

D (100%)

Question #239 Topic 1

A developer is attempting to get data from the demoman-table database in Amazon DynamoDB. The developer set the AWS CLI to utilize the
credentials of a particular IAM user and ran the following command:

The command produced errors and returned no rows.

Which of the following is the MOST LIKELY CAUSE of these problems?

A. The command is incorrect; it should be rewritten to use put-item with a string argument.

B. The developer needs to log a ticket with AWS Support to enable access to the demoman-table.

C. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API.

D. The IAM user needs an associated policy with read access to demoman-table.

Correct Answer: D

Community vote distribution

D (100%)
Question #240 Topic 1

A developer has established a new AWS IAM user with the s3:putObject permission, which enables him to write to a particular Amazon S3 bucket.
As a default, this S3 bucket employs server-side encryption with AWS KMS controlled keys (SSE-KMS). When contacting the PutObject API with
the IAM user's access key and secret key, the application encountered an access denied error.

How is this problem to be resolved?

A. Update the policy of the IAM user to allow the s3:Encrypt action.

B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.

C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.

D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-error-kms/

Community vote distribution

C (100%)

Question #241 Topic 1

On Amazon EC2 instances, a developer has code that requires read-only access to an Amazon DynamoDB database.

What is the MOST secure method for the Developer to do this task?

A. Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys
rotate.

B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.

C. Run all code with only AWS account root user access keys to ensure maximum access to services.

D. Use an IAM role with Administrator access applied to the EC2 instance.

Correct Answer: B

Community vote distribution

B (100%)
Question #242 Topic 1

A developer is developing an AWS Lambda function that makes Amazon DynamoDB available. The Lambda function must obtain and change
certain properties of an object, or construct the item if it does not exist. Access to the main key is granted to the Lambda function.

Which IAM permissions should the developer obtain to enable this capability in the Lambda function?

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable

C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable

D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html

Community vote distribution

D (100%)

Question #243 Topic 1

A developer is working on a financial transaction management program. Multi-factor authentication (MFA) will be needed as part of the login
procedure to increase security.

Which services are available to the developer in order to achieve these requirements?

A. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes

B. Amazon Cognito with MFA

C. AWS Directory Service

D. AWS IAM with MFA enabled

Correct Answer: D
Reference:
https://acloud.guru/forums/aws-cda-2018/discussion/-MDjup08bTIQmngW7M6-/IAM%20with%20MFA%20or%20Cognito%20with%20MFA%3F

Community vote distribution

B (100%)
Question #244 Topic 1

A programmer is developing an application that will handle a stream of data given by the user. The data stream must be received concurrently and
in real time by various Amazon EC2-based processing apps. Each processor must be capable of restarting without losing data if service is
interrupted. The Application Architect intends to expand the number of processors in the near future and wants to reduce data duplication.

Which solution will meet these criteria?

A. Publish the data to Amazon SQS.

B. Publish the data to Amazon Kinesis Data Firehose.

C. Publish the data to Amazon CloudWatch Events.

D. Publish the data to Amazon Kinesis Data Streams.

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Question #245 Topic 1

A developer is developing a Lambda function to create and export a file. While the program is running, it needs 100 MB of temporary storage for
transient files. These files are no longer required after the function has been completed.

How can the developer manage temporary files most efficiently?

A. Store the files in EBS and delete the files at the end of the Lambda function.

B. Copy the files to EFS and delete the files at the end of the Lambda function.

C. Store the files in the /tmp directory and delete the files at the end of the Lambda function.

D. Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Correct Answer: C
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=174119

Community vote distribution

C (100%)
Question #246 Topic 1

A business is in the process of building a serverless ecommerce web application. The application must perform synchronized, all-or-nothing
updates to various products in the company's Amazon DynamoDB inventory database.

Which solution will satisfy these criteria?

A. Enable transactions for the DynamoDB table. Use the BatchWriteItem operation to update the items.

B. Use the TransactWriteItems operation to group the changes. Update the items in the table.

C. Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update the table based on the grouped changes.

D. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions. Write a backend process to sync the Aurora DB
table and the DynamoDB table.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/mobile/appsync-caching-transactions/

Community vote distribution

B (100%)

Question #247 Topic 1

A business developed a serverless application that incorporates the customers' preferred actors. The business's data was stored in an Amazon
DynamoDB database. The table is divided into three sections: actor, film, and year.
Each actor appears in a number of films and may feature in numerous films in a single calendar year. The firm is interested in discovering which of
the customers' favorite actors were in the same film and which films were released in the same year. A developer must create the DynamoDB
database in such a way that the response time for such queries is as short as possible.

Which solution satisfies these criteria?

A. Create a composite primary key with Actor as the partition key and Movie as the sort key Use Year as the sort key for a global secondary
index (GSI).

B. Create a composite primary key with Actor as the partition key and Year as the sort key Use Movie as the sort key for a global secondary
index (GSI).

C. Create a composite primary key with Movie as the partition key and Actor as the sort key Use Year as the sort key for a global secondary
index (GSI).

D. Create a simple primary key with Actor as the partition key. Use Year as the sort key for a local secondary index (LSI).

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html

Community vote distribution

C (100%)
Question #248 Topic 1

A developer is working on a mobile app and requires any changes to user profile data to be distributed to all devices that access the same identity.
The developer does not wish to maintain the user profile data on a back end.
What is the most efficient approach for the Developer to use Amazon Cognito to meet these requirements?

A. Use Cognito federated identities.

B. Use a Cognito user pool.

C. Use Cognito Sync.

D. Use Cognito events.

Correct Answer: A

Community vote distribution

C (100%)

Question #249 Topic 1

A developer wishes to revert to a prior version of an AWS Lambda function in the case of deployment issues.

How can the developer do this with the FEWEST possible effect on users?

A. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the
newly deployed version. If too many errors are encountered, point the alias back to the previous version.

B. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10%
of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version.

C. Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application
back to the previous version using the version number in the Amazon Resource Name (ARN).

D. Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to
the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version.
Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.

Correct Answer: A

Community vote distribution

B (100%)
Question #250 Topic 1

A legacy program running on-premises caches data files locally and writes shared pictures to local drives.

What is required to enable horizontal scalability during the application's migration to AWS?

A. Modify the application to have both shared images and caching data written to Amazon EBS.

B. Modify the application to read and write cache data on Amazon S3, and also store shared images on S3.

C. Modify the application to use Amazon S3 for serving shared images; cache data can then be written to local disks.

D. Modify the application to read and write cache data on Amazon S3, while continuing to write shared images to local disks.

Correct Answer: B

Community vote distribution

C (67%) B (33%)

Question #251 Topic 1

A developer chooses to use Amazon S3 to store highly secure data and want to build server-side encryption (SSE) with granular control over who
may access the master key. For security reasons, company policy demands that the master key be established, cycled, and deactivated easily as
necessary.

Which option is most appropriate for meeting these requirements?

A. SSE with Amazon S3 managed keys (SSE-S3)

B. SSE with AWS KMS managed keys (SSE-KMS)

C. SSE with AWS Secrets Manager

D. SSE with customer-provided encryption keys

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

Community vote distribution

B (100%)
Question #252 Topic 1

A server-side application running on Amazon EC2 instances needs access assets contained in an Amazon S3 bucket that have been secured using
AWS KMS encryption keys (SSE-KMS). To decrypt the items, the program must have access to the customer master key (CMK).

Which sequence of actions will provide access to the application? (Select two.)

A. Write an S3 bucket policy that grants the bucket access to the key.

B. Grant access to the key in the IAM EC2 role attached to the application's EC2 instances.

C. Write a key policy that enables IAM policies to grant access to the key.

D. Grant access to the key in the S3 bucket's ACL

E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.

Correct Answer: AE

Community vote distribution

BC (100%)

Question #253 Topic 1

Amazon Cognito is being used by a social networking firm to synchronize profiles across many mobile devices, enabling end users to enjoy a
consistent experience.

Which of the following setups enables customers to be notified quietly whenever an update is ready for their other devices?

A. Modify the user pool to include all the devices which keep them in sync.

B. Use the SyncCallback interface to receive notifications on the application.

C. Use an Amazon Cognito stream to analyze the data and push the notifications.

D. Use the push synchronization feature with the appropriate IAM role.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sync.html

Community vote distribution

D (100%)
Question #254 Topic 1

The Lambda function below is invoked through an API request made using Amazon API Gateway. The Lambda function typically executes in less
than a second.
The Lambda function's pseudocode is displayed in the exhibit.

Which two measures may be performed to increase this Lambda function's performance without raising the cost of the solution? (Select two.)

A. Package only the modules the Lambda function requires

B. Use Amazon DynamoDB instead of Amazon RDS

C. Move the initialization of the variable Amazon RDS connection outside of the handler function

D. Implement custom database connection pooling with the Lambda function

E. Implement local caching of Amazon RDS data so Lambda can re-use the cache

Correct Answer: AC

Community vote distribution

CE (56%) AC (44%)
Question #255 Topic 1

A developer has constructed a huge Lambda function, but deployment encounters the following error:
ClientError: When invoking the CreateFunction action, an error occurred (InvalidParameterValueException): The unzipped file size must not exceed
XXXXXXX bytes€TM, where XXXXXXXX is the current Lambda limit.

What is the Developer's role in resolving this issue?

A. Submit a limit increase request to AWS Support to increase the function to the size needed.

B. Use a compression algorithm that is more efficient than ZIP.

C. Break the function into multiple smaller Lambda functions.

D. ZIP the ZIP file twice to compress it further.

Correct Answer: C

Question #256 Topic 1

A developer is using Amazon S3 to store sensitive data created by an application. The developer want to encrypt the data while it is in transit. A
corporate policy demands an audit trail detailing when and by whom the master key was used.

Which encryption method will satisfy these criteria?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with AWS KMS managed keys (SSE-KMS)

C. Server-side encryption with customer-provided keys (SSE-C)

D. Server-side encryption with self-managed keys

Correct Answer: B
Similar to SSE-S3, but with some additional benefits along with some additional charges for using this service. provides you with an audit trail
of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key
that is unique to you.

Community vote distribution

C (50%) B (50%)
Question #257 Topic 1

An Amazon EC2 instance is configured with an IAM role that expressly forbids access to all Amazon S3 API activities. The EC2 instance
credentials file contains the IAM access key and secret access key, both of which provide full administrative access.

Which of the following statements is accurate in light of the fact that this EC2 instance supports several types of IAM access?

A. The EC2 instance will only be able to list the S3 buckets.

B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.

C. The EC2 instance will be able to perform all actions on any S3 bucket.

D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Correct Answer: A

Community vote distribution

C (100%)

Question #258 Topic 1

A developer is storing application data in Amazon DynamoDB. The developer want to further optimize the application's performance by minimizing
the time required to conduct read and write operations.

Which DynamoDB functionality should be utilized to accomplish these goals?

A. Amazon DynamoDB Streams

B. Amazon DynamoDB Accelerator

C. Amazon DynamoDB global tables

D. Amazon DynamoDB transactions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html

Community vote distribution

B (75%) C (25%)
Question #259 Topic 1

A developer wrote configuration requirements for an AWS Elastic Beanstalk application in a file entitled healthcheckurl.yaml in their application
source bundle's.ebextensions/directory. The following information is included in the file:

Following the application's start, the health check is not executed on the right route, despite the fact that it is legitimate.

How can this configuration file be corrected?

A. Convert the file to JSON format.

B. Rename the file to a .config extension.

C. Change the configuration section from options_settings to resources.

D. Change the namespace of the option settings to a custom namespace.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

Community vote distribution

B (100%)

Question #260 Topic 1

A developer is developing an AWS Lambda function to produce and publish a weekly newsletter to 100,000 subscribers dynamically. This mail
includes both static and dynamic content. The developer need a highly scalable and quick storage location for the photographs that will be
hyperlinked throughout the newsletter.

Where is the developer supposed to save these images?

A. Use an Amazon DynamoDB table with DynamoDB Streams and read capacity auto scaling enabled.

B. Use an Amazon S3 bucket and S3 Transfer Acceleration to speed up the image download.

C. Use an Amazon Aurora database with a public DNS endpoint and auto scaling enabled.

D. Use an Amazon S3 backed Amazon CloudFront distribution with a high Time-to-Live (TTL) to maximize caching.

Correct Answer: A

Community vote distribution

D (100%)
Question #261 Topic 1

An application is being developed that will use Amazon SQS to handle messages from a large number of independent senders. Messages from
each sender must be handled in the order in which they are received.

Which SQS functionality should the developer implement?

A. Configure each sender with a unique MessageGroupId

B. Enable MessageDeduplicationIds on the SQS queue

C. Configure each message with unique MessageGroupIds.

D. Enable ContentBasedDeduplication on the SQS queue

Correct Answer: A

Question #262 Topic 1

A developer is writing transactions to the €SystemUpdates€ DynamoDB database, which has five write capacity units.

Which of the following options provides the maximum read throughput?

A. Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size

B. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size

C. Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size

D. Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size

Correct Answer: B

Community vote distribution

A (80%) B (20%)
Question #263 Topic 1

A developer works in an environment that includes various Amazon Web Services accounts and AWS Lambda functions that handle identical 100
KB payloads. The developer wishes to centralize the payloads' origin in a single account and have all Lambda functions triggered whenever the
parent account's starting event happens.

How can the developer build the process in the most efficient manner possible, ensuring that all Lambda functions with multiple accounts are run
when an event occurs?

A. Create a Lambda function in the parent account and use cross-account IAM roles with the AWS Security Token Service (AWS STS)
AssumeRole API call to make AWS Lambda invoke the API call to invoke all the cross-account Lambda functions.

B. Subscribe all the multi-account Lambda functions to an Amazon SNS topic and make a SNS Publish API call with the payload to the SNS
topic.

C. Set up an Amazon SQS queue with the queue policy permitting the ReceiveMessage action for multi-account Lambda functions. Then send
the payload to the SQS queue using the sqs:SendMessage permission and poll the queue using multi-account Lambda functions.

D. Use a worker on an Amazon EC2 instance to poll for the payload event. Invoke all Lambda functions using the Lambda Invoke API after
using cross-account IAM roles with the AWS Security Token Service (AWS STS) AssumeRole API call.

Correct Answer: D

Community vote distribution

B (100%)

Question #264 Topic 1

A developer wishes to improve the performance of reads from an unencrypted Amazon S3 bucket. Each second, the program needs 100,000 read
requests. Priority is given to cost-effectiveness.

What is the MOST SIMPLE method for implementing these requirements?

A. Create 20 or more prefixes in Amazon S3. Place files by prefixes. Read in parallel by prefixes.

B. Create 20 or more AWS accounts. Create a bucket in each account. Read in parallel by bucket.

C. Deploy Memcached on Amazon EC2. Cache the files in memory. Retrieve from the Memcached cache.

D. Copy all files to Amazon DynamoDB. Index the files with S3 metadata. Retrieve from DynamoDB.

Correct Answer: B

Community vote distribution

A (100%)

Topic 1 - Single Topic

Question #265 Topic 1

A developer used Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS to construct a dashboard for an application. The developer
need an authentication system that enables users to log in and access their dashboard. It must be available through mobile apps, desktop
applications, and tablets, and it must maintain user preferences across platforms.

Which AWS service should the developer use to accommodate this situation of authentication?

A. AWS KMS

B. Amazon Cognito

C. AWS Directory Service

D. Amazon IAM

Correct Answer: B

Question #266 Topic 1

A developer is deploying an application to Amazon EC2 using AWS CodeDeploy. The developer wishes to modify the permissions on a particular
deployment file.

Which lifecycle event should a developer utilize to do this task?

A. AfterInstall

B. DownloadBundle

C. BeforeInstall

D. ValidateService

Correct Answer: A
You can use the AfterInstall deployment lifecycle event for tasks such as configuring your application or changing file permissions.
Reference:
https://aws.amazon.com/codedeploy/faqs/

Community vote distribution

A (100%)
Question #267 Topic 1

A multinational corporation runs an application on Amazon EC2 instances that provides image files stored in Amazon S3. User queries from the
browser generate a lot of traffic, which leads in performance degradation.

Which optimization technique should a developer use to boost the speed of an application?

A. Create multiple prefixes in the S3 bucket to increase the request rate.

B. Create an Amazon ElastiCache cluster to cache and serve frequently accessed items.

C. Use Amazon CloudFront to serve the content of images stored in Amazon S3.

D. Submit a ticket to AWS Support to request a rate limit increase for the S3 bucket.

Correct Answer: C

Community vote distribution

C (100%)

Question #268 Topic 1

A business operates a two-tier application that runs on an Amazon EC2 server and manages all of its AWS-based e-commerce operations. During
peak periods, the backend servers responsible for processing orders become overburdened with requests. As a consequence, certain orders are
unable to be processed. A developer must provide a way for refactoring the program.

Which initiatives will provide more flexibility during peak periods while staying economically viable? (Select two.)

A. Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.

B. Implement an Amazon SQS queue to decouple the front-end and backend servers.

C. Use an Amazon SNS queue to decouple the front-end and backend servers.

D. Migrate the backend servers to on-premises and pull from an Amazon SNS queue.

E. Modify the backend servers to pull from an Amazon SQS queue.

Correct Answer: BE

Community vote distribution

BE (100%)
Question #269 Topic 1

A developer wishes to protect sensitive configuration data, including passwords, database strings, and application licensing numbers. Access to
this sensitive data must be monitored for audit reasons in the future.

Where, in accordance with security best practices and operational needs, should sensitive information be stored?

A. In an encrypted file on the source code bundle; grant the application access with Amazon IAM

B. In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM

C. On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data

D. As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/how-to-enhance-the-security-of-sensitive-customer-data-by-using-amazon-cloudfront-field-level-
encryption/

Community vote distribution

B (100%)

Question #270 Topic 1

A developer has been requested to modify the source code for an AWS Lambda function. AWS CloudFormation templates are used to administer
the function. The template is designed to load the source code from a bucket on Amazon S3. The Developer prepared a.ZIP file deployment
package containing the modifications manually and placed it in the appropriate location on Amazon S3. When the function is executed, the
modifications to the code are not implemented.

What procedure must be followed to ensure that the function is updated to reflect the changes?

A. Delete the .ZIP file on S3, and re-upload by using a different object key name.

B. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.

C. Ensure that the function source code is base64-encoded before uploading the deployment package to S3.

D. Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.

Correct Answer: D

Community vote distribution

B (100%)
Question #271 Topic 1

A developer is using AWS CloudFormation to create a deployment package. Two distinct templates are included in the package: one for the
infrastructure and another for the application. The application must be contained inside the VPC built using the infrastructure template's
infrastructure template.

How can the application stack make reference to the VPC established using the infrastructure template's infrastructure template?

A. Use the Ref function to import the VPC into the application stack from the infrastructure template.

B. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.

C. Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template.

D. Use the Fn::GetAtt function to include the attribute of the VPC in the application template.

Correct Answer: A

Community vote distribution

B (100%)

Question #272 Topic 1

A developer is developing an application that will handle a high volume of queries. Requests must be handled in the order they are received, and
each request should only be processed once.

To do this, how should Amazon SQS be deployed?

A. Configure First in First out (FIFO) delivery in a standard Amazon SQS queue to process requests.

B. Use an SQS FIFO queue to process requests.

C. Use the SetOrder attribute to ensure sequential request processing.

D. Convert the standard queue to a FIFO queue by renaming the queue to use the .fifo suffix.

Correct Answer: B
Reference:
https://medium.com/awesome-cloud/aws-difference-between-sqs-standard-and-fifo-first-in-first-out-queues-28d1ea5e153

Community vote distribution

B (100%)
Question #273 Topic 1

A development team deploys applications using AWS Elastic Beanstalk. The team has limited the number of application versions to 25 by
configuring the application version lifecycle policy. Despite this, the source bundle gets destroyed from the Amazon S3 source bucket regardless
of the lifespan policy.

What should a developer do in the Elastic Beanstalk application's version lifecycle settings to ensure that the source code is retained in the S3
bucket?

A. Change the Set the application versions limit by total count setting to zero.

B. Disable the Lifecycle policy setting.

C. Change the Set the application version limit by age setting to zero.

D. Set Retention to Retain source bundle in S3.

Correct Answer: D
Reference:
https://digitalcloud.training/certification-training/aws-developer-associate/aws-compute/elastic-beanstalk/

Community vote distribution

D (100%)

Question #274 Topic 1

A business requires data encryption at rest but wishes to utilize an AWS managed service while maintaining control over its own master key.

Which of the following Amazon Web Services (AWS) services is appropriate for meeting these requirements?

A. SSE with Amazon S3

B. SSE with AWS KMS

C. Client-side encryption

D. AWS IAM roles and policies

Correct Answer: B
Question #275 Topic 1

A developer is creating a distributed application that will be constructed utilizing a microservices architecture and will span numerous Amazon
Web Services accounts. The operations team of the business need the ability to examine and troubleshoot application problems from a
centralized account.

How is the developer to adhere to these specifications?

A. Use an Amazon X-Ray agent with role assumption to publish data into the centralized account.

B. Use Amazon X-Ray and create a new IAM user to publish the access keys into the centralized account.

C. Use VPC Flow Logs to collect applications logs across different accounts.

D. Enable AWS CloudTrail to publish the trails in an Amazon S3 bucket in the centralized account.

Correct Answer: A
Reference:
https://aws.amazon.com/xray/faqs/#:~:text=Yes%2C%20the%20X-Ray%20agent,application%20into%20a%20central%20account
.

Community vote distribution

A (100%)

Question #276 Topic 1

The website of a business is hosted on an Amazon EC2 instance, which utilizes Auto Scaling to automatically scale the environment during peak
periods. Worldwide, website visitors are experiencing increased latency as a result of static material on the EC2 instance, even during off-peak
hours.

Which sequence of actions will overcome the problem of latency? (Select two.)

A. Double the Auto Scaling group's maximum number of servers.

B. Host the application code on AWS Lambda.

C. Scale vertically by resizing the EC2 instances.

D. Create an Amazon CloudFront distribution to cache the static content.

E. Store the application's static content in Amazon S3.

Correct Answer: CE
Reference:
https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/

Community vote distribution

DE (100%)
Question #277 Topic 1

A developer is developing a website that will be housed in an Amazon S3 bucket that has support for static website hosting. The developer will
utilize Amazon Route 53 to provide DNS services and will redirect the company's domain to the bucket through an alias record. One S3 item must
be redirected to a different URL by the developer.

What should the developer employ to ensure that the redirect from a website page works properly?

A. A Route 53 CNAME alias record that points to the new location

B. An S3 object-level redirect through system-defined metadata

C. A Route 53 A record that points to the new location

D. A redirect that is configured within the S3 bucket's policy

Correct Answer: A
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RoutingToS3Bucket.html

Community vote distribution

B (100%)

Question #278 Topic 1

A developer is looking at performance concerns with an application. The program is composed of hundreds of microservices, and each API
request may have a lengthy call stack. The developer must isolate the problematic component.

Which AWS service or functionality should the developer utilize to collect data about what is occurring and isolate the fault?

A. AWS X-Ray

B. VPC Flow Logs

C. Amazon GuardDuty

D. Amazon Macie

Correct Answer: A
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html

Community vote distribution

A (100%)
Question #279 Topic 1

A developer is developing a Linux application that will be hosted on AWS Elastic Beanstalk. The application's requirements indicate that it must
retain full capacity throughout upgrades while keeping costs to a minimum.

Which deployment policy for Elastic Beanstalk should the developer select for the environment?

A. Immutable

B. Rolling

C. All at Once

D. Rolling with additional batch

Correct Answer: A
Reference:
https://aws.amazon.com/about-aws/whats-new/2016/04/aws-elastic-beanstalk-adds-two-new-deployment-policies-and-amazon-linux-ami-
2016-03- update/

Community vote distribution

D (100%)

Question #280 Topic 1

A recent migration of a company's web, application, and NoSQL database layers to AWS. Auto Scaling is being used by the organization to scale
the web and application layers.
Over 95% of Amazon DynamoDB queries are for repeated reads.

How can the NoSQL layer of DynamoDB be scaled up to handle these repetitive requests?

A. Amazon EMR

B. Amazon DynamoDB Accelerator

C. Amazon SQS

D. Amazon CloudFront

Correct Answer: B
Reference:
https://aws.amazon.com/dynamodb/dax/

Community vote distribution

B (100%)
Question #281 Topic 1

A developer wishes to encrypt new objects that an application uploads to an Amazon S3 bucket. There must be a record of who used the key
throughout this procedure. There should be no difference in the application's performance.

Which form of encryption satisfies these criteria?

A. Server-side encryption using S3-managed keys

B. Server-side encryption with AWS KMS-managed keys

C. Client-side encryption with a client-side symmetric master key

D. Client-side encryption with AWS KMS-managed keys

Correct Answer: B

Community vote distribution

B (100%)

Question #282 Topic 1

Three microservice projects are created by a developer and are stored in distinct folders under the same AWS CodeCommit repository. Each
project is served by a distinct AWS CodePipeline pipeline. When a developer pushes modifications to a single microservice, all three pipelines
begin to execute.
The developer must ensure that only necessary pipelines are executed. The developer is not permitted to alter the organization of the repository.

Which solution will satisfy these criteria?

A. For each of the three microservice projects, create a separate CodeCommit repository.

B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function to evaluate changes to the
repository and run the appropriate pipeline.

C. Create an Amazon API Gateway API that is backed by an AWS Lambda function to determine the appropriate pipeline to run. Add the API
endpoint to a webhook in CodeCommit.

D. Migrate all three pipelines to a single pipeline. Add conditional stages to build a certain microservice project.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/devops/adding-custom-logic-to-aws-codepipeline-with-aws-lambda-and-amazon-cloudwatch-events/

Community vote distribution

B (100%)
Question #283 Topic 1

A developer is currently building code for an Amazon Web Services Lambda function. The function will act as a Lambda authorizer, allowing
Amazon API Gateway to manage access to a certain API.

Along with the primary identity, what should this code return following successful authentication?

A. An HTTP response status code of 200 that indicates successful completion

B. An integer 0 that indicates successful completion

C. The Amazon Resource Name (ARN) of an IAM role that will be assumed for authentication

D. A policy document with desired permissions

Correct Answer: C
Reference:
https://www.alexdebrie.com/posts/lambda-custom-authorizers/

Community vote distribution

D (80%) C (20%)

Question #284 Topic 1

Continuous integration/continuous delivery (CI/CD) systems are being used by a business. A developer needs automate the distribution of a
software application bundle to Amazon EC2 instances and on-premises virtual servers.

Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements?

A. AWS Cloud9

B. AWS CodeBuild

C. AWS Elastic Beanstalk

D. AWS CodeDeploy

Correct Answer: D
Reference:
https://aws.amazon.com/devops/
Question #285 Topic 1

A smartphone application that allows users to see photographs from an S3 bucket is being developed by a developer. Users must be able to log in
using their Amazon credentials as well as their Facebook® and/or Google® accounts.
How will the Developer be able to implement this authentication feature?

A. Use Amazon Cognito with web identity federation.

B. Use Amazon Cognito with SAML-based identity federation.

C. Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket.

D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Correct Answer: A
Reference:
http://jayendrapatil.com/tag/iam-role/

Question #286 Topic 1

A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The application's
data is kept in an Amazon DynamoDB database, and all instances maintain records in real time. At times, an instance retrieves outdated data. The
Developer want to rectify issue by ensuring that readings are very consistent.

How is this accomplished by the Developer?

A. Set ConsistentRead to true when calling GetItem.

B. Create a new DynamoDB Accelerator (DAX) table.

C. Set Consistency to strong when calling UpdateTable.

D. Use the GetShardIterator command.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadConsistency.html

Community vote distribution

A (100%)
Question #287 Topic 1

A developer is developing a web application for AWS Lambda. Users will be able to log in and see private documents using the application. All
pages in the application must adhere to the company's branding guidelines.

How can the developer host the sign-in pages with the LESS custom code possible?

A. Upload files for the sign-in pages with the required branding to an Amazon S3 bucket. Configure static website hosting for the S3 bucket.

B. Create a Lambda function to serve the sign-in pages with the required branding. Configure Amazon API Gateway to route traffic to the
function.

C. Create a Lambda@Edge function to serve the sign-in pages with the required branding. Configure Amazon CloudFront to invoke the function
in response to user requests.

D. Configure an Amazon Cognito user pool with an Amazon Cognito hosted UI for the sign-in pages. Customize the pages with the required
branding.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html

Community vote distribution

D (100%)

Question #288 Topic 1

An AWS Lambda function is being written by a developer. The developer want to record critical events that occur during the Lambda function's
execution and to provide a unique identifier that will allow the events to be associated with a single function invocation.

Which of the following will assist the developer in achieving this goal?

A. Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console.

B. Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file.

C. Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console.

D. Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file.

Correct Answer: A

Community vote distribution

A (100%)
Question #289 Topic 1

A business has an Amazon S3 bucket holding premium material that it wants to make accessible exclusively to paying website subscribers.
Currently, the S3 bucket's default permissions set all objects to private to avoid inadvertently exposing premier material to non-paying website
users.

How is the corporation able to restrict access to a premium content file in the S3 bucket to just paying subscribers?

A. Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

C. Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.

D. Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Correct Answer: B

Community vote distribution

B (100%)

Question #290 Topic 1

A developer hosts static websites using Amazon S3 buckets. The developer builds two S3 buckets: one for the code and another for the assets,
which include picture and video files. When a user tries to access the assets bucket from the code bucket, access is forbidden, and the website
application displays a 403 error.

How should the Developer approach this situation?

A. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access.

B. Edit the bucket policy of the assets bucket to open access to all principals.

C. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any origin to access the assets.

D. Change the code bucket to use AWS Lambda functions instead of static website hosting.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html

Community vote distribution

C (100%)
Question #291 Topic 1

A business created a set of APIs that are provided through the Amazon API Gateway. The API requests must be authenticated using a supplier of
OpenID-based identification, such as Amazon or Facebook. Access to the APIs should be based on a specific authorisation mechanism.

Which approach is the most straightforward and secure to employ when developing an authentication and authorisation strategy for APIs?

A. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.

B. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web
Token to the API to authenticate each API call.

C. Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by
passing user credentials to the APIs for authentication and authorization.

D. Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.

Correct Answer: A

Question #292 Topic 1

When a Developer attempts to execute an AWS CodeBuild project, an error occurs because the cumulative length of all environment variables
exceeds the maximum character limit.

What is the suggested course of action?

A. Add the export LC_ALL=‫ג‬€en_US.utf8‫ג‬€ command to the pre_build section to ensure POSIX localization.

B. Use Amazon Cognito to store key-value pairs for large numbers of environment variables.

C. Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables.

D. Use AWS Systems Manager Parameter Store to store large numbers of environment variables.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/troubleshooting.html

Question #293 Topic 1

A developer is now working on an application that manages papers that are ten megabytes in size and include very sensitive data. The application
will encrypt data on the client side using AWS KMS.

Which procedures must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId
parameter

B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Correct Answer: A

Community vote distribution

D (100%)
Question #294 Topic 1

A software business must ensure that documents provided by users are maintained securely in Amazon S3. At rest, the documents must be
encrypted in Amazon S3.
The firm does not want to operate its security infrastructure in-house, but it need additional protection to maintain control over its encryption keys
in order to comply with industry laws.

Which encryption technique should a developer use in order to satisfy these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with customer-provided encryption keys (SSE-C)

C. Server-side encryption with AWS KMS managed keys (SSE-KMS)

D. Client-side encryption

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

Community vote distribution

B (40%) C (40%) A (20%)

Question #295 Topic 1

A developer has developed an application that can concurrently upload tens of thousands of items to Amazon S3 under a single AWS account. As
part of the new criteria, data stored in S3 must be encrypted on the server using AWS KMS (SSE-KMS). After making this update, the application's
performance degrades.

Which of the following is the MOST LIKELY source of application latency?

A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys.

B. The AWS KMS API calls limit is less than needed to achieve the desired performance.

C. The client encryption of the objects is using a poor algorithm.

D. KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.

Correct Answer: B

Community vote distribution

B (100%)
Question #296 Topic 1

A developer has created an application for Amazon Kinesis Data Streams. With increased use and traffic, the application often receives
ProvisionedThroughputExceededException error messages.

How should the developer proceed in order to address the error? (Select two.)

A. Use Auto Scaling to scale the stream for better performance

B. Increase the delay between the GetRecords call and the PutRecords call

C. Increase the number of shards in the data stream

D. Specify a shard iterator using the ShardIterator parameter

E. Implement exponential backoff on the GetRecords call and the PutRecords call

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/streams/latest/dev/troubleshooting-consumers.html

Community vote distribution

CE (100%)

Question #297 Topic 1

A business has a website built in PHP and WordPress and is hosted on AWS Elastic Beanstalk. The website requires a new version to be deployed
in the Elastic Beanstalk environment. The firm cannot afford to have the website unavailable in the event of an update failure. Deployments must
have a negligible effect and be reversible as quickly as feasible.

Which type of deployment should be used?

A. All at once

B. Rolling

C. Snapshots

D. Immutable

Correct Answer: D
Question #298 Topic 1

A development team is in the process of developing a new application that will operate on AWS. While the test and production environments will
be hosted on Amazon EC2 instances, developers will use their own computers to execute their environments.

Which of the following is the EASIEST and MOST SECURE method for local development computers to access AWS services?

A. Use an IAM role to assume a role and execute API calls using the role.

B. Create an IAM user to be shared with the entire development team; provide the development team with the access key.

C. Create an IAM user for each developer on the team; provide each developer with a unique access key.

D. Set up a federation through an Amazon Cognito user pool.

Correct Answer: D

Community vote distribution

C (100%)

Question #299 Topic 1

A developer is developing an AWS Lambda function to handle data coming from an Amazon Kinesis Data Stream. When the Lambda function
parses the data and comes across an empty field, it returns an error. The function duplicates the records in the Kinesis stream. There are no
duplicate entries when the Developer examines the stream output without using the Lambda function.

What accounts for the duplicates?

A. The Lambda function did not advance the Kinesis stream pointer to the next record after the error.

B. The Lambda event source used asynchronous invocation, resulting in duplicate records.

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

D. The Lambda function is not keeping up with the amount of data coming from the stream.

Correct Answer: A

Community vote distribution

C (100%)
Question #300 Topic 1

The code of a developer is saved in an Amazon S3 bucket. The code must be distributed across many AWS Lambda accounts in the same Region
as the S3 bucket as an AWS Lambda function. The Lambda function will be launched using a custom AWS CloudFormation template for each
account.

What is the MOST SECURE method for granting access to Lambda code stored in an S3 bucket?

A. Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of ‫ג‬€AWS‫ג‬€:
[account numbers].

B. Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of ‫*ג‬€‫ג‬€.

C. Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in
the resource.

D. Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of ‫*ג‬€‫ג‬€ to allow access to the S3 bucket.

Correct Answer: D

Community vote distribution

A (100%)

Question #301 Topic 1

A developer is developing a web application that will be deployed on Amazon EC2 instances behind an application load balancer that will be
visible to the public (ALB). In front of the ALB, the developer must install an Amazon CloudFront distribution. Additionally, the developer must
verify that client data that originates outside the VPC is secured during transit.

Which configuration options in CloudFront should the developer use to achieve these requirements? (Select two.)

A. Restrict viewer access by using signed URLs.

B. Set the Origin Protocol Policy setting to Match Viewer.

C. Enable field-level encryption.

D. Enable automatic object compression.

E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.

Correct Answer: AE

Community vote distribution

BE (100%)
Question #302 Topic 1

A developer transferred a web application to Amazon Web Services (AWS). As part of the move, the developer used a blue/green deployment to
automate the continuous integration/continuous improvement (CI/CD) process. The deployment creates new Amazon EC2 instances in an Auto
Scaling group, which is configured to run behind a new Application Load Balancer. Following the move, the Developer started receiving complaints
from users who had been booted off the system. Additionally, the system needs users to log in upon each new deployment.

How are these problems to be resolved?

A. Use rolling updates instead of a blue/green deployment

B. Externalize the user sessions to Amazon ElastiCache

C. Turn on sticky sessions in the Application Load Balancer

D. Use multicast to replicate session information

Correct Answer: C

Community vote distribution

B (100%)

Question #303 Topic 1

A development team want to instrument their code in order to offer AWS X-Ray with more specific information than simply outgoing and incoming
requests provide. This will result in
Because the Development team generates a vast quantity of data, they want to create indexing so they can filter it.

What actions should the development team take to accomplish this?

A. Add annotations to the segment document and the code

B. Add metadata to the segment document and the code

C. Configure the necessary X-Ray environment variables

D. Install required plugins for the appropriate AWS SDK

Correct Answer: A
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html

Community vote distribution

A (100%)
Question #304 Topic 1

A developer creates an AWS Lambda function and uploads it to Amazon S3 in the form of a.ZIP file. The developer modifies the code and sends an
updated.ZIP file to Amazon S3. Lambda, on the other hand, runs the preceding code.

How can the Developer resolve this in the LEAST obtrusive manner possible?

A. Create another Lambda function and specify the new .ZIP file.

B. Call the update-function-code API.

C. Remove the earlier .ZIP file first, then add the new .ZIP file.

D. Call the create-alias API.

Correct Answer: B

Community vote distribution

B (100%)

Question #305 Topic 1

A programmer is developing an application that will process data that has been uploaded to an Amazon S3 bucket. The developer anticipates that
the data will be processed in less than one minute on average.

How can the developer deploy and activate the program efficiently and with the least amount of latency?

A. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload.

B. Deploy the application as an AWS Lambda function and invoke it with an S3 event notification.

C. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event.

D. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-s3.html

Community vote distribution

B (100%)
Question #306 Topic 1

A supplier is now developing a new RESTful API that will allow consumers to inquire the status of their orders. The following API endpoint was
requested by the consumers.
http://www.supplierdomain.com/status/customerID

Which of the following application architectures satisfies the specification? (Select two.)

A. Amazon SQS; Amazon SNS

B. Elastic Load Balancing; Amazon EC2

C. Amazon ElastiCache; Amazon Elacticsearch Service

D. Amazon API Gateway; AWS Lambda

E. Amazon S3; Amazon CloudFront

Correct Answer: DE

Community vote distribution

BD (50%) DE (50%)

Question #307 Topic 1

A developer wishes to activate AWS X-Ray for a secure application hosted on Amazon ECS.

Which sequence of actions enables X-Ray? (Select three.)

A. Create a Docker image that runs the X-Ray daemon.

B. Add instrumentation to the application code for X-Ray.

C. Install the X-Ray daemon on the underlying EC2 instance.

D. Configure and use an IAM EC2 instance role.

E. Register the application with X-Ray.

F. Configure and use an IAM role for tasks.

Correct Answer: BCE

Reference:
https://aws.amazon.com/blogs/aws/category/aws-x-ray/

Community vote distribution

ABF (100%)
Question #308 Topic 1

A development team wishes to build and deploy an application instantly after a modification to the source code is made.

Which methods could be utilized to initiate the deployment? (Select two.)

A. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start whenever a file in the bucket changes.

B. Store the source code in an encrypted Amazon EBS volume. Configure AWS CodePipeline to start whenever a file in the volume changes.

C. Store the source code in an AWS CodeCommit repository. Configure AWS CodePipeline to start whenever a change is committed to the
repository.

D. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start every 15 minutes.

E. Store the source code in an Amazon EC2 instance's ephemeral storage. Configure the instance to start AWS CodePipeline whenever there
are changes to the source code.

Correct Answer: BC
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html

Community vote distribution

AC (100%)

Question #309 Topic 1

For collaborative software development, a business need a version control system. The system's features must contain the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking

Which AWS service will satisfy these criteria?

A. AWS CodePipeline

B. Amazon S3

C. AWS CodeBuild

D. AWS CodeCommit

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html

Community vote distribution

D (100%)
Question #310 Topic 1

A corporation has integrated AWS CodeDeploy into their cloud native continuous integration and delivery (CI/CD) stack. Automatic rollbacks are
enabled during the deployment of a new version of a popular web application from on-premises to Amazon EC2.

What happens if the new version's deployment fails due to code regression?

A. The last known good deployment is automatically restored using the snapshot stored in Amazon S3.

B. CodeDeploy switches the Amazon Route 53 alias records back to the known good green deployment and terminates the failed blue
deployment.

C. A new deployment of the last known version of the application is deployed with a new deployment ID.

D. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production.

Correct Answer: B

Community vote distribution

C (100%)

Question #311 Topic 1

A business has developed a serverless application that makes use of Amazon Simple Queue Service (Amazon SQS) and an Amazon Web Services
Lambda function. On the final day of each month, the application gets data in a SQS queue. Within one day, the function successfully processes all
of the data in the queue.
A comprehensive AWS bill reveals a high volume of SQS API queries throughout the month, despite the fact that the queue gets data only on the
month's last day.

What is causing the increased API requests?

A. Lambda is using long polling to check for messages in the SQS queue.

B. The SQS queue is sending ping messages to Lambda.

C. The function is not automatically deleting the messages from the SQS queue.

D. Visibility timeout is not set to 0 to remove the extra API requests.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html

Community vote distribution

A (50%) C (50%)
Question #312 Topic 1

A developer is hard at work on a project that would store hundreds of millions of product reviews in an Amazon DynamoDB database. The records
include the following data elements:

Which field would provide the MOST consistent performance when used as the partition key in DynamoDB?

A. starRating

B. reviewID

C. comment

D. productID

Correct Answer: B

Community vote distribution

D (55%) B (45%)

Question #313 Topic 1

To facilitate the adoption of microservices, a company's management team has directed all development teams to design their services in such a
way that API queries are limited to the data store for that service. One team is developing its own Payments service with its own database; the
service requires data from the Accounts database. Both instances make use of Amazon DynamoDB.

Which technique will result in the simplest, most decoupled, and most reliable mechanism for obtaining near-real-time Accounts database
updates?

A. Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C. Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.

D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/database/how-to-perform-ordered-data-replication-between-applications-by-using-amazon-dynamodb-streams/

Community vote distribution

D (100%)
Question #314 Topic 1

A developer has created a Lambda function that will be responsible for adding new customers to an RDS database hundreds of times per hour.
Lambda is set to use 512MB of RAM and is based on the following pseudocode:

The developer observes that the Lambda execution time is much longer than intended after testing the Lambda function.

What actions should the developer take to boost performance?

A. Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use.

B. Increase the size of the RDS database to allow for an increased number of database connections each hour.

C. Move the database connection and close statement out of the handler. Place the connection in the global space.

D. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.

Correct Answer: C

Community vote distribution

C (100%)

Question #315 Topic 1

An on-premises application makes regular requests to Amazon S3 for file storage. As the application's use grows, €LimitExceeded€ faults are
reported.

What has to be done to resolve this error?

A. Implement exponential backoffs in the application.

B. Load balance the application to multiple servers.

C. Move the application to Amazon EC2.

D. Add a one second delay to each API call.

Correct Answer: A

Community vote distribution

A (100%)
Question #316 Topic 1

A development team chooses to utilize AWS X-Ray to monitor application code in order to undertake performance analysis and root cause
investigation.

What steps must the team take to begin using X-Ray? (Select two.)

A. Log instrumentation output into an Amazon SQS queue.

B. Use a visualization tool to view application traces.

C. Instrument application code using the AWS SDK.

D. Install the X-Ray agent on the application servers.

E. Create an Amazon DynamoDB table to store the trace logs.

Correct Answer: BD
Reference:
https://aws.amazon.com/blogs/mt/analyze-debug-applications-aws-x-trace-data-grafana/

Community vote distribution

CD (100%)

Question #317 Topic 1

A developer is extending a client-side application with a feature that enables users to submit films to an Amazon S3 bucket.

What is the MOST SECURE method for authorizing the application to write files to the S3 bucket?

A. Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user
authentication within the client- side application.

B. Create a new IAM policy and a corresponding IAM user with permissions to write to the S3 bucket. Store the key and the secret for the user
in the application code. Use the key to authenticate the video uploads.

C. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket.
Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL.

D. Generate a new IAM key and a corresponding secret by using the AWS account root user credentials. Store the key and the secret for the
user in the application code. Use the key to authenticate the video uploads.

Correct Answer: D

Community vote distribution

C (100%)
Question #318 Topic 1

A firm has created a new serverless application using AWS Lambda functions and will deploy it using the AWS Serverless Application Model (AWS
SAM) command-line interface.

Prior to deploying the application, which step should the developer complete?

A. Compress the application to a .zip file and upload it into AWS Lambda

B. Test the new AWS Lambda function by first tracing it in AWS X-Ray

C. Bundle the serverless application using a SAM package

D. Create the application environment using the eb create my-env command

Correct Answer: A
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-application-model.pdf

Community vote distribution

C (100%)

Question #319 Topic 1

Lambda functions are packaged for deployment in a variety of settings, such as development, test, and production. Each ecosystem is endowed
with its own collection of resources, such as databases.

How can the Lambda function make use of the current environment's resources?

A. Apply tags to the Lambda functions.

B. Hardcore resources in the source code.

C. Use environment variables for the Lambda functions.

D. Use separate function for development and production.

Correct Answer: C
Question #320 Topic 1

A business is organizing a session for external users and want to share reference materials with them for seven days. The reference papers are
stored in an Amazon S3 bucket that the firm controls.

What is the SECUREST method of sharing documents with external users?

A. Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days.

B. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users.

C. Create temporary IAM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the
credentials after 7 days.

D. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

Community vote distribution

A (100%)

Question #321 Topic 1

A development team want to use Amazon ECS to host its container workloads. Each container in an application must exchange data with another
container in order to gather logs and metrics.

What actions should the development team take to ensure that these criteria are met?

A. Create two pod specifications. Make one to include the application container and the other to include the other container. Link the two pods
together.

B. Create two task definitions. Make one to include the application container and the other to include the other container. Mount a shared
volume between the two tasks.

C. Create one task definition. Specify both containers in the definition. Mount a shared volume between those two containers.

D. Create a single pod specification. Include both containers in the specification. Mount a persistent volume to both containers.

Correct Answer: A

Community vote distribution

C (100%)
Question #322 Topic 1

A business wishes to relocate its web application to AWS and use Auto Scaling to manage peak demands. According to the Solutions Architect,
the optimum measure for an Auto Scaling event is the concurrent user count.

What information should the developer utilize to determine how to autoscale depending on concurrent users?

A. An Amazon SNS topic to be triggered when a concurrent user threshold is met

B. An Amazon Cloudwatch Networkin metric

C. Amazon CloudFront to leverage AWS Edge Locations

D. A Custom Amazon CloudWatch metric for concurrent users.

Correct Answer: D

Question #323 Topic 1

A business wishes to ensure that no more than one person in its Admin group has the permanent permission to remove an Amazon EC2 resource.
There should be no modifications to the current Admin group policy.

What tools should a developer use to ensure that these criteria are met?

A. AWS managed policy

B. Inline policy

C. IAM trust relationship

D. AWS Security Token Service (AWS STS)

Correct Answer: A
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Community vote distribution

B (100%)

Question #324 Topic 1

A business needs that all data saved in Amazon DynamoDB tables be encrypted at rest using keys owned by the business.

How can a developer satisfy these needs WITHOUT making changes to the application?

A. Use the AWS Encryption SDK to encrypt items before insertion.

B. Enable table-level encryption with an AWS managed customer master key (CMK).

C. Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table.

D. Import key material in DynamoDB, and enable table-level encryption.

Correct Answer: B

Community vote distribution

B (100%)
Question #325 Topic 1

A developer has created a market application that utilizes Amazon DynamoDB and Amazon ElastiCache to store price data. The market's prices
fluctuate often. Sellers have began to complain that when they alter the price of an item, the price in the product listing does not really change.

What may be causing this problem?

A. The cache is not being invalidated when the price of the item is changed

B. The price of the item is being retrieved using a write-through ElastiCache cluster

C. The DynamoDB table was provisioned with insufficient read capacity

D. The DynamoDB table was provisioned with insufficient write capacity

Correct Answer: A

Community vote distribution

A (100%)

Question #326 Topic 1

A business uses an Amazon SQS standard queue to hold messages delivered from the application's front-end to back-end tiers. The backend tier
parses the message and inserts it into a database in Amazon DynamoDB. A developer notices that multiple entries are being saved in the
DynamoDB database, despite the fact that AWS CloudTrail only captures one Amazon SQS message per item.

What modification is required to remedy this issue?

A. Enable queue de-duplication to prevent duplicate messages.

B. Modify the front-end tier to use the MessageGroupID argument.

C. Modify the application logic to use Amazon SNS between Amazon SQS and the front-end tier.

D. Change the Amazon SQS queue type to first-in, first-out (FIFO).

Correct Answer: B

Community vote distribution

D (40%) A (30%) B (30%)

Question #327 Topic 1

A developer is debugging an application's permissions for making modifications to an Amazon RDS database. The developer has access to the
application's IAM role.

Which command structure should be used by the developer to verify role permissions?

A. aws sts assume-role

B. aws iam attach-role-policy

C. aws ssm resume-session

D. aws rds add-role-to-db-cluster

Correct Answer: A

Community vote distribution

A (100%)
Question #328 Topic 1

A developer is responsible for the administration of an application that communicates with Amazon RDS. Following observations of sluggish
performance with read queries, the developer uses Amazon ElastiCache to automatically update the cache following the main database update.

What will be the outcome of this caching strategy?

A. Caching will increase the load on the database instance because the cache is updated for every database update.

B. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data.

C. The cache will become large and expensive because the infrequently requested data is also written to the cache.

D. Overhead will be added to the initial response time because the cache is updated only after a cache miss.

Correct Answer: D
Reference:
https://aws.amazon.com/elasticache/faqs/

Community vote distribution

C (100%)

Question #329 Topic 1

During the most recent deployment of a new application, a corporation suffered some downtime. AWS Elastic Beanstalk partitioned the
environment's Amazon EC2 instances into batches and delivered the new version one batch at a time after deactivating them. As a result, full
capacity was not maintained during the deployment process.
The developer intends to deliver a new version of the program and is seeking a policy that will ensure maximum capacity and mitigate the
consequences of a failure deployment.

Which deployment strategy is appropriate for the developer?

A. Immutable

B. All at Once

C. Rolling

D. Rolling with an Additional Batch

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

Community vote distribution

A (100%)
Question #330 Topic 1

A corporation employs 25,000 people and is expanding. The business is developing an application that will be exclusive to its workers. A
developer is storing photos in Amazon S3 and application data in Amazon RDS. The organization demands that all employee data remain in the
old Security Assertion Markup Language (SAML) employee directory and is not interested in replicating employee data on AWS.

How can the developer ensure that the workers who will be utilizing this program have allowed access to their own application data?

A. Use Amazon VPC and keep all resources inside the VPC, and use a VPC link for the S3 bucket with the bucket policy.

B. Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy.

C. Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the cognito-
identity.amazonaws.com:sub variable to grant access to the employees.

D. Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their
personal data only.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html

Community vote distribution

C (100%)

Question #331 Topic 1

A nightly batch process populates a DynamoDB database with 1 million new entries. The records are required for one hour, and the table must be
completely emptied by the next night's batch operation.

Which strategy is the MOST efficient and cost-effective for supplying an empty table?

A. Use DeleteItem using a ConditionExpression.

B. Use BatchWriteItem to empty all of the rows.

C. Write a recursive function that scans and calls out DeleteItem.

D. Create and then delete the table after the task has completed.

Correct Answer: A

Community vote distribution

D (100%)
Question #332 Topic 1

A developer ran an AWS CLI command and encountered the following error:

What step should the developer take to make this mistake understandable to humans?

A. Make a call to AWS KMS to decode the message.

B. Use the AWS STS decode-authorization-message API to decode the message.

C. Use an open source decoding library to decode the message.

D. Use the AWS IAM decode-authorization-message API to decode this message.

Correct Answer: B

Community vote distribution

B (100%)

Question #333 Topic 1

A business is developing a compute-intensive application that will operate on an Amazon EC2 fleet. The program stores data on associated
Amazon EBS drives. Because the program will be processing sensitive data, all data must be encrypted.

What steps should a developer take to guarantee data is encrypted on disk without sacrificing performance?

A. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.

B. Add logic to write all data to an encrypted Amazon S3 bucket.

C. Add a custom encryption algorithm to the application that will encrypt and decrypt all data.

D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

Community vote distribution

A (100%)
Question #334 Topic 1

A developer is writing a script to automate the serverless application deployment process. The developer want to build the application using an
existing AWS Serverless Application Model (AWS SAM) template.

What tools should the developer use in order to complete the project? (Select two.)

A. Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward.

B. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward.

C. Call aws s3 cp to upload the AWS SAM template to Amazon S3. Call aws lambda update-function-code to create the application.

D. Create a ZIP package locally and call aws serverlessrepo create-application to create the application.

E. Create a ZIP package and upload it to Amazon S3. Call aws cloudformation create-stack to create the application.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-getting-started-hello-world.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-cli-package.html

Community vote distribution

AB (100%)
Question #335 Topic 1

A gaming application saves player scores in an Amazon DynamoDB database with the following four columns: user id, user name, user score, and
user rank. Users are only permitted to edit their names. Web identity federation authenticates a user.

Which set of criteria should be put to the dynamodb: PutItem API call's policy associated with the role?
A.

B.

C.

D.

Correct Answer: C
Question #336 Topic 1

A developer is monitoring an Amazon EC2 instance that is executing an application. The developer has created a custom Amazon CloudWatch
measure with a 1 second data granularity. The developer want to be alerted within 30 seconds of any concerns using Amazon Simple Notification
Service (Amazon SNS).

Which CloudWatch method meets this criterion?

A. Configure a high-resolution CloudWatch alarm.

B. Set up a custom CloudWatch dashboard.

C. Use Amazon CloudWatch Logs Insights.

D. Change to a default CloudWatch metric.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/acw-ug.pdf
(14)

Community vote distribution

A (100%)

Question #337 Topic 1

A developer has created an application that makes use of Amazon Cognito's authentication and authorisation capabilities. When a user logs in
successfully, the application produces a user record in an Amazon DynamoDB database.

How should the user be authenticated and a record created in the DynamoDB table?

A. Authenticate and get a token from an Amazon Cognito user pool. Use the token to access DynamoDB.

B. Authenticate and get a token from an Amazon Cognito identity pool. Use the token to access DynamoDB.

C. Authenticate and get a token from an Amazon Cognito user pool. Exchange the token for AWS credentials with an Amazon Cognito identity
pool. Use the credentials to access DynamoDB.

D. Authenticate and get a token from an Amazon Cognito identity pool. Exchange the token for AWS credentials with an Amazon Cognito user
pool. Use the credentials to access DynamoDB.

Correct Answer: D

Community vote distribution

C (100%)
Question #338 Topic 1

A developer must adapt the architecture of an application to accommodate new functional requirements. Amazon DynamoDB is used to store
application data, which is processed for analysis in a nightly batch. System analysts do not like to wait until the next day to examine processed
data and have requested that it be made accessible in near-real time.

Which application architectural pattern would allow real-time data processing?

A. Event driven

B. Client-server driven

C. Fan-out driven

D. Schedule driven

Correct Answer: A
Reference:
https://tanzu.vmware.com/content/blog/introduction-to-event-driven-architecture-and-apache-kafka

Community vote distribution

A (100%)

Question #339 Topic 1

A developer must alter an Alexa skill that is powered by an AWS Lambda function in order to provide access to an Amazon DynamoDB database in
a second account. A role has been established in the second account with rights to access the table.

What method should be used to access the table?

A. Modify the Lambda function execution role's permissions to include the new role.

B. Change the Lambda function execution role to be the new role.

C. Assume the new role in the Lambda function when accessing the table.

D. Store the access key and the secret key for the new role and use then when accessing the table.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/security/how-to-create-an-aws-iam-policy-to-grant-aws-lambda-access-to-an-amazon-dynamodb-table/

Community vote distribution

C (100%)
Question #340 Topic 1

A business has developed a Java AWS Lambda function that will be invoked whenever a user uploads an image to an Amazon S3 bucket. The
code changes the original picture to a variety of various formats before copying the generated photos to another Amazon S3 bucket.
No photos are being transferred to the second Amazon S3 bucket, as discovered by the developers. They evaluated the code on an Amazon EC2
instance with 1GB of RAM and discovered that it runs in an average of 500 seconds.

Which of the following is the MOST LIKELY source of the problem?

A. The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance

B. Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted.

C. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is not completing.

D. There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js.

Correct Answer: C

Community vote distribution

C (100%)

Question #341 Topic 1

A development team is tasked with the task of creating a mobile application that will need multi-factor authentication.

Which measures should be made in order to accomplish this? (Select two.)

A. Use Amazon Cognito to create a user pool and create users in the user pool.

B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.

C. Enable multi-factor authentication for the Amazon Cognito user pool.

D. Use AWS IAM to create IAM users.

E. Enable multi-factor authentication for the users created in AWS IAM.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-
mfa.html#:~:text=To%20configure%20MFA%20in%20the,the%20risk%
2Dbased%20adaptive%20authentication.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

Community vote distribution

AC (100%)
Question #342 Topic 1

A developer is combining an Amazon API Gateway with an AWS Lambda function in order to create an application. When the developer attempts
to use the API, he or she gets the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502

What is the developer's responsibility in resolving the error?

A. Change the HTTP endpoint of the API to an HTTPS endpoint

B. Change the format of the payload sent to the API Gateway

C. Change the format of the Lambda function response to the API call

D. Change the authorization header in the API call to access the Lambda function

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/malformed-502-api-gateway/

Community vote distribution

C (100%)

Question #343 Topic 1

A developer is establishing a position that will provide access to Amazon S3 buckets. The developer creates the role using the AWS CLI create-role
command.

Which policy should be implemented to enable Amazon EC2 to take over the role?

A. Managed policy

B. Trust policy

C. Inline policy

D. Service control policy (SCP)

Correct Answer: B
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-cli

Community vote distribution

B (100%)
Question #344 Topic 1

A developer observed that an application responsible for processing messages in an Amazon SQS queue was falling behind on a regular basis.
Although the program is capable of processing several messages concurrently, it receives only one message at a time.

What can the developer do to boost the amount of messages received by the application?

A. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

B. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1.

C. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.

D. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html

Community vote distribution

C (100%)

Question #345 Topic 1

A business intends to install an application on Amazon Web Services (AWS) behind an Elastic Load Balancer. The program makes use of an
HTTP/HTTPS listener and hence requires access to the client's IP addresses.

Which load-balancing system satisfies these criteria?

A. Use an Application Load Balancer and the X-Forwarded-For headers.

B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application.

C. Use an Application Load Balancer. Register the targets by the instance ID.

D. Use a Network Load Balancer and the X-Forwarded-For headers.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

Community vote distribution

A (100%)
Question #346 Topic 1

A developer wants to create an application that enables new users to register and establish new accounts. Additionally, people with social media
profiles must be able to log in using their social media credentials.

Which Amazon Web Services (AWS) service or functionality may be leveraged to fulfill these requirements?

A. AWS IAM

B. Amazon Cognito identity pools

C. Amazon Cognito user pools

D. AWS Directory Service

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/apn/how-to-authenticate-users-into-your-apps-using-application-load-balancer-and-centrify/

Community vote distribution

C (100%)

Question #347 Topic 1

A business has transferred a classic application to a fleet of Amazon EC2 instances. The application is now storing data in a MySQL database that
is deployed on a single EC2 instance. The organization has chosen to move the database from the EC2 instance to Amazon RDS MySQL.

What steps should the developer take to adapt the application to enable Amazon RDS data storage?

A. Update the database connection parameters in the application to point to the new RDS instance.

B. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.

C. Create a new EC2 instance with an IAM role that allows access to the new RDS database.

D. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.

Correct Answer: A

Community vote distribution

A (100%)

Question #348 Topic 1

A program at a company logs all information to Amazon S3. Every time a new log file is created, an AWS Lambda function is called to process it.
The code works and collects all of the essential data. When looking through the Lambda function logs, however, duplicate entries with the same
request ID are discovered.
What's the source of the duplicate entries?

A. The S3 bucket name was specified incorrectly.

B. The Lambda function failed, and the Lambda service retried the invocation with a delay.

C. There was an S3 outage, which caused duplicate entries of the same log file.

D. The application stopped intermittently and then resumed.

Correct Answer: B
Question #349 Topic 1

A developer has been tasked with the responsibility of developing a real-time dashboard web application that visualizes the key prefixes and
storage capacity of items stored in Amazon S3 buckets.
The Amazon S3 metadata will be stored in Amazon DynamoDB.

What is the most cost-effective and best solution for keeping the real-time dashboard current with the condition of the objects in the Amazon S3
buckets?

A. Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects
and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change.

B. Use Amazon S3 Event Notification backed by a Lambda function to persist the metadata into DynamoDB. Have the web application poll the
DynamoDB table to reflect this change.

C. Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist the metadata into DynamoDB. Have the web
application poll the DynamoDB table to reflect this change.

D. Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist the metadata into DynamoDB. Have the web
application poll the DynamoDB table to reflect this change.

Correct Answer: A

Community vote distribution

B (100%)

Question #350 Topic 1

A developer created an application that runs on AWS Lambda and makes use of the AWS Serverless Application Model (AWS SAM).

What is the proper sequence of action for a successful application deployment?

A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from
Amazon EBS.

B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3.

C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use.

D. 1. Build the SAM template locally. 2. Package the SAM template from AWS CodeCommit. 3. Deploy the SAM template to CodeCommit.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-deploying.html

Community vote distribution

B (100%)
Question #351 Topic 1

A developer is developing a serverless application using AWS Lambda and is required to establish a REST API that utilizes the HTTP GET
technique.

What has to be specified to satisfy this criterion? (Select two.)

A. A Lambda@Edge function

B. An Amazon API Gateway with a Lambda function

C. An exposed GET method in an Amazon API Gateway

D. An exposed GET method in the Lambda function

E. An exposed GET method in Amazon Route 53

Correct Answer: BC
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-getting-started-with-rest-apis.html

Community vote distribution

BC (100%)

Question #352 Topic 1

On AWS Lambda, a developer is developing an image microservice. The service relies on a number of libraries that are not included in the Lambda
runtime environment.

Which approach should the developer choose while developing the Lambda deployment package?

A. Create a ZIP file with the source code and all dependent libraries.

B. Create a ZIP file with the source code and a script that installs the dependent libraries at runtime.

C. Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment
variable LD_LIBRARY_PATH

D. Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.

Correct Answer: B

Community vote distribution

A (100%)
Question #353 Topic 1

A business want to containerize and deploy an existing three-tier web application on Amazon ECS Fargate. Session data is used by the program to
keep track of user activity.

Which strategy would result in the BEST customer experience?

A. Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster.

B. Create a session table in Amazon Redshift and save the session data in the database table.

C. Enable session stickiness in the existing Network Load Balancer and manage the session data in the container.

D. Use an Amazon S3 bucket as data store and save the session data in the bucket.

Correct Answer: C

Community vote distribution

A (100%)

Question #354 Topic 1

An Amazon EC2 application establishes connections to an Amazon RDS SQL Server database. The developer does not want to keep the
database's user name and password in the code. Additionally, the developer would want to have the credentials rotated automatically.

What is the SAFEST method for storing and accessing database credentials?

A. Create an IAM role that has permissions to access the database. Attach the role to the EC2 instance.

B. Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed.

C. Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance's user data to download the credentials
from Amazon S3 as the instance boots.

D. Store the user name and password credentials directly in the source code. No further action is needed because the source code is stored in
a private repository.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/

Community vote distribution

A (50%) B (50%)
Question #355 Topic 1

Which of the following are effective use cases for Amazon ElastiCache? (Select two.)

A. Improve the performance of S3 PUT operations.

B. Improve the latency of deployments performed by AWS CodeDeploy.

C. Improve latency and throughput for read-heavy application workloads.

D. Reduce the time required to merge AWS CodeCommit branches.

E. Improve performance of compute-intensive applications.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/elasticache-use-cases.html

Community vote distribution

CE (100%)

Question #356 Topic 1

A developer is developing a web application that requires authentication but also requires guest access in order to allow restricted access to
users who do not want to login.

Which service can assist the application in allowing guest access?

A. IAM temporary credentials using AWS STS.

B. Amazon Directory Service

C. Amazon Cognito with unauthenticated access enabled

D. IAM with SAML integration

Correct Answer: C
Reference:
https://aws.amazon.com/cognito/faqs/

Community vote distribution

C (100%)
Question #357 Topic 1

A web application is developed to enable new users to register using their email addresses. The program will store user characteristics and
anticipates millions of users signing up.

What should the developer do to accomplish the design objectives?

A. Amazon Cognito user pools

B. AWS Mobile Hub user data storage

C. Amazon Cognito Sync

D. AWS Mobile Hub cloud logic

Correct Answer: A
Reference:
https://aws.amazon.com/cognito/

Community vote distribution

A (100%)

Question #358 Topic 1

A development team is constructing a new application that will operate on Amazon EC2 and make use of Amazon DynamoDB for storage. All
developers have IAM user accounts allocated to the same IAM group. Currently, developers may create EC2 instances, but they must also be
allowed to launch EC2 instances with an instance role that grants access to Amazon DynamoDB.

Which AWS IAM modifications are required to enable this feature when establishing an instance role?

A. Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB
to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and
iam:PassRole permissions for the role.

B. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon
EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole
permission for the role.

C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows
DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the
iam:PassRole permission for the role.

D. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon
EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole
permission for the role.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/glue/latest/dg/attach-policy-iam-user.html

Community vote distribution

B (100%)
Question #359 Topic 1

A business is transferring its on-premises MySQL database to Amazon RDS for MySQL. The firm has read-intensive workloads and wants to ensure
that its code is refactored to obtain the best possible read performance for its queries.

How is this aim to be accomplished?

A. Add database retries to effectively use RDS with vertical scaling

B. Use RDS with multi-AZ deployment

C. Add a connection string to use an RDS read replica for read queries

D. Add a connection string to use a read replica on an EC2 instance.

Correct Answer: C

Community vote distribution

C (100%)

Question #360 Topic 1

Each day, a business runs an application that is responsible for processing several thousand external callbacks. The company's system
administrators want to know the total number of calls received on a rolling basis, and they want this data to be accessible for a period of ten days.
Additionally, the organization want to be able to send automatic notifications when the number of callbacks surpasses predefined criteria.

What is the MOST cost-effective method for tracking and alerting on these statistics?

A. Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds.

B. Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds.

C. Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends
the required alerts.

D. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System
Administrators.

Correct Answer: C

Community vote distribution

D (100%)
Question #361 Topic 1

A developer has created an AWS Lambda function in Java. The developer want to determine the location of a performance bottleneck in the code.

Which actions should be done to ascertain the existence of the bottleneck?

A. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the CloudWatch console to analyze the resulting
data.

B. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the Amazon CloudWatch console to analyze
the resulting data.

C. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the X-Ray console to analyze the resulting
data.

D. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the AWS X-Ray console to analyze the resulting
data.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-guide.pdf

Community vote distribution

C (100%)

Question #362 Topic 1

A developer is configuring a CPU-intensive AWS Lambda function that runs once per hour. The function typically runs in 45 seconds, but may take
up to one minute at times. The timeout parameter is set to three minutes, and the other settings are left alone. The developer must optimize this
function's execution time.

Which solution will satisfy this criterion?

A. Redeploy the function within the default VPC.

B. Increase the function's memory.

C. Redeploy the function by using Lambda layers.

D. Increase the function's reserved concurrency.

Correct Answer: B

Community vote distribution

B (100%)
Question #363 Topic 1

A Developer is using an AWS VPN connection based on the Border Gateway Protocol (BGP) to connect from on-premises to Amazon EC2
instances in the Developer's account. The Developer may access an EC2 instance in subnet A but not in subnet B of the same VPC.

Which log files may the developer examine to determine if traffic reaches subnet B?

A. VPN logs

B. BGP logs

C. VPC Flow Logs

D. AWS CloudTrail logs

Correct Answer: C

Community vote distribution

C (100%)

Question #364 Topic 1

A developer needs to use Amazon ECS to deploy an application running on AWS Fargate. The application has environment variables that must be
given to a container during initialization.

How should the container's environment variables be passed?

A. Define an array that includes the environment variables under the environment parameter within the service definition.

B. Define an array that includes the environment variables under the environment parameter within the task definition.

C. Define an array that includes the environment variables under the entryPoint parameter within the task definition.

D. Define an array that includes the environment variables under the entryPoint parameter within the service definition.

Correct Answer: B

Community vote distribution

B (100%)
Question #365 Topic 1

A business has an internet-facing application that makes use of Web Identity Federation to receive a temporary credential from Amazon Web
Services Security Token Service (AWS STS).
The application then makes use of the token to get access to AWS services.
Take a look at the following response:

Which rights are connected with the application's call, based on the answer displayed?

A. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1

B. Permissions associated with the default role used when the AWS service was built

C. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE

D. Permissions associated with the account that owns the AWS service

Correct Answer: C

Community vote distribution

A (100%)
Question #366 Topic 1

AWS Elastic Beanstalk applications must be deployed in several regions and each region requires a unique Amazon Machine Image (AMI).

Which AWS CloudFormation template key should be used to define the region-specific AMI?

A. Parameters

B. Outputs

C. Mappings

D. Resources

Correct Answer: C
Reference:
https://docs.aws.amazon.com/marketplace/latest/userguide/cloudformation.html

Community vote distribution

C (100%)

Question #367 Topic 1

A development team want to move code from a GitHub repository to AWS CodeCommit.

What is required to transfer a cloned repository to CodeCommit via HTTPS?

A. A GitHub secure authentication token

B. A public and private SSH key file

C. A set of Git credentials generated from IAM

D. An Amazon EC2 IAM role with CodeCommit permissions

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-migrate-repository-existing.html

Community vote distribution

C (100%)
Question #368 Topic 1

Amazon API Gateway is being used by a business to handle its public-facing API. The CISO stipulates that the APIs may be utilized just by test
account users.

What is the SAFEST method for restricting API access to users of this specific AWS account?

A. Client-side SSL certificates for authentication

B. API Gateway resource policies

C. Cross-origin resource sharing (CORS)

D. Usage plans

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/compute/control-access-to-your-apis-using-amazon-api-gateway-resource-policies/

Community vote distribution

B (100%)

Question #369 Topic 1

On AWS, an application makes use of third-party APIs. The developer needs to monitor API faults in the code and wants to be notified when the
number of failures exceeds a predefined threshold.

How is the Developer going to fulfill these requirements?

A. Publish a custom metric on Amazon CloudWatch and use Amazon SES for notification.

B. Use an Amazon CloudWatch API-error metric and use Amazon SNS for notification.

C. Use an Amazon CloudWatch API-error metric and use Amazon SES for notification.

D. Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification.

Correct Answer: D
Question #370 Topic 1

Amazon API Gateway is being used by an organization to give a public API named €Survey€ for gathering user feedback on its goods. The survey
API is divided into phases called €DEV€ and €PROD€ and consists of a single resource called €/feedback€ that enables users to
retrieve/create/update individual feedback postings.
A Swagger file with version control is used to describe a new API for retrieving numerous feedback postings. To add the new API resource €/
listFeedbackForProduct€, the developer modifies the Swagger file that defines the API, uploads the file to the organization's version control
system, and uses the API Gateway's Import API function to update the Survey API. Following successful import, the developer performs tests
against the DEV stage and discovers that the resource €/listFeedbackForProduct€ is missing.

What is the MOST LIKELY explanation for the resource's non-availability?

A. Even though the Swagger import was successful, resource creation failed afterwards.

B. There is a propagation delay of several minutes in creating API Gateway resources after import.

C. The developer needs to restart the API Gateway stage after import in order to apply the changes.

D. The developer needs to create a new deployment after import in order to deploy the changes.

Correct Answer: C

Community vote distribution

( 00%)

Question #371 Topic 1

A developer is doing maintenance on an application hosted on AWS Elastic Beanstalk. The new version of the software is incompatible with the
previous version. To properly deploy the update, a complete cutover to the new, updated version must be conducted on all instances
simultaneously, with the option to roll back modifications in the event of a new version deployment failure.

How can this be accomplished with the MINIMUM amount of downtime possible?

A. Use the Elastic Beanstalk All at once deployment policy to update all instances simultaneously.

B. Perform an Elastic Beanstalk Rolling with additional batch deployment.

C. Deploy the new version in a new Elastic Beanstalk environment and swap environment URLs.

D. Perform an Elastic Beanstalk Rolling deployment.

Correct Answer: D
Elastic Beanstalk has rolled out a couple of features over the last year that make zero-downtime deployment.
Reference:
https://rollout.io/blog/batch-deployment-in-aws-elastic-beanstalk/

Community vote distribution

C (100%)
Question #372 Topic 1

It takes 40 seconds for an application to process instructions received through Amazon SQS message.

Assuming the SQS queue is set with the default VisibilityTimeout value, what is the BEST approach to guarantee that no other instances may
obtain a message that has already been handled or is still being processed after it is received?

A. Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use the DeleteMessage API to delete the message.

B. Use the DeleteMessage API call to delete the message from the queue, then call DeleteQueue API to remove the queue.

C. Use the ChangeMessageVisibility API to decrease the timeout value, then use the DeleteMessage API to delete the message.

D. Use the DeleteMessageVisibility API to cancel the VisibilityTimeout, then use the DeleteMessage API to delete the message.

Correct Answer: A

Question #373 Topic 1

A developer constructed a Lambda function for the backend of a web application. When the Lambda function is tested using the AWS Lambda
interface, the developer can see that it is being performed, but no log data is created in Amazon CloudWatch Logs, even after several minutes.

What may have resulted in this situation?

A. The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs.

B. The Lambda function is missing CloudWatch Logs as a source trigger to send log data.

C. The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.

D. The Lambda function is missing a target CloudWatch Log group.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions.html
(see note)

Community vote distribution

C (100%)

Question #374 Topic 1

An application will consume data at a rapid rate from a variety of sources and must store it in an Amazon S3 bucket.

Which service would be the most effective in accomplishing this task?

A. Amazon Kinesis Firehose

B. Amazon S3 Acceleration Transfer

C. Amazon SQS

D. Amazon SNS

Correct Answer: A

Community vote distribution

A (100%)
Question #375 Topic 1

A business is building an application that will be accessible through the Amazon API Gateway's REST API. Only registered users should be able to
access specific API resources. The token in use should expire automatically and should be updated on a regular basis.

How can a developer adhere to these specifications?

A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials
generated by the identity pool.

B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

D. Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/

Community vote distribution

C (67%) A (33%)

Question #376 Topic 1

A developer uses the AWS CLI to create a role in order to get a set of temporary security credentials.

Which of the following environment variables or AWS configuration file must be specified in order to authenticate with AWS?

A. AccessKeyId SecretAccessKey, and AssumedRoleId

B. UserId, SessionToken, and AssumedRoleId

C. AccessKeyId, SecretAccessKey, and SessionToken

D. UserId, SessionToken and Credentials

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
Question #377 Topic 1

Which approaches will aid in mitigating this circumstance? (Select two.)

A. Implement retries with exponential backoff

B. Use a PutRecord API instead of PutRecords

C. Reduce the frequency and/or size of the requests

D. Use Amazon SNS instead of Kinesis

E. Reduce the number of KCL consumers

Correct Answer: AC

Community vote distribution

AC (100%)

Question #378 Topic 1

A developer is developing a web application that makes use of Amazon API Gateway to expose an AWS Lambda function for the purpose of
processing client requests. The developer detects that the API Gateway times out during testing, despite the fact that the Lambda function
completes inside the specified time limit.

Which of the following Amazon CloudWatch API Gateway metrics may assist the developer in troubleshooting the issue? (Select two.)

A. CacheHitCount

B. IntegrationLatency

C. CacheMissCount

D. Latency

E. Count

Correct Answer: AD

Community vote distribution

BD (100%)
Question #379 Topic 1

An on-premises e-commerce web application with shared session information is being transferred to AWS. The program must be fault resilient
and inherently highly scalable, with any service interruptions having little impact on the user experience.

What is the optimal method for storing session state?

A. Store the session state in Amazon ElastiCache

B. Store the session state in Amazon CloudFront

C. Store the session state in Amazon S3

D. Enable session stickiness using elastic load balancers

Correct Answer: A

Question #380 Topic 1

A business is maintaining an on-premises NoSQL database to host a vital component of an application that is experiencing scalability challenges.
The organization wishes to move the application to Amazon DynamoDB, taking into account the following factors:
✑ Optimize frequent queries
✑ Reduce read latencies
✑ Plan for frequent queries on certain key attributes of the table

Which method would assist in accomplishing these goals?

A. Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes.

B. Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table.

C. Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table.

D. Create an AWS Auto Scaling policy for the DynamoDB table.

Correct Answer: A

Community vote distribution

A (100%)

Question #381 Topic 1

A developer is creating a fault-tolerant environment that will store client sessions.

How can the developer assure that no sessions are lost in the event of a failure of an Amazon EC2 instance?

A. Use sticky sessions with an Elastic Load Balancer target group.

B. Use Amazon SQS to save session data.

C. Use Amazon DynamoDB to perform scalable session handling.

D. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Correct Answer: A

Community vote distribution

C (100%)
Question #382 Topic 1

Locally, a developer tested an application before deploying it to AWS Lambda. While remote testing the application, the Lambda function returns
an access denied error.

How can this problem be resolved?

A. Update the Lambda function's execution role to include the missing permissions.

B. Update the Lambda function's resource policy to include the missing permissions.

C. Include an IAM policy document at the root of the deployment package and redeploy the Lambda function.

D. Redeploy the Lambda function using an account with access to the AdministratorAccess policy.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/access-denied-lambda-s3-bucket/

Community vote distribution

A (100%)

Question #383 Topic 1

A developer is developing an application's authentication and authorisation mechanisms. The developer must take care that user credentials are
never made public.

How should the developer tackle this requirement?

A. Store the user credentials in Amazon DynamoDB. Build an AWS Lambda function to validate the credentials and authorize users.

B. Deploy a custom authentication and authorization API on an Amazon EC2 instance. Store the user credentials in Amazon S3 and encrypt
the credentials using Amazon S3 server-side encryption.

C. Use Amazon Cognito to configure a user pool, and user the Cognito API to authenticate and authorize the user.

D. Store the user credentials in Amazon RDS. Enable the encryption option for the Amazon RDS DB instances. Build an API using AWS Lambda
to validate the credentials and authorize users.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

Community vote distribution

C (100%)
Question #384 Topic 1

A developer wishes to operate a PHP website in conjunction with an NGINX proxy and bundle them together as Docker containers in a single
environment. The developer need a managed environment that is fully automated in terms of provisioning and load balancing. The developer has
little control over the setup and must keep operating overhead to a minimum.

How should the developer structure the website to adhere to these specifications?

A. Create a new application in AWS Elastic Beanstalk that is preconfigured for a multicontainer Docker environment. Upload the code, and
deploy it to a web server environment.

B. Deploy the code on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.

C. Construct an AWS Cloud Formation template that launches Amazon EC2 instances. Install and configure the PHP code by using cfn helper
scripts.

D. Upload the code for the PHP website into an Amazon S3 bucket. Host the website from the S3 bucket.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/docker.html

Question #385 Topic 1

A developer is constructing a template that will be used to deploy an application through AWS CloudFormation. This is a serverless application
that makes use of Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.

Which tool should the developer use to create simpler syntax for serverless resource expressions?

A. CloudFormation serverless intrinsic functions

B. AWS serverless express

C. An AWS serverless application model

D. A CloudFormation serverless plugin

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-application-fundamentals.html
Question #386 Topic 1

A business maintains an AWS CloudFormation template in the form of a single file. The template is capable of launching and establishing a whole
infrastructure stack.

Which best practice would improve the template's maintainability?

A. Use nested stacks for common template patterns.

B. Embed credentials to prevent typos.

C. Remove mappings to decrease the number of variables.

D. Use AWS::Include to reference publicly-hosted template files.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html

Community vote distribution

A (100%)

Question #387 Topic 1

A developer must provide non-logged-in guest users access to an Amazon Cognito-enabled site in order to read files stored in an Amazon S3
bucket.

How is the Developer to comply with these requirements?

A. Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.

B. Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources.

C. Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources.

D. Create a new user pool, disable authentication access, and grant access to AWS resources.

Correct Answer: D

Community vote distribution

B (100%)
Question #388 Topic 1

A developer want to use Amazon EC2 Auto Scaling in order to scale a web application. The developer want to avoid session loss during scale-in
events.

How can the developer preserve and share the session state across several EC2 instances?

A. Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume to each EC2 instance in the group.

B. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API.

C. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each EC2 instance in the group to the topic.

D. Write the sessions to an Amazon Redshift cluster. Configure the application to use the Amazon Redshift API.

Correct Answer: B
Reference:
https://aws.amazon.com/memcached/

Community vote distribution

B (100%)

Question #389 Topic 1

On AWS, a developer is developing a new sophisticated application. The application is composed of a number of microservices that are hosted on
Amazon EC2. The developer want to ascertain which microservice incurs the most amount of delay while processing a request.

Which technique should the developer use to determine this?

A. Instrument each microservice request using the AWS X-Ray SDK. Examine the annotations associated with the requests.

B. Instrument each microservice request using the AWS X-Ray SDK. Examine the subsegments associated with the requests.

C. Instrument each microservice request using the AWS X-Ray SDK. Examine the Amazon CloudWatch EC2 instance metrics associated with
the requests.

D. Instrument each microservice request using the Amazon CloudWatch SDK. Examine the CloudWatch EC2 instance metrics associated with
the requests.

Correct Answer: C

Community vote distribution

B (100%)
Question #390 Topic 1

An application must encrypt data that is written to Amazon S3, where the keys are controlled in-house and S3 handles the encryption.

Which encryption method should be used?

A. Use server-side encryption with Amazon S3-managed keys

B. Use server-side encryption with AWS KMS-managed keys

C. Use client-side encryption with customer master keys

D. Use server-side encryption with customer-provided keys

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

Community vote distribution

D (100%)

Question #391 Topic 1

A developer must handle AWS infrastructure as code and be able to deploy multiple identical copies, stage changes, and roll back to prior
versions.

Which technique satisfies these criteria?

A. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure.

B. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure.

C. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure.

D. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.

Correct Answer: D

Community vote distribution

D (100%)
Question #392 Topic 1

A developer has created a multi-threaded application that runs on an Amazon EC2 instance fleet. The operations team has requested a graphical
tool for tracking the number of threads that are currently operating over time.

What is the MOST EFFECTIVE method of completing this request?

A. Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand.

B. Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call with the current thread count.

C. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph.

D. Periodically write the current thread count to a table using Amazon DynamoDB and use Amazon CloudFront to create a graph.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html

Community vote distribution

B (71%) A (29%)

Question #393 Topic 1

A deployment package utilizes the AWS CLI to put files into any S3 bucket in the account, using environment variables to keep access keys. The
package is operating on Amazon EC2 instances that have been updated to run with an assumed IAM role and a more restricted policy that
restricts access to a single bucket. Following the update, the Developer login into the host and retains the ability to write to all of the account's S3
buckets.

What is the MOST LIKELY REASON for this occurrence?

A. An IAM inline policy is being used on the IAM role

B. An IAM managed policy is being used on the IAM role

C. The AWS CLI is corrupt and needs to be reinstalled

D. The AWS credential provider looks for instance profile credentials last

Correct Answer: B

Community vote distribution

D (100%)
Question #394 Topic 1

A developer is tasked with the task of developing a mobile application on a shoestring budget. The solution needs a scalable service that enables
clients to register and authenticate for the mobile application utilizing the organization's existing SAML 2.0 identity provider.

Which Amazon Web Services (AWS) offering should be utilized to fulfill these requirements?

A. AWS Lambda

B. Amazon Cognito

C. AWS IAM

D. Amazon EC2

Correct Answer: B

Community vote distribution

B (100%)

Question #395 Topic 1

A developer is developing an AWS Lambda function that generates temporary files smaller than 10 MB in size during operation. Throughout
execution, the temporary files will be viewed and updated several times. There is no need for the Developer to store or retrieve these files in the
future.

What directory should the temporary file be saved to?

A. the /tmp directory

B. Amazon EFS

C. Amazon EBS

D. Amazon S3

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
(23)

Community vote distribution

A (100%)
Question #396 Topic 1

A business requires a new REST API that can deliver data on the contents of an Amazon S3 bucket, such as the number of items stored inside.
The organization has opted to build the new API as a microservice and to use AWS Lambda and Amazon API Gateway.

How could the developer verify that the microservice gets access to the required Amazon S3 bucket while keeping to security best practices?

A. Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function
source code.

B. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.

C. Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket.

D. Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.

Correct Answer: C

Community vote distribution

B (100%)

Question #397 Topic 1

A developer is developing a mobile application that will operate without requiring users to log in.

Which approach is the MOST EFFECTIVE for granting people access to AWS resources?

A. Use an identity provider to securely authenticate with the application.

B. Create an AWS Lambda function to create an IAM user when a user accesses the application.

C. Create credentials using AWS KMS and apply these credentials to users when using the application.

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

Correct Answer: C

Community vote distribution

D (100%)

Question #398 Topic 1

A developer has built an S3 bucket called s3:/mycoolapp and configured server-wide logging with a path of s3:/mycoolapp/logs. The developer
copied 100 KB of Cascading Style Sheets (CSS) files to the subdirectory s3:/mycoolapp/css and then ceased work. When the developer returned a
few days later, the bucket had grown to 50 GB in size.

What is the MOST LIKELY REASON for this occurrence?

A. The CSS files were not compressed and S3 versioning was enabled.

B. S3 replication was enabled on the bucket.

C. Logging into the same bucket caused exponential log growth.

D. An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access.

Correct Answer: B

Community vote distribution

C (100%)
Question #399 Topic 1

A developer is developing a new application that will be accessible to users through an Amazon API Gateway-created API. The users must be
validated using the Security Assertion Markup Language (SAML) by a third-party identity provider. After users have been validated, they will need
access to further AWS services, such as Amazon S3 and Amazon DynamoDB.

How are these stipulations to be met?

A. Use an Amazon Cognito user pool with SAML as the resource server.

B. Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers.

C. Use the AWS IAM service to provide the sign-up and sign-in functionality.

D. Use Amazon CloudFront signed URLs to connect with the SAML identity provider.

Correct Answer: A

Community vote distribution

B (100%)

Question #400 Topic 1

A business is in the process of building a new web application in Python. The application must be deployed using AWS Elastic Beanstalk via the
AWS Management Console. The developer produces an Elastic Beanstalk source bundle, which he or she then uploads through the console.

Which of the following are prerequisites for developing the source bundle? (Select two.)

A. The source bundle must include the ebextensions.yaml file

B. The source bundle must not include a top-level directory

C. The source bundle must be compressed with any required dependencies in a top-level parent folder

D. The source bundle must be created as a single .zip or .war file

E. The source bundle must be uploaded into Amazon EFS

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications-sourcebundle.html

Community vote distribution

BD (100%)
Question #401 Topic 1

A developer is conducting an investigation on behalf of a business. Certain queries transit via an Amazon API Gateway endpoint but never reach
the AWS Lambda function that supports the endpoint. The developer discovers that a second Lambda function sometimes exceeds the maximum
concurrency limit for the AWS account.

How can the developer resolve this situation?

A. Manually reduce the concurrent quota at the account level.

B. Add another API Gateway stage for the endpoint. Shard the requests.

C. Request to increase the Lambda concurrency quota through the Service Quotas dashboard.

D. Reduce the throttling quota in the API Gateway endpoint.

Correct Answer: C

Community vote distribution

C (67%) A (33%)

Question #402 Topic 1

A developer is building a serverless website containing HTML files, photos, videos, and JavaScript content (client-side scripts).
Which service combination should the Developer utilize to build the website?

A. Amazon S3 and Amazon CloudFront

B. Amazon EC2 and Amazon ElastiCache

C. Amazon ECS and Redis

D. AWS Lambda and Amazon API Gateway

Correct Answer: A
Reference:
https://d1.awsstatic.com/whitepapers/Building%20Static%20Websites%20on%20AWS.pdf

Question #403 Topic 1

The upload to Amazon S3 of a 15 GB item fails. The error message reads as follows: "Your proposed upload exceeds the maximum allowed object
size"

How will the Developer submit this object?

A. Upload the object using the multi-part upload API.

B. Upload the object over an AWS Direct Connect connection.

C. Contact AWS Support to increase the object size limit.

D. Upload the object to another AWS region.

Correct Answer: A
Reference:
https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KACOEWK92oCmeCwuj4t/s3-question-on-multi-part-upload

Community vote distribution

A (100%)
Question #404 Topic 1

A developer is developing AWS CloudFormation templates to handle the deployment of an application in Amazon Elastic Container Service
(Amazon ECS) using AWS CodeDeploy. The developer want to automatically deploy updated versions of the program to a subset of users prior to
making the new version generally accessible.

How should the developer handle the new version's deployment?

A. Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

B. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application's DNS records for the new stack.

C. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.

D. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-cloudformation-templates.html

Community vote distribution

A (100%)

Question #405 Topic 1

A developer wants to upload data to Amazon S3 and wishes to encrypt the data during the upload process.

Which of the following solutions is the most appropriate for our task? (Select two.)

A. Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint

B. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key

C. Set up Server-Side Encryption with AWS KMS-Managed Keys

D. Transfer the data over an SSL connection

E. Set up Server-Side Encryption with S3-Managed Keys

Correct Answer: BD

Community vote distribution

BD (100%)

Question #406 Topic 1

Where should the appspec.yml file be stored for AWS CodeDeploy to function properly?

A. In the root of the application source code directory structure

B. In the bin folder along with all the complied code

C. In an S3 bucket

D. In the same folder as the application configuration files

Correct Answer: A
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file.html
Question #407 Topic 1

A developer is developing a serverless web application and managing many development branches. The developer want to avoid having to update
the Amazon API Gateway target endpoint with each new code push.

Which solution would enable the developer to efficiently submit code without having to update the API Gateway?

A. Associate different AWS Lambda functions to an API Gateway target endpoint.

B. Create different stages in API Gateway, then associate API Gateway with AWS Lambda.

C. Create aliases and versions in AWS Lambda.

D. Tag the AWS Lambda functions with different names.

Correct Answer: C

Community vote distribution

C (100%)

Question #408 Topic 1

AWS Lambda produces a 3MB JSON file on a daily basis and then uploads it to an Amazon S3 bucket. Because the file includes sensitive
information, the Developer must encrypt it before to uploading it to the bucket.

Which of the following should the Developer change to guarantee that the data is encrypted before being uploaded to the bucket?

A. Use the default AWS KMS customer master key for S3 in the Lambda function code.

B. Use the S3 managed key and call the GenerateDataKey API to encrypt the file.

C. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

D. Use a custom KMS customer master key created for S3 in the Lambda function code.

Correct Answer: C

Question #409 Topic 1

A developer is developing an application that requires identifying the public IPv4 address of the Amazon EC2 instance on which it is running.

How is the program going to find this data?

A. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.

B. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/.

C. Get the application to run IFCONFIG to get the public IP address.

D. Get the application to run IPCONFIG to get the public IP address.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
Question #410 Topic 1

A developer want to automatically create a record in an Amazon DynamoDB table whenever a new file is uploaded to an Amazon S3 bucket.

Which sequence of actions would be required to accomplish this?

A. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insert the records into DynamoDB.

B. Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB.

C. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.

D. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.

Correct Answer: B

Community vote distribution

B (100%)

Question #411 Topic 1

A developer has developed an application that runs on Amazon EC2 instances and produces a value on a minutely basis. The developer want to
monitor and graph the data produced over time without periodically login into the instance.

Which strategy should the developer use to accomplish this objective?

A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.

B. Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.

C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.

D. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.

Correct Answer: C

Community vote distribution

C (100%)

Question #412 Topic 1

A developer is developing an AWS Lambda function that creates a new file upon execution. Each new file must be checked into the same AWS
CodeCommit repository.

How should the developer go about doing this?

A. When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change.

B. After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository.

C. Use an AWS SDK to instantiate a CodeCommit client. Invoke the put_file method to add the file to the repository.

D. Upload the new to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the
repository.

Correct Answer: A

Community vote distribution

C (100%)
Question #413 Topic 1

A developer is publishing vital log data to a log group formed two months ago in Amazon CloudWatch Logs. The developer must encrypt the log
data using an AWS KMS customer master key (CMK) in order to ensure that future data is encrypted in accordance with the company's security
policy.

How is the Developer going to fulfill this requirement?

A. Use the CloudWatch Logs console and enable the encrypt feature on the log group

B. Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN)

C. Use the KMS console and associate the CMK with the log group

D. Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

Community vote distribution

D (100%)

Question #414 Topic 1

A developer must create a mobile application that enables users to read and write data from an Amazon DynamoDB database used to store each
user's status.
The solution must restrict data access so that users may only access their own data.

Which of the following solutions is the most secure?

A. Embed AWS access credentials into the application and create DynamoDB queries that limit user access.

B. Use Amazon Cognito identity pools to assign unique identifiers and provide user access.

C. Modify the DynamoDB table to allow public read and writes, then add client-side filtering.

D. Create a web portal for users to create an account on AWS Directory Service.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_specific-table.html

Community vote distribution

B (100%)
Question #415 Topic 1

A developer has an application that must receive and handle a huge number of incoming data streams before distributing them to several
downstream users.

Which serverless solution should the developer use in order to achieve these requirements?

A. Amazon RDS MySQL stored procedure with AWS Lambda

B. AWS Direct Connect with AWS Lambda

C. Amazon Kinesis Data Streams with AWS Lambda

D. Amazon EC2 bash script with AWS Lambda

Correct Answer: C
Reference:
https://aws.amazon.com/kinesis/data-analytics/faqs/

Community vote distribution

C (100%)

Question #416 Topic 1

A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The developer
want to externalize session state in order to facilitate the application's operation.

Which services will address these requirements? (Select two.)

A. Amazon DynamoDB

B. Amazon Cognito

C. Amazon ElastiCache

D. Amazon EBS

E. Amazon SQS

Correct Answer: BD
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=238457

Community vote distribution

AC (100%)
Question #417 Topic 1

A developer must invoke an AWS Lambda function depending on the lifecycle activity of an item in an Amazon DynamoDB database.

How does the developer go about developing the solution?

A. Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda function synchronously from the SNS message.

B. Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda function asynchronously from the SNS message.

C. Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream.

D. Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html

Question #418 Topic 1

A developer need temporary access to resources located in a different account.

What is the MOST SECURE method of doing this?

A. Use the Amazon Cognito user pools to get short-lived credentials for the second account.

B. Create a dedicated IAM access key for the second account, and send it by mail.

C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.

D. Establish trust, and add an SSH key for the second account to the IAM user.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Question #419 Topic 1

A developer want to verify that the Amazon EC2 instances running in AWS Elastic Beanstalk execute a certain set of commands prior to the
application being available for usage.

Which feature of Elastic Beanstalk enables the developer to achieve this?

A. Rolling update

B. Immutable update

C. User data

D. .ebextensions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html

Community vote distribution

D (100%)
Question #420 Topic 1

A team of developers is responsible for migrating an application running on AWS Elastic Beanstalk from a Classic Load Balancer to an Application
Load Balancer.

How should the job be completed using the AWS Management Console?

A. 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the
new version of the application code to the environment.

B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as
used in the original environment. 3. Run the swap-environment-cnames action.

C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the
original environment. 3. Run the swap-environment-cnames action.

D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements.
3. Rebuild the environment with the new load balancer type.

Correct Answer: A

Community vote distribution

B (100%)

Question #421 Topic 1

AWS Lambda functions must read data from an Amazon RDS MySQL database contained inside a VPC and also connect to a public endpoint on
the internet to get extra data.

Which actions must be made to provide access to both the RDS resource and the public endpoint by the function? (Select two.)

A. Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.

B. Modify the default network access control list to allow outbound traffic.

C. Add a NAT Gateway to the VPC.

D. Modify the default configuration of the Lambda function to associate it with a VPC public subnet.

E. Add an environmental variable to the Lambda function to allow outbound internet access.

Correct Answer: AC
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html
Question #422 Topic 1

An application uses Amazon DynamoDB as its data storage and requires the ability to read 100 items per second in highly consistent reads. Each
item is around 5 KB in size.

What should the provisioned read throughput of the table be set to?

A. 50 read capacity units

B. 100 read capacity units

C. 200 read capacity units

D. 500 read capacity units

Correct Answer: C

Community vote distribution

C (100%)

Question #423 Topic 1

A developer has registered a new AWS account and is required to design a scalable AWS Lambda function that satisfies the following concurrent
execution requirements:
✑ Average execution time of 100 seconds
✑ 50 requests per second

Which procedure must be followed prior to deployment in order to avoid errors?

A. Implement dead-letter queues to capture invocation errors

B. Add an event source from Amazon API Gateway to the Lambda function

C. Implement error handling within the application code

D. Contact AWS Support to increase the concurrent execution limits

Correct Answer: B

Community vote distribution

D (100%)
Question #424 Topic 1

A Developer has created code for an application and want to share it with other team members in order to get feedback. The shared application
code must be kept in a long-term, version-controlled environment with batch change tracking.

Which Amazon Web Services (AWS) service should the developer use?

A. AWS CodeBuild

B. Amazon S3

C. AWS CodeCommit

D. AWS Cloud9

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/codecommit-user.pdf

Community vote distribution

C (100%)

Question #425 Topic 1

A developer is developing an application that makes use of an Amazon API Gateway REST API and an AWS Lambda function that communicates
with an Amazon DynamoDB database. During testing, the developer notices excessive latency while performing API queries.

How can the developer determine the total latency and pinpoint performance bottlenecks?

A. Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck.

B. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests.

C. Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs.

D. Enable VPC Flow Logs to capture and analyze network traffic within the VPC.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html

Community vote distribution

B (100%)
Question #426 Topic 1

A developer using AWS CodeDeploy to automate the deployment of an application that connects to a remote MySQL database. The developer
wishes to access encrypted secrets such as API keys and database passwords safely.

Which of the following alternatives would need the LEAST amount of administrative work?

A. Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from
Amazon EC2 instances.

B. Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.

C. Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets
from EC2 instances.

D. Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.

Correct Answer: A

Community vote distribution

D (100%)

Question #427 Topic 1

A developer is establishing an Auto Scaling group for instances that must submit a custom metric to Amazon CloudWatch.

Which technique is the SECUREST approach for authenticating a CloudWatch PUT request?

A. Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the
credentials as needed.

B. Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the
instance user data.

C. Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.

D. Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

Correct Answer: D

Community vote distribution

D (100%)
Question #428 Topic 1

Given the AWS CloudFormation template below:

Which method is the MOST EFFECTIVE for referencing the newly created Amazon S3 bucket from another AWS CloudFormation template?

A. Add an Export declaration to the Outputs section of the original template and use ImportValue in other templates.

B. Add Exported: true to the ContentBucket in the original template and use ImportResource in other templates.

C. Create a custom AWS CloudFormation resource that gets the bucket name from the ContentBucket resource of the first stack.

D. Use Fn::Include to include the existing template in other templates and use the ContentBucket resource directly.

Correct Answer: C

Community vote distribution

A (100%)

Question #429 Topic 1

A developer is transferring code to an Amazon Lambda function that will interact with an Amazon Aurora MySQL database.

What is the SECUREST method for authenticating the function against the database?

A. Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems
Manager when the Lambda function needs to connect to the database.

B. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.

C. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the
credentials. Use AWS KMS to encrypt the data.

D. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/

Community vote distribution

D (75%) B (25%)
Question #430 Topic 1

A developer has an Amazon DynamoDB table that requires provisioning in order to meet user needs. The application must have the following
features:

✑ Average item size: 10 KB

✑ Item reads each second: 10 strongly consistent
✑ Item writes each second: 2 transactional

Which read and write capability satisfies these needs most economically?

A. Read 10; write 2

B. Read 30; write 40

C. Use on-demand scaling

D. Read 300; write 400

Correct Answer: B

Community vote distribution

B (67%) C (33%)

Question #431 Topic 1

A developer wishes to deliver multi-value headers to an AWS Lambda function that is registered with an Application Load Balancer as a target
(ALB).

What actions should the developer take to accomplish this?

A. Place the Lambda function and target group in the same account.

B. Send the request body to the Lambda function with a size less than 1 MB.

C. Include the Base64 encoding status, status code, status description, and headers in the Lambda function.

D. Enable the multi-value headers on the ALB.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html#enable-multi-value-headers
Question #432 Topic 1

A developer is developing a new AWS Serverless Application Model (AWS SAM) template that includes an AWS Lambda function. The Lambda
function executes sophisticated code. The developer want to run the Lambda function on a larger CPU.

What should the developer do to comply with this stipulation?

A. Increase the runtime engine version.

B. Increase the timeout.

C. Increase the number of Lambda layers.

D. Increase the memory.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html

Question #433 Topic 1

A web application is being developed to audit several Amazon Web Services accounts. The application will be hosted in Account A and will need
access to AWS services hosted in Accounts B and C.

What is the SAFEST method for the application to access AWS services in each audited account?

A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles

B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions

C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application

D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys

Correct Answer: D

Community vote distribution

A (100%)
Question #434 Topic 1

Given the source code for an AWS Lambda function in the local file store.py, which includes the handler function get store, and the accompanying
AWS CloudFormation template:

What should be done to prepare the template for deployment through the AWS Command Line Interface command aws cloudformation deploy?

A. Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.

B. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template.

C. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive.

D. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.

Correct Answer: D

Community vote distribution

B (100%)

Question #435 Topic 1

How can a developer debug AWS Lambda code delivered using AWS Serverless Application Model (AWS SAM)?

A. Download the Lambda code locally and use the AWS CLI to execute it

B. Use the Lambda console to connect the debugger

C. Use AWS SAM to invoke a function locally in debug mode

D. Connect a third-party-compatible integrated development environment (IDE) to the Lambda debugger endpoint

Correct Answer: C
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html

Community vote distribution

C (100%)
Question #436 Topic 1

When designing an AWS Lambda function that processes Amazon Kinesis Data Streams, administrators must get a notification including the
processed data.

How should the developer create the function responsible for sending processed data to the Administrators?

A. Separate the Lambda handler from the core logic

B. Use Amazon CloudWatch Events to send the processed data

C. Publish the processed data to an Amazon SNS topic

D. Push the processed data to Amazon SQS

Correct Answer: B

Community vote distribution

C (100%)

Question #437 Topic 1

AWS CodeBuild generates the source code for an application, develops the Docker image, uploads it to Amazon Elastic Container Registry
(Amazon ECR), and tags it with a unique identifier.

If developers already have the AWS CLI setup on their workstations, how are the Docker images downloaded to the workstations?

A. Run the following: docker pull REPOSITORY URI : TAG

B. Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

C. Run the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

D. Run the output of the following: aws ecr get-download-url-for-layer and then run: docker pull REPOSITORY URI : TAG

Correct Answer: B

Community vote distribution

B (100%)

Question #438 Topic 1

A developer is developing a Lambda function and want to use external libraries that are not included in the standard Lambda libraries.

Which operation would result in the least amount of Lambda compute time being consumed?

A. Install the dependencies and external libraries at the beginning of the Lambda function.

B. Create a Lambda deployment package that includes the external libraries.

C. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location.

D. Install the external libraries in Lambda to be available to all Lambda functions.

Correct Answer: D

Community vote distribution

B (100%)
Question #439 Topic 1

The following conditions apply to an application:

✑ Performance efficiency of seconds with up to a minute of latency.

✑ The data storage size may grow up to thousands of terabytes.
✑ Per-message sizes may vary between 100 KB and 100 MB.
✑ Data can be stored as key/value stores supporting eventual consistency.

Which AWS service would be the MOST cost-effective to accomplish these requirements?

A. Amazon DynamoDB

B. Amazon S3

C. Amazon RDS (with a MySQL engine)

D. Amazon ElastiCache

Correct Answer: B

Community vote distribution

B (100%)
 AWS EXAM TOPICS QB

Question #1Topic 1
When launching containers in Amazon ECS, where may PortMapping be defined?

 A. Security groups
 B. Amazon Elastic Container Registry (Amazon ECR)
 C. Container agent
 D. Task definition

Hide Solution Discussion 9

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonECS/latest/userguide/task_definition_parameters.html
Question #2Topic 1
How should access keys be handled in AWS according to best practices? (Select two.)

 A. Use the same access key in all applications for consistency.

 B. Delete all access keys for the account root user.
 C. Leave unused access keys in the account for tracking purposes.
 D. Embed and encrypt access keys in code for continuous deployment.
 E. Use Amazon IAM roles instead of access keys where possible.

Hide Solution Discussion 12

Correct Answer: BE
Reference:
https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#iam-user-
access-keys
Question #3Topic 1
What is the run order of the hooks for in-place deployments in an AWS CodeDeploy
deployment?

 A. Before Install -> Application Stop -> Application Start -> After Install
 B. Application Stop -> Before Install -> After Install -> Application Start
 C. Before Install -> Application Stop -> Validate Service -> Application Start
 D. Application Stop -> Before Install -> Validate Service -> Application Start

Hide Solution Discussion 10

Correct Answer: B
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-
hooks.html
Question #4Topic 1
Data is read from an Amazon DynamoDB database by an application. The program gets
several ProvisionedThroughputExceeded errors many times a day for a duration of 15
seconds.
What should be done with this exception?

 A. Create a new global secondary index for the table to help with the additional
requests.
 B. Retry the failed read requests with exponential backoff.
 C. Immediately retry the failed read requests.
 D. Use the DynamoDB ‫ג‬€UpdateItem‫ג‬€ API to increase the provisioned throughput
capacity of the table.

Hide Solution Discussion 9

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-query-scan.html
Question #5Topic 1
What section of the document root must be included in an AWS CloudFormation template to
include objects specified by the AWS Serverless Application Model (SAM) in addition to
Resources?

 A. Conditions
 B. Globals
 C. Transform
 D. Properties

Hide Solution Discussion 31

Correct Answer: D
Reference:
https://docs.aws.amazon.com/cloud9/latest/user-guide/lambda-functions.html
Question #6Topic 1
A developer recognizes the need for centralized storage of application-level logs while
designing an application that runs on Amazon EC2 in an Amazon VPC.

Which AWS service can be utilized to store these logs securely?

 A. Amazon EC2 VPC Flow Logs

 B. Amazon CloudWatch Logs
 C. Amazon CloudSearch
 D. AWS CloudTrail

Hide Solution Discussion 14

Correct Answer: B
Reference:
https://aws.amazon.com/answers/logging/centralized-logging/
Question #7Topic 1
What are the requirements for configuring container instances in an AWS Elastic Beanstalk
multi-container Docker environment?
  A. An Amazon ECS task definition
 B. An Amazon ECS cluster
 C. A Dockerfile in an application package
 D. A CLI for Elastic Beanstalk

Hide Solution Discussion 27

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html
Question #8Topic 1
A developer must install a serverless RESTful API on AWS regularly and consistently.

Which strategies will be effective? (Select two.)

 A. Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.
 B. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.
 C. Deploy a SAM template with an inline Swagger definition.
 D. Define a Swagger file. Deploy a SAM template that references the Swagger file.
 E. Define an inline Swagger definition in a Lambda function. Invoke the Lambda
function.

Hide Solution Discussion 16

Correct Answer: DE

Question #9Topic 1
Amazon Kinesis is used to load data into a stock market monitoring application. The Kinesis
stream cannot keep up with the incoming data during simulated peak data rates testing.

What step will enable Kinesis to handle peak-hour traffic?

 A. Install the Kinesis Producer Library (KPL) for ingesting data into the stream.
 B. Reduce the data retention period to allow for more data ingestion using
DecreaseStreamRetentionPeriod.
 C. Increase the shard count of the stream using UpdateShardCount.
 D. Ingest multiple records into the stream in a single call using PutRecords.

Hide Solution Discussion 35

Correct Answer: A
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/
Question #10Topic 1
AWS services must be accessed and API calls must be made by an application running on an
Amazon EC2 instance.
What is the SAFEST approach to grant access to AWS services with the least amount of
administration overhead?
  A. Use AWS KMS to store and retrieve credentials.
 B. Use EC2 instance profiles.
 C. Use AWS root user to make requests to the application.
 D. Store and retrieve credentials from AWS CodeCommit.

Hide Solution Discussion 24

Correct Answer: C

Question #11Topic 1
With production-distributed applications created as AWS Lambda functions, a developer
must investigate performance issues. Other components of the applications are invoked by
these distributed Lambda applications.
What is the best way for a developer to discover and resolve the root cause of production
performance issues?

 A. Add logging statements to the Lambda functions, then use Amazon CloudWatch to
view the logs.
 B. Use AWS CloudTrail and then examine the logs.
 C. Use AWS X-Ray, then examine the segments and errors.
 D. Run Amazon Inspector agents and then analyze performance.

Hide Solution Discussion 14

Correct Answer: C

Question #12Topic 1
What is the advantage of instantiating AWS clients outside the scope of the handler when
constructing a Lambda function?

 A. Legibility and stylistic convention

 B. Taking advantage of connection re-use
 C. Better error handling
 D. Creating a new instance per invocation

Hide Solution Discussion 19

Correct Answer: B
Reference:
https://www.jeremydaly.com/reuse-database-connections-aws-lambda/
Question #13Topic 1
Thousands of sensitive audio and video data must be stored in an Amazon S3 bucket. All data
written to this bucket must be encrypted according to organizational security rules.

How can this policy's compliance be ensured?

  A. Use AWS Lambda to send notifications to the security team if unencrypted objects
are pun in the bucket.
 B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not
contain the x-amz-server-side-encryption header.
 C. Create an Amazon CloudWatch event rule to verify that all objects stored in the
Amazon S3 bucket are encrypted.
 D. Configure an Amazon S3 bucket policy to prevent the upload of objects that
contain the x-amz-server-side-encryption header.

Hide Solution Discussion 12

Correct Answer: B

Question #14Topic 1
Before code is released into the production environment, the release process workflow of an
application needs human review.

What is the MOST EFFECTIVE method to do this using AWS CodePipeline?

 A. Use multiple pipelines to allow approval

 B. Use an approval action in a stage
 C. Disable the stage transition to allow manual approval
 D. Disable a stage just prior the deployment stage

Hide Solution Discussion 25

Correct Answer: D

Question #15Topic 1
When attempting to start or stop an Amazon EC2 instance using a boto3 script, the developer
gets the following error message.

What is the developer's responsibility in resolving this error message?

 A. Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of
the client.
 B. Implement an exponential backoff algorithm for optimizing the number of API
requests made to Amazon EC2.
 C. Increase the overall network bandwidth to handle higher API request rates.
 D. Upgrade to the latest AWS CLI version so that boto3 can handle higher request
rates.

Hide Solution Discussion 4

Correct Answer: B
Reference:
https://docs.aws.amazon.com/general/latest/gr/api-retries.html
Question #16Topic 1
On an EC2 instance, an application is executing. The developer wishes to keep a statistic
about his program in Amazon CloudWatch.

How should this requirement be implemented optimally?

 A. Use the PUT Object API call to send data to an S3 bucket. Use an event
notification to invoke a Lambda function to publish data to CloudWatch.
 B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call.
Subscribe a Lambda function that publishes data to CloudWatch.
 C. Use the CloudWatch PutMetricData API call to submit a custom metric to
CloudWatch. Provide the required credentials to enable the API call.
 D. Use the CloudWatch PutMetricData API call to submit a custom metric to
CloudWatch. Launch the EC2 instance with the required IAM role to enable the API
call.

Hide Solution Discussion 17

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mon-scripts.html
Question #17Topic 1
What are the best practices for using bespoke libraries in AWS Lambda?

 A. Host the library on Amazon S3 and reference to it from the Lambda function.
 B. Install the library locally and upload a ZIP file of the Lambda function.
 C. Import the necessary Lambda blueprint when creating the function.
 D. Modify the function runtime to include the necessary library.

Hide Solution Discussion 25

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html
Question #18Topic 1
The application components of a big firm are scattered across several AWS accounts. The
organization must gather and display account-level trace data.

What materials should be utilized to achieve these specifications?

 A. AWS X-Ray
 B. Amazon CloudWatch
 C. Amazon VPC flow logs
 D. Amazon Elasticsearch Service
Hide Solution Discussion 7
Correct Answer: A
Reference:
https://aws.amazon.com/xray/
Question #19Topic 1
Amazon DynamoDB is used by a corporation to manage and track orders. The order date is
used to split the DynamoDB table. During a sales event, the company receives a large spike
in orders, forcing DynamoDB writes to choke, and the used throughput is considerably lower
than the permitted throughput.
How can this issue be rectified with MINIMAL expenses, according to AWS best practices?

 A. Create a new DynamoDB table for every order date.

 B. Increase the read and write capacity units of the DynamoDB table.
 C. Add a random number suffix to the partition key values.
 D. Add a global secondary index to the DynamoDB table.

Hide Solution Discussion 21

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/throttled-ddb/
Question #20Topic 1
An Amazon S3 bucket is used to host a static website. JavaScript is used on many HTML
pages on the site to retrieve photos from another Amazon S3 bucket. When people explore
the site, certain photos are not shown.

What may be the underlying source of the problem?

 A. The referenced Amazon S3 bucket is in another region.

 B. The images must be stored in the same Amazon S3 bucket.
 C. Port 80 must be opened on the security group in which the Amazon S3 bucket is
located.
 D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.

Hide Solution Discussion 20

Correct Answer: D

Question #21Topic 1
Each hour, a business must consume terabytes of data from hundreds of sources, which arrive
practically continuously throughout the day. The quantity of texts produced changes during
the day. For fraud detection and live operating dashboards, messages must be sent in real
time.

Which strategy will satisfy these criteria?

  A. Send the messages to an Amazon SQS queue, then process the messages by using
a fleet of Amazon EC2 instances
 B. Use the Amazon S3 API to write messages to an S3 bucket, then process the
messages by using Amazon Redshift
 C. Use AWS Data Pipeline to automate the movement and transformation of data
 D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and
deliver messages

Hide Solution Discussion 13

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/
Question #22Topic 1
A business processes papers that arrive through an Amazon S3 bucket. Through a web user
interface, users may upload documents to an S3 bucket. When files are received in S3, an
AWS Lambda function is executed to handle them, however the Lambda function
periodically times out.

What happens to the S3 event if the Lambda function is setup with the default settings?

 A. Notification of a failed S3 event is send as an email through Amazon SNS.

 B. The S3 event is sent to the default Dead Letter Queue.
 C. The S3 event is processed until it is successful.
 D. The S3 event is discarded after the event is retried twice.

Hide Solution Discussion 16

Correct Answer: A

Question #27Topic 1

A considerable amount of read capacity is being used by queries to an Amazon DynamoDB

database. There are a high number of huge characteristics in the table. The program does not
need the whole set of attribute data.

How may DynamoDB expenses be lowered while application performance be maximized?

 A. Batch all the writes, and perform the write operations when no or few reads are
being performed.
 B. Create a global secondary index with a minimum set of projected attributes.
 C. Implement exponential backoffs in the application.
 D. Load balance the reads to the table using an Application Load Balancer.

Hide Solution Discussion 25

Correct Answer: B
Question #24Topic 1
Data is stored in an S3 bucket by an application operating on EC2 instances. All data must be
encrypted in transit, according to security rules.

How can the developer encrypt all traffic to the S3 bucket?

 A. Install certificates on the EC2 instances.

 B. Create a bucket policy that allows traffic where SecureTransport is true.
 C. Create an HTTPS redirect on the EC2 instances.
 D. Create a bucket policy that denies traffic where SecureTransport is false.

Hide Solution Discussion 34

Correct Answer: B

Question #25Topic 1
An program overwrites an item in Amazon S3, then reads the identical object
instantaneously.

Why might the program sometimes get an object's previous version?

 A. S3 overwrite PUTS are eventually consistent, so the application may read the old
object.
 B. The application needs to add extra metadata to label the latest version when
uploading to Amazon S3.
 C. All S3 PUTS are eventually consistent, so the application may read the old object.
 D. The application needs to explicitly specify latest version when retrieving the
object.

Hide Solution Discussion 22

Correct Answer: A

Question #32Topic 1

A legacy service has a SOAP interface that is XML-based. The developer want to use the
Amazon API Gateway to expose the service's capabilities to external customers.

Which approach is necessary to do this?

 A. Create a RESTful API with the API Gateway; transform the incoming JSON into a
valid XML message for the SOAP interface using mapping templates.
 B. Create a RESTful API with the API Gateway; pass the incoming JSON to the
SOAP interface through an Application Load Balancer.
 C. Create a SOAP API with the API Gateway; pass the incoming XML to the SOAP
interface through an Application Load Balancer.
  D. Create a SOAP API with the API Gateway; transform the incoming XML into a
valid message for the SOAP interface using mapping templates.

Hide Solution Discussion 26

Correct Answer: A

Question #27Topic 1
As a big state machine, the existing design makes use of several Lambda functions calling
one another. This state machine's coordination is handled by old bespoke code that is prone to
failure.

Which AWS Service can assist with state machine refactoring and management?

 A. AWS Data Pipeline

 B. AWS SNS with AWS SQS
 C. Amazon Elastic MapReduce
 D. AWS Step Functions

Hide Solution Discussion 19

Correct Answer: D
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-creating-lambda-state-
machine.html
Question #28Topic 1
A business is building a new online game using the Amazon ECS platform. The design will
have four separate Amazon ECS services, each of which will need unique permissions to
various AWS services. By bin packing the containers depending on memory reservation, the
business hopes to optimize the utilization of the underlying Amazon EC2 instances.

Which configuration would enable the Development team to accomplish these criteria in the
most secure manner possible?

 A. Create a new Identity and Access Management (IAM) instance profile containing
the required permissions for the various ECS services, then associate that instance
role with the underlying EC2 instances.
 B. Create four distinct IAM roles, each containing the required permissions for the
associated ECS service, then configure each ECS service to reference the associated
IAM role.
 C. Create four distinct IAM roles, each containing the required permissions for the
associated ECS service, then, create an IAM group and configure the ECS cluster to
reference that group.
 D. Create four distinct IAM roles, each containing the required permissions for the
associated ECS service, then configure each ECS task definition to referenׁe the
associated IAM role.
Hide Solution Discussion 19
Correct Answer: C

Question #29Topic 1
A developer wishes to search and filter log data in order to troubleshoot an application.
Amazon CloudWatch Logs stores the application logs. To count exceptions in the application
logs, the Developer sets a new metric filter. The logs, on the other hand, return no results.
What is the cause for the absence of filtered results?

 A. A setup of the Amazon CloudWatch interface VPC endpoint is required for

filtering the CloudWatch Logs in the VPC
 B. CloudWatch Logs only publishes metric data for events that happen after the filter
is created
 C. The log group for CloudWatch Logs should be first streamed to Amazon
Elasticsearch Service before metric filtering returns the results
 D. Metric data points for logs groups can be filtered only after they are exported to an
Amazon S3 bucket

Hide Solution Discussion 11

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringLogData.html
Question #30Topic 1
The processing of an Amazon SQS message by an application takes longer than planned.

What should the developer do to ensure that other instances of the program do not get the
same message?

 A. Make a ReceiveMessage call to get the same message again from the queue
 B. Issue a DeleteMessage call to delete the message from the queue
 C. Use SendMessage to pass the message to the dead letter queue
 D. Send a ChangeMessageVisibility call to extend VisibilityTimeout

Hide Solution Discussion 5

Correct Answer: A

Question #31Topic 1
For its application database tier, a corporation uses Amazon RDS MySQL instances, and for
its web tier, Apache Tomcat servers. Repeated read requests make up the majority of
database queries from web apps.
Which AWS service would benefit from the addition of an in-memory store for repeated read
queries?
  A. Amazon RDS Multi-AZ
 B. Amazon SQS
 C. Amazon ElastiCache
 D. Amazon RDS read replica

Hide Solution Discussion 22

Correct Answer: A

Question #32Topic 1
As a big state machine, the existing design makes use of several Lambda functions calling
one another. This state machine's coordination is handled by old bespoke code that is prone to
failure.

Which AWS Service can assist with state machine refactoring and management?

 A. AWS Data Pipeline

 B. AWS SNS with AWS SQS
 C. Amazon Elastic MapReduce
 D. AWS Step Functions

Hide Solution Discussion 18

Correct Answer: D

Question #33Topic 1
An API Gateway and AWS Lambda are used in a serverless application.

Where should the Lambda function's session data be stored between function calls?

 A. In an Amazon DynamoDB table

 B. In an Amazon SQS queue
 C. In the local filesystem
 D. In an SQLite session table using ‫ג‬€"DSQLITE_ENABLE_SESSION

Hide Solution Discussion 36

Correct Answer: A

Question #34Topic 1
A Linux, Apache, MySQL, and PHP (LAMP) stack is used to construct an on-premises
application. The developer want to host this application on Amazon Web Services.

Which of the following AWS service sets is appropriate for running this stack?

 A. Amazon API Gateway, Amazon S3

 B. AWS Lambda, Amazon DynamoDB
 C. Amazon EC2, Amazon Aurora
  D. Amazon Cognito, Amazon RDS
 E. Amazon ECS, Amazon EBS

Hide Solution Discussion 12

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/php-ha-
tutorial.html?icmpid=docs_tutorial_projects
Question #35Topic 1
When a developer calls the Amazon CloudWatch API, he receives HTTP 400:
ThrottlingException errors sporadically. When a call is not successful, no data is obtained.

Which best practice should be implemented first in order to remedy this issue?

 A. Contact AWS Support for a limit increase.

 B. Use the AWS CLI to get the metrics
 C. Analyze the applications and remove the API call
 D. Retry the call with exponential backoff

Hide Solution Discussion 41

Correct Answer: B

Question #36Topic 1
Where in the application source bundle should an Elastic Beanstalk configuration file called
healthcheckur1.config be placed?

 A. In the root of the application

 B. In the bin folder
 C. In healthcheckur1.config.ebextension under root
 D. In the .ebextensions folder

Hide Solution Discussion 13

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
Question #37Topic 1
A corporation uses Amazon API Gateway and the API Gateway native API key validation to
maintain a REST service. Users can now join up for the service through a new registration
website that was recently developed by the corporation. The registration page uses
CreateApiKey to generate a new API key and sends it to the user. The user receives a 403
Forbidden error when attempting to call the API with this key. Existing API users are
unaffected and can continue to utilize it.
What changes to the code will allow these additional users to access the API?

 A. The createDeployment method must be called so the API can be redeployed to

include the newly created API key.
  B. The updateAuthorizer method must be called to update the API‫ג‬€™s authorizer to
include the newly created API key.
 C. The importApiKeys method must be called to import all newly created API keys
into the current stage of the API.
 D. The createUsagePlanKey method must be called to associate the newly created
API key with the correct usage plan.

Hide Solution Discussion 30

Correct Answer: C

Question #38Topic 1
Multiple EC2 instances are used to execute an application behind an ELB.

Where is the ideal place to store session data so that it can be consistently delivered over
numerous requests?

 A. Write data to Amazon ElastiCache

 B. Write data to Amazon Elastic Block Store.
 C. Write data to Amazon EC2 Instance Store.
 D. Write data to the root filesystem.

Hide Solution Discussion 11

Correct Answer: A
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/microservices-on-
aws/microservices-on-aws.pdf?icmpid=link_from_whitepapers_page
(14)
Question #39Topic 1
A development team is now supporting an application that saves cumulative gaming
outcomes in an in-memory store. A database is used to keep individual outcomes. The team
must employ automated scaling as part of the migration to AWS. The team is aware that this
will result in uneven outcomes.

Where should the team keep these gathered game outcomes in order to achieve the highest
level of consistency without jeopardizing performance?

 A. Amazon S3
 B. Amazon RDS
 C. Amazon ElastiCache
 D. Amazon Kinesis

Hide Solution Discussion 15

Correct Answer: C

Question #40Topic 1
A developer is developing an application for Amazon EC2 instances. To read and write
records, the application must establish a connection to an Amazon DynamoDB database. The
security staff must change access keys on a regular basis.
Which technique will meet these criteria?

 A. Create an IAM role with read and write access to the DynamoDB table. Generate
access keys for the user and store the access keys in the application as environment
variables.
 B. Create an IAM user with read and write access to the DynamoDB table. Store the
user name and password in the application and generate access keys using an AWS
SDK.
 C. Create an IAM role, configure read and write access for the DynamoDB table, and
attach to the EC2 instances.
 D. Create an IAM user with read and write access to the DynamoDB table. Generate
access keys for the user and store the access keys in the application as a credentials
file.

Hide Solution Discussion 9

Correct Answer: D

Question #41Topic 1
A developer is using Amazon S3 to store critical documents that need encryption at rest. At
the very least, the encryption keys must be cycled yearly.

What is the simplest method for doing this?

 A. Encrypt the data before sending it to Amazon S3

 B. Import a custom key into AWS KMS with annual rotation enabled
 C. Use AWS KMS with automatic key rotation
 D. Export a key from AWS KMS to encrypt the data

Hide Solution Discussion 24

Correct Answer: B

Question #42Topic 1
A business delivers APIs as a service and binds all of its users to a service level agreement
(SLA).

What should the organization do to ensure compliance with each SLA?

 A. Enable throttling limits for each method in Amazon API Gateway

 B. Create a usage plan for each user and request API keys to access the APIs
  C. Enable API rate limiting in Amazon Cognito for each user
 D. Enable default throttling limits for each stage after deploying the APIs

Hide Solution Discussion 6

Correct Answer: D

Question #43Topic 1
Returning consumers may log in to see personalized web pages on an e-commerce site. The
process is shown below:

On EC2 instances, an application is executing. The database that records user accounts and
preferences is hosted on Amazon RDS. While waiting for the login stage to finish, the
website freezes or loads slowly. The remainder of the site's components are properly
optimized.

Which of the following strategies will effectively fix this situation? (Select two.)

 A. Implement the user login page as an asynchronous Lambda function.

 B. Use Amazon ElastiCache for MemCached to cache user data.
 C. Use an Amazon Application Load Balancer to load balance the traffic to the
website.
 D. Call the database asynchronously so the code can continue executing.
 E. Batch login requests from hundreds of users together as a single read request to the
database.
Hide Solution Discussion 13
Correct Answer: BD

Question #44Topic 1
An application developer is tasked with integrating Amazon CloudWatch into an on-premises
environment.

According to AWS security best practices, how should the application use CloudWatch?

 A. Configure AWS credentials in the application server with an AWS SDK

 B. Implement and proxy API-calls through an EC2 instance
 C. Store IAM credentials in the source code to enable access
 D. Add the application server SSH-key to AWS

Hide Solution Discussion 5

Correct Answer: A

Question #45Topic 1
A vast number of tiny messages are ingested by an application and stored in a database. AWS
Lambda is used to power the application. A development team is making adjustments to the
processing logic of the program. Each message is processing more than 15 minutes in testing.
The team is worried that the present backend will fail to function properly.

Which improvements to the backend system should be implemented to guarantee that each
message is treated in the most scalable manner possible?

 A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to
poll the queue and process messages as they arrive.
 B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an
Auto Scaling group to poll the queue and process the messages as they arrive.
 C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for
increased processing time.
 D. Change the application to directly insert the body of the message into an Amazon
RDS database.

Hide Solution Discussion 9

Correct Answer: B

Question #46Topic 1
A developer attempts to use the command aws configure after installing the AWS CLI and
gets the following error:
aws: command not found Error: aws: command not found

Which of the following is the most probable source of this error?

 A. The aws executable is not in the PATH environment variable.

  B. Access to the aws executable has been denied to the installer.
 C. Incorrect AWS credentials were provided.
 D. The aws script does not have an executable file mode.

Hide Solution Discussion 16

Correct Answer: A

Question #47Topic 1
In an Amazon DynamoDB database, a game holds user game data. Individual users should
not have access to the gaming data of other players.

How is this possible?

 A. Encrypt the game data with individual user keys.

 B. Restrict access to specific items based on certain primary key values.
 C. Stage data in SQS queues to inject metadata before accessing DynamoDB.
 D. Read records from DynamoDB and discard irrelevant data client-side.

Hide Solution Discussion 13

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-
conditions.html
Question #48Topic 1
A developer created a static website hosted on Amazon S3 that uses Amazon API Gateway
and AWS Lambda to conduct web service queries. The site is now displaying an error
message that reads as follows:
The requested resource does not have an Access-Control-Allow-Origin€TM header. As a
result, origin € null€TM is denied access. `

What is the Developer's responsibility in resolving this issue?

 A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

 B. Enable cross-origin resource sharing (CORS) for the method in API Gateway
 C. Add the Access-Control-Request-Method header to the request
 D. Add the Access-Control-Request-Headers header to the request

Hide Solution Discussion 6

Correct Answer: B
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=252972
Question #49Topic 1
A multi-Amazon EC2 instance application reads messages from a typical Amazon SQS
queue. All communications must be encrypted at rest as a requirement of the program.
When feasible, developers are urged to employ approaches that enable centralized key
management and reduce support needs.
Which of the following solutions adheres to these specifications?

 A. Encrypt individual messages by using client-side encryption with customer

managed keys, then write to the SQS queue.
 B. Encrypt individual messages by using SQS Extended Client and the Amazon S3
encryption client.
 C. Create an SQS queue, and encrypt the queue by using sewer-side encryption with
AWS KMS.
 D. Create an SQS queue, and encrypt the queue by using client-side encryption.

Hide Solution Discussion 9

Correct Answer: B

Question #50Topic 1
A developer must use an AWS CloudFormation template to launch a new AWS Lambda
function.

Which processes are responsible for deploying Lambda functions? (Select two.)

 A. Upload the code to an AWS CodeCommit repository, then add a reference to it in

an AWS::Lambda::Function resource in the template.
 B. Create an AWS::Lambda::Function resource in the template, then write the code
directly inside the CloudFormation template.
 C. Upload a .ZIP file containing the function code to Amazon S3, then add a reference
to it in an AWS::Lambda::Function resource in the template.
 D. Upload a .ZIP file to AWS CloudFormation containing the function code, then add
a reference to it in an AWS::Lambda::Function resource in the template.
 E. Upload the function code to a private Git repository, then add a reference to it in an
AWS::Lambda::Function resource in the template.

Hide Solution Discussion 19

Correct Answer: BD

Question #51Topic 1
A developer want to utilize AWS X-Ray to monitor the end-to-end performance of a user
request across the whole software stack. The developer modified the program, tested it, and
discovered that it is capable of sending traces to AWS X-Ray. The traces, on the other hand,
are not accessible when the program is deployed to an EC2 instance.

Which of the following is most likely to result in this situation? (Select two.)
  A. The traces are reaching X-Ray, but the Developer does not have access to view the
records.
 B. The X-Ray daemon is not installed on the EC2 instance.
 C. The X-Ray endpoint specified in the application configuration is incorrect.
 D. The instance role does not have ‫ג‬€xray:BatchGetTraces‫ג‬€ and
‫ג‬€xray:GetTraceGraph‫ג‬€ permissions.
 E. The instance role does not have ‫ג‬€xray:PutTraceSegments‫ג‬€ and
‫ג‬€xray:PutTelemetryRecords‫ג‬€ permissions.

Hide Solution Discussion 11

Correct Answer: BE

Question #52Topic 1
An application extracts metadata from files uploaded to an S3 bucket using Lambda
functions; the information is then saved in Amazon DynamoDB. The program begins to
behave strangely, and the developer want to investigate the Lambda function code's logs for
faults.

Where would the Developer look for logs based on this system configuration?

 A. Amazon S3
 B. AWS CloudTrail
 C. Amazon CloudWatch
 D. Amazon DynamoDB

Hide Solution Discussion 13

Correct Answer: C

Question #53Topic 1
The upload to Amazon S3 of a 15 GB item fails. The error message reads as follows: €The
size of the item you are proposing to upload exceeds the maximum permitted.

How will the Developer submit this object?

 A. Upload the object using the multi-part upload API.

 B. Upload the object over an AWS Direct Connect connection.
 C. Contact AWS Support to increase the object size limit.
 D. Upload the object to another AWS region.

Hide Solution Discussion 16

Correct Answer: A
Reference:
https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-
KACOEWK92oCmeCwuj4t/s3-question-on-multi-part-upload
Question #54Topic 1
What is the purpose of an Amazon SQS delay queue?
  A. Messages are hidden for a configurable amount of time when they are first added
to the queue.
 B. Messages are hidden for a configurable amount of time after they are consumed
from the queue.
 C. The consumer can poll the queue for a configurable amount of time before
retrieving a message.
 D. Message cannot be deleted for a configurable amount of time after they are
consumed from the queue.

Hide Solution Discussion 12

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-
delay-queues.html
Question #55Topic 1
A business operates an e-commerce website that makes use of Amazon DynamoDB to
dynamically adjust the price of products in real time. At any one moment, numerous changes
to price information for a specific product may occur concurrently. This results in the
overwriting of the original editor's modifications without a thorough review procedure.

Which write option in DynamoDB should be used to avoid this overwriting?

 A. Concurrent writes
 B. Conditional writes
 C. Atomic writes
 D. Batch writes

Hide Solution Discussion 11

Correct Answer: B

Question #56Topic 1
A business is developing an ecommerce website, and the static data will be stored on Amazon
S3. The business anticipates roughly 1,000 GET and PUT requests per second (TPS). All
queries must be logged and maintained for auditing reasons.

Which approach is the MOST cost-effective?

 A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90
days.
 B. Enable S3 server access logging and create a lifecycle policy to expire the data in
90 days.
 C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to expire the data in 90 days.
 D. Enable S3 server access logging and create a lifecycle policy to move the data to
Amazon S3 Glacier in 90 days.
Hide Solution Discussion 32
Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-request-identification.html
Question #57Topic 1
A business has an application in which reading items from Amazon S3 is conditional on the
user type. There are two sorts of users: registered and visitor. The firm now has 25,000 users
and is expanding at a rapid pace. Depending on the user type, data is fetched from an S3
bucket.

Which techniques are advised for accommodating both sorts of users? (Select two.)

 A. Provide a different access key and secret access key in the application code for
registered users and guest users to provide read access to the objects.
 B. Use S3 bucket policies to restrict read access to specific IAM users.
 C. Use Amazon Cognito to provide access using authenticated and unauthenticated
roles.
 D. Create a new IAM user for each user and grant read access.
 E. Use the AWS IAM service and let the application assume the different roles using
the AWS Security Token Service (AWS STS) AssumeRole action depending on the
type of user and provide read access to Amazon S3 using the assumed role.

Hide Solution Discussion 8

Correct Answer: AB

Question #58Topic 1
Using Amazon API Gateway, a developer has established a REST API. The developer want
to keep track of which callers and how they utilize the API. Additionally, the developer want
to have control over the duration of the logs.

What actions should the developer take to ensure compliance with these requirements?

 A. Enable API Gateway execution logging. Delete old logs using API Gateway
retention settings.
 B. Enable API Gateway access logs. Use Amazon CloudWatch retention settings to
delete old logs.
 C. Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring
AWS Lambda function.
 D. Create and use API Gateway usage plans. Delete old logs with a recurring AWS
Lambda function.

Hide Solution Discussion 8

Correct Answer: C

Question #59Topic 1
A huge e-commerce site is being developed that will use Amazon S3 to distribute static
items. More than 300 GET requests per second will be served from the Amazon S3 bucket.

What changes should be made to improve performance? (Select two.)

 A. Integrate Amazon CloudFront with Amazon S3.

 B. Enable Amazon S3 cross-region replication.
 C. Delete expired Amazon S3 server log files.
 D. Configure Amazon S3 lifecycle rules.
 E. Randomize Amazon S3 key name prefixes.

Hide Solution Discussion 21

Correct Answer: AB
Reference:
http://jayendrapatil.com/aws-s3-best-practices/
Question #60Topic 1
A developer is developing an application that will use Amazon S3 to store data. Before data
is transmitted to Amazon S3 for storage, management requires that it be secured. The
Security team is responsible for managing the encryption keys.

Which strategy should the developer use to satisfy these requirements?

 A. Implement server-side encryption using customer-provided encryption keys (SSE-

C).
 B. Implement server-side encryption by using a client-side master key.
 C. Implement client-side encryption using an AWS KMS managed customer master
key (CMK).
 D. Implement client-side encryption using Amazon S3 managed keys.

Hide Solution Discussion 13

Correct Answer: D
Reference:
https://aws.amazon.com/s3/faqs/

Question #61Topic 1
A developer has designed a software package that will be distributed utilizing IAM roles
across many EC2 servers.

What measures may be taken to validate IAM access to Amazon Kinesis Streams records?
(Select two.)

 A. Use the AWS CLI to retrieve the IAM group.

 B. Query Amazon EC2 metadata for in-line IAM policies.
 C. Request a token from AWS STS, and perform a describe action.
  D. Perform a get action using the ‫ג‬€"-dry-run argument.
 E. Validate the IAM role policy with the IAM policy simulator.

Hide Solution Discussion 11

Correct Answer: BE

Question #62Topic 1
A developer must verify that an application's IAM credentials are not abused or exploited
when running on Amazon EC2.

What should the developer do to ensure the security of user credentials?

 A. Environment variables
 B. AWS credentials file
 C. Instance profile credentials
 D. Command line options

Hide Solution Discussion 10

Correct Answer: D

Question #63Topic 1
Page load times on a website steadily increase as more people visit the system concurrently.
According to the analysis, a user profile is being loaded from a database on each web page
viewed by a user, which increases database load and page load delay. The developer chooses
to cache the user profile data in order to remedy this problem.

Which caching approach would most effectively solve this situation?

 A. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the
profile data within this database using the write-through caching strategy.
 B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-
aside caching strategy.
 C. Use a dedicated Amazon RDS instance for caching profile data. Use a write-
through caching strategy.
 D. Create an ElastiCache cluster to cache the user profile data. Use a write-through
caching strategy.

Hide Solution Discussion 9

Correct Answer: B

Question #64Topic 1
A developer is about to launch an AWS Lambda function that will use a substantial amount
of CPU.

Which technique will minimize the function's average runtime?

  A. Deploy the function into multiple AWS Regions.
 B. Deploy the function into multiple Availability Zones.
 C. Deploy the function using Lambda layers.
 D. Deploy the function with its memory allocation set to the maximum amount.

Hide Solution Discussion 15

Correct Answer: C
Layers let you keep your deployment package small, which makes development easier. You
can avoid errors that can occur when you install and package dependencies with your
function code.
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
(86)
Question #65Topic 1
A business is operating an application that is powered by AWS Lambda services. When a
Lambda function is required to download a 50MB file from the Internet on each run,
performance difficulties arise. Multiple times per second, this function is invoked.

Which approach would result in the greatest performance boost?

 A. Cache the file in the /tmp directory

 B. Increase the Lambda maximum execution time
 C. Put an Elastic Load Balancer in front of the Lambda function
 D. Cache the file in Amazon S3

Hide Solution Discussion 21

Correct Answer: D

Question #66Topic 1
An HTTPS clone URL for an AWS CodeCommit repository is supplied to a developer.

What configuration is required prior to cloning this repository?

 A. Use AWS KMS to set up public and private keys for use with AWS CodeCommit.
 B. Set up the Git credential helper to use an AWS credential profile, and enable the
helper to send the path to the repositories.
 C. Use AWS Certificate Manager to provision public and private SSL/TLS
certificates.
 D. Generate encryption keys using AWS CloudHSM, then export the key for use with
AWS CodeCommitl.

Hide Solution Discussion 6

Correct Answer: B
AWS credential profile, and enabling the Git credential helper to send the path to
repositories:
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html
Question #67Topic 1
A Linux EC2 instance operating on Amazon Web Services requires management of the AWS
architecture.

How may an Amazon EC2 instance be configured to perform secure AWS API calls?

 A. Sign the AWS CLI command using the signature version 4 process.
 B. Run the aws configure AWS CLI command and specify the access key id and
secret access key.
 C. Specify a role for the EC2 instance with the necessary privileges.
 D. Pass the access key id and secret access key as parameters for each AWS CLI
command.

Hide Solution Discussion 11

Correct Answer: C

Question #68Topic 1
What is needed to use AWS X-Ray to trace Lambda-based applications?

 A. Send logs from the Lambda application to an S3 bucket; trigger a Lambda function
from the bucket to send data to AWS X-Ray.
 B. Trigger a Lambda function from the application logs in Amazon CloudWatch to
submit tracing data to AWS X-Ray.
 C. Use an IAM execution role to give the Lambda function permissions and enable
tracing.
 D. Update and add AWS X-Ray daemon code to relevant parts of the Lambda
function to set up the trace.

Hide Solution Discussion 11

Correct Answer: B
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html
Question #69Topic 1
A developer wishes to lower the execution time of a complete Amazon DynamoDB database
scan during off-peak hours without impairing typical workloads. During non-peak hours,
workloads average around half of the highly constant read capacity units.

How would the Developer optimize this scan if he or she were the developer?

 A. Use parallel scans while limiting the rate

 B. Use sequential scans
 C. Increase read capacity units during the scan operation
 D. Change consistency to eventually consistent during the scan operation

Hide Solution Discussion 20

Correct Answer: B

Question #70Topic 1
A developer has an on-premises legacy application. Other AWS-hosted apps rely on the on-
premises application for optimal operation.
In the event of any application failures, the Developer want to be able to monitor and debug
all apps from a single location using Amazon CloudWatch.

How is this accomplished by the Developer?

 A. Install an AWS SDK on the on-premises server to automatically send logs to

CloudWatch.
 B. Download the CloudWatch agent to the on-premises server. Configure the agent to
use IAM user credentials with permissions for CloudWatch.
 C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch
read the files.
 D. Upload log files from the on-premises server to an Amazon EC2 instance and have
the instance forward the logs to CloudWatch.

Hide Solution Discussion 7

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-
Agent-on-premise.html

Question #71Topic 1
A development team has released ten applications that are operating on Amazon EC2
instances. A graphical representation of the data is required by the Operations team.
For each application, there is one critical performance metric. For convenient monitoring, all
of these metrics should be presented on a single screen.
Which actions should the developer take to use Amazon CloudWatch to do this?

 A. Create a custom namespace with a unique metric name for each application.
 B. Create a custom dimension with a unique metric name for each application.
 C. Create a custom event with a unique metric name for each application.
 D. Create a custom alarm with a unique metric name for each application.

Hide Solution Discussion 17

Correct Answer: B
Reference:
http://jayendrapatil.com/tag/cloudwatch/
Question #72Topic 1
On AWS, a business hosts a multi-tiered web application. During a recent increase in traffic,
one of Amazon RDS's key relational databases was unable to handle the volume. Certain read
queries for frequently visited objects failed, resulting in error messages being shown to users.

What can be done to reduce the effect of future traffic surges on database read queries most
efficiently?

 A. Use Amazon S3 to cache database query results.

 B. Use Amazon RDS as a custom origin for Amazon CloudFront.
 C. Use local storage and memory on Amazon EC2 instances to cache data.
 D. Use Amazon ElastiCache in front of the primary database to cache data.

Hide Solution Discussion 16

Correct Answer: B

Question #73Topic 1
Due to increasing demand, an application is having performance challenges. This increasing
demand is for read-only historical records that are extracted using bespoke views and queries
from an Amazon RDS-hosted database. A developer's objective is to optimize performance
without altering the database's structure.

Which technique will maximize performance while minimizing management costs?

 A. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB.
 B. Deploy Amazon ElastiCache for Redis and cache the data for the application.
 C. Deploy Memcached on Amazon EC2 and cache the data for the application.
 D. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve
cache performance.

Hide Solution Discussion 9

Correct Answer: B

Question #74Topic 1
A business must send firmware upgrades to all of its consumers worldwide.

Which solution will provide simple and secure control of download access at the lowest
possible cost?

 A. Use Amazon CloudFront with signed URLs for Amazon S3

 B. Create a dedicated Amazon CloudFront Distribution for each customer
 C. Use Amazon CloudFront with AWS Lambda@Edge
 D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

Hide Solution Discussion 13

Correct Answer: A

Question #75Topic 1
A business want to use Amazon API Gateway to enable authentication for its new REST
service. Each request must include HTTP headers including a client ID and a user ID in order
to authenticate the calls. These credentials must be matched to data stored in an Amazon
DynamoDB database for authentication.

What actions MUST the company take to implement this authorization in the API
global Gateway?

 A. Implement an AWS Lambda authorizer that references the DynamoDB

authentication table
 B. Create a model that requires the credentials, then grant API Gateway access to the
authentication table
 C. Modify the integration requests to require the credentials, then grant API Gateway
access to the authentication table
 D. Implement an Amazon Cognito authorizer that references the DynamoDB
authentication table

Hide Solution Discussion 13

Correct Answer: D

Question #76Topic 1
A developer is in the process of transferring legacy apps to AWS. These apps will be
launched on Amazon EC2 instances and will utilize MongoDB as their main data storage.
Management expects developers to make minimal modifications to apps while using AWS
services.

Which option should the developer use to host MongoDB on Amazon Web Services (AWS)?

 A. Install MongoDB on the same instance where the application is running.

 B. Deploy Amazon DocumentDB in MongoDB compatibility mode.
 C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon
DynamoDB.
 D. Replicate the existing MongoDB workload to Amazon DynamoDB.

Hide Solution Discussion 7

Correct Answer: D

Question #77Topic 1
Through an API, a company's fleet of Amazon EC2 instances collects data from millions of
consumers. To guarantee high access rates, the servers batch the data, create an object for
each user, and upload the objects to an S3 bucket. Customer ID, Server ID, TS-Server
(TimeStamp and Server ID), the object's size, and a timestamp are the object's properties. A
developer wishes to locate all items gathered for a particular user during a certain time
period.

How can the developer accomplish this need after establishing an S3 object created event?
  A. Execute an AWS Lambda function in response to the S3 object creation events that
creates an Amazon DynamoDB record for every object with the Customer ID as the
partition key and the Server ID as the sort key. Retrieve all the records using the
Customer ID and Server ID attributes.
 B. Execute an AWS Lambda function in response to the S3 object creation events that
creates an Amazon Redshift record for every object with the Customer ID as the
partition key and TS-Server as the sort key. Retrieve all the records using the
Customer ID and TS-Server attributes.
 C. Execute an AWS Lambda function in response to the S3 object creation events that
creates an Amazon DynamoDB record for every object with the Customer ID as the
partition key and TS-Server as the sort key. Retrieve all the records using the
Customer ID and TS-Server attributes.
 D. Execute an AWS Lambda function in response to the S3 object creation events that
creates an Amazon Redshift record for every object with the Customer ID as the
partition key and the Server ID as the sort key. Retrieve all the records using the
Customer ID and Server ID attributes.

Hide Solution Discussion 8

Correct Answer: C

Question #78Topic 1
A business need a fully managed source control solution that is compatible with AWS. By
sharing sets of changes peer-to-peer, the service must guarantee that revision control
synchronizes various dispersed repositories. All users must be productive regardless of
whether they are connected to a network.

Which version control system should I use?

 A. Subversion
 B. AWS CodeBuild
 C. AWS CodeCommit
 D. AWS CodeStar

Hide Solution Discussion 15

Correct Answer: C

Question #79Topic 1
A developer is tasked with the responsibility of creating a cache layer in front of Amazon
RDS. In the event of a service outage, it is costly to regenerate cached material.

Which of the following implementations would work best in terms of uptime?

 A. Implement Amazon ElastiCache Redis in Cluster Mode

 B. Install Redis on an Amazon EC2 instance.
 C. Implement Amazon ElastiCache Memcached.
 D. Migrate the database to Amazon Redshift.
Hide Solution Discussion 27
Correct Answer: A
Reference:
https://aws.amazon.com/blogs/database/automating-sql-caching-for-amazon-elasticache-and-
amazon-rds/
Question #80Topic 1
A corporation is deploying one of their apps using AWS CodePipeline. The delivery pipeline
is triggered by modifications to the master branch of an AWS CodeCommit repository and
utilizes AWS CodeBuild for the test and build phases, as well as AWS CodeDeploy for
application deployment.
For many months, the pipeline has operated effectively with no adjustments. AWS
CodeDeploy failed to deploy the updated application as planned after a recent modification to
the application's source code.

What may be the underlying causes? (Select two.)

 A. The change was not made in the master branch of the AWS CodeCommit
repository.
 B. One of the earlier stages in the pipeline failed and the pipeline has terminated.
 C. One of the Amazon EC2 instances in the company‫ג‬€™s AWS CodePipeline
cluster is inactive.
 D. The AWS CodePipeline is incorrectly configured and is not executing AWS
CodeDeploy.
 E. AWS CodePipeline does not have permissions to access AWS CodeCommit.

Hide Solution Discussion 18

Correct Answer: BC

Question #81Topic 1
A developer wishes to get a list of objects from an Amazon DynamoDB table's global
secondary index.

Which DynamoDB API call should the developer use to utilize the fewest read capacity units
possible?

 A. Scan operation using eventually-consistent reads

 B. Query operation using strongly-consistent reads
 C. Query operation using eventually-consistent reads
 D. Scan operation using strongly-consistent reads

Hide Solution Discussion 17

Correct Answer: C

Question #82Topic 1
A developer is attempting to use the SDK to perform API requests. The application's IAM
user credentials need multi-factor authentication for all API requests.

Which mechanism does the developer use to get access to the API that is protected by multi-
factor authentication?

 A. GetFederationToken
 B. GetCallerIdentity
 C. GetSessionToken
 D. DecodeAuthorizationMessage

Hide Solution Discussion 9

Correct Answer: C

Question #83Topic 1
There are two categories of members on a video-hosting website: those who pay a charge and
those who do not. Each video upload creates a message in Amazon Simple Queue Service
(SQS). Each video is processed by a fleet of Amazon EC2 instances that poll Amazon SQS.
The developer must guarantee that the developer processes the films submitted by paying
users first.

How is the developer to achieve this criterion?

 A. Create two SQS queues; one for paying members, and one for non-paying
members. Poll the paying member queue first and then poll the non-paying member
queue.
 B. Use SQS to set priorities on individual items within a single queue; give the paying
members‫ג‬€™ videos the highest priority.
 C. Use SQS to set priorities on individual items within a single queue and use
Amazon SNS to encode the videos.
 D. Create two Amazon SNS topics: one for paying members and one for non-paying
members. Use SNS topic subscription priorities to differentiate between the two types
of members.

Hide Solution Discussion 7

Correct Answer: B

Question #84Topic 1
The development team is now hard at work developing an API that will be provided through
the Amazon API gateway. Three environments will service the API: development, test, and
production. All three phases of the API Gateway are set to consume 237 GB of cache.

Which deployment option is the MOST cost-effective?

 A. Create a single API Gateway with all three stages.

 B. Create three API Gateways, one for each stage in a single AWS account.
 C. Create an API Gateway in three separate AWS accounts.
  D. Enable the cache for development and test environments only when needed.

Hide Solution Discussion 28

Correct Answer: D

Question #85Topic 1
On Amazon EC2 ECS, two containerized microservices are hosted. The first microservice
reads a database instance from Amazon RDS Aurora, while the second microservice reads a
table from Amazon DynamoDB.

How can the bare minimal rights be provided to each microservice?

 A. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS

agent configuration file. Run the first microservice with an IAM role for ECS tasks
with read-only access for the Aurora database. Run the second microservice with an
IAM role for ECS tasks with read-only access to DynamoDB.
 B. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in the ECS
agent configuration file. Grant the instance profile role read-only access to the Aurora
database and DynamoDB.
 C. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS
agent configuration file. Run the first microservice with an IAM role for ECS tasks
with read-only access for the Aurora database. Run the second microservice with an
IAM role for ECS tasks with read-only access to DynamoDB.
 D. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS
agent configuration file. Grant the instance profile role read-only access to the Aurora
database and DynamoDB.

Hide Solution Discussion 5

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ecs-iam-task-roles-config-errors/
Question #86Topic 1
A program inserts data into an Amazon DynamoDB database. As the application expands to
thousands of instances, intermittent ThrottlingException problems are thrown by calls to the
DynamoDB API. The application is written in a language that is not supported by the AWS
SDK.

What procedure should be followed in the event of an error?

 A. Add exponential backoff to the application logic

 B. Use Amazon SQS as an API message bus
 C. Pass API calls through Amazon API Gateway
 D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

Hide Solution Discussion 16

Correct Answer: A
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.h
tml
Question #87Topic 1
A software engineer created a Node.js AWS Lambda function to do CPU-intensive data
processing. The Lambda function takes around 5 minutes to finish with the default
parameters.

Which strategy should a developer employ to expedite the finishing process?

 A. Instead of using Node.js, rewrite the Lambda function using Python.

 B. Instead of packaging the libraries in the ZIP file with the function, move them to a
Lambda layer and use the layer with the function.
 C. Allocate the maximum available CPU units to the function.
 D. Increase the available memory to the function.

Hide Solution Discussion 10

Correct Answer: D
Reference:
https://serverless.zone/my-accidental-3-5x-speed-increase-of-aws-lambda-functions-
6d95351197f3
Question #88Topic 1
A client wishes to host its source code on AWS Elastic Beanstalk. The client should
undertake deployment with minimum downtime and should keep application access logs
exclusively on existing instances.

Which deployment strategy would meet these criteria?

 A. Rolling
 B. All at once
 C. Rolling with an additional batch
 D. Immutable

Hide Solution Discussion 24

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rollingupdates.html
Question #89Topic 1
A development team chooses to use AWS CodePipeline and AWS CodeCommit to
implement a continuous integration/continuous delivery (CI/CD) method for a new
application. Management, on the other hand, requires a human to evaluate and approve the
code prior to it being released to production.

How can the development team include a manual approver into the continuous
integration/continuous delivery pipeline?
  A. Use AWS SES to send an email to approvers when their action is required.
Develop a simple application that allows approvers to accept or reject a build. Invoke
an AWS Lambda function to advance the pipeline when a build is accepted.
 B. If approved, add an approved tag when pushing changes to the CodeCommit
repository. CodePipeline will proceed to build and deploy approved commits without
interruption.
 C. Add an approval step to CodeCommit. Commits will not be saved until approved.
 D. Add an approval action to the pipeline. Configure the approval action to publish to
an Amazon SNS topic when approval is required. The pipeline execution will stop
and wait for an approval.

Hide Solution Discussion 6

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-action-add.html
Question #90Topic 1
A developer is now working on a serverless Java app. Initial testing indicates that a cold start
for AWS Lambda functions takes around 8 seconds on average.

What should the developer do to lessen the time required for a cold start? (Select two.)

 A. Add the Spring Framework to the project and enable dependency injection.
 B. Reduce the deployment package by including only needed modules from the AWS
SDK for Java.
 C. Increase the memory allocation setting for the Lambda function.
 D. Increase the timeout setting for the Lambda function.
 E. Change the Lambda invocation mode from synchronous to asynchronous.

Hide Solution Discussion 15

Correct Answer: AE
Reference:
https://github.com/awslabs/aws-serverless-java-container/wiki/Quick-start---Spring-Boot

Question #91Topic 1
The ecommerce website of a business is experiencing enormous traffic surges, resulting in
database performance issues. Users remark that viewing the website takes an excessive
amount of time.
A developer want to use Amazon ElastiCache to construct a caching layer. The website must
be responsive regardless of whatever product a user visits, and product information and
pricing must be updated consistently.

Which policy for writing to the cache will meet these requirements?
  A. Write to the cache directly and sync the backend at a later time
 B. Write to the backend first and wait for the cache to expire
 C. Write to the cache and the backend at the same time
 D. Write to the backend first and invalidate the cache

Hide Solution Discussion 26

Correct Answer: A
Reference:
https://aws.amazon.com/elasticache/faqs/
Question #92Topic 1
A development team is composed of ten individuals. The manager wishes to grant access to
user-specific folders in an Amazon S3 bucket, similar to a home directory for each team
member. The sample of the IAM policy for the team member with the username
€TeamMemberX€ is as follows:

Rather of generating unique policies for each team member, how may this policy excerpt be
made general for all team members?

 A. Use IAM policy condition

 B. Use IAM policy principal
 C. Use IAM policy variables
 D. Use IAM policy resource

Hide Solution Discussion 12

Correct Answer: A

Question #93Topic 1
A business requires security for its current website, which is hosted behind an Elastic Load
Balancer. Amazon EC2 instances hosting the website are CPU restricted.

How can the website be secured without raising the CPU burden on the Amazon EC2 web
servers? (Select two.)

 A. Configure an Elastic Load Balancer with SSL pass-through.

 B. Configure SSL certificates on an Elastic Load Balancer.
 C. Configure an Elastic Load Balancer with a Loadable Storage System.
 D. Install SSL certificates on the EC2 instances.
 E. Configure an Elastic Load Balancer with SSL termination.

Hide Solution Discussion 8

Correct Answer: BD

Question #94Topic 1
A developer will handle AWS services through the AWS CLI on a local development server.

What can be done to guarantee that the CLI executes commands using the Developer's IAM
permissions?

 A. Specify the Developer‫ג‬€™s IAM access key ID and secret access key as
parameters for each CLI command.
 B. Run the aws configure CLI command, and provide the Developer‫ג‬€™s IAM access
key ID and secret access key.
 C. Specify the Developer‫ג‬€™s IAM user name and password as parameters for each
CLI command.
 D. Use the Developer‫ג‬€™s IAM role when making the CLI command.

Hide Solution Discussion 5

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
Question #95Topic 1
AWS Lambda functions must connect to an external site using a user name and password that
are rotated on a regular basis. These elements must be securely stored and cannot be included
inside the function code.

Which AWS services may be utilized in conjunction with one another to achieve this? (Select
two.)

 A. AWS Certificate Manager (ACM)

 B. AWS Systems Manager Parameter Store
 C. AWS Trusted Advisor
 D. AWS KMS
 E. Amazon GuardDuty

Hide Solution Discussion 10

Correct Answer: BD

Question #96Topic 1
A development team is hard at work on a mobile application that will enable users to submit
images to Amazon S3. The company anticipates that hundreds of thousands of people will
use the app concurrently during a single event. After the images are submitted, the backend
service scans and parses them for objectionable material.

Which strategy is the MOST robust way to accomplish this aim while also smoothing out
transitory backend service traffic spikes?
  A. Develop an AWS Lambda function to check the upload folder in the S3 bucket. If
new uploaded pictures are detected, the Lambda function will scan and parse them.
 B. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS
queue. Use the queue as an event source to trigger an AWS Lambda function. In the
Lambda function, scan and parse the picture.
 C. When the user uploads a picture, invoke an API hosted in Amazon API Gateway.
The API will invoke an AWS Lambda function to scan and parse the picture.
 D. Create a state machine in AWS Step Functions to check the upload folder in the S3
bucket. If a new picture is detected, invoke an AWS Lambda function to scan and
parse it.

Hide Solution Discussion 7

Correct Answer: B

Question #97Topic 1
In an Amazon DynamoDB database, a business caches session information for a web
application. The organization want to automate the process of deleting obsolete entries from
the table.

What is the easiest method for doing this?

 A. Write a script that deletes old records; schedule the scripts as a cron job on an
Amazon EC2 instance.
 B. Add an attribute with the expiration time; enable the Time To Live feature based
on that attribute.
 C. Each day, create a new table to hold session data; delete the previous day‫ג‬€™s
table.
 D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Hide Solution Discussion 18

Correct Answer: B
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-
automatic-item-expiration-with-time-to-live-ttl/
Question #98Topic 1
A programmer is developing a new application that will make advantage of Amazon S3. To
comply with regulatory standards, the Developer must encrypt data in transit.

How is this accomplished by the Developer?

 A. Use s3:x-amz-acl as a condition in the S3 bucket policy.

 B. Use Amazon RDS with default encryption.
 C. Use aws:SecureTransport as a condition in the S3 bucket policy.
 D. Turn on S3 default encryption for the S3 bucket.

Hide Solution Discussion 19

Correct Answer: D

Question #99Topic 1
A developing program requires the storage of hundreds of video files. Prior to storage, the
data must be encrypted inside the program using a unique key for each video file.

How should the application's developer code it?

 A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and
data.
 B. Use a cryptography library to generate an encryption key for the application. Use
the encryption key to encrypt the data. Store the encrypted data.
 C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the
data key. Store the encrypted data key and data.
 D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS
key.

Hide Solution Discussion 22

Correct Answer: B

Question #100Topic 1
An existing serverless application handles picture files that have been uploaded. At the
moment, the process is implemented using a single Lambda function that accepts an image
file, processes it, and saves it in Amazon S3. The application's users now demand picture
thumbnail production. Users desire to minimize the time required to complete picture
uploads.

How can thumbnail creation be integrated into an application while still adhering to user
expectations and requiring little modifications to current code?

 A. Change the existing Lambda function handling the uploads to create thumbnails at
the time of upload. Have the function store both the image and thumbnail in Amazon
S3.
 B. Create a second Lambda function that handles thumbnail generation and storage.
Change the existing Lambda function to invoke it asynchronously.
 C. Create an S3 event notification with a Lambda function destination. Create a new
Lambda function to generate and store thumbnails.
 D. Create an S3 event notification to an SQS Queue. Create a scheduled Lambda
function that processes the queue, and generates and stores thumbnails.

Hide Solution Discussion 36

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-s3-example.html
Question #101Topic 1
A developer wishes to give systems administrators access to the log data of an application
operating on an EC2 instance.
In Amazon CloudWatch, which of the following provides monitoring of this metric?

 A. Retrieve the log data from CloudWatch using the GetMetricData API call.
 B. Retrieve the log data from AWS CloudTrail using the LookupEvents API call.
 C. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then
install the application.
 D. Install the Amazon CloudWatch Logs agent on the EC2 instance that the
application is running on.

Hide Solution Discussion 15

Correct Answer: D

Question #102Topic 1
A business is creating an application that will operate on several Amazon EC2 instances in an
Auto Scaling group and will have access to an Amazon EC2 database. The program must
save the credentials necessary to connect to the database. Periodic secret rotation must be
supported in the application, and the program should remain unchanged when a secret
changes.

How can these needs be met in the SAFEST manner possible?

 A. Associate an IAM role to the EC2 instance where the application is running with
permission to access the database.
 B. Use AWS Systems Manager Parameter Store with the SecureString data type to
store secrets.
 C. Configure the application to store secrets in Amazon S3 object metadata.
 D. Hard code the database secrets in the application code itself.

Hide Solution Discussion 36

Correct Answer: A

Question #103Topic 1
A developer used a CLI command to register an AWS Lambda function as a target for an
Application Load Balancer (ALB). However, when the client submits requests via the ALB,
the Lambda function is not called.

Why isn't the Lambda function called?

 A. A Lambda function cannot be registered as a target for an ALB.

 B. A Lambda function can be registered with an ALB using AWS Management
Console only.
 C. The permissions to invoke the Lambda function are missing.
 D. Cross-zone is not enabled on the ALB.
Hide Solution Discussion 7
Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html
Question #104Topic 1
On Amazon EC2, a developer is developing an application. During testing, the developer
experienced a €Access Denied€ error on many API requests to AWS services. The developer
must alter the permissions previously granted to the instance.

How can these needs be accomplished with the fewest possible adjustments and downtime?

 A. Make a new IAM role with the needed permissions. Stop the instance. Attach the
new IAM role to the instance. Start the instance.
 B. Delete the existing IAM role. Attach a new IAM role with the needed permissions.
 C. Stop the instance. Update the attached IAM role adding the needed permissions.
Start the instance.
 D. Update the attached IAM role adding the needed permissions.

Hide Solution Discussion 7

Correct Answer: B

Question #105Topic 1
A development team deploys a Java-based web application using AWS Elastic Beanstalk.
The team want to guarantee that any modifications to the source code or settings are
automatically distributed to new instances. The team configures Elastic Beanstalk such that
immutable updates are used. However, an issue occurs the first time the new update policy is
used to deploy a modification.

Which of the following is the MOST LIKELY CAUSE of this problem?

 A. Immutable updates are not supported for Java-based applications.

 B. The account has reached its on-demand instance limit.
 C. Immutable updates are only supported for m4.large and larger instance types.
 D. The developer must also modify the .ebextensions/immutable-updates.config file
to enable immutable updates.

Hide Solution Discussion 13

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environmentmgmt-updates-
immutable.html
Question #106Topic 1
What are the procedures for launching a templatized serverless application using the AWS
CLI?

 A. Use AWS CloudFormation get-template then CloudFormation execute-change-set.

  B. Use AWS CloudFormation validate-template then CloudFormation create-change-
set.
 C. Use AWS CloudFormation package then CloudFormation deploy.
 D. Use AWS CloudFormation create-stack then CloudFormation update-stack.

Hide Solution Discussion 30

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli
Question #107Topic 1
A corporation has numerous developers stationed across the world who are progressively
upgrading code for a development project. When developers upload code simultaneously,
internet connection is poor, and uploading code for deployment in AWS Elastic Beanstalk
takes a long time.

Which approach will result in the smallest amount of administrative work and the shortest
upload and deployment times?

 A. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it
directly to Elastic Beanstalk.
 B. Allow the Developers to upload the code to a central FTP server to deploy the
application to Elastic Beanstalk.
 C. Create an AWS CodeCommit repository, allow the Developers to commit code to
it, and then directly deploy the code to Elastic Beanstalk.
 D. Create a code repository on an Amazon EC2 instance so that all Developers can
update the code, and deploy the application from the instance to Elastic Beanstalk.

Hide Solution Discussion 13

Correct Answer: C

Question #108Topic 1
A cluster of Amazon EC2 instances hosts an application. When attempting to read items
encrypted using server-side encryption using AWS KMS managed keys (SSE-KMS) from a
single Amazon S3 bucket, the application encounters the following error:

Which measures should be made in combination to avoid this failure? (Select two.)

 A. Contact AWS Support to request an AWS KMS rate limit increase.

 B. Perform error retries with exponential backoff in the application code.
 C. Contact AWS Support to request a S3 rate limit increase.
 D. Import a customer master key (CMK) with a larger key size.
 E. Use more than one customer master key (CMK) to encrypt S3 data.

Hide Solution Discussion 13

Correct Answer: CD

Question #109Topic 1
Numerous apps make use of an Amazon RDS database instance to seek for previous data.
The pace of queries is quite steady. When historical data is updated daily, the associated write
traffic degrades the speed of read queries, affecting all application users.

What can be done to minimize the effect on application users' performance?

 A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
 B. Create an RDS Read Replica and direct all read traffic to the replica.
 C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write
traffic.
 D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

Hide Solution Discussion 13

Correct Answer: B

Question #110Topic 1
A marketing firm maintains a dynamic website that receives a high volume of visitors. The
firm want to shift the website infrastructure to AWS, which will manage all aspects of the
website except development.

Which option BEST satisfies these criteria?

 A. Use AWS VM Import to migrate a web server image to AWS. Launch the image
on a compute-optimized Amazon EC2 instance.
 B. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the
website on those instances.
 C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto
Scaling to scale the numbers of instances.
 D. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the
content at scale.

Hide Solution Discussion 8

Correct Answer: C
Reference:
https://aws.amazon.com/elasticbeanstalk/

Question #111Topic 1
A program is supposed to process a large number of files. Each file processes an AWS
Lambda call in four minutes. The Lambda function returns no useful data.

What is the quickest method for processing all of the files?

  A. First split the files to make them smaller, then process with synchronous
RequestResponse Lambda invocations.
 B. Make synchronous RequestResponse Lambda invocations and process the files one
by one.
 C. Make asynchronous Event Lambda invocations and process the files in parallel.
 D. First join all the files, then process it all at once with an asynchronous Event
Lambda invocation.

Hide Solution Discussion 22

Correct Answer: C

Question #112Topic 1
An online retailer used AWS CloudFormation to construct a serverless application utilizing
AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB. The firm
released a new version with significant enhancements to the Lambda function and put it to
production. Following that, the application ceased to function.

Which approach should be used to restart the program as soon as possible?

 A. Redeploy the application on Amazon EC2 so the Lambda function can resolve
dependencies
 B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function
 C. Roll back the Lambda function to the previous version
 D. Deploy the latest Lambda function in a different Region

Hide Solution Discussion 7

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli/issues/1654
Question #113Topic 1
A Global Secondary Index (GSI) is used by Amazon DynamoDB to facilitate read queries.
The main table is heavily utilized for write operations, while the GSI is heavily used for read
activities. When the Developer examines Amazon CloudWatch analytics, he observes that
write operations to the main table are regularly throttled during periods of high write activity.
However, write capacity units to the primary table remain accessible and unutilized.

What is the reason for the table's throttling?

 A. The GSI write capacity units are underprovisioned

 B. There are not enough read capacity units on the primary table
 C. Amazon DynamoDB Streams is not enabled on the table
 D. A large write operation is being performed against another table

Hide Solution Discussion 15

Correct Answer: D
Question #114Topic 1
A business is developing a REST service utilizing an Amazon API Gateway integrated with
AWS Lambda. For testing reasons, the service must run several versions.

What is the MOST EFFECTIVE approach to do this?

 A. Use an X-Version header to denote which version is being called and pass that
header to the Lambda function(s)
 B. Create an API Gateway Lambda authorizer to route API clients to the correct API
version
 C. Create an API Gateway resource policy to isolate versions and provide context to
the Lambda function(s)
 D. Deploy the API versions as unique stages with unique endpoints and use stage
variables to provide further context

Hide Solution Discussion 24

Correct Answer: C

Question #115Topic 1
A developer has created a web application that is accessible to customers and is running on
an Amazon EC2 instance. Every request made to the program is logged. Normally, the
program operates without incident, but a traffic surge creates numerous logs, causing the disk
to fill up and finally run out of memory. According to company policy, all historical logs
must be consolidated for analysis.

Which long-term remedy should the developer use to avoid a recurrence of the issue?

 A. Set up log rotation to rotate the file every day. Also set up log rotation to rotate
after every 100 MB and compress the file.
 B. Install the Amazon CloudWatch agent on the instance to send the logs to
CloudWatch. Delete the logs from the instance once they are sent to CloudWatch.
 C. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to
automatically add volumes to the instance when it reaches a specified threshold.
 D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs
from the instance. Configure the rule to delete the logs after they have been pulled.

Hide Solution Discussion 8

Correct Answer: C

Question #116Topic 1
An application must handle the client's IP address. The application has been transferred to
Amazon Web Services and is now protected by an Application Load Balancer (ALB).
However, it seems as if all client IP addresses have become identical. The application must
retain its horizontal scalability.

What is the MOST cost-effective solution to this issue based on this scenario?
  A. Remove the application from the ALB. Delete the ALB and change Amazon Route
53 to direct traffic to the instance running the application.
 B. Remove the application from the ALB. Create a Classic Load Balancer in its place.
Direct traffic to the application using the HTTP protocol.
 C. Alter the application code to inspect the X-Forwarded-For header. Ensure that the
code can work properly if a list of IP addresses is passed in the header.
 D. Alter the application code to inspect a custom header. Alter the client code to pass
the IP address in the custom header.

Hide Solution Discussion 10

Correct Answer: C

Question #117Topic 1
A developer is attempting to use AWS CodeDeploy to deploy a serverless application. The
application has been upgraded and requires re-deployment.

What file does the developer need to edit to enable CodeDeploy to submit the change?

 A. dockerrun.aws.json
 B. buildspec.yml
 C. appspec.yml
 D. ebextensions.config

Hide Solution Discussion 11

Correct Answer: C

Question #118Topic 1
All personally identifiable information (PII) is stored by a corporation in an Amazon
DynamoDB database called PII in Account A. Access to the PII database is required by an
application operating on Amazon EC2 instances in Account B. Account A's administrator
established an IAM role called AccessPII with access credentials to the PII database and
added Account B as a trusted entity.

Which extra actions need developers take in order to have access to the table? (Select two.)

 A. Ask an administrator in Account B to allow the EC2 IAM role permission to

assume the AccessPII role.
 B. Ask an administrator in Account B to allow the EC2 IAM role permission to
assume the AccessPII role with predefined service control policies.
 C. Ask an administrator in Account A to allow the EC2 IAM role permission to
assume the AccessPII role with predefined service control policies.
 D. Include the AssumeRole API in the application code logic to obtain credentials to
access the PII table.
 E. Include the GetSessionToken API in the application code logic to obtain
credentials to access the PII table.
Hide Solution Discussion 13
Correct Answer: CE

Question #119Topic 1
In the console, a developer transformed an existing application to an AWS Lambda function.
The application works OK on a local laptop, but fails to import a module when run via the
Lambda terminal.

Which of the following may be used to correct the error?

 A. Install the missing module and specify the current directory as the target. Create a
ZIP file to include all files under the current directory, and upload the ZIP file.
 B. Install the missing module in a lib directory. Create a ZIP file to include all files
under the lib directory, and upload the ZIP file as dependency file.
 C. In the Lambda code, invoke a Linux command to install the missing modules under
the /usr/lib directory.
 D. In the Lambda console, create a LB_LIBRARY_PATH environment and specify
the value for the system library path.

Hide Solution Discussion 6

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
Question #120Topic 1
Users will be required to access AWS services and will be able to update their own
passwords, according to an application being developed by a business.
Which of the following would allow the organization to manage users and authorization
while allowing users to change their passwords on their own?

 A. Amazon Cognito identify pools and AWS STS

 B. Amazon Cognito identity pools and AWS IAM
 C. Amazon Cognito user pools and AWS KMS
 D. Amazon Cognito user pools and identity pools

Hide Solution Discussion 20

Correct Answer: B

Question #121Topic 1
A developer enhanced an application that runs on an Amazon EC2 instance and makes use of
Amazon SQS. The developer observed a large spike in Amazon SQS prices upon
deployment. When monitoring the Amazon SQS metrics using Amazon CloudWatch, the
developer saw that this queue receives an average of one message every minute.

What can be done to lower this application's Amazon SQS costs?

  A. Increase the Amazon SQS queue polling timeout.
 B. Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
 C. Configure push delivery via Amazon SNS instead of polling the Amazon SQS
queue.
 D. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.

Hide Solution Discussion 4

Correct Answer: A

Question #122Topic 1
A developer has configured an Amazon Kinesis Stream with four shards to accept records at
a rate of up to 2500 per second. To handle these records, a Lambda function has been
configured.

Which records will be processed first?

 A. Lambda will receive each record in the reverse order it was placed into the stream
following a LIFO (last-in, first-out) method
 B. Lambda will receive each record in the exact order it was placed into the stream
following a FIFO (first-in, first-out) method.
 C. Lambda will receive each record in the exact order it was placed into the shard
following a FIFO (first-in, first-out) method. There is no guarantee of order across
shards.
 D. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out),
random, or request specific record using the getRecords API.

Hide Solution Discussion 17

Correct Answer: C

Question #123Topic 1
A developer is doing testing on a Docker-based application that communicates with Amazon
DynamoDB using the AWS SDK. The program utilized IAM access credentials in the local
development environment. The application is now prepared for ECS cluster deployment.

In production, how should the application authenticate with AWS services?

 A. Configure an ECS task IAM role for the application to use

 B. Refactor the application to call AWS STS AssumeRole based on an instance role
 C. Configure AWS access key/secret access key environment variables with new
credentials
 D. Configure the credentials file with a new access key/secret access key

Hide Solution Discussion 12

Correct Answer: A

Question #124Topic 1
A developer must use AWS KMS to encrypt a 100 GB object.

What is the BEST course of action?

 A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a
customer master key (CMK)
 B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a
customer master key (CMK) with imported key material
 C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted
copy of a data key. Use a plaintext key to encrypt the data
 D. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy
of a data key. Use an encrypted key to encrypt the data

Hide Solution Discussion 23

Correct Answer: D

Question #125Topic 1
A real-time application processes millions of events that are received over an API.

Which service might be utilized to enable concurrent processing of data by several users in
the most cost-effective manner possible?

 A. Amazon SNS with fanout to an SQS queue for each application

 B. Amazon SNS with fanout to an SQS FIFO (first-in, firtst-out) queue for each
application
 C. Amazon Kinesis Firehouse
 D. Amazon Kinesis Streams

Hide Solution Discussion 18

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/getting-started/
Question #126Topic 1
A developer has created a serverless application that makes use of a variety of AWS services.
The business logic is implemented using Lambda functions that rely on third-party libraries.
Amazon API Gateway will be used to provide the Lambda function endpoints. The Lambda
function will be used to store the data in Amazon DynamoDB. Although the developer is
prepared to launch the program, he or she must have the ability to turn back.

How, given these criteria, can this deployment be automated?

 A. Deploy using Amazon Lambda API operations to create the Lambda function by
providing a deployment package.
 B. Use an AWS CloudFormation template and use CloudFormation syntax to define
the Lambda function resource in the template.
  C. Use syntax conforming to the Serverless Application Model in the AWS
CloudFormation template to define the Lambda function resource.
 D. Create a bash script which uses AWS CLI to package and deploy the application.

Hide Solution Discussion 40

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html
Question #127Topic 1
A firm is developing an application that will use an Amazon DynamoDB database to monitor
athlete performance. A partition key (user id) and a sort key (sport name) uniquely identify
each item in the database. The following illustration depicts the table's design:

(Please note that not all table characteristics are shown.)

A developer is requested to create a leaderboard application that would show the best
performers (user id) for each sport name depending on their score.

Which approach will enable the developer to most effectively retrieve results from the
DynamoDB table?

 A. Use a DynamoDB query operation with the key attributes of user_id and
sport_name and order the results based on the score attribute.
 B. Create a global secondary index with a partition key of sport_name and a sort key
of score, and get the results
 C. Use a DynamoDB scan operation to retrieve scores and user_id based on
sport_name, and order the results based on the score attribute.
 D. Create a local secondary index with a primary key of sport_name and a sort key of
score and get the results based on the score attribute.

Hide Solution Discussion 12

Correct Answer: D

Question #128Topic 1
A developer is developing a serverless application that needs every ten minutes invocation of
an AWS Lambda function.

How can the function be triggered in an automated and serverless manner?

 A. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by
adding a command to periodically invoke the Lambda function.
 B. Configure an environment variable named PERIOD for the Lambda function. Set
the value to 600.
  C. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to
invoke the Lambda function.
 D. Create an Amazon SNS topic that has a subscription to the Lambda function with a
600-second timer.

Hide Solution Discussion 12

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/architecture/a-serverless-solution-for-invoking-aws-lambda-at-
a-sub-minute-frequency/
Question #129Topic 1
A developer has submitted an update to an application that is delivered through Amazon
CloudFront to a worldwide user base. Users are not able to view the latest modifications once
the application is deployed.

How can the Developer address this concern?

 A. Remove the origin from the CloudFront configuration and add it again.
 B. Disable forwarding of query strings and request headers from the CloudFront
distribution configuration.
 C. Invalidate all the application objects from the edge caches.
 D. Disable the CloudFront distribution and enable it again to update all the edge
locations.

Hide Solution Discussion 17

Correct Answer: A

Question #130Topic 1
Images are stored in an S3 bucket by an application. Notifications from Amazon S3 are
utilized to invoke a Lambda code that resizes the pictures. Each photograph is processed in
less than a second.

How will AWS Lambda deal with the increased traffic?

 A. Lambda will scale out to execute the requests concurrently.

 B. Lambda will handle the requests sequentially in the order received.
 C. Lambda will process multiple images in a single execution.
 D. Lambda will add more compute to each execution to reduce processing time.

Hide Solution Discussion 26

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/scaling.html
Question #131Topic 1
A developer is doing a refactoring operation on a monolithic application. The program does
many activities in response to a POST request. Some processes are carried out in
concurrently, while others are carried out sequentially. These operations have been decoupled
and repurposed as AWS Lambda functions. Amazon API Gateway will process the POST
request.

How should the developer launch the Lambda functions using API Gateway in the same
order?

 A. Use Amazon SQS to invoke the Lambda functions

 B. Use an AWS Step Functions activity to run the Lambda functions
 C. Use Amazon SNS to trigger the Lambda functions
 D. Use an AWS Step Functions state machine to orchestrate the Lambda functions

Hide Solution Discussion 6

Correct Answer: D
Reference:
https://aws.amazon.com/step-functions/
Question #132Topic 1
A retailer's developer must include a fraud detection solution into the order processing
system. Verification of an order by the fraud detection solution takes between ten and thirty
minutes. At its height, the website can process up to 100 orders per minute.

How can the fraud detection technology be integrated into the order processing pipeline in the
most scalable manner?

 A. Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2
instances spanning multiple AZs with the fraud detection solution installed on them to
pull orders from this queue. Update the order with a pass or fails status.
 B. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses
the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2
instances spanning multiple AZs with the fraud detection solution installed on them to
pull orders from this queue. Update the order with a pass or fails status.
 C. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to
automatically read batches of records from the Kinesis Stream. The Lambda function
includes the fraud detection software and will update the order with a pass or fail
status.
 D. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to
include all new orders. Subscribe a Lambda function to automatically read batches of
records from the Kinesis Stream. The Lambda function includes the fraud detection
software and will update the order with a pass or fail status.

Hide Solution Discussion 23

Correct Answer: D

Question #133Topic 1
A developer is required to create an application that makes advantage of Amazon
DynamoDB. The criteria include that the DynamoDB table's contents must be 7KB in size
and that reads must be highly consistent. The read pace is limited to three items per second,
whereas the write rate is limited to ten things per second.

What size DynamoDB table should the developer create to satisfy these requirements?

 A. Read: 3 read capacity units Write: 70 write capacity units

 B. Read: 6 read capacity units Write: 70 write capacity units
 C. Read: 6 read capacity units Write: 10 write capacity units
 D. Read: 3 read capacity units Write: 10 write capacity units

Hide Solution Discussion 16

Correct Answer: B

Question #134Topic 1
An application becomes unresponsive due to the following error: The bucket given does not
exist.

Where IS THE BEST PLACE TO START THE ANALYSIS OF THE ROOT CAUSES?

 A. Check the Elastic Load Balancer logs for DeleteBucket requests.

 B. Check the application logs in Amazon CloudWatch Logs for Amazon S3
DeleteBucket errors.
 C. Check AWS X-Ray for Amazon S3 DeleteBucket alarms.
 D. Check AWS CloudTrail for a DeleteBucket event.

Hide Solution Discussion 13

Correct Answer: D
Reference:
https://github.com/serverless/serverless-graphql/issues/72
Question #135Topic 1
A developer is testing an application that asynchronously executes an AWS Lambda
function. The Lambda function fails to process after two retries during the testing phase.

How can the developer debug the error?

 A. Configure AWS CloudTrail logging to investigate the invocation failures

 B. Configure Dead Letter Queues by sending events to Amazon SQS for investigation
 C. Configure Amazon Simple Workflow Service to process any direct unprocessed
events
 D. Configure AWS Config to process any direct unprocessed events

Hide Solution Discussion 14

Correct Answer: B
Reference:
https://www.concurrencylabs.com/blog/how-to-operate-aws-lambda/
Question #136Topic 1
A developer has an on-premises stateful web server that is being transferred to AWS. The
developer's flexibility in the new design must be increased.

How should the developer approach refactoring the program to increase its elasticity? (Select
two.)

 A. Use pessimistic concurrency on Amazon DynamoDB

 B. Use Amazon CloudFront with an Auto Scaling group
 C. Use Amazon CloudFront with an AWS Web Application Firewall
 D. Store session state data in an Amazon DynamoDB table
 E. Use an ELB with an Auto Scaling group

Hide Solution Discussion 13

Correct Answer: DE

Question #137Topic 1
A business wishes to establish continuous integration for its AWS workloads. The firm
wishes to activate unit tests in its pipeline in response to updates to its code repository and to
be alerted of pipeline failure events.

How are these stipulations to be met?

 A. Store the source code in AWS CodeCommit. Create a CodePipeline to automate

unit testing. Use Amazon SNS to trigger notifications of failure events.
 B. Store the source code in GitHub. Create a CodePipeline to automate unit testing.
Use Amazon SES to trigger notifications of failure events.
 C. Store the source code on GitHub. Create a CodePipeline to automate unit testing.
Use Amazon CloudWatch to trigger notifications of failure events.
 D. Store the source code in AWS CodeCommit. Create a CodePipeline to automate
unit testing. Use Amazon CloudWatch to trigger notification of failure events.

Hide Solution Discussion 74

Correct Answer: A

Question #138Topic 1
A business is designing a report that will be performed through AWS Step Functions.
Amazon CloudWatch detects issues in the Task State Machine for Step Functions. To debug
each operation, the state input must be included in the state output, along with the error
message.

Which coding technique preserves both the original input and the state error?
  A. Use ResultPath in a Catch statement to include the error with the original input.
 B. Use InputPath in a Catch statement and set the value to null.
 C. Use ErrorEquals in a Retry statement to include the error with the original input.
 D. Use OutputPath in a Retry statement and set the value to $.

Hide Solution Discussion 4

Correct Answer: A
Use ResultPath in a Catch to include the error with the original input.
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/input-output-resultpath.html
Question #139Topic 1
A company uses AWS CodePipeline to manage continuous integration/continuous delivery
(CI/CD) pipelines for its application. Before staging artifacts for testing, a developer must
create unit tests and execute them as part of the process.

How should the developer implement unit tests into their continuous integration/continuous
delivery pipelines?

 A. Create a separate CodePipeline pipeline to run unit tests

 B. Update the AWS CodeBuild specification to include a phase for running unit tests
 C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests
 D. Create a testing branch in AWS CodeCommit to run unit tests

Hide Solution Discussion 10

Correct Answer: D

Question #140Topic 1
A status dashboard is shown by an application. A 1 KB message from a SQS queue is used to
update the status. Although the status changes seldom, the Developer must keep the time
between the message's arrival in the queue and the dashboard update as short as possible.

Which strategy results in the smallest delay between dashboard updates?

 A. Retrieve the messages from the queue using long polling every 20 seconds.
 B. Reduce the size of the messages by compressing them before sending.
 C. Retrieve the messages from the queue using short polling every 10 seconds.
 D. Reduce the size of each message payload by sending it in two parts.

Hide Solution Discussion 23

Correct Answer: A

Question #141Topic 1
A developer is attempting to check the status of an application by running a cron job that
returns 1 if the service is operating and 0 if it is not. The developer wrote code to publish the
custom metrics to Amazon CloudWatch and set an alert using the AWS CLI put-metric-alarm
function. The Developer, on the other hand, is unable to issue an alert since the custom
metrics are not visible in the CloudWatch interface.

What is the source of this problem?

 A. Sending custom metrics using the CLI is not supported.

 B. The Developer needs to use the put-metric-data command.
 C. The Developer must use a unified CloudWatch agent to publish custom metrics.
 D. The code is not running on an Amazon EC2 instance.

Hide Solution Discussion 4

Correct Answer: B

Question #142Topic 1
On Amazon ECS, a corporation is running a Docker application. The application's load must
be scaled depending on the past 15 seconds' user activity.

How should a developer instrument code to ensure it satisfies the requirement?

 A. Create a high-resolution custom Amazon CloudWatch metric for user activity data,
then publish data every 30 seconds
 B. Create a high-resolution custom Amazon CloudWatch metric for user activity data,
then publish data every 5 seconds
 C. Create a standard-resolution custom Amazon CloudWatch metric for user activity
data, then publish data every 30 seconds
 D. Create a standard-resolution custom Amazon CloudWatch metric for user activity
data, then publish data every 5 seconds

Hide Solution Discussion 11

Correct Answer: B

Question #143Topic 1
A firm is introducing the option to save currency (or gift cards) to its very successful casual
gaming website. Users must be able to exchange this value for other platform users' products.
This would involve either updating both users' information in a single transaction or totally
rolling back both users' records.

Which AWS database choices provide the needed transactional capabilities for this new
feature? (Select two.)

 A. Amazon DynamoDB with operations made with the ConsistentRead parameter set
to true
  B. Amazon ElastiCache for Memcached with operations made within a transaction
block
 C. Amazon Aurora MySQL with operations made within a transaction block
 D. Amazon DynamoDB with reads and writes made using Transact* operations
 E. Amazon Redshift with operations made within a transaction block.

Hide Solution Discussion 9

Correct Answer: BD

Question #144Topic 1
A developer is using AWS CLI, however it is stalling out when performing list commands on
a large number of resources.

How can this time-out be avoided?

 A. Use pagination
 B. Use shorthand syntax
 C. Use parameter values
 D. Use quoting strings

Hide Solution Discussion 10

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-pagination.html
Question #145Topic 1
A developer must construct an AWS application that will consume Amazon SQS messages
ranging in size from 1KB to 1GB.

How should Amazon Simple Queue Service (SQS) messages be managed?

 A. Use Amazon S3 and the Amazon SQS CLI.

 B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.
 C. Use Amazon EBS and the Amazon SQS CLI.
 D. Use Amazon EFS and the Amazon SQS CLI.

Hide Solution Discussion 24

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-
limits.html
Question #146Topic 1
A developer has developed a Lambda function and is discovering that it is taking longer than
planned to execute. The Developer determined that increasing computing capacity might
enhance performance after some debugging.
What is the best way for the developer to boost Lambda computing resources?
  A. Run on a larger instance size with more compute capacity.
 B. Increase the maximum execution time.
 C. Specify a larger compute capacity when calling the Lambda function.
 D. Increase the allocated memory for the Lambda function.

Hide Solution Discussion 20

Correct Answer: C

Question #147Topic 1
A developer is using Amazon API Gateway to create a WebSocket API. The payload
submitted to this API is JSON with an action key included. This key may take on one of three
values: create, update, or delete. The developer must interact with several routes dependent
on the value of the incoming JSON payload's action key.

How can the developer execute this operation using the LESS settings possible?

 A. Deploy the WebSocket API to three stages for the respective routes: create, update,
and remove
 B. Create a new route key and set the name as action
 C. Set the value of the route selection expression to action
 D. Set the value of the route selection expression to $request.body.action

Hide Solution Discussion 5

Correct Answer: B

Question #148Topic 1
Certain queries are passing via an Amazon API Gateway endpoint /MyAPI, however, they do
not reach the AWS Lambda function behind /MyAPI, according to a developer. A second
Lambda function sometimes operates at the maximum concurrency allowed for the particular
AWS account, according to the Developer.
What can the Developer do to solve this problem?

 A. Manually reduce the concurrent execution limit at the account level

 B. Add another API Gateway stage for /MyAPI, and shard the requests
 C. Configure the second Lambda function‫ג‬€™s concurrency execution limit
 D. Reduce the throttling limits in the API Gateway /MyAPI endpoint

Hide Solution Discussion 18

Correct Answer: C

Question #149Topic 1
A business is developing a stock trading application that needs processing trade requests with
a sub-millisecond latency. Amazon DynamoDB is utilized to store all of the trade data
necessary for each request to be processed. After doing load testing on the application, the
development team determined that the latency requirement is not met owing to data retrieval
delays. Due to unexpectedly large increases in request volume, DynamoDB read capacity
must be greatly over-provisioned to prevent throttling.

What efforts should be made to achieve latency requirements while also lowering the
application's operating costs?

 A. Add Global Secondary Indexes for trading data.

 B. Store trading data in Amazon S3 and use Transfer Acceleration.
 C. Add retries with exponential back-off for DynamoDB queries
 D. Use DynamoDB Accelerator to cache trading data.

Hide Solution Discussion 75

Correct Answer: A

Question #150Topic 1
A business provides services to a large number of downstream customers. Each customer has
the option of connecting to one or more services. As a result, a complicated architecture that
is difficult to manage and scales poorly has emerged. To administer various customer
services, the organization requires a single interface.
Which AWS service should this architecture be refactored with?

 A. AWS Lambda
 B. AWS X-Ray
 C. Amazon SQS
 D. Amazon API Gateway

Hide Solution Discussion 15

Correct Answer: D

Question #151Topic 1
A corporation has automated their release pipelines using AWS CodePipeline. The
development team is currently developing an AWS Lambda function that will deliver alerts
when the status of each stage's action changes.

How do I correlate the Lambda function with the event source?

 A. Create a trigger that invokes the Lambda function from the Lambda console by
selecting CodePipeline as the event source.
 B. Create an event trigger and specify the Lambda function from the CodePipeline
console.
 C. Create an Amazon CloudWatch alarm that monitors status changes in Code
Pipeline and triggers the Lambda function.
  D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event
source.

Hide Solution Discussion 14

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/devops/using-aws-step-functions-state-machines-to-handle-
workflow-driven-aws-codepipeline-actions/
Question #152Topic 1
A custom library is used by an application to perform HTTP calls directly to AWS service
endpoints. The program is suffering transitory problems, which cause processes to halt when
they are encountered for the first time. The application has been requested to be more robust
by adding error retries and exponential backoff.

How should a developer apply the modifications with the LITTLEEST amount of custom
code possible?

 A. Add a Retry-After HTTP header to API requests

 B. Use the AWS CLI to configure the retry settings in a named profile
 C. Change the custom library to retry on 5xx errors only
 D. Use an AWS SDK and set retry-specific configurations

Hide Solution Discussion 13

Correct Answer: B
Reference:
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html
Question #153Topic 1
A business demands that AWS Lambda functions built by developers record problems in
order for System Administrators to resolve issues more efficiently.

What should developers do to address this need?

 A. Publish errors to a dedicated Amazon SQS queue.

 B. Create an Amazon CloudWatch Events event trigger based on certain Lambda
events.
 C. Report errors through logging statements in Lambda function code.
 D. Set up an Amazon SNS topic that sends logging statements upon failure.

Hide Solution Discussion 17

Correct Answer: B

Question #154Topic 1
Amazon Kinesis Data Streams enables an application to ingest and handle huge streams of
data records in real time. Utilizing the Amazon Kinesis Client Library, Amazon EC2
instances ingest and process data from the shards of the Kinesis data stream (KCL). The
program manages failure situations and eliminates the need for backup personnel. The
program indicates that a particular shard is getting much more data than anticipated. The
€hot€ shard is resharded to react to variations in the pace of data flow.

If the initial number of shards in the Kinesis data stream is four, and the number of shards
increases to six after resharding, what is the maximum number of EC2 instances that can be
deployed to process data from all the shards?

 A. 12
 B. 6
 C. 4
 D. 1

Hide Solution Discussion 27

Correct Answer: C

Question #155Topic 1
There are three separate environments in a company: development, quality assurance, and
production. The company wishes to deploy its code in three stages: development, QA, and
finally production.
What AWS service may be used to fulfill this need?

 A. Use AWS CodeCommit to create multiple repositories to deploy the application.

 B. Use AWS CodeBuild to create, configure, and deploy multiple build application
projects.
 C. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the
application.
 D. Use AWS CodeDeploy to create multiple deployment groups.

Hide Solution Discussion 28

Correct Answer: C

Question #156Topic 1
An application is composed of two components: one for handling HTTP requests and another
for doing background processing operations. Each component must be self-scaling. The
developer want to use AWS Elastic Beanstalk to deploy this application.

How, in light of these criteria, should this application be deployed?

 A. Deploy the application in a single Elastic Beanstalk environment.

 B. Deploy each component in a separate Elastic Beanstalk environment.
 C. Use multiple Elastic Beanstalk environments for the HTTP component, but one
environment for the background task component.
 D. Use multiple Elastic Beanstalk environments for the background task component,
but one environment for the HTTP component.

Hide Solution Discussion 7

Correct Answer: D

Question #157Topic 1
A business is operating a bespoke application on a set of on-premises Linux servers that are
accessible through Amazon API Gateway. On the API test stage, AWS X-Ray tracing has
been enabled.

How can a developer implement X-Ray tracing with the LEAST amount of setup on on-
premises servers?

 A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the
data to the X-Ray service.
 B. Install and run the X-Ray daemon on the on-premises servers to capture and relay
the data to the X-Ray service.
 C. Capture incoming requests on-premises and configure an AWS Lambda function to
pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.
 D. Capture incoming requests on-premises and configure an AWS Lambda function
to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API
call.

Hide Solution Discussion 6

Correct Answer: A

Question #158Topic 1
An organization is hosting huge files in Amazon S3 and developing a web application to
provide end users with meta-data about the files. A user picks an item to download based on
its information. The company requires a technique for indexing files and retrieving metadata
with a single-digit millisecond delay.

Which Amazon Web Services (AWS) service should be utilized to do this?

 A. Amazon DynamoDB
 B. Amazon EC2
 C. AWS Lambda
 D. Amazon RDS

Hide Solution Discussion 28

Correct Answer: A
Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that
need consistent, single-digit millisecond latency at any scale. It is a fully managed database
and supports both document and key-value data models. Its flexible data model and reliable
performance make it a great fit for mobile, web, gaming, ad-tech, Internet of Things (IoT),
and many other applications.
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/database-
services.html
Question #159Topic 1
A developer has created a web application and want to swiftly deploy it on an AWS Tomcat
server. The developer want to be free of the responsibility of managing the underlying
infrastructure.

According to these criteria, what is the simplest approach to deploy the application?

 A. AWS CloudFormation
 B. AWS Elastic Beanstalk
 C. Amazon S3
 D. AWS CodePipeline

Hide Solution Discussion 14

Correct Answer: B
Reference:
https://aws.amazon.com/answers/web-applications/aws-web-app-deployment-java/
Question #160Topic 1
A developer uses Amazon ECS to host an e-commerce API. The application's fluctuating and
spiking demand is causing order processing to take an excessive amount of time. The
program manages Amazon Simple Queue Service (SQS) queues. Throughout the day, the
ApproximateNumberOfMessagesVisible metric jumps to very high levels, resulting in
Amazon CloudWatch alert violations. Other ECS metrics for API containers are within
acceptable ranges.

What measures can the developer take to boost performance while keeping costs down?

 A. Target tracking scaling policy

 B. Docker Swarm
 C. Service scheduler
 D. Step scaling policy

Hide Solution Discussion 20

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-
with-amazon-sqs-and-amazon-sns/

Question #161Topic 1
A developer is configuring Amazon API Gateway to support their business's goods.
Registered developers may use the API to query and change their environments. For financial
and security concerns, the organization want to restrict the number of requests that end users
may submit. Management want to provide registered developers with the option of
purchasing bigger packages that support a greater number of requests.

How can the developer do this with the LEAST amount of management overhead?
  A. Enable throttling for the API Gateway stage. Set a value for both the rate and burst
capacity. If a registered user chooses a larger package, create a stage for them, adjust
the values, and share the new URL with them.
 B. Set up Amazon CloudWatch API logging in API Gateway. Create a filter based on
the user and requestTime fields and create an alarm on this filter. Write an AWS
Lambda function to analyze the values and requester information, and respond
accordingly. Set up the function as the target for the alarm. If a registered user
chooses a larger package, update the Lambda code with the values.
 C. Enable Amazon CloudWatch metrics for the API Gateway stage. Set up
CloudWatch alarms based off the Count metric and the ApiName, Method, Resource,
and Stage dimensions to alerts when request rates pass the threshold. Set the alarm
action to Deny. If a registered user chooses a larger package, create a user-specific
alarm and adjust the values.
 D. Set up a default usage plan, specify values for the rate and burst capacity, and
associate it with a stage. If a registered user chooses a larger package, create a custom
plan with the appropriate values and associate the plan with the user.

Hide Solution Discussion 8

Correct Answer: D

Question #162Topic 1
A developer must re-implement the order fulfillment system's business logic. To determine
where to acquire an item, the business logic must make queries to several sellers. The whole
procedure might take up to a week.

What is the MOST EFFECTIVE and SIMPLICIT method of implementing a system that
satisfies these requirements?

 A. Use AWS Step Functions to execute parallel Lambda functions, and join the
results.
 B. Create an AWS SQS for each vendor, poll the queue from a worker instance, and
joint the results.
 C. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and
join the results.
 D. Use Amazon CloudWatch Events to orchestrate the Lambda functions.

Hide Solution Discussion 24

Correct Answer: D

Question #163Topic 1
A business is moving from a monolithic architecture to one based on microservices. The
developers must redesign the program in such a way that the many microservices may
interact asynchronously without compromising performance.

Which managed Amazon Web Services (AWS) services will offer asynchronous message
passing? (Select two.)
  A. Amazon SQS
 B. Amazon Cognito
 C. Amazon Kinesis
 D. Amazon SNS
 E. Amazon ElastiCache

Hide Solution Discussion 18

Correct Answer: AD

Question #164Topic 1
Amazon S3 is structured as follows: S3:/BUCKET/FOLDERNAME/FILENAME.zip

Which S3 best practice would enhance speed when a single bucket receives thousands of
PUT requests per second?

 A. Prefix folder names with user id; for example, s3://BUCKET/2013-

FOLDERNAME/FILENAME.zip
 B. Prefix file names with timestamps; for example,
s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip
 C. Prefix file names with random hex hashes; for example,
s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip
 D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-
FOLDERNAME/FILENAME.zip

Hide Solution Discussion 26

Correct Answer: B
Reference:
http://jayendrapatil.com/aws-s3-best-practices/
Question #165Topic 1
Amazon API Gateway is used in a company's new mobile application. As the development
team completes a new version of its APIs, a developer must roll out the API modification
securely and transparently.

What is the SIMPLEST method for a developer to deploy a new API version to a restricted
number of consumers using API Gateway?

 A. Create a new API in API Gateway. Direct a portion of the traffic to the new API
using an Amazon Route 53 weighted routing policy.
 B. Validate the new API version and promote it to production during the window of
lowest expected utilization.
 C. Implement an Amazon CloudWatch alarm to trigger a rollback if the observed
HTTP 500 status code rate exceeds a predetermined threshold.
 D. Use the canary release deployment option in API Gateway. Direct a percentage of
the API traffic using the canarySettings setting.

Hide Solution Discussion 10

Correct Answer: D

Question #166Topic 1
A programmer is developing a REST API that will allow users to add goods to a shopping
list. The service is developed on Amazon API Gateway and integrates with AWS Lambda.
The shopping list items are sent to the function as query string arguments.

How should the developer transform query string parameters to Lambda function arguments?

 A. Enable request validation

 B. Include the Amazon Resource Name (ARN) of the Lambda function
 C. Change the integration type
 D. Create a mapping template

Hide Solution Discussion 25

Correct Answer: C
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-
by-step.html
Question #167Topic 1
A firm is compiling a website using AWS CodeBuild from source code saved in AWS
CodeCommit. Due to a recent modification to the source code, the CodeBuild project is
unable to assemble the website correctly.

How is the developer to determine the root cause of the failures?

 A. Modify the buildspec.yml file to include steps to send the output of build
commands to Amazon CloudWatch.
 B. Use a custom Docker image that includes the AWS X-Ray agent in the AWS
CodeBuild project configuration.
 C. Check the build logs of the failed phase in the last build attempt in the AWS
CodeBuild project build history.
 D. Manually re-run the build process on a local machine so that the output can be
visualized.

Hide Solution Discussion 37

Correct Answer: A

Question #168Topic 1
Over SSH, a developer connects to AWS CodeCommit. The SSH keys used to connect to
AWS CodeCommit are associated with the following user:
The developer is responsible for creating and deleting branches.

Which particular IAM permissions, based on the concept of least privilege, should be added?

 A. ‫ג‬€codecommit:CreateBranch‫ג‬€ ‫ג‬€codecommit:DeleteBranch‫ג‬€
 B. ‫ג‬€codecommit:Put*‫ג‬€
 C. ‫ג‬€codecommit:Update*‫ג‬€
 D. ‫ג‬€codecommit:*‫ג‬€

Hide Solution Discussion 6

Correct Answer: C

Question #169Topic 1
Amazon Kinesis Streams is being used by a web application to store clickstream data that
may not be utilized for up to 12 hours.

How can the developer encrypt data in the Kinesis Streams at rest?

 A. Enable SSL connections to Kinesis

 B. Use Amazon Kinesis Consumer Library
 C. Encrypt the data once it is at rest with a Lambda function
 D. Enable server-side encryption in Kinesis Streams

Hide Solution Discussion 9

Correct Answer: D
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/07/amazon-kinesis-streams-introduces-
server-side-encryption/
Question #170Topic 1
A business is building a web application that will enable workers to submit their profile
pictures to a private Amazon S3 bucket. There is no restriction on the size of the profile
images that should be shown each time an employee checks in. The images cannot be made
publicly available for security reasons.

What is a long-term feasible solution to this situation?

 A. Generate a presigned URL when a picture is uploaded. Save the URL in an

Amazon DynamoDB table. Return the URL to the browser when the employee logs
in.
 B. Save the picture‫ג‬€™s S3 key in an Amazon DynamoDB table. Create an Amazon
S3 VPC endpoint to allow the employees to download pictures once they log in.
 C. Encode a picture using base64. Save the base64 string in an Amazon DB table.
Allow the browser to retrieve the string and convert it to a picture.
 D. Save the picture‫ג‬€™s S3 key in an Amazon DynamoDB table. Use a function to
generate a presigned URL every time an employee logs in. Return the URL to the
browser.

Hide Solution Discussion 14

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-
authentication/

Question #171Topic 1
Amazon CloudFront is being used by an organization to guarantee that its users have low-
latency access to their online application. The business determined that all communication
between users and CloudFront, as well as all traffic between CloudFront and the web
application, should be encrypted.

How are these stipulations to be met? (Select two.)

 A. Use AWS KMS to encrypt traffic between CloudFront and the web application.
 B. Set the Origin Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€.
 C. Set the Origin‫ג‬€™s HTTP Port to 443.
 D. Set the Viewer Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€ or ‫ג‬€Redirect HTTP to
HTTPS‫ג‬€.
 E. Enable the CloudFront option Restrict Viewer Access.

Hide Solution Discussion 25

Correct Answer: CD

Question #172Topic 1
A developer is transferring an application from on-premises to AWS. Currently, the program
accepts user uploads and stores them to a server-side local directory. All uploads must be
preserved and instantly accessible to all instances within an Auto Scaling group.

Which strategy will satisfy these criteria?

 A. Use Amazon EBS and configure the application AMI to use a snapshot of the same
EBS instance on boot.
 B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.
 C. Use instance storage and share it between instances launched from the same
Amazon Machine Image (AMI).
 D. Use Amazon EBS and file synchronization software to achieve eventual
consistency among the Auto Scaling group.

Hide Solution Discussion 14

Correct Answer: D

Question #173Topic 1
The Amazon API Gateway exposes a collection of APIs to clients. The API Gateway has
enabled caching for these APIs. Customers have requested an option to clear this cache for
each API.

What may be done to enable API clients to invalidate the API Cache?

 A. Ask customers to use AWS credentials to call the InvalidateCache API.

 B. Ask customers to invoke an AWS API endpoint which invalidates the cache.
 C. Ask customers to pass an HTTP header called Cache-Control:max-age=0.
 D. Ask customers to add a query string parameter called ‫ג‬€INVALIDATE_CACHE‫ג‬€
when making an API call.

Hide Solution Discussion 20

Correct Answer: B

Question #174Topic 1
A developer is updating a bespoke application that is currently running on AWS Elastic
Beanstalk.
What solutions will update the Elastic Beanstalk environment with the new application
version after the Developer completes the changes? (Select two.)

 A. Package the application code into a .zip file, and upload, then deploy the packaged
application from the AWS Management Console
 B. Package the application code into a .tar file, create a new application version from
the AWS Management Console, then update the environment by using AWS CLI
  C. Package the application code into a .tar file, and upload and deploy the packaged
application from the AWS Management Console
 D. Package the application code into a .zip file, create a new application version from
the packaged application by using AWS CLI, then update the environment by using
AWS CLI
 E. Package the application code into a .zip file, create a new application version from
the AWS Management Console, then rebuild the environment by using AWS CLI

Hide Solution Discussion 27

Correct Answer: CD

Question #175Topic 1
A developer has been requested to write an AWS Lambda function that is called whenever
objects in an Amazon DynamoDB database are updated. The function has been built, and the
Lambda execution role has been granted the necessary permissions. Although Amazon
DynamoDB streams have been enabled for the table, the function continues to fail to execute.

Which option would allow the Lambda function to be triggered by DynamoDB database
updates?

 A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for

the DynamoDB table
 B. Configure event source mapping for the Lambda function
 C. Map an Amazon SNS topic to the DynamoDB streams
 D. Increase the maximum execution time (timeout) setting of the Lambda function

Hide Solution Discussion 18

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html
Question #176Topic 1
Amazon API Gateway is used by a business to manage access to a collection of
microservices built as AWS Lambda functions. The corporation makes a small breaking
update to one of the APIs in response to a bug report.
To minimize the effect of the new API's deployment on current customers, the business
intends to provide clients six months to transition from v1 to v2.

Which strategy should the developer use to deal with this change?

 A. Update the underlying Lambda function and provide clients with the new Lambda
invocation URL.
 B. Use API Gateway to automatically propagate the change to clients, specifying 180
days in the phased deployment parameter.
 C. Use API Gateway to deploy a new stage named v2 to the API and provide users
with its URL.
 D. Update the underlying Lambda function, create an Amazon CloudFront
distribution with the updated Lambda function as its origin.
Hide Solution Discussion 11
Correct Answer: C

Question #177Topic 1
A program may have hundreds of users. Each user may access the application through
various devices. The Developer want to give these users unique IDs regardless of the device
they are using.

Which mechanism should be utilized to generate unique identifiers?

 A. Create a user table in Amazon DynamoDB as key-value pairs of users and their
devices. Use these keys as unique identifiers.
 B. Use IAM-generated access key IDs for the users as the unique identifier, but do not
store secret keys.
 C. Implement developer-authenticated identities by using Amazon Cognito, and get
credentials for these identities.
 D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the
unique identifier.

Hide Solution Discussion 27

Correct Answer: D

Question #178Topic 1
A business wishes to transition an imaging service to Amazon EC2 while adhering to
industry best practices for security. The photos are obtained and read from an Amazon S3
bucket that is not publicly accessible.

What actions should a developer take to ensure compliance with these requirements?

 A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily
store the user credentials in the Amazon EBS volume of the EC2 instance.
 B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily
store the user credentials in the user data of the EC2 instance.
 C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach
the role to the EC2 instance.
 D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the
role to the EC2 instance.

Hide Solution Discussion 8

Correct Answer: B
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Question #179Topic 1
A business makes use of continuous integration and delivery platforms. A developer now
wants to automate the distribution of software packages to both Amazon EC2 instances and
on-premises virtual machines.
Which AWS service should be utilized for this purpose?

 A. AWS CodePipeline
 B. AWS CodeBuild
 C. AWS Elastic Beanstalk
 D. AWS CodeDeploy

Hide Solution Discussion 14

Correct Answer: D

Question #180Topic 1
How does AWS KMS's Envelope Encryption work?

 A. The Customer Master Key is used to encrypt/decrypt a data key. The Plaintext
Data Key is used to encrypt customer data.
 B. Two encryption keys are used. The Customer Master Key encrypts customer data.
The Data Key is used to re-encrypt the encrypted data.
 C. Two encryption keys are used. The Data Key encrypts customer data. The
‫¡׀‬ustomer Master Key is used to re-encrypt the encrypted data.
 D. The Customer Master Key is used to encrypt/decrypt a data key. The Encrypted
Data Key is used to encrypt customer data.

Hide Solution Discussion 8

Correct Answer: C
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Question #181Topic 1
A developer must construct an application that supports SAML and Facebook authentication.
Additionally, it must provide access to AWS services such as Amazon DynamoDB.

Which AWS service or feature will allow for the LEAST amount of extra code to achieve
these requirements?

 A. AWS AppSync
 B. Amazon Cognito identity pools
 C. Amazon Cognito user pools
 D. Amazon Lambda@Edge

Hide Solution Discussion 13

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-
saml/
Question #182Topic 1
A developer is developing a three-tier web application that must support at least 5000
requests per minute. According to the requirements, the web layer should be fully stateless,
whereas the application should keep user session data.

How may session data be externalized while minimizing latency?

 A. Create an Amazon RDS instance, then implement session handling at the

application level to leverage a database inside the RDS database instance for session
data storage
 B. Implement a shared file system solution across the underlying Amazon EC2
instances, then implement session handling at the application level to leverage the
shared file system for session data storage
 C. Create an Amazon ElastiCache Memcached cluster, then implement session
handling at the application level to leverage the cluster for session data storage
 D. Create an Amazon DynamoDB table, then implement session handling at the
application level to leverage the table for session data storage

Hide Solution Discussion 25

Correct Answer: A

Question #183Topic 1
A development team is now working on a case management system that will enable the
processing and evaluation of medical claims. Users log in to share medical and financial
information.
Sensitive data such as medical records, medical imaging, bank statements, and invoices are
uploaded to Amazon S3 as part of the program. All papers must be sent and kept securely.
All access to documents must be documented for auditing purposes.

Which technique is the MOST SECURE?

 A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on

the destination bucket.
 B. Use Amazon Cognito for authorization and authentication to ensure the security of
the application and documents.
 C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3
bucket.
 D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Hide Solution Discussion 20

Correct Answer: D

Question #184Topic 1
A developer is developing a web application that will allow end users to exchange encrypted
documents. The papers are saved on Amazon S3 in a private bucket. Only verified users
should be able to download certain documents when requested, and only for a period of 15
minutes.

How is the developer to adhere to these specifications?

 A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion
after 15 minutes.
 B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15
minutes.
 C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and
download the documents using HTTPS.
 D. Modify the S3 bucket policy to only allow specific users to download the
documents. Revert the change after 15 minutes.

Hide Solution Discussion 8

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/
Question #185Topic 1
A front-end web application handles user authentication with Amazon Cognito user pools.
Using the AWS SDK for JavaScript, a developer integrates Amazon DynamoDB into the
application.

How might a developer contact the API safely without disclosing the access or secret keys?

 A. Configure Amazon Cognito identity pools and exchange the JSON Web Token
(JWT) for temporary credentials.
 B. Run the web application in an Amazon EC2 instance with the instance profile
configured.
 C. Hardcore the credentials, use Amazon S3 to host the web application, and enable
server-side encryption.
 D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the
DynamoDB APIs.

Hide Solution Discussion 16

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-
using-tokens-verifying-a-jwt.html
Question #186Topic 1
In AWS Lambda, a developer is developing an application. To facilitate testing and
deployments, the Developer need the ability to change the database connection string without
affecting the Lambda code.

How is this criterion to be met?

  A. Store the connection string as a secret in AWS Secrets Manager.
 B. Store the connection string in an IAM user account.
 C. Store the connection string in AWS KMS.
 D. Store the connection string as a Lambda layer.

Hide Solution Discussion 9

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/developer/net-core-configuration-provider-for-aws-systems-
manager/
Question #187Topic 1
A developer wants to monitor an application that is deployed on Amazon EC2 instances
using AWS X-Ray.

What procedures must be taken to do the monitoring?

 A. Deploy the X-Ray SDK with the application and use X-Ray annotation.
 B. Install the X-Ray daemon and instrument the application code.
 C. Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch
Events.
 D. Deploy the X-Ray SDK with the application and instrument the application code.

Hide Solution Discussion 23

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/aws/category/aws-x-ray/
Question #188Topic 1
When deploying new application versions on AWS Elastic Beanstalk, an application's error
rate increases, resulting in service deterioration for customers. This, the Development team
thinks, is due to the capacity loss throughout the deployment processes. The team want to
update the environment's deployment policy configuration to one that maintains full capacity
during deployment while using current instances.

Which deployment strategy will satisfy these criteria while using current instances?

 A. All at once
 B. Rolling
 C. Rolling with additional batch
 D. Immutable

Hide Solution Discussion 45

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/developer/version-2-of-the-aws-elastic-beanstalk-windows-
server-platform/
Question #189Topic 1
A business has a web application that is authenticated by an Amazon Cognito user pool. The
business want to construct a login page including the business's logo.

What actions should a developer take to ensure compliance with these requirements?

 A. Create a hosted user interface in Amazon Cognito and customize it with the
company logo.
 B. Create a login page with the company logo and upload it to Amazon Cognito.
 C. Create a login page in Amazon API Gateway with the logo and save the link in
Amazon Cognito.
 D. Upload the logo to the Amazon Cognito app settings and point to the logo on a
custom login page.

Hide Solution Discussion 21

Correct Answer: D
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-hosted-web-ui/
Question #190Topic 1
To increase read speed, an application makes use of a single-node Amazon ElastiCache for
Redis instance. Demand for the application has grown significantly over time, putting an
increasing strain on the ElastiCache instance. It is vital that this cache layer is capable of
handling the load and being robust in the event of a node failure.

What can be done by the developer to meet load and resilience requirements?

 A. Add a read replica instance.

 B. Migrate to a Memcached cluster.
 C. Migrate to an Amazon Elasticsearch Service cluster.
 D. Vertically scale the ElastiCache instance.

Hide Solution Discussion 22

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-
ug/Replication.Redis.Groups.html

Question #191Topic 1
A developer intends to create a REST API via the usage of an Amazon API Gateway and
AWS Lambda. The developer will be responsible for managing three unique environments:
development, test, and production.

How should the application be delivered with the least amount of resources possible?
  A. Create a separate API Gateway and separate Lambda function for each
environment in the same Region.
 B. Assign a Region for each environment and deploy API Gateway and Lambda to
each Region.
 C. Create one API Gateway with multiple stages with one Lambda function with
multiple aliases.
 D. Create one API Gateway and one Lambda function, and use a REST parameter to
identify the environment.

Hide Solution Discussion 5

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/compute/using-api-gateway-stage-variables-to-manage-
lambda-functions/
Question #192Topic 1
A development team is deploying a two-tier application in production using AWS Elastic
Beanstalk. The application comprises of a load-balanced web tier and an Amazon RDS
database layer. The team want to partition the RDS instance from the Elastic Beanstalk
instance.

How is this possible?

 A. Use the Elastic Beanstalk CLI to disassociate the database.

 B. Use the AWS CLI to disassociate the database.
 C. Change the deployment policy to disassociate the database.
 D. Recreate a new Elastic Beanstalk environment without Amazon RDS.

Hide Solution Discussion 21

Correct Answer: C

Question #193Topic 1
A developer has established a new AWS IAM user with the s3:putObject permission, which
enables him to write to a particular Amazon S3 bucket. As a default, this S3 bucket employs
server-side encryption with AWS KMS controlled keys (SSE-KMS). When contacting the
PutObject API with the IAM user's access key and secret key, the application encountered an
access denied error.

How is this problem to be resolved?

 A. Update the policy of the IAM user to allow the s3:Encrypt action.
 B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
 C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
 D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.

Hide Solution Discussion 12

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-error-kms/
Question #194Topic 1
On Amazon EC2 instances, a developer has code that requires read-only access to an
Amazon DynamoDB database.

What is the MOST secure method for the Developer to do this task?

 A. Create a user access key for each EC2 instance with read-only access to
DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.
 B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to
the EC2 instances.
 C. Run all code with only AWS account root user access keys to ensure maximum
access to services.
 D. Use an IAM role with Administrator access applied to the EC2 instance.

Hide Solution Discussion 9

Correct Answer: D

Question #195Topic 1
A developer is developing an AWS Lambda function that makes Amazon DynamoDB
available. The Lambda function must obtain and change certain properties of an object, or
construct the item if it does not exist. Access to the main key is granted to the Lambda
function.

Which IAM permissions should the developer obtain to enable this capability in the Lambda
function?

 A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

 B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
 C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
 D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

Hide Solution Discussion 21

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html
Question #196Topic 1
A developer is developing a Lambda function to create and export a file. While the program
is running, it needs 100 MB of temporary storage for transient files. These files are no longer
required after the function has been completed.

How can the developer manage temporary files most efficiently?

 A. Store the files in EBS and delete the files at the end of the Lambda function.
  B. Copy the files to EFS and delete the files at the end of the Lambda function.
 C. Store the files in the /tmp directory and delete the files at the end of the Lambda
function.
 D. Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Hide Solution Discussion 10

Correct Answer: C
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=174119
Question #197Topic 1
A corporation is transferring its on-premises web application from a single server to AWS.
To balance the demand, the firm wants to deploy numerous servers behind an Elastic Load
Balancer (ELB) and to keep session data in memory on the web server. The organization does
not want to lose session data in the event of a server failure or outage, and it also wants to
minimize user downtime.

Where should the organization relocate session data to most effectively decrease downtime
and increase the fault tolerance of customers' session data?

 A. An Amazon ElastiCache for Redis cluster

 B. A second Amazon EBS volume
 C. The web server‫ג‬€™s primary disk
 D. An Amazon EC2 instance dedicated to session data

Hide Solution Discussion 7

Correct Answer: A

Question #198Topic 1
A business is in the process of building a serverless ecommerce web application. The
application must perform synchronized, all-or-nothing updates to various products in the
company's Amazon DynamoDB inventory database.

Which solution will satisfy these criteria?

 A. Enable transactions for the DynamoDB table. Use the BatchWriteItem operation to
update the items.
 B. Use the TransactWriteItems operation to group the changes. Update the items in
the table.
 C. Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update
the table based on the grouped changes.
 D. Create a transaction table in an Amazon Aurora DB cluster to manage the
transactions. Write a backend process to sync the Aurora DB table and the
DynamoDB table.

Hide Solution Discussion 5

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/mobile/appsync-caching-transactions/
Question #199Topic 1
A developer is monitoring an Amazon EC2 instance that is executing an application. The
application reads data from an Amazon DynamoDB database, and the developer has created a
custom Amazon CloudWatch measure with a 1 second granularity. If there are any
difficulties, the developer want to be alerted through Amazon SNS within 30 seconds.

Which CloudWatch method meets this criterion?

 A. Configure a high-resolution CloudWatch alarm.

 B. Set up a custom AWS Lambda CloudWatch log.
 C. Use a Cloud Watch stream.
 D. Change to a default CloudWatch metric.

Hide Solution Discussion 5

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/acw-ug.pdf
(14)
Question #200Topic 1
A developer is attempting to get data from the demoman-table database in Amazon
DynamoDB. The developer set the AWS CLI to utilize the credentials of a particular IAM
user and ran the following command:

The command produced errors and returned no rows.

Which of the following is the MOST LIKELY CAUSE of these problems?

 A. The command is incorrect; it should be rewritten to use put-item with a string

argument.
 B. The developer needs to log a ticket with AWS Support to enable access to the
demoman-table.
 C. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called
via the REST API.
 D. The IAM user needs an associated policy with read access to demoman-table.

Hide Solution Discussion 5

Correct Answer: D

Question #201Topic 1
A developer is working on a mobile app and requires any changes to user profile data to be
distributed to all devices that access the same identity. The developer does not wish to
maintain the user profile data on a back end.
What is the most efficient approach for the Developer to use Amazon Cognito to meet these
requirements?

 A. Use Cognito federated identities.

 B. Use a Cognito user pool.
 C. Use Cognito Sync.
 D. Use Cognito events.

Hide Solution Discussion 14

Correct Answer: A

Question #202Topic 1
A small internet business is gearing up for its yearly sales extravaganza. As traffic to the
company's application rises, the development team want to be alerted when the CPU usage of
the Amazon EC2 instance surpasses 80%.

Which solution will satisfy this criterion?

 A. Create a custom Amazon CloudWatch alarm that sends a notification to an

Amazon SNS topic when the CPU utilization exceeds 80%.
 B. Create a custom AWS Cloud Trail alarm that sends a notification to an Amazon
SNS topic when the CPU utilization exceeds 80%.
 C. Create a cron job on the EC2 instance that executes the --describe-instance-
information command on the host instance every 15 minutes and sends the results to
an Amazon SNS topic.
 D. Create an AWS Lambda function that queries the AWS CloudTrail logs for the
CPUUtilization metric every 15 minutes and sends a notification to an Amazon SNS
topic when the CPU utilization exceeds 80%.

Hide Solution Discussion 6

Correct Answer: A

Question #203Topic 1
A developer wishes to revert to a prior version of an AWS Lambda function in the case of
deployment issues.

How can the developer do this with the FEWEST possible effect on users?

 A. Change the application to use an alias that points to the current version. Deploy the
new version of the code. Update the alias to use the newly deployed version. If too
many errors are encountered, point the alias back to the previous version.
 B. Change the application to use an alias that points to the current version. Deploy the
new version of the code. Update the alias to direct 10% of users to the newly
deployed version. If too many errors are encountered, send 100% of traffic to the
previous version.
  C. Do not make any changes to the application. Deploy the new version of the code. If
too many errors are encountered, point the application back to the previous version
using the version number in the Amazon Resource Name (ARN).
 D. Create three aliases: new, existing, and router. Point the existing alias to the current
version. Have the router alias direct 100% of users to the existing alias. Update the
application to use the router alias. Deploy the new version of the code. Point the new
alias to this version. Update the router alias to direct 10% of users to the new alias. If
too many errors are encountered, send 100% of traffic to the existing alias.

Hide Solution Discussion 15

Correct Answer: A

Question #204Topic 1
A legacy program running on-premises caches data files locally and writes shared pictures to
local drives.

What is required to enable horizontal scalability during the application's migration to AWS?

 A. Modify the application to have both shared images and caching data written to
Amazon EBS.
 B. Modify the application to read and write cache data on Amazon S3, and also store
shared images on S3.
 C. Modify the application to use Amazon S3 for serving shared images; cache data
can then be written to local disks.
 D. Modify the application to read and write cache data on Amazon S3, while
continuing to write shared images to local disks.

Hide Solution Discussion 26

Correct Answer: B

Question #205Topic 1
A developer is working on a financial transaction management program. Multi-factor
authentication (MFA) will be needed as part of the login protocol to increase security.

Which services are available to the developer in order to achieve these requirements?

 A. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA
codes
 B. Amazon Cognito with MFA
 C. AWS Directory Service
 D. AWS IAM with MFA enabled

Hide Solution Discussion 34

Correct Answer: D
Reference:
https://aws.amazon.com/iam/details/mfa/
Question #206Topic 1
A developer chooses to use Amazon S3 to store highly secure data and want to build server-
side encryption (SSE) with granular control over who may access the master key. For
security reasons, company policy demands that the master key be established, cycled, and
deactivated easily as necessary.

Which option is most appropriate for meeting these requirements?

 A. SSE with Amazon S3 managed keys (SSE-S3)

 B. SSE with AWS KMS managed keys (SSE-KMS)
 C. SSE with AWS Secrets Manager
 D. SSE with customer-provided encryption keys

Hide Solution Discussion 22

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
Question #207Topic 1
A server-side application running on Amazon EC2 instances needs access assets contained in
an Amazon S3 bucket that have been secured using AWS KMS encryption keys (SSE-KMS).
To decrypt the items, the program must have access to the customer master key (CMK).

Which sequence of actions will provide access to the application? (Select two.)

 A. Write an S3 bucket policy that grants the bucket access to the key.
 B. Grant access to the key in the IAM EC2 role attached to the application‫ג‬€™s EC2
instances.
 C. Write a key policy that enables IAM policies to grant access to the key.
 D. Grant access to the key in the S3 bucket‫ג‬€™s ACL
 E. Create a Systems Manager parameter that exposes the KMS key to the EC2
instances.

Hide Solution Discussion 12

Correct Answer: AE

Question #208Topic 1
Amazon Cognito is being used by a social networking firm to synchronize profiles across
many mobile devices, enabling end users to enjoy a consistent experience.

Which of the following setups enables customers to be notified quietly whenever an update is
ready for their other devices?

 A. Modify the user pool to include all the devices which keep them in sync.
 B. Use the SyncCallback interface to receive notifications on the application.
 C. Use an Amazon Cognito stream to analyze the data and push the notifications.
 D. Use the push synchronization feature with the appropriate IAM role.
Hide Solution Discussion 25
Correct Answer: C
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sync.html
Question #209Topic 1
The Lambda function below is invoked through an API request made using Amazon API
Gateway. The Lambda function typically executes in less than a second.
The Lambda function's pseudocode is displayed in the exhibit.

Which two measures may be performed to increase this Lambda function's performance
without raising the cost of the solution? (Select two.)

 A. Package only the modules the Lambda function requires

 B. Use Amazon DynamoDB instead of Amazon RDS
 C. Move the initialization of the variable Amazon RDS connection outside of the
handler function
 D. Implement custom database connection pooling with the Lambda function
 E. Implement local caching of Amazon RDS data so Lambda can re-use the cache

Hide Solution Discussion 20

Correct Answer: AE

Question #210Topic 1
A developer has constructed a huge Lambda function, but deployment encounters the
following error:
ClientError: When invoking the CreateFunction action, an error occurred
(InvalidParameterValueException): The unzipped file size must not exceed XXXXXXX
bytes€TM, where XXXXXXXX is the current Lambda limit.

What is the Developer's role in resolving this issue?

 A. Submit a limit increase request to AWS Support to increase the function to the size
needed.
 B. Use a compression algorithm that is more efficient than ZIP.
 C. Break the function into multiple smaller Lambda functions.
 D. ZIP the ZIP file twice to compress it further.

Hide Solution Discussion 23

Correct Answer: C

Question #211Topic 1
A developer is using Amazon S3 to store sensitive data created by an application. The
developer want to encrypt the data while it is in transit. A corporate policy demands an audit
trail detailing when and by whom the master key was used.

Which encryption method will satisfy these criteria?

 A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

 B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
 C. Server-side encryption with customer-provided keys (SSE-C)
 D. Server-side encryption with self-managed keys

Hide Solution Discussion 13

Correct Answer: B
Similar to SSE-S3, but with some additional benefits along with some additional charges for
using this service. provides you with an audit trail of when your key was used and by whom.
Additionally, you have the option to create and manage encryption keys yourself, or use a
default key that is unique to you.
Question #212Topic 1
An Amazon EC2 instance is configured with an IAM role that expressly forbids access to all
Amazon S3 API activities. The EC2 instance credentials file contains the IAM access key
and secret access key, both of which provide full administrative access.

Which of the following statements is accurate in light of the fact that this EC2 instance
supports several types of IAM access?
  A. The EC2 instance will only be able to list the S3 buckets.
 B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
 C. The EC2 instance will be able to perform all actions on any S3 bucket.
 D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Hide Solution Discussion 14

Correct Answer: A

Question #213Topic 1
A developer is storing application data in Amazon DynamoDB. The developer want to
further optimize the application's performance by minimizing the time required to conduct
read and write operations.

Which DynamoDB functionality should be utilized to accomplish these goals?

 A. Amazon DynamoDB Streams

 B. Amazon DynamoDB Accelerator
 C. Amazon DynamoDB global tables
 D. Amazon DynamoDB transactions

Hide Solution Discussion 33

Correct Answer: D
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWri
teCapacityMode.html
Question #214Topic 1
A developer wrote configuration requirements for an AWS Elastic Beanstalk application in a
file entitled healthcheckurl.yaml in their application source bundle's.ebextensions/directory.
The following information is included in the file:

Following the application's start, the health check is not executed on the right route, despite
the fact that it is legitimate.

How can this configuration file be corrected?

 A. Convert the file to JSON format.

 B. Rename the file to a .config extension.
 C. Change the configuration section from options_settings to resources.
 D. Change the namespace of the option settings to a custom namespace.

Hide Solution Discussion 7

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
Question #215Topic 1
A developer is developing an AWS Lambda function to produce and publish a weekly
newsletter to 100,000 subscribers dynamically. This mail includes both static and dynamic
content. The developer need a highly scalable and quick storage location for the photographs
that will be hyperlinked throughout the newsletter.

Where is the developer supposed to save these images?

 A. Use an Amazon DynamoDB table with DynamoDB Streams and read capacity
auto scaling enabled.
 B. Use an Amazon S3 bucket and S3 Transfer Acceleration to speed up the image
download.
 C. Use an Amazon Aurora database with a public DNS endpoint and auto scaling
enabled.
 D. Use an Amazon S3 backed Amazon CloudFront distribution with a high Time-to-
Live (TTL) to maximize caching.

Hide Solution Discussion 13

Correct Answer: A

Question #216Topic 1
An application is being developed that will use Amazon SQS to handle messages from a
large number of independent senders. Messages from each sender must be handled in the
order in which they are received.

Which SQS functionality should the developer implement?

 A. Configure each sender with a unique MessageGroupId

 B. Enable MessageDeduplicationIds on the SQS queue
 C. Configure each message with unique MessageGroupIds.
 D. Enable ContentBasedDeduplication on the SQS queue

Hide Solution Discussion 59

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/developer/how-the-amazon-sqs-fifo-api-works/
Question #217Topic 1
A developer works in an environment that includes various Amazon Web Services accounts
and AWS Lambda functions that handle identical 100 KB payloads. The developer wishes to
centralize the payloads' origin in a single account and have all Lambda functions triggered
whenever the parent account's starting event happens.
How can the developer build the process in the most efficient manner possible, ensuring that
all Lambda functions with multiple accounts are run when an event occurs?

 A. Create a Lambda function in the parent account and use cross-account IAM roles
with the AWS Security Token Service (AWS STS) AssumeRole API call to make
AWS Lambda invoke the API call to invoke all the cross-account Lambda functions.
 B. Subscribe all the multi-account Lambda functions to an Amazon SNS topic and
make a SNS Publish API call with the payload to the SNS topic.
 C. Set up an Amazon SQS queue with the queue policy permitting the
ReceiveMessage action for multi-account Lambda functions. Then send the payload
to the SQS queue using the sqs:SendMessage permission and poll the queue using
multi-account Lambda functions.
 D. Use a worker on an Amazon EC2 instance to poll for the payload event. Invoke all
Lambda functions using the Lambda Invoke API after using cross-account IAM roles
with the AWS Security Token Service (AWS STS) AssumeRole API call.

Hide Solution Discussion 20

Correct Answer: D

Question #218Topic 1
A developer wishes to improve the performance of reads from an unencrypted Amazon S3
bucket. Each second, the program needs 100,000 read requests. Priority is given to cost-
effectiveness.

What is the MOST SIMPLE method for implementing these requirements?

 A. Create 20 or more prefixes in Amazon S3. Place files by prefixes. Read in parallel
by prefixes.
 B. Create 20 or more AWS accounts. Create a bucket in each account. Read in
parallel by bucket.
 C. Deploy Memcached on Amazon EC2. Cache the files in memory. Retrieve from
the Memcached cache.
 D. Copy all files to Amazon DynamoDB. Index the files with S3 metadata. Retrieve
from DynamoDB.

Hide Solution Discussion 3

Correct Answer: B

Topic 1 - Single Topic

Question #219Topic 1
A developer used Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS to
construct a dashboard for an application. The developer need an authentication system that
enables users to log in and access their dashboard. It must be available through mobile apps,
desktop applications, and tablets, and it must maintain user preferences across platforms.
Which AWS service should the developer use to accommodate this situation of
authentication?

 A. AWS KMS
 B. Amazon Cognito
 C. AWS Directory Service
 D. Amazon IAM

Hide Solution Discussion 57

Correct Answer: B

Question #220Topic 1
A developer is deploying an application to Amazon EC2 using AWS CodeDeploy. The
developer wishes to modify the permissions on a particular deployment file.

Which lifecycle event should a developer utilize to do this task?

 A. AfterInstall
 B. DownloadBundle
 C. BeforeInstall
 D. ValidateService

Hide Solution Discussion 12

Correct Answer: A
You can use the AfterInstall deployment lifecycle event for tasks such as configuring your
application or changing file permissions.
Reference:
https://aws.amazon.com/codedeploy/faqs/
- Expert Verified, Online, Free.

 Custom View Settings

Question #1 Topic 1

When launching containers in Amazon ECS, where may PortMapping be defined?

A. Security groups

B. Amazon Elastic Container Registry (Amazon ECR)

C. Container agent

D. Task definition

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonECS/latest/userguide/task_definition_parameters.html

Community vote distribution

D (100%)

Question #2 Topic 1

How should access keys be handled in AWS according to best practices? (Select two.)

A. Use the same access key in all applications for consistency.

B. Delete all access keys for the account root user.

C. Leave unused access keys in the account for tracking purposes.

D. Embed and encrypt access keys in code for continuous deployment.

E. Use Amazon IAM roles instead of access keys where possible.

Correct Answer: BE
Reference:
https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#iam-user-access-keys
Question #3 Topic 1

What is the run order of the hooks for in-place deployments in an AWS CodeDeploy deployment?

A. Before Install -> Application Stop -> Application Start -> After Install

B. Application Stop -> Before Install -> After Install -> Application Start

C. Before Install -> Application Stop -> Validate Service -> Application Start

D. Application Stop -> Before Install -> Validate Service -> Application Start

Correct Answer: B
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html

Community vote distribution

B (100%)

Question #4 Topic 1

Data is read from an Amazon DynamoDB database by an application. The program gets several ProvisionedThroughputExceeded errors many
times a day for a duration of 15 seconds.

What should be done with this exception?

A. Create a new global secondary index for the table to help with the additional requests.

B. Retry the failed read requests with exponential backoff.

C. Immediately retry the failed read requests.

D. Use the DynamoDB ‫ג‬€UpdateItem‫ג‬€ API to increase the provisioned throughput capacity of the table.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-query-scan.html

Community vote distribution

B (100%)
Question #5 Topic 1

All data in transit between an EC2 instance and an Amazon EBS volume must be secured for a physician's office management application.

Which one of the following strategies satisfies this criterion? (Select two.)

A. Create encrypted snapshots into Amazon S3.

B. Use Amazon RDS with encryption.

C. Use IAM roles to limit access to the Amazon EBS volume.

D. Enable EBS encryption.

E. Leverage OS-level encryption.

Correct Answer: AD
Reference:
https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/

Community vote distribution

CD (80%) DE (20%)

Question #6 Topic 1

What section of the document root must be included in an AWS CloudFormation template to include objects specified by the AWS Serverless
Application Model (SAM) in addition to Resources?

A. Conditions

B. Globals

C. Transform

D. Properties

Correct Answer: D
Reference:
https://docs.aws.amazon.com/cloud9/latest/user-guide/lambda-functions.html

Community vote distribution

C (100%)
Question #7 Topic 1

A developer recognizes the need for centralized storage of application-level logs while designing an application that runs on Amazon EC2 in an
Amazon VPC.

Which AWS service can be utilized to store these logs securely?

A. Amazon EC2 VPC Flow Logs

B. Amazon CloudWatch Logs

C. Amazon CloudSearch

D. AWS CloudTrail

Correct Answer: B
Reference:
https://aws.amazon.com/answers/logging/centralized-logging/

Community vote distribution

B (100%)

Question #8 Topic 1

What are the requirements for configuring container instances in an AWS Elastic Beanstalk multi-container Docker environment?

A. An Amazon ECS task definition

B. An Amazon ECS cluster

C. A Dockerfile in an application package

D. A CLI for Elastic Beanstalk

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html

Community vote distribution

A (50%) C (50%)

Question #9 Topic 1

A developer must install a serverless RESTful API on AWS regularly and consistently.

Which strategies will be effective? (Select two.)

A. Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.

B. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.

C. Deploy a SAM template with an inline Swagger definition.

D. Define a Swagger file. Deploy a SAM template that references the Swagger file.

E. Define an inline Swagger definition in a Lambda function. Invoke the Lambda function.

Correct Answer: DE

Community vote distribution

CD (100%)
Question #10 Topic 1

Amazon Kinesis is used to load data into a stock market monitoring application. The Kinesis stream cannot keep up with the incoming data during
simulated peak data rates testing.

What step will enable Kinesis to handle peak-hour traffic?

A. Install the Kinesis Producer Library (KPL) for ingesting data into the stream.

B. Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod.

C. Increase the shard count of the stream using UpdateShardCount.

D. Ingest multiple records into the stream in a single call using PutRecords.

Correct Answer: A
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Community vote distribution

C (100%)

Question #11 Topic 1

AWS services must be accessed and API calls must be made by an application running on an Amazon EC2 instance.
What is the SAFEST approach to grant access to AWS services with the least amount of administration overhead?

A. Use AWS KMS to store and retrieve credentials.

B. Use EC2 instance profiles.

C. Use AWS root user to make requests to the application.

D. Store and retrieve credentials from AWS CodeCommit.

Correct Answer: B

Community vote distribution

B (100%)

Question #12 Topic 1

With production-distributed applications created as AWS Lambda functions, a developer must investigate performance issues. Other components
of the applications are invoked by these distributed Lambda applications.
What is the best way for a developer to discover and resolve the root cause of production performance issues?

A. Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.

B. Use AWS CloudTrail and then examine the logs.

C. Use AWS X-Ray, then examine the segments and errors.

D. Run Amazon Inspector agents and then analyze performance.

Correct Answer: C

Community vote distribution

C (100%)
Question #13 Topic 1

What is the advantage of instantiating AWS clients outside the scope of the handler when constructing a Lambda function?

A. Legibility and stylistic convention

B. Taking advantage of connection re-use

C. Better error handling

D. Creating a new instance per invocation

Correct Answer: B
Reference:
https://www.jeremydaly.com/reuse-database-connections-aws-lambda/

Community vote distribution

B (100%)

Question #14 Topic 1

Thousands of sensitive audio and video data must be stored in an Amazon S3 bucket. All data written to this bucket must be encrypted according
to organizational security rules.

How can this policy's compliance be ensured?

A. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.

B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.

C. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.

D. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.

Correct Answer: B

Community vote distribution

B (100%)

Question #15 Topic 1

Before code is released into the production environment, the release process workflow of an application needs human review.

What is the MOST EFFECTIVE method to do this using AWS CodePipeline?

A. Use multiple pipelines to allow approval

B. Use an approval action in a stage

C. Disable the stage transition to allow manual approval

D. Disable a stage just prior the deployment stage

Correct Answer: D

Community vote distribution

B (100%)
Question #16 Topic 1

When attempting to start or stop an Amazon EC2 instance using a boto3 script, the developer gets the following error message.

What is the developer's responsibility in resolving this error message?

A. Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of the client.

B. Implement an exponential backoff algorithm for optimizing the number of API requests made to Amazon EC2.

C. Increase the overall network bandwidth to handle higher API request rates.

D. Upgrade to the latest AWS CLI version so that boto3 can handle higher request rates.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/general/latest/gr/api-retries.html

Community vote distribution

B (100%)

Question #17 Topic 1

On an EC2 instance, an application is executing. The developer wishes to keep a statistic about his program in Amazon CloudWatch.

How should this requirement be implemented optimally?

A. Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to
CloudWatch.

B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to
CloudWatch.

C. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API
call.

D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role
to enable the API call.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mon-scripts.html

Community vote distribution

D (83%) C (17%)
Question #18 Topic 1

What are the best practices for using bespoke libraries in AWS Lambda?

A. Host the library on Amazon S3 and reference to it from the Lambda function.

B. Install the library locally and upload a ZIP file of the Lambda function.

C. Import the necessary Lambda blueprint when creating the function.

D. Modify the function runtime to include the necessary library.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

Community vote distribution

B (100%)

Question #19 Topic 1

The application components of a big firm are scattered across several AWS accounts. The organization must gather and display account-level
trace data.

What materials should be utilized to achieve these specifications?

A. AWS X-Ray

B. Amazon CloudWatch

C. Amazon VPC flow logs

D. Amazon Elasticsearch Service

Correct Answer: A
Reference:
https://aws.amazon.com/xray/

Community vote distribution

A (100%)
Question #20 Topic 1

Amazon DynamoDB is used by an application that is deployed on Amazon EC2. The program makes a REST API request to DynamoDB.
Periodically, when the application writes to a DynamoDB table, it gets a ProvisionedThroughputExceededException error.

Which solutions will most effectively prevent this error? (Select two.)

A. Modify the application code to perform exponential backoff when the error is received.

B. Modify the application to use the AWS SDKs for DynamoDB.

C. Increase the read and write throughput of the DynamoDB table.

D. Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.

E. Create a second DynamoDB table. Distribute the reads and writes between two tables.

Correct Answer: AB
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html

Community vote distribution

AB (100%)

Question #21 Topic 1

Amazon DynamoDB is used by a corporation to manage and track orders. The order date is used to split the DynamoDB table. During a sales
event, the company receives a large spike in orders, forcing DynamoDB writes to choke, and the used throughput is considerably lower than the
permitted throughput.
How can this issue be rectified with MINIMAL expenses, according to AWS best practices?

A. Create a new DynamoDB table for every order date.

B. Increase the read and write capacity units of the DynamoDB table.

C. Add a random number suffix to the partition key values.

D. Add a global secondary index to the DynamoDB table.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/throttled-ddb/

Community vote distribution

C (100%)
Question #22 Topic 1

An Amazon S3 bucket is used to host a static website. JavaScript is used on many HTML pages on the site to retrieve photos from another
Amazon S3 bucket. When people explore the site, certain photos are not shown.

What may be the underlying source of the problem?

A. The referenced Amazon S3 bucket is in another region.

B. The images must be stored in the same Amazon S3 bucket.

C. Port 80 must be opened on the security group in which the Amazon S3 bucket is located.

D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.

Correct Answer: D

Question #23 Topic 1

Amazon Elastic Container Service is used to deploy a microservices application across several containers (Amazon ECS). A developer want to
collect trace information across microservices and view the microservices architecture in order to optimize performance.

Which solution will satisfy these criteria?

A. Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application.

B. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the
microservices.

C. Install the AWS X-Ray daemon on each of the ECS instances.

D. Configure AWS CloudTrail data events to capture the traffic between the microservices.

Correct Answer: C

Community vote distribution

A (100%)

Question #24 Topic 1

Each hour, a business must consume terabytes of data from hundreds of sources, which arrive practically continuously throughout the day. The
quantity of texts produced changes during the day. For fraud detection and live operating dashboards, messages must be sent in real time.

Which strategy will satisfy these criteria?

A. Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances

B. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift

C. Use AWS Data Pipeline to automate the movement and transformation of data

D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Community vote distribution

D (100%)
Question #25 Topic 1

A business processes papers that arrive through an Amazon S3 bucket. Through a web user interface, users may upload documents to an S3
bucket. When files are received in S3, an AWS Lambda function is executed to handle them, however the Lambda function periodically times out.

What happens to the S3 event if the Lambda function is setup with the default settings?

A. Notification of a failed S3 event is send as an email through Amazon SNS.

B. The S3 event is sent to the default Dead Letter Queue.

C. The S3 event is processed until it is successful.

D. The S3 event is discarded after the event is retried twice.

Correct Answer: A

Community vote distribution

D (100%)

Question #26 Topic 1

On AWS Elastic Beanstalk, a gaming firm has created a web portal. Occasionally, the organization must deliver new versions three or four times
every day.
The organization must rapidly roll out new features to all users. The solution's performance effect must be kept to a minimum and its availability
must be maximized.

Which solution will satisfy these criteria?

A. Use a rolling deployment policy to deploy to Amazon EC2 instances.

B. Use an immutable deployment policy to deploy to Amazon EC2 instances.

C. Use an all-at-once deployment policy to deploy to Amazon EC2 instances.

D. Use a canary deployment strategy to deploy changes to Amazon EC2 instances.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

Community vote distribution

B (100%)
Question #27 Topic 1

A considerable amount of read capacity is being used by queries to an Amazon DynamoDB database. There are a high number of huge
characteristics in the table. The program does not need the whole set of attribute data.

How may DynamoDB expenses be lowered while application performance be maximized?

A. Batch all the writes, and perform the write operations when no or few reads are being performed.

B. Create a global secondary index with a minimum set of projected attributes.

C. Implement exponential backoffs in the application.

D. Load balance the reads to the table using an Application Load Balancer.

Correct Answer: B

Community vote distribution

B (100%)

Question #28 Topic 1

Data is stored in an S3 bucket by an application operating on EC2 instances. All data must be encrypted in transit, according to security rules.

How can the developer encrypt all traffic to the S3 bucket?

A. Install certificates on the EC2 instances.

B. Create a bucket policy that allows traffic where SecureTransport is true.

C. Create an HTTPS redirect on the EC2 instances.

D. Create a bucket policy that denies traffic where SecureTransport is false.

Correct Answer: B

Community vote distribution

D (100%)
Question #29 Topic 1

A corporation is employing an Amazon CloudFront distribution to provide private media content from Amazon S3. A developer must use the
signed URL to encrypt the media content.

What should the developer do to comply with this stipulation?

A. Use an access Key and a secret access key to generate an S3 presigned URL. Replace the S3 hostname with a CloudFront distribution name
in the URL.

B. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a public key and key ID
to sign the CloudFront URL.

C. Create an SSH-2 DSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key
ID to sign the CloudFront URL.

D. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key
ID to sign the CloudFront URL.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html

Community vote distribution

D (92%) 8%

Question #30 Topic 1

A business is processing records from an Amazon Kinesis data stream using an AWS Lambda function. The firm suddenly noticed that records
were being processed slowly. A developer finds that the function's iterator age metric is growing and the Lambda run time is consistently more
than expected.

Which activities should the developer do to boost the performance of the processor? (Select two.)

A. Increase the number of shards of the Kinesis data stream.

B. Decrease the timeout of the Lambda function.

C. Increase the memory that is allocated to the Lambda function.

D. Decrease the number of shards of the Kinesis data stream.

E. Increase the timeout of the Lambda function.

Correct Answer: AC
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-iterator-age/

Community vote distribution

AC (75%) AE (25%)
Question #31 Topic 1

An program overwrites an item in Amazon S3, then reads the identical object instantaneously.

Why might the program sometimes get an object's previous version?

A. S3 overwrite PUTS are eventually consistent, so the application may read the old object.

B. The application needs to add extra metadata to label the latest version when uploading to Amazon S3.

C. All S3 PUTS are eventually consistent, so the application may read the old object.

D. The application needs to explicitly specify latest version when retrieving the object.

Correct Answer: A

Question #32 Topic 1

A legacy service has a SOAP interface that is XML-based. The developer want to use the Amazon API Gateway to expose the service's capabilities
to external customers.

Which approach is necessary to do this?

A. Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping
templates.

B. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.

C. Create a SOAP API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.

D. Create a SOAP API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping
templates.

Correct Answer: A

Community vote distribution

A (100%)
Question #33 Topic 1

As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is
handled by old bespoke code that is prone to failure.

Which AWS Service can assist with state machine refactoring and management?

A. AWS Data Pipeline

B. AWS SNS with AWS SQS

C. Amazon Elastic MapReduce

D. AWS Step Functions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-creating-lambda-state-machine.html

Community vote distribution

D (100%)

Question #34 Topic 1

A business is building a new online game using the Amazon ECS platform. The design will have four separate Amazon ECS services, each of
which will need unique permissions to various AWS services. By bin packing the containers depending on memory reservation, the business hopes
to optimize the utilization of the underlying Amazon EC2 instances.

Which configuration would enable the Development team to accomplish these criteria in the most secure manner possible?

A. Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services,
then associate that instance role with the underlying EC2 instances.

B. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to
reference the associated IAM role.

C. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and
configure the ECS cluster to reference that group.

D. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task
definition to referenׁe the associated IAM role.

Correct Answer: C

Community vote distribution

D (100%)
Question #35 Topic 1

A developer wishes to search and filter log data in order to troubleshoot an application. Amazon CloudWatch Logs stores the application logs. To
count exceptions in the application logs, the Developer sets a new metric filter. The logs, on the other hand, return no results.
What is the cause for the absence of filtered results?

A. A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC

B. CloudWatch Logs only publishes metric data for events that happen after the filter is created

C. The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results

D. Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringLogData.html

Question #36 Topic 1

The processing of an Amazon SQS message by an application takes longer than planned.

What should the developer do to ensure that other instances of the program do not get the same message?

A. Make a ReceiveMessage call to get the same message again from the queue

B. Issue a DeleteMessage call to delete the message from the queue

C. Use SendMessage to pass the message to the dead letter queue

D. Send a ChangeMessageVisibility call to extend VisibilityTimeout

Correct Answer: A

Community vote distribution

D (100%)

Question #37 Topic 1

For its application database tier, a corporation uses Amazon RDS MySQL instances, and for its web tier, Apache Tomcat servers. Repeated read
requests make up the majority of database queries from web apps.
Which AWS service would benefit from the addition of an in-memory store for repeated read queries?

A. Amazon RDS Multi-AZ

B. Amazon SQS

C. Amazon ElastiCache

D. Amazon RDS read replica

Correct Answer: C

Community vote distribution

C (100%)
Question #38 Topic 1

A business is deploying AWS resources using AWS CloudFormation templates. The organization requires an upgrade to one of its Amazon Web
Services CloudFormation stacks.

What can the business do to ascertain the effect of the adjustments on the operating resources?

A. Investigate the change sets.

B. Investigate the stack policies.

C. Investigate the Metadata section.

D. Investigate the Resources section.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html

Community vote distribution

A (100%)

Question #39 Topic 1

A developer is trying to upload an object to an S3 bucket that has default encryption enabled using the Amazon S3 PutObject API action. A 400
Bad Request error is sent to the developer.

Which of the following is the most probable source of this error?

A. The API operation cannot access the encryption key.

B. The HTTP Content-Length header is missing.

C. The object exceeds the maximum object size that is allowed.

D. The S3 bucket exceeds the maximum storage capacity that is allowed.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/API/API_Error.html

Community vote distribution

C (100%)
Question #40 Topic 1

As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is
handled by old bespoke code that is prone to failure.

Which AWS Service can assist with state machine refactoring and management?

A. AWS Data Pipeline

B. AWS SNS with AWS SQS

C. Amazon Elastic MapReduce

D. AWS Step Functions

Correct Answer: D

Community vote distribution

D (100%)

Question #41 Topic 1

A business uses Amazon EC2 instances to execute a bespoke web application behind an Application Load Balancer. The instances are managed
as part of an Auto Scaling group. The company's development team deploys all services through AWS CloudFormation. When the development
team runs a new instance of the program, it takes time to install and setup.

Which sequence of actions should a developer follow to improve efficiency while launching a new instance? (Select two.)

A. Use an AWS Marketplace Amazon Machine Image (AMI) with a prebuilt application.

B. Create a prebuilt Amazon Machine Image (AMI) with the application installed and configured.

C. Update the launch template resource in the CloudFormation template.

D. Use AWS Systems Manager Run Command to install and configure the application.

E. Use CloudFormation helper scripts to install and configure the application.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html

Community vote distribution

BC (73%) CE (27%)

Question #42 Topic 1

An API Gateway and AWS Lambda are used in a serverless application.

Where should the Lambda function's session data be stored between function calls?

A. In an Amazon DynamoDB table

B. In an Amazon SQS queue

C. In the local filesystem

D. In an SQLite session table using ‫ג‬€"DSQLITE_ENABLE_SESSION

Correct Answer: A
Question #43 Topic 1

A Linux, Apache, MySQL, and PHP (LAMP) stack is used to construct an on-premises application. The developer want to host this application on
Amazon Web Services.

Which of the following AWS service sets is appropriate for running this stack?

A. Amazon API Gateway, Amazon S3

B. AWS Lambda, Amazon DynamoDB

C. Amazon EC2, Amazon Aurora

D. Amazon Cognito, Amazon RDS

E. Amazon ECS, Amazon EBS

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/php-ha-tutorial.html?icmpid=docs_tutorial_projects

Question #44 Topic 1

When a developer calls the Amazon CloudWatch API, he receives HTTP 400: ThrottlingException errors sporadically. When a call is not successful,
no data is obtained.

Which best practice should be implemented first in order to remedy this issue?

A. Contact AWS Support for a limit increase.

B. Use the AWS CLI to get the metrics

C. Analyze the applications and remove the API call

D. Retry the call with exponential backoff

Correct Answer: B

Community vote distribution

D (100%)
Question #45 Topic 1

A developer is in the process of developing an event handling system. The developer established a normal Amazon SQS queue to process
messages asynchronously. According to quality assurance testing, some events were handled several times.

What is the preferred method for preventing events from being handled multiple times?

A. Change long polling to short polling.

B. Use a FIFO queue and configure deduplication.

C. Convert the standard SQS queue into a FIFO queue.

D. Send the messages with message timers.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html

Community vote distribution

B (100%)

Question #46 Topic 1

Where in the application source bundle should an Elastic Beanstalk configuration file called healthcheckur1.config be placed?

A. In the root of the application

B. In the bin folder

C. In healthcheckur1.config.ebextension under root

D. In the .ebextensions folder

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

Question #47 Topic 1

Before data is sent to a downstream service, it is processed by a Lambda function. Each byte of data is around 1MB in size. Following a security
assessment, the function must now encrypt data prior to transmitting it downstream.

Which API call is necessary to encrypt the data?

A. Pass the data to the KMS ReEncrvpt API for encryption.

B. Use the KMS GenerateDataKev API to get an encryption key.

C. Use the KMS GenerateDataKeyWithoutPlainText API to get an encryption key.

D. Pass the data to KMS as part of the Encrypt API for encryption.

Correct Answer: B

Community vote distribution

B (100%)
Question #48 Topic 1

A corporation uses Amazon API Gateway and the API Gateway native API key validation to maintain a REST service. Users can now join up for the
service through a new registration website that was recently developed by the corporation. The registration page uses CreateApiKey to generate a
new API key and sends it to the user. The user receives a 403 Forbidden error when attempting to call the API with this key. Existing API users are
unaffected and can continue to utilize it.
What changes to the code will allow these additional users to access the API?

A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.

B. The updateAuthorizer method must be called to update the API‫ג‬€™s authorizer to include the newly created API key.

C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Correct Answer: C

Community vote distribution

D (100%)

Question #49 Topic 1

Multiple EC2 instances are used to execute an application behind an ELB.

Where is the ideal place to store session data so that it can be consistently delivered over numerous requests?

A. Write data to Amazon ElastiCache

B. Write data to Amazon Elastic Block Store.

C. Write data to Amazon EC2 Instance Store.

D. Write data to the root filesystem.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/microservices-on-aws/microservices-on-aws.pdf?
icmpid=link_from_whitepapers_page
(14)

Community vote distribution

A (100%)
Question #50 Topic 1

A development team is now supporting an application that saves cumulative gaming outcomes in an in-memory store. A database is used to keep
individual outcomes. The team must employ automated scaling as part of the migration to AWS. The team is aware that this will result in uneven
outcomes.

Where should the team keep these gathered game outcomes in order to achieve the highest level of consistency without jeopardizing
performance?

A. Amazon S3

B. Amazon RDS

C. Amazon ElastiCache

D. Amazon Kinesis

Correct Answer: C

Question #51 Topic 1

A developer is developing an application for Amazon EC2 instances. To read and write records, the application must establish a connection to an
Amazon DynamoDB database. The security staff must change access keys on a regular basis.
Which technique will meet these criteria?

A. Create an IAM role with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the
application as environment variables.

B. Create an IAM user with read and write access to the DynamoDB table. Store the user name and password in the application and generate
access keys using an AWS SDK.

C. Create an IAM role, configure read and write access for the DynamoDB table, and attach to the EC2 instances.

D. Create an IAM user with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the
application as a credentials file.

Correct Answer: D

Community vote distribution

C (100%)
Question #52 Topic 1

A developer is using Amazon S3 to store critical documents that need encryption at rest. At the very least, the encryption keys must be cycled
yearly.

What is the simplest method for doing this?

A. Encrypt the data before sending it to Amazon S3

B. Import a custom key into AWS KMS with annual rotation enabled

C. Use AWS KMS with automatic key rotation

D. Export a key from AWS KMS to encrypt the data

Correct Answer: B

Community vote distribution

C (75%) B (25%)

Question #53 Topic 1

A business delivers APIs as a service and binds all of its users to a service level agreement (SLA).

What should the organization do to ensure compliance with each SLA?

A. Enable throttling limits for each method in Amazon API Gateway

B. Create a usage plan for each user and request API keys to access the APIs

C. Enable API rate limiting in Amazon Cognito for each user

D. Enable default throttling limits for each stage after deploying the APIs

Correct Answer: D

Community vote distribution

B (100%)
Question #54 Topic 1

A developer created a static website hosted on Amazon S3 that uses Amazon API Gateway and AWS Lambda to conduct web service queries. The
site is now displaying an error message that reads as follows:
The requested resource does not have an Access-Control-Allow-Origin€TM header. As a result, origin € null€TM is denied access. ‫ג‬€

What is the Developer's responsibility in resolving this issue?

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

B. Enable cross-origin resource sharing (CORS) for the method in API Gateway

C. Add the Access-Control-Request-Method header to the request

D. Add the Access-Control-Request-Headers header to the request

Correct Answer: B
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=252972

Community vote distribution

B (67%) A (33%)
Question #55 Topic 1

Returning consumers may log in to see personalized web pages on an e-commerce site. The process is shown below:

On EC2 instances, an application is executing. The database that records user accounts and preferences is hosted on Amazon RDS. While waiting
for the login stage to finish, the website freezes or loads slowly. The remainder of the site's components are properly optimized.

Which of the following strategies will effectively fix this situation? (Select two.)

A. Implement the user login page as an asynchronous Lambda function.

B. Use Amazon ElastiCache for MemCached to cache user data.

C. Use an Amazon Application Load Balancer to load balance the traffic to the website.

D. Call the database asynchronously so the code can continue executing.

E. Batch login requests from hundreds of users together as a single read request to the database.

Correct Answer: BD

Community vote distribution

BC (100%)
Question #56 Topic 1

A vast number of tiny messages are ingested by an application and stored in a database. AWS Lambda is used to power the application. A
development team is making adjustments to the processing logic of the program. Each message is processing more than 15 minutes in testing.
The team is worried that the present backend will fail to function properly.

Which improvements to the backend system should be implemented to guarantee that each message is treated in the most scalable manner
possible?

A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the queue and process messages as they arrive.

B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the
messages as they arrive.

C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increased processing time.

D. Change the application to directly insert the body of the message into an Amazon RDS database.

Correct Answer: B

Community vote distribution

B (100%)

Question #57 Topic 1

An application developer is tasked with integrating Amazon CloudWatch into an on-premises environment.

According to AWS security best practices, how should the application use CloudWatch?

A. Configure AWS credentials in the application server with an AWS SDK

B. Implement and proxy API-calls through an EC2 instance

C. Store IAM credentials in the source code to enable access

D. Add the application server SSH-key to AWS

Correct Answer: A

Community vote distribution

A (100%)

Question #58 Topic 1

A developer attempts to use the command aws configure after installing the AWS CLI and gets the following error:
aws: command not found Error: aws: command not found

Which of the following is the most probable source of this error?

A. The aws executable is not in the PATH environment variable.

B. Access to the aws executable has been denied to the installer.

C. Incorrect AWS credentials were provided.

D. The aws script does not have an executable file mode.

Correct Answer: A
Question #59 Topic 1

A business utilizes AWS CodeBuild and AWS CodeCommit to implement a continuous build process. Developers routinely submit code throughout
the development period, resulting in large build failures. The firm is looking for a solution that would generate code prior to developers pushing it
to the main branch.

Which option best fits these criteria in terms of cost-effectiveness?

A. Configure am Amazon EC2 instance with the CodeBuild agent to build the code.

B. Configure CodeBuild jobs on AWS for each branch build process.

C. Configure the CodeBuild agent to build the code in the local system.

D. Configure a Jenkins plugin for CodeBuild to run the code build process

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/use-codebuild-agent.html

Community vote distribution

C (100%)

Question #60 Topic 1

In an Amazon DynamoDB database, a game holds user game data. Individual users should not have access to the gaming data of other players.

How is this possible?

A. Encrypt the game data with individual user keys.

B. Restrict access to specific items based on certain primary key values.

C. Stage data in SQS queues to inject metadata before accessing DynamoDB.

D. Read records from DynamoDB and discard irrelevant data client-side.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html
Question #61 Topic 1

A multi-Amazon EC2 instance application reads messages from a typical Amazon SQS queue. All communications must be encrypted at rest as a
requirement of the program.
When feasible, developers are urged to employ approaches that enable centralized key management and reduce support needs.

Which of the following solutions adheres to these specifications?

A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.

B. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.

C. Create an SQS queue, and encrypt the queue by using sewer-side encryption with AWS KMS.

D. Create an SQS queue, and encrypt the queue by using client-side encryption.

Correct Answer: B

Community vote distribution

C (100%)

Question #62 Topic 1

A business operates an e-commerce website that makes use of Amazon DynamoDB to dynamically adjust the price of products in real time. At any
one moment, numerous changes to price information for a specific product may occur concurrently. This results in the overwriting of the original
editor's modifications without a thorough review procedure.

Which write option in DynamoDB should be used to avoid this overwriting?

A. Concurrent writes

B. Conditional writes

C. Atomic writes

D. Batch writes

Correct Answer: B

Community vote distribution

B (100%)
Question #63 Topic 1

A developer must use an AWS CloudFormation template to launch a new AWS Lambda function.

Which processes are responsible for deploying Lambda functions? (Select two.)

A. Upload the code to an AWS CodeCommit repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

B. Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template.

C. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the
template.

D. Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to it in an AWS::Lambda::Function resource in
the template.

E. Upload the function code to a private Git repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

Correct Answer: BD

Community vote distribution

BC (100%)

Question #64 Topic 1

A developer want to utilize AWS X-Ray to monitor the end-to-end performance of a user request across the whole software stack. The developer
modified the program, tested it, and discovered that it is capable of sending traces to AWS X-Ray. The traces, on the other hand, are not accessible
when the program is deployed to an EC2 instance.

Which of the following is most likely to result in this situation? (Select two.)

A. The traces are reaching X-Ray, but the Developer does not have access to view the records.

B. The X-Ray daemon is not installed on the EC2 instance.

C. The X-Ray endpoint specified in the application configuration is incorrect.

D. The instance role does not have ‫ג‬€xray:BatchGetTraces‫ג‬€ and ‫ג‬€xray:GetTraceGraph‫ג‬€ permissions.

E. The instance role does not have ‫ג‬€xray:PutTraceSegments‫ג‬€ and ‫ג‬€xray:PutTelemetryRecords‫ג‬€ permissions.

Correct Answer: BE
Question #65 Topic 1

An application extracts metadata from files uploaded to an S3 bucket using Lambda functions; the information is then saved in Amazon
DynamoDB. The program begins to behave strangely, and the developer want to investigate the Lambda function code's logs for faults.

Where would the Developer look for logs based on this system configuration?

A. Amazon S3

B. AWS CloudTrail

C. Amazon CloudWatch

D. Amazon DynamoDB

Correct Answer: C

Community vote distribution

C (100%)

Question #66 Topic 1

What is the purpose of an Amazon SQS delay queue?

A. Messages are hidden for a configurable amount of time when they are first added to the queue.

B. Messages are hidden for a configurable amount of time after they are consumed from the queue.

C. The consumer can poll the queue for a configurable amount of time before retrieving a message.

D. Message cannot be deleted for a configurable amount of time after they are consumed from the queue.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-delay-queues.html

Community vote distribution

A (100%)
Question #67 Topic 1

A business is developing an ecommerce website, and the static data will be stored on Amazon S3. The business anticipates roughly 1,000 GET
and PUT requests per second (TPS). All queries must be logged and maintained for auditing reasons.

Which approach is the MOST cost-effective?

A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon
S3 Glacier in 90 days.

B. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.

C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.

D. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-request-identification.html

Community vote distribution

A (67%) D (33%)

Question #68 Topic 1

A business has an application in which reading items from Amazon S3 is conditional on the user type. There are two sorts of users: registered and
visitor. The firm now has 25,000 users and is expanding at a rapid pace. Depending on the user type, data is fetched from an S3 bucket.

Which techniques are advised for accommodating both sorts of users? (Select two.)

A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to
the objects.

B. Use S3 bucket policies to restrict read access to specific IAM users.

C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.

D. Create a new IAM user for each user and grant read access.

E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole
action depending on the type of user and provide read access to Amazon S3 using the assumed role.

Correct Answer: AB

Community vote distribution

CE (100%)
Question #69 Topic 1

Using Amazon API Gateway, a developer has established a REST API. The developer want to keep track of which callers and how they utilize the
API. Additionally, the developer want to have control over the duration of the logs.

What actions should the developer take to ensure compliance with these requirements?

A. Enable API Gateway execution logging. Delete old logs using API Gateway retention settings.

B. Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs.

C. Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring AWS Lambda function.

D. Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function.

Correct Answer: C

Community vote distribution

B (100%)

Question #70 Topic 1

A huge e-commerce site is being developed that will use Amazon S3 to distribute static items. More than 300 GET requests per second will be
served from the Amazon S3 bucket.

What changes should be made to improve performance? (Select two.)

A. Integrate Amazon CloudFront with Amazon S3.

B. Enable Amazon S3 cross-region replication.

C. Delete expired Amazon S3 server log files.

D. Configure Amazon S3 lifecycle rules.

E. Randomize Amazon S3 key name prefixes.

Correct Answer: AB
Reference:
http://jayendrapatil.com/aws-s3-best-practices/

Community vote distribution

AB (50%) AE (50%)
Question #71 Topic 1

A business in the us-east-1 Region has installed web servers on Amazon EC2 instances running Amazon Linux. Amazon Elastic Block Store is
used to back up the EC2 instances (Amazon EBS). A developer want to guarantee that all of these instances use an AWS Key Management Service
(AWS KMS) key to offer encryption at rest.

How can a developer use an AWS KMS key to enable encryption at rest on existing and new instances?

A. Use AWS Certificate Manager (ACM) to generate a TLS certificate. Store the private key in AWS KMS. Use AWS KMS on the instances to
enable TLS encryption.

B. Manually enable EBS encryption with AWS KMS on running instances. Then enable EBS encryption by default for new instances.

C. Enable EBS encryption by default. Create snapshots from the running instances. Replace running instances with new instances from
snapshots.

D. Export the AWS KMS key to the application. Encrypt all application data by using the exported key. Enable EBS encryption by default to
encrypt all other data.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/

Community vote distribution

C (100%)

Question #72 Topic 1

A developer is developing an application that will use Amazon S3 to store data. Before data is transmitted to Amazon S3 for storage, management
requires that it be secured. The Security team is responsible for managing the encryption keys.

Which strategy should the developer use to satisfy these requirements?

A. Implement server-side encryption using customer-provided encryption keys (SSE-C).

B. Implement server-side encryption by using a client-side master key.

C. Implement client-side encryption using an AWS KMS managed customer master key (CMK).

D. Implement client-side encryption using Amazon S3 managed keys.

Correct Answer: D
Reference:
https://aws.amazon.com/s3/faqs/

Community vote distribution

C (50%) A (50%)
Question #73 Topic 1

A developer has designed a software package that will be distributed utilizing IAM roles across many EC2 servers.

What measures may be taken to validate IAM access to Amazon Kinesis Streams records? (Select two.)

A. Use the AWS CLI to retrieve the IAM group.

B. Query Amazon EC2 metadata for in-line IAM policies.

C. Request a token from AWS STS, and perform a describe action.

D. Perform a get action using the ‫ג‬€"-dry-run argument.

E. Validate the IAM role policy with the IAM policy simulator.

Correct Answer: BE

Community vote distribution

DE (71%) BE (29%)

Question #74 Topic 1

A developer must verify that an application's IAM credentials are not abused or exploited when running on Amazon EC2.

What should the developer do to ensure the security of user credentials?

A. Environment variables

B. AWS credentials file

C. Instance profile credentials

D. Command line options

Correct Answer: D

Community vote distribution

C (100%)
Question #75 Topic 1

A developer has created an Amazon S3 bucket to store JSON data. The developer want to share an item with a select set of individuals in a safe
manner.

How can the developer allow temporary access to the items stored in the S3 bucket in a safe manner?

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the
bucket‫ג‬€™s S3 URL.

B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.

C. Set a bucket policy that restricts access after a period of time. Provide the bucket‫ג‬€™s S3 URL.

D. Configure static web hosting on the S3 bucket. Provide the bucket‫ג‬€™s web URL.

Correct Answer: B
Reference:
https://blog.pics.io/everything-you-need-to-know-about-amazon-s3-bucket/

Community vote distribution

B (100%)

Question #76 Topic 1

Page load times on a website steadily increase as more people visit the system concurrently. According to the analysis, a user profile is being
loaded from a database on each web page viewed by a user, which increases database load and page load delay. The developer chooses to cache
the user profile data in order to remedy this problem.

Which caching approach would most effectively solve this situation?

A. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through
caching strategy.

B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.

C. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy.

D. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy.

Correct Answer: B

Community vote distribution

B (67%) D (33%)
Question #77 Topic 1

A business is developing a Java application that will be deployed to Amazon Web Services. The firm creates a pipeline for the project using AWS
CodePipeline. CodePipeline must build and deploy the application on the AWS Cloud whenever a team member makes changes to the source
code.

Which AWS services combination does the business need to utilize to achieve these requirements?

A. Amazon S3, AWS CodeBuild, and AWS CodeCommit

B. Amazon S3, AWS CodeBuild, and Amazon Elastic Container Service (Amazon ECS)

C. AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy

D. Amazon CodeGuru, AWS CodeCommit, and AWS CodeBuild

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/devops/complete-ci-cd-with-aws-codecommit-aws-codebuild-aws-codedeploy-and-aws-codepipeline/

Question #78 Topic 1

A developer is about to launch an AWS Lambda function that will use a substantial amount of CPU.

Which technique will minimize the function's average runtime?

A. Deploy the function into multiple AWS Regions.

B. Deploy the function into multiple Availability Zones.

C. Deploy the function using Lambda layers.

D. Deploy the function with its memory allocation set to the maximum amount.

Correct Answer: C
Layers let you keep your deployment package small, which makes development easier. You can avoid errors that can occur when you install and
package dependencies with your function code.
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
(86)

Community vote distribution

D (100%)
Question #79 Topic 1

A business is operating an application that is powered by AWS Lambda services. When a Lambda function is required to download a 50MB file
from the Internet on each run, performance difficulties arise. Multiple times per second, this function is invoked.

Which approach would result in the greatest performance boost?

A. Cache the file in the /tmp directory

B. Increase the Lambda maximum execution time

C. Put an Elastic Load Balancer in front of the Lambda function

D. Cache the file in Amazon S3

Correct Answer: A

Community vote distribution

A (100%)

Question #80 Topic 1

An HTTPS clone URL for an AWS CodeCommit repository is supplied to a developer.

What configuration is required prior to cloning this repository?

A. Use AWS KMS to set up public and private keys for use with AWS CodeCommit.

B. Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories.

C. Use AWS Certificate Manager to provision public and private SSL/TLS certificates.

D. Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommitl.

Correct Answer: B
AWS credential profile, and enabling the Git credential helper to send the path to repositories:
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html

Community vote distribution

B (100%)
Question #81 Topic 1

A Linux EC2 instance operating on Amazon Web Services requires management of the AWS architecture.

How may an Amazon EC2 instance be configured to perform secure AWS API calls?

A. Sign the AWS CLI command using the signature version 4 process.

B. Run the aws configure AWS CLI command and specify the access key id and secret access key.

C. Specify a role for the EC2 instance with the necessary privileges.

D. Pass the access key id and secret access key as parameters for each AWS CLI command.

Correct Answer: C

Community vote distribution

C (100%)

Question #82 Topic 1

What is needed to use AWS X-Ray to trace Lambda-based applications?

A. Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray.

B. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray.

C. Use an IAM execution role to give the Lambda function permissions and enable tracing.

D. Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace.

Correct Answer: C

Community vote distribution

C (100%)

Question #83 Topic 1

A developer wishes to lower the execution time of a complete Amazon DynamoDB database scan during off-peak hours without impairing typical
workloads. During non-peak hours, workloads average around half of the highly constant read capacity units.

How would the Developer optimize this scan if he or she were the developer?

A. Use parallel scans while limiting the rate

B. Use sequential scans

C. Increase read capacity units during the scan operation

D. Change consistency to eventually consistent during the scan operation

Correct Answer: B

Community vote distribution

A (100%)
Question #84 Topic 1

A developer has an on-premises legacy application. Other AWS-hosted apps rely on the on-premises application for optimal operation.
In the event of any application failures, the Developer want to be able to monitor and debug all apps from a single location using Amazon
CloudWatch.

How is this accomplished by the Developer?

A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

B. Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for
CloudWatch.

C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-premise.html

Community vote distribution

B (100%)

Question #85 Topic 1

Amazon API Gateway is being used by a developer to act as an HTTP proxy for a backend endpoint. Three distinct settings exist: development,
testing, and production. Each environment has a step in the API that corresponds to it.
Without building a new API for each step, the developer must route traffic to distinct backend destinations.

Which solution will satisfy these criteria?

A. Add a model to the API. Add a schema to differentiate the different backend endpoints

B. Create stage variables. Configure the variables in the HTTP integration request of the API.

C. Use API custom authorizers to create an authorizer for each of the different stages.

D. Update the integration response of the API to add different backend endpoint.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html
Question #86 Topic 1

A development team has released ten applications that are operating on Amazon EC2 instances. A graphical representation of the data is required
by the Operations team.
For each application, there is one critical performance metric. For convenient monitoring, all of these metrics should be presented on a single
screen.
Which actions should the developer take to use Amazon CloudWatch to do this?

A. Create a custom namespace with a unique metric name for each application.

B. Create a custom dimension with a unique metric name for each application.

C. Create a custom event with a unique metric name for each application.

D. Create a custom alarm with a unique metric name for each application.

Correct Answer: B
Reference:
http://jayendrapatil.com/tag/cloudwatch/

Community vote distribution

A (100%)

Question #87 Topic 1

On AWS, a business hosts a multi-tiered web application. During a recent increase in traffic, one of Amazon RDS's key relational databases was
unable to handle the volume. Certain read queries for frequently visited objects failed, resulting in error messages being shown to users.

What can be done to reduce the effect of future traffic surges on database read queries most efficiently?

A. Use Amazon S3 to cache database query results.

B. Use Amazon RDS as a custom origin for Amazon CloudFront.

C. Use local storage and memory on Amazon EC2 instances to cache data.

D. Use Amazon ElastiCache in front of the primary database to cache data.

Correct Answer: B

Community vote distribution

D (100%)
Question #88 Topic 1

Due to increasing demand, an application is having performance challenges. This increasing demand is for read-only historical records that are
extracted using bespoke views and queries from an Amazon RDS-hosted database. A developer's objective is to optimize performance without
altering the database's structure.

Which technique will maximize performance while minimizing management costs?

A. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB.

B. Deploy Amazon ElastiCache for Redis and cache the data for the application.

C. Deploy Memcached on Amazon EC2 and cache the data for the application.

D. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance.

Correct Answer: B

Community vote distribution

B (100%)

Question #89 Topic 1

A business must send firmware upgrades to all of its consumers worldwide.

Which solution will provide simple and secure control of download access at the lowest possible cost?

A. Use Amazon CloudFront with signed URLs for Amazon S3

B. Create a dedicated Amazon CloudFront Distribution for each customer

C. Use Amazon CloudFront with AWS Lambda@Edge

D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

Correct Answer: A

Question #90 Topic 1

A business want to use Amazon API Gateway to enable authentication for its new REST service. Each request must include HTTP headers
including a client ID and a user ID in order to authenticate the calls. These credentials must be matched to data stored in an Amazon DynamoDB
database for authentication.

What actions MUST the company take to implement this authorization in the API global Gateway?

A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table

B. Create a model that requires the credentials, then grant API Gateway access to the authentication table

C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table

D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table

Correct Answer: D

Community vote distribution

A (50%) D (50%)
Question #91 Topic 1

A developer is in the process of transferring legacy apps to AWS. These apps will be launched on Amazon EC2 instances and will utilize MongoDB
as their main data storage. Management expects developers to make minimal modifications to apps while using AWS services.

Which option should the developer use to host MongoDB on Amazon Web Services (AWS)?

A. Install MongoDB on the same instance where the application is running.

B. Deploy Amazon DocumentDB in MongoDB compatibility mode.

C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB.

D. Replicate the existing MongoDB workload to Amazon DynamoDB.

Correct Answer: D

Community vote distribution

B (100%)

Question #92 Topic 1

Through an API, a company's fleet of Amazon EC2 instances collects data from millions of consumers. To guarantee high access rates, the
servers batch the data, create an object for each user, and upload the objects to an S3 bucket. Customer ID, Server ID, TS-Server (TimeStamp and
Server ID), the object's size, and a timestamp are the object's properties. A developer wishes to locate all items gathered for a particular user
during a certain time period.

How can the developer accomplish this need after establishing an S3 object created event?

A. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with
the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

B. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the
Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

C. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with
the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.

D. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the
Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.

Correct Answer: C

Community vote distribution

C (100%)
Question #93 Topic 1

A business need a fully managed source control solution that is compatible with AWS. By sharing sets of changes peer-to-peer, the service must
guarantee that revision control synchronizes various dispersed repositories. All users must be productive regardless of whether they are
connected to a network.

Which version control system should I use?

A. Subversion

B. AWS CodeBuild

C. AWS CodeCommit

D. AWS CodeStar

Correct Answer: C

Community vote distribution

C (100%)

Question #94 Topic 1

A developer is tasked with the responsibility of creating a cache layer in front of Amazon RDS. In the event of a service outage, it is costly to
regenerate cached material.

Which of the following implementations would work best in terms of uptime?

A. Implement Amazon ElastiCache Redis in Cluster Mode

B. Install Redis on an Amazon EC2 instance.

C. Implement Amazon ElastiCache Memcached.

D. Migrate the database to Amazon Redshift.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/database/automating-sql-caching-for-amazon-elasticache-and-amazon-rds/
Question #95 Topic 1

On an Amazon EC2 instance, a developer is executing an application. When the program attempts to read from an Amazon S3 bucket, it fails. The
developer discovers that the S3 read permission is missing from the related IAM role. The developer must enable the application to read from the
S3 bucket.

Which solution satisfies this need with the MINIMUM amount of application downtime?

A. Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance

B. Add the permission to the role so that the change will take effect automatically

C. Add the permission to the role. Hibernate and restart the existing EC2 instance.

D. Add the permission to the S3 bucket. Restart the EC2 instance.

Correct Answer: D
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-access-s3-bucket/

Community vote distribution

B (71%) C (29%)

Question #96 Topic 1

A developer wishes to get a list of objects from an Amazon DynamoDB table's global secondary index.

Which DynamoDB API call should the developer use to utilize the fewest read capacity units possible?

A. Scan operation using eventually-consistent reads

B. Query operation using strongly-consistent reads

C. Query operation using eventually-consistent reads

D. Scan operation using strongly-consistent reads

Correct Answer: C

Community vote distribution

C (100%)
Question #97 Topic 1

A corporation is deploying one of their apps using AWS CodePipeline. The delivery pipeline is triggered by modifications to the master branch of
an AWS CodeCommit repository and utilizes AWS CodeBuild for the test and build phases, as well as AWS CodeDeploy for application deployment.
For many months, the pipeline has operated effectively with no adjustments. AWS CodeDeploy failed to deploy the updated application as planned
after a recent modification to the application's source code.

What may be the underlying causes? (Select two.)

A. The change was not made in the master branch of the AWS CodeCommit repository.

B. One of the earlier stages in the pipeline failed and the pipeline has terminated.

C. One of the Amazon EC2 instances in the company‫ג‬€™s AWS CodePipeline cluster is inactive.

D. The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.

E. AWS CodePipeline does not have permissions to access AWS CodeCommit.

Correct Answer: BC

Community vote distribution

AB (100%)

Question #98 Topic 1

A developer is attempting to use the SDK to perform API requests. The application's IAM user credentials need multi-factor authentication for all
API requests.

Which mechanism does the developer use to get access to the API that is protected by multi-factor authentication?

A. GetFederationToken

B. GetCallerIdentity

C. GetSessionToken

D. DecodeAuthorizationMessage

Correct Answer: C

Community vote distribution

C (100%)
Question #99 Topic 1

There are two categories of members on a video-hosting website: those who pay a charge and those who do not. Each video upload creates a
message in Amazon Simple Queue Service (SQS). Each video is processed by a fleet of Amazon EC2 instances that poll Amazon SQS.
The developer must guarantee that the developer processes the films submitted by paying users first.

How is the developer to achieve this criterion?

A. Create two SQS queues: one for paying members, and one for non-paying members. Poll the paying member queue first and then poll the
non-paying member queue.

B. Use SQS to set priorities on individual items within a single queue; give the paying members‫ג‬€™ videos the highest priority.

C. Use SQS to set priorities on individual items within a single queue and use Amazon SNS to encode the videos.

D. Create two Amazon SNS topics: one for paying members and one for non-paying members. Use SNS topic subscription priorities to
differentiate between the two types of members.

Correct Answer: B

Community vote distribution

A (100%)

Question #100 Topic 1

A development team is composed of ten individuals. The manager want to offer access to user-specific folders in an Amazon S3 bucket, similar to
a home directory for each team member. The sample of the IAM policy for the team member with the username €TeamMemberX€ is as follows:

Rather of generating unique policies for each team member, how may this policy excerpt be made general for all team members?

A. Use IAM policy condition

B. Use IAM policy principal

C. Use IAM policy variables

D. Use IAM policy resource

Correct Answer: A

Community vote distribution

C (100%)
Question #101 Topic 1

The development team is now hard at work developing an API that will be provided through the Amazon API gateway. Three environments will
service the API: development, test, and production. All three phases of the API Gateway are set to consume 237 GB of cache.

Which deployment option is the MOST cost-effective?

A. Create a single API Gateway with all three stages.

B. Create three API Gateways, one for each stage in a single AWS account.

C. Create an API Gateway in three separate AWS accounts.

D. Enable the cache for development and test environments only when needed.

Correct Answer: D

Question #102 Topic 1

On Amazon EC2 ECS, two containerized microservices are hosted. The first microservice reads a database instance from Amazon RDS Aurora,
while the second microservice reads a table from Amazon DynamoDB.

How can the bare minimal rights be provided to each microservice?

A. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS agent configuration file. Run the first microservice with an IAM role
for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only
access to DynamoDB.

B. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-
only access to the Aurora database and DynamoDB.

C. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Run the first microservice with an IAM
role for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only
access to DynamoDB.

D. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only
access to the Aurora database and DynamoDB.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ecs-iam-task-roles-config-errors/

Community vote distribution

C (100%)
Question #103 Topic 1

A developer is debugging a three-tier application hosted on Amazon EC2 instances. Between the application servers and database servers, there
is a connection issue.

Which Amazon Web Services (AWS) services or tools should be utilized to determine which component is faulty? (Make a selection of at least
two.)

A. AWS CloudTrail

B. AWS Trusted Advisor

C. Amazon VPC Flow Logs

D. Network access control lists

E. AWS Config rules

Correct Answer: CD

Community vote distribution

CD (50%) A (50%)

Question #104 Topic 1

A program inserts data into an Amazon DynamoDB database. As the application expands to thousands of instances, intermittent
ThrottlingException problems are thrown by calls to the DynamoDB API. The application is written in a language that is not supported by the AWS
SDK.

What procedure should be followed in the event of an error?

A. Add exponential backoff to the application logic

B. Use Amazon SQS as an API message bus

C. Pass API calls through Amazon API Gateway

D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

Correct Answer: A
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html
Question #105 Topic 1

A developer is using serverless components to create a highly secure healthcare application. This application involves writing temporary data to
an AWS Lambda function's /tmp storage.

How should this data be encrypted by the developer?

A. Enable Amazon EBS volume encryption with an AWS KMS CMK in the Lambda function configuration so that all storage attached to the
Lambda function is encrypted.

B. Set up the Lambda function with a role and key policy to access an AWS KMS CMK. Use the CMK to generate a data key used to encrypt all
data prior to writing to /tmp storage.

C. Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp storage.

D. Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and
uses that to encrypt data on all requests to the function.

Correct Answer: B
Reference:
https://aws.amazon.com/kms/faqs/

Community vote distribution

B (100%)

Question #106 Topic 1

A business requires security for its current website, which is hosted behind an Elastic Load Balancer. Amazon EC2 instances hosting the website
are CPU restricted.

How can the website be secured without raising the CPU burden on the Amazon EC2 web servers? (Select two.)

A. Configure an Elastic Load Balancer with SSL pass-through.

B. Configure SSL certificates on an Elastic Load Balancer.

C. Configure an Elastic Load Balancer with a Loadable Storage System.

D. Install SSL certificates on the EC2 instances.

E. Configure an Elastic Load Balancer with SSL termination.

Correct Answer: BD

Community vote distribution

BE (100%)
Question #107 Topic 1

A software engineer created a Node.js AWS Lambda function to do CPU-intensive data processing. The Lambda function takes around 5 minutes
to finish with the default parameters.

Which strategy should a developer employ to expedite the finishing process?

A. Instead of using Node.js, rewrite the Lambda function using Python.

B. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function.

C. Allocate the maximum available CPU units to the function.

D. Increase the available memory to the function.

Correct Answer: D
Reference:
https://serverless.zone/my-accidental-3-5x-speed-increase-of-aws-lambda-functions-6d95351197f3

Community vote distribution

D (100%)

Question #108 Topic 1

A developer will handle AWS services through the AWS CLI on a local development server.

What can be done to guarantee that the CLI executes commands using the Developer's IAM permissions?

A. Specify the Developer‫ג‬€™s IAM access key ID and secret access key as parameters for each CLI command.

B. Run the aws configure CLI command, and provide the Developer‫ג‬€™s IAM access key ID and secret access key.

C. Specify the Developer‫ג‬€™s IAM user name and password as parameters for each CLI command.

D. Use the Developer‫ג‬€™s IAM role when making the CLI command.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
Question #109 Topic 1

A client wishes to host its source code on AWS Elastic Beanstalk. The client should undertake deployment with minimum downtime and should
keep application access logs exclusively on existing instances.

Which deployment strategy would meet these criteria?

A. Rolling

B. All at once

C. Rolling with an additional batch

D. Immutable

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rollingupdates.html

Community vote distribution

A (100%)

Question #110 Topic 1

A development team chooses to use AWS CodePipeline and AWS CodeCommit to implement a continuous integration/continuous delivery (CI/CD)
method for a new application. Management, on the other hand, requires a human to evaluate and approve the code prior to it being released to
production.

How can the development team include a manual approver into the continuous integration/continuous delivery pipeline?

A. Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or
reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.

B. If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy
approved commits without interruption.

C. Add an approval step to CodeCommit. Commits will not be saved until approved.

D. Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The
pipeline execution will stop and wait for an approval.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-action-add.html

Community vote distribution

D (100%)
Question #111 Topic 1

A developer is now working on a serverless Java app. Initial testing indicates that a cold start for AWS Lambda functions takes around 8 seconds
on average.

What should the developer do to lessen the time required for a cold start? (Select two.)

A. Add the Spring Framework to the project and enable dependency injection.

B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.

C. Increase the memory allocation setting for the Lambda function.

D. Increase the timeout setting for the Lambda function.

E. Change the Lambda invocation mode from synchronous to asynchronous.

Correct Answer: AE
Reference:
https://github.com/awslabs/aws-serverless-java-container/wiki/Quick-start---Spring-Boot

Community vote distribution

BC (83%) A (17%)

Question #112 Topic 1

A business created an online event platform. The firm conducts quizzes and creates leaderboards based on the quiz results for each event. The
organization maintains leaderboard data in Amazon DynamoDB and preserves it for 30 days after the conclusion of an event. The firm then
deletes the outdated leaderboard data through a scheduled process.
The DynamoDB table has a fixed write capacity defined. When the scheduled deletion task runs during months with a high volume of events, the
DynamoDB write API calls are throttled.
A developer must construct a long-term solution that permanently deletes historical leaderboard data and maximizes write performance.

Which solution satisfies these criteria?

A. Configure a TTL attribute for the leaderboard data.

B. Use DynamoDB Streams to schedule and delete the leaderboard data.

C. Use AWS Step Functions to schedule and delete the leaderboard data.

D. Set a higher write capacity when the scheduled delete job runs.

Correct Answer: C
Reference:
https://aws.amazon.com/getting-started/hands-on/scheduling-a-serverless-workflow-step-functions-cloudwatch-events/

Community vote distribution

A (100%)
Question #113 Topic 1

A programmer is developing a new application that will make use of an Amazon DynamoDB database. All objects older than 48 hours must be
eliminated, according to the standard.

Which solution will satisfy this criterion?

A. Create a new attribute that has the Number data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration
of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

B. Create a new attribute that has the String data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration
of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.

C. Create a new attribute that has the Number data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the
value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.

D. Create a new attribute that has the String data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the
value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/howitworks-ttl.html

Community vote distribution

C (100%)
Question #114 Topic 1

Amazon Kinesis is being used to handle clickstream data for an application. Periodic spikes occur in the clickstream data flow into Kinesis.
Occasionally, the PutRecords API request fails, and the logs indicate that the unsuccessful call provides the following response:

Which approaches will aid in mitigating this circumstance? (Select two.)

A. Implement retries with exponential backoff.

B. Use a PutRecord API instead of PutRecords.

C. Reduce the frequency and/or size of the requests.

D. Use Amazon SNS instead of Kinesis.

E. Reduce the number of KCL consumers.

Correct Answer: BC

Community vote distribution

AC (89%) 11%

Question #115 Topic 1

AWS Lambda functions must connect to an external site using a user name and password that are rotated on a regular basis. These elements
must be securely stored and cannot be included inside the function code.

Which AWS services may be utilized in conjunction with one another to achieve this? (Select two.)

A. AWS Certificate Manager (ACM)

B. AWS Systems Manager Parameter Store

C. AWS Trusted Advisor

D. AWS KMS

E. Amazon GuardDuty

Correct Answer: BD
Question #116 Topic 1

A development team is hard at work on a mobile application that will enable users to submit images to Amazon S3. The company anticipates that
hundreds of thousands of people will use the app concurrently during a single event. After the images are submitted, the backend service scans
and parses them for objectionable material.

Which strategy is the MOST robust way to accomplish this aim while also smoothing out transitory backend service traffic spikes?

A. Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploaded pictures are detected, the Lambda function
will scan and parse them.

B. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event source to trigger an AWS
Lambda function. In the Lambda function, scan and parse the picture.

C. When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda function to scan and
parse the picture.

D. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected, invoke an AWS
Lambda function to scan and parse it.

Correct Answer: B

Community vote distribution

B (100%)

Question #117 Topic 1

A developer has developed a web application that will be hosted on Amazon EC2 instances. The program creates and uploads thousands of new
items to the same AWS Region's Amazon S3 bucket. Each item is less than 1 MB in size. The program is taking an excessive amount of time to
operate.

How might the application's performance be enhanced?

A. Use the S3 Multipart Upload API.

B. Use S3 Transfer Acceleration.

C. Upload the objects in parallel to Amazon S3.

D. Add a random prefix to the object Keys.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/upload-objects.html

Community vote distribution

C (80%) D (20%)
Question #118 Topic 1

In an Amazon DynamoDB database, a business caches session information for a web application. The organization want to automate the process
of deleting obsolete entries from the table.

What is the easiest method for doing this?

A. Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.

B. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.

C. Each day, create a new table to hold session data; delete the previous day‫ג‬€™s table.

D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Correct Answer: B
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-automatic-item-expiration-with-time-to-live-ttl/

Community vote distribution

B (100%)

Question #119 Topic 1

Two Amazon DynamoDB tables are accessed using an AWS Lambda function. A developer wishes to optimize the Lambda function's performance
by finding bottlenecks inside the function.

How can a developer determine the duration of DynamoDB API calls?

A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics.

B. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs.

C. Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console.

D. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html
Question #120 Topic 1

When new items are produced in a bucket, a developer uses Amazon S3 as the event source to run a Lambda function. The bucket notification
configuration stores the information about the event source mapping. The developer is experimenting with various Lambda function versions and
is constantly required to alter notification settings to ensure that Amazon S3 invokes the proper version.

What is the MOSTefficient and effective method for mapping the S3 event to Lambda?

A. Use a different Lambda trigger.

B. Use Lambda environment variables.

C. Use a Lambda alias.

D. Use Lambda tags.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-s3-event-configuration-error/

Community vote distribution

C ( 00%)

Question #121 Topic 1

On a local development workstation, a developer has constructed a Node.js web application. The developer want to host the website on AWS. The
developer desires a solution that has the fewest operational overhead and requires no code modifications.

Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements?

A. AWS Elastic Beanstalk

B. Amazon EC2

C. AWS Lambda

D. Amazon Elastic Kubernetes Service (Amazon EKS)

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-devenv.html

Community vote distribution

A (100%)
Question #122 Topic 1

A business operates an application on AWS Lambda@Edge. The application offers material that adapts according on the device being used by the
viewer.
The number of hits by device type is written to logs in Amazon CloudWatch Logs that are saved in a log group. For each device type, the
organization must provide an Amazon CloudWatch custom metric.

Which strategy will satisfy these criteria?

A. Create a CloudWatch Logs Insights query to extract the device type information from the logs and to create a custom metric with device
type as a dimension.

B. Create a CloudWatch metric filter to extract metrics from the log files with device type as a dimension.

C. Update the application to write its logs in the CloudWatch embedded metric format with device type as a dimension.

D. Configure the CloudWatch Logs agent for Lambda integration. Update the application to use the StatsD protocol to emit the metrics.

Correct Answer: D
Reference:
https://aws.amazon.com/lambda/faqs/

Community vote distribution

B (100%)

Question #123 Topic 1

A programmer is developing a new application that will make advantage of Amazon S3. To comply with regulatory standards, the Developer must
encrypt data in transit.

How is this accomplished by the Developer?

A. Use s3:x-amz-acl as a condition in the S3 bucket policy.

B. Use Amazon RDS with default encryption.

C. Use aws:SecureTransport as a condition in the S3 bucket policy.

D. Turn on S3 default encryption for the S3 bucket.

Correct Answer: D

Community vote distribution

C (75%) B (25%)
Question #124 Topic 1

On Amazon EC2, a developer is developing an application. During testing, the developer experienced a €Access Denied€ error on many API
requests to AWS services. The developer must alter the permissions previously granted to the instance.

How can these needs be accomplished with the fewest possible adjustments and downtime?

A. Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance.

B. Delete the existing IAM role. Attach a new IAM role with the needed permissions.

C. Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance.

D. Update the attached IAM role adding the needed permissions.

Correct Answer: B

Community vote distribution

D (100%)

Question #125 Topic 1

A developing program requires the storage of hundreds of video files. Prior to storage, the data must be encrypted inside the program using a
unique key for each video file.

How should the application's developer code it?

A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.

B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted
data.

C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.

D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.

Correct Answer: B

Community vote distribution

C (100%)
Question #126 Topic 1

An existing serverless application handles picture files that have been uploaded. At the moment, the process is implemented using a single
Lambda function that accepts an image file, processes it, and saves it in Amazon S3. The application's users now demand picture thumbnail
production. Users desire to minimize the time required to complete picture uploads.

How can thumbnail creation be integrated into an application while still adhering to user expectations and requiring little modifications to current
code?

A. Change the existing Lambda function handling the uploads to create thumbnails at the time of upload. Have the function store both the
image and thumbnail in Amazon S3.

B. Create a second Lambda function that handles thumbnail generation and storage. Change the existing Lambda function to invoke it
asynchronously.

C. Create an S3 event notification with a Lambda function destination. Create a new Lambda function to generate and store thumbnails.

D. Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function that processes the queue, and generates and stores
thumbnails.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-s3-example.html

Community vote distribution

C (100%)

Question #127 Topic 1

A developer wishes to give systems administrators access to the log data of an application operating on an EC2 instance.
In Amazon CloudWatch, which of the following provides monitoring of this metric?

A. Retrieve the log data from CloudWatch using the GetMetricData API call.

B. Retrieve the log data from AWS CloudTrail using the LookupEvents API call.

C. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application.

D. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

Correct Answer: D

Community vote distribution

D (100%)
Question #128 Topic 1

A business is creating an application that will operate on several Amazon EC2 instances in an Auto Scaling group and will have access to an
Amazon EC2 database. The program must save the credentials necessary to connect to the database. Periodic secret rotation must be supported
in the application, and the program should remain unchanged when a secret changes.

How can these needs be met in the SAFEST manner possible?

A. Associate an IAM role to the EC2 instance where the application is running with permission to access the database.

B. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.

C. Configure the application to store secrets in Amazon S3 object metadata.

D. Hard code the database secrets in the application code itself.

Correct Answer: A

Community vote distribution

B (100%)

Question #129 Topic 1

A developer used a CLI command to register an AWS Lambda function as a target for an Application Load Balancer (ALB). However, when the
client submits requests via the ALB, the Lambda function is not called.

Why isn't the Lambda function called?

A. A Lambda function cannot be registered as a target for an ALB.

B. A Lambda function can be registered with an ALB using AWS Management Console only.

C. The permissions to invoke the Lambda function are missing.

D. Cross-zone is not enabled on the ALB.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html
Question #130 Topic 1

A corporation has numerous developers stationed across the world who are progressively upgrading code for a development project. When
developers upload code simultaneously, internet connection is poor, and uploading code for deployment in AWS Elastic Beanstalk takes a long
time.

Which approach will result in the smallest amount of administrative work and the shortest upload and deployment times?

A. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.

B. Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.

C. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.

D. Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the
instance to Elastic Beanstalk.

Correct Answer: C

Community vote distribution

C (100%)

Question #131 Topic 1

A development team deploys a Java-based web application using AWS Elastic Beanstalk. The team want to guarantee that any modifications to
the source code or settings are automatically distributed to new instances. The team configures Elastic Beanstalk such that immutable updates
are used. However, an issue occurs the first time the new update policy is used to deploy a modification.

Which of the following is the MOST LIKELY CAUSE of this problem?

A. Immutable updates are not supported for Java-based applications.

B. The account has reached its on-demand instance limit.

C. Immutable updates are only supported for m4.large and larger instance types.

D. The developer must also modify the .ebextensions/immutable-updates.config file to enable immutable updates.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environmentmgmt-updates-immutable.html

Community vote distribution

B (100%)
Question #132 Topic 1

What are the procedures for launching a templatized serverless application using the AWS CLI?

A. Use AWS CloudFormation get-template then CloudFormation execute-change-set.

B. Use AWS CloudFormation validate-template then CloudFormation create-change-set.

C. Use AWS CloudFormation package then CloudFormation deploy.

D. Use AWS CloudFormation create-stack then CloudFormation update-stack.

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli

Question #133 Topic 1

A cluster of Amazon EC2 instances hosts an application. When attempting to read items encrypted using server-side encryption using AWS KMS
managed keys (SSE-KMS) from a single Amazon S3 bucket, the application encounters the following error:

Which measures should be made in combination to avoid this failure? (Select two.)

A. Contact AWS Support to request an AWS KMS rate limit increase.

B. Perform error retries with exponential backoff in the application code.

C. Contact AWS Support to request a S3 rate limit increase.

D. Import a customer master key (CMK) with a larger key size.

E. Use more than one customer master key (CMK) to encrypt S3 data.

Correct Answer: CD

Community vote distribution

AB (100%)
Question #134 Topic 1

AWS Lambda functions need read/write access to an Amazon S3 bucket and to an Amazon DynamoDB database. The appropriate IAM policy is
already in place.

How can I allow the Lambda function access to the S3 bucket and DynamoDB database in the MOST SECURE manner possible?

A. Attach the existing IAM policy to the Lambda function.

B. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.

C. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key
as environment variables in the Lambda function.

D. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/lambda-execution-role-s3-bucket/

Community vote distribution

B (100%)

Question #135 Topic 1

The developer is developing a web application that uses a POST request to capture highly controlled and private user data. Amazon CloudFront is
used to serve the web application. User names and phone numbers must be encrypted at the edge of the application stack and must stay
encrypted throughout.

What is the SECUREST method for meeting these requirements?

A. Enforce Match Viewer with HTTPS Only on CloudFront.

B. Use only the newest TLS security policy on CloudFront.

C. Enforce a signed URL on CloudFront on the front end.

D. Use field-level encryption on CloudFront.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html
Question #136 Topic 1

Numerous apps make use of an Amazon RDS database instance to seek for previous data. The pace of queries is quite steady. When historical
data is updated daily, the associated write traffic degrades the speed of read queries, affecting all application users.

What can be done to minimize the effect on application users' performance?

A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.

B. Create an RDS Read Replica and direct all read traffic to the replica.

C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.

D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

Correct Answer: B

Community vote distribution

B (100%)

Question #137 Topic 1

A marketing firm maintains a dynamic website that receives a high volume of visitors. The firm want to shift the website infrastructure to AWS,
which will manage all aspects of the website except development.

Which option BEST satisfies these criteria?

A. Use AWS VM Import to migrate a web server image to AWS. Launch the image on a compute-optimized Amazon EC2 instance.

B. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the website on those instances.

C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instances.

D. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the content at scale.

Correct Answer: C
Reference:
https://aws.amazon.com/elasticbeanstalk/

Community vote distribution

C (100%)
Question #138 Topic 1

A program is supposed to process a large number of files. Each file processes an AWS Lambda call in four minutes. The Lambda function returns
no useful data.

What is the quickest method for processing all of the files?

A. First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.

B. Make synchronous RequestResponse Lambda invocations and process the files one by one.

C. Make asynchronous Event Lambda invocations and process the files in parallel.

D. First join all the files, then process it all at once with an asynchronous Event Lambda invocation.

Correct Answer: C

Community vote distribution

C (100%)

Question #139 Topic 1

An online retailer used AWS CloudFormation to construct a serverless application utilizing AWS Lambda, Amazon API Gateway, Amazon S3, and
Amazon DynamoDB. The firm released a new version with significant enhancements to the Lambda function and put it to production. Following
that, the application ceased to function.

Which approach should be used to restart the program as soon as possible?

A. Redeploy the application on Amazon EC2 so the Lambda function can resolve dependencies

B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function

C. Roll back the Lambda function to the previous version

D. Deploy the latest Lambda function in a different Region

Correct Answer: C
Reference:
https://github.com/awslabs/aws-sam-cli/issues/1654

Community vote distribution

C (100%)
Question #140 Topic 1

A Global Secondary Index (GSI) is used by Amazon DynamoDB to facilitate read queries. The main table is heavily utilized for write operations,
while the GSI is heavily used for read activities. When the Developer examines Amazon CloudWatch analytics, he observes that write operations to
the main table are regularly throttled during periods of high write activity. However, write capacity units to the primary table remain accessible and
unutilized.

What is the reason for the table's throttling?

A. The GSI write capacity units are underprovisioned

B. There are not enough read capacity units on the primary table

C. Amazon DynamoDB Streams is not enabled on the table

D. A large write operation is being performed against another table

Correct Answer: D

Community vote distribution

A (100%)

Question #141 Topic 1

AWS Organizations enables a business to manage many accounts. Account A utilizes an Amazon EC2 instance to host an application. The
program makes advantage of the AWS command line interface to do automatic deployments in Account '. By using an EC2 IAM service role in
Account A and an IAM role in Account ', an administrator established cross-account access.
The application attempts to take the IAM role in Account' using the following command but is unable to deploy anything in Account'.

Assume aws sts

-
-role —role-arn :aws:iam::AccountB-ID>:role/AccountB-Role€am:aws:iam::AccountB-ID>:role/AccountB-Role
AccountB-Role-Session-Name € —role-session-name

Which action is required next to enable the application to effectively utilise the credentials obtained via the usage of Account B's role?

A. Configure the access key and secret access key of a valid IAM user from Account ‫ ’׀‬in the environment variables.

B. Configure the access key, secret access key, and token from the assume-role command in the environment variables.

C. Create a CLI profile for the EC2 IAM service role in the AWS configuration file.

D. Delete any access keys and secret access keys in the environment variables.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/

Community vote distribution

B (100%)
Question #142 Topic 1

A business is developing a REST service utilizing an Amazon API Gateway integrated with AWS Lambda. For testing reasons, the service must run
several versions.

What is the MOST EFFECTIVE approach to do this?

A. Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)

B. Create an API Gateway Lambda authorizer to route API clients to the correct API version

C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)

D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

Correct Answer: C

Community vote distribution

D (100%)

Question #143 Topic 1

A developer has created a web application that is accessible to customers and is running on an Amazon EC2 instance. Every request made to the
program is logged. Normally, the program operates without incident, but a traffic surge creates numerous logs, causing the disk to fill up and
finally run out of memory. According to company policy, all historical logs must be consolidated for analysis.

Which long-term remedy should the developer use to avoid a recurrence of the issue?

A. Set up log rotation to rotate the file every day. Also set up log rotation to rotate after every 100 MB and compress the file.

B. Install the Amazon CloudWatch agent on the instance to send the logs to CloudWatch. Delete the logs from the instance once they are sent
to CloudWatch.

C. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to automatically add volumes to the instance when it reaches a
specified threshold.

D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs from the instance. Configure the rule to delete the logs
after they have been pulled.

Correct Answer: C

Community vote distribution

B (80%) C (20%)
Question #144 Topic 1

An application must handle the client's IP address. The application has been transferred to Amazon Web Services and is now protected by an
Application Load Balancer (ALB). However, it seems as if all client IP addresses have become identical. The application must retain its horizontal
scalability.

What is the MOST cost-effective solution to this issue based on this scenario?

A. Remove the application from the ALB. Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application.

B. Remove the application from the ALB. Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol.

C. Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can work properly if a list of IP addresses is passed
in the header.

D. Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.

Correct Answer: C

Community vote distribution

C (100%)

Question #145 Topic 1

A developer is attempting to use AWS CodeDeploy to deploy a serverless application. The application has been upgraded and requires re-
deployment.

What file does the developer need to edit to enable CodeDeploy to submit the change?

A. dockerrun.aws.json

B. buildspec.yml

C. appspec.yml

D. ebextensions.config

Correct Answer: C
Question #146 Topic 1

All personally identifiable information (PII) is stored by a corporation in an Amazon DynamoDB database called PII in Account A. Access to the PII
database is required by an application operating on Amazon EC2 instances in Account B. Account A's administrator established an IAM role called
AccessPII with access credentials to the PII database and added Account B as a trusted entity.

Which extra actions need developers take in order to have access to the table? (Select two.)

A. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role.

B. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control
policies.

C. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control
policies.

D. Include the AssumeRole API in the application code logic to obtain credentials to access the PII table.

E. Include the GetSessionToken API in the application code logic to obtain credentials to access the PII table.

Correct Answer: CE

Community vote distribution

AD (67%) B (17%) BD (17%)

Question #147 Topic 1

Users will be required to access AWS services and will be able to update their own passwords, according to an application being developed by a
business.
Which of the following would allow the organization to manage users and authorization while allowing users to change their passwords on their
own?

A. Amazon Cognito identify pools and AWS STS

B. Amazon Cognito identity pools and AWS IAM

C. Amazon Cognito user pools and AWS KMS

D. Amazon Cognito user pools and identity pools

Correct Answer: B

Community vote distribution

D (100%)
Question #148 Topic 1

A developer enhanced an application that runs on an Amazon EC2 instance and makes use of Amazon SQS. The developer observed a large spike
in Amazon SQS prices upon deployment. When monitoring the Amazon SQS metrics using Amazon CloudWatch, the developer saw that this queue
receives an average of one message every minute.

What can be done to lower this application's Amazon SQS costs?

A. Increase the Amazon SQS queue polling timeout.

B. Scale down the Amazon SQS queue to the appropriate size for low traffic demand.

C. Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue.

D. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.

Correct Answer: A

Community vote distribution

A (100%)

Question #149 Topic 1

A developer has configured an Amazon Kinesis Stream with four shards to accept records at a rate of up to 2500 per second. To handle these
records, a Lambda function has been configured.

Which records will be processed first?

A. Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method

B. Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first-in, first-out) method.

C. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no
guarantee of order across shards.

D. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API.

Correct Answer: C

Community vote distribution

C (100%)
Question #150 Topic 1

A developer is doing testing on a Docker-based application that communicates with Amazon DynamoDB using the AWS SDK. The program utilized
IAM access credentials in the local development environment. The application is now prepared for ECS cluster deployment.

In production, how should the application authenticate with AWS services?

A. Configure an ECS task IAM role for the application to use

B. Refactor the application to call AWS STS AssumeRole based on an instance role

C. Configure AWS access key/secret access key environment variables with new credentials

D. Configure the credentials file with a new access key/secret access key

Correct Answer: A

Community vote distribution

A (100%)

Question #151 Topic 1

A developer is developing a website that will be hosted on Amazon's S3 service. Secure browser connections must be supported by the website.

Which steps must the developer perform in combination to satisfy this requirement? (Select two.)

A. Create an Elastic Load Balancer (ELB). Configure the ELB to direct traffic to the S3 bucket.

B. Create an Amazon CloudFront distribution. Set the S3 bucket as an origin.

C. Configure the Elastic Load Balancer with an SSL/TLS certificate.

D. Configure the Amazon CloudFront distribution with an SSL/TLS certificate.

E. Configure the S3 bucket with an SSL/TLS certificate.

Correct Answer: BE

Community vote distribution

BD (100%)

Question #152 Topic 1

An application has been created by a developer that publishes data to Amazon DynamoDB. Conditional writes have been enabled for the
DynamoDB table. Writes are failing during high demand periods owing to a ConditionalCheckFailedException problem.

How can the developer improve the dependability of the program when numerous clients try to write to the same record?

A. Write data to an Amazon SNS topic.

B. Increase the amount of write capacity for the table to anticipate short-term spikes or bursts in write operations.

C. Implement a caching solution, such as DynamoDB Accelerator or Amazon ElastiCache.

D. Implement error retries and exponential backoff with jitter.

Correct Answer: D

Community vote distribution

C (100%)
Question #153 Topic 1

A developer is automating the deployment of a new application using AWS Serverless Application Model (AWS SAM). One AWS Lambda function
and one Amazon S3 bucket are included in the new application. The Lambda function must have read-only access to the S3 bucket.

How should the developer setup AWS SAM to provide the S3 bucket the appropriate read permissions?

A. Reference a second Lambda authorizer function.

B. Add a custom S3 bucket policy to the Lambda function.

C. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads. Reference the topic in the template.

D. Add the S3ReadPolicy template to the Lambda function's execution role.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html

Community vote distribution

D (100%)

Question #154 Topic 1

A developer must use AWS KMS to encrypt a 100 GB object.

What is the BEST course of action?

A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)

B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material

C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data

D. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data

Correct Answer: D

Community vote distribution

C (100%)

Question #155 Topic 1

A real-time application processes millions of events that are received over an API.

Which service might be utilized to enable concurrent processing of data by several users in the most cost-effective manner possible?

A. Amazon SNS with fanout to an SQS queue for each application

B. Amazon SNS with fanout to an SQS FIFO (first-in, first-out) queue for each application

C. Amazon Kinesis Firehose

D. Amazon Kinesis Streams

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/getting-started/
Question #156 Topic 1

A developer has created a serverless application that makes use of a variety of AWS services. The business logic is implemented using Lambda
functions that rely on third-party libraries. Amazon API Gateway will be used to provide the Lambda function endpoints. The Lambda function will
be used to store the data in Amazon DynamoDB. Although the developer is prepared to launch the program, he or she must have the ability to turn
back.

How, given these criteria, can this deployment be automated?

A. Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package.

B. Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template.

C. Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource.

D. Create a bash script which uses AWS CLI to package and deploy the application.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html

Community vote distribution

C (100%)

Question #157 Topic 1

A firm is developing an application that will use an Amazon DynamoDB database to monitor athlete performance. A partition key (user id) and a
sort key (sport name) uniquely identify each item in the database. The following illustration depicts the table's design:

(Please note that not all table characteristics are shown.)

A developer is requested to create a leaderboard application that would show the best performers (user id) for each sport name depending on
their score.

Which approach will enable the developer to most effectively retrieve results from the DynamoDB table?

A. Use a DynamoDB query operation with the key attributes of user_id and sport_name and order the results based on the score attribute.

B. Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results

C. Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and order the results based on the score attribute.

D. Create a local secondary index with a primary key of sport_name and a sort key of score and get the results based on the score attribute.

Correct Answer: D

Community vote distribution

B (100%)
Question #158 Topic 1

On Amazon EC2 instances in a VPC, a corporation runs a standard three-tier application, including its NoSQL database. The business want to
transition to Amazon DynamoDB.
A developer observes during testing that the application running on the EC2 instances is unable to write data to the DynamoDB database. The
developer must securely provide the application write access to the DynamoDB table.

Which combination of acts satisfies these criteria? (Select two.)

A. Create a gateway VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter.

B. Create an interface VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter.

C. Create an IAM user that allows write access to the DynamoDB table. Add the user to the EC2 Instances.

D. Create an IAM role that allows write access to the DynamoDB table. Add the role to the EC2 instances.

E. Create an IAM group that allows write access to the DynamoDB table. Add the group to the EC2 instances.

Correct Answer: AC
Reference:
https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-gateway.html

Community vote distribution

AD (100%)

Question #159 Topic 1

A developer is developing a serverless application that needs every ten minutes invocation of an AWS Lambda function.

How can the function be triggered in an automated and serverless manner?

A. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda
function.

B. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

C. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.

D. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/architecture/a-serverless-solution-for-invoking-aws-lambda-at-a-sub-minute-frequency/

Community vote distribution

C (100%)
Question #160 Topic 1

A developer has submitted an update to an application that is delivered through Amazon CloudFront to a worldwide user base. Users are not able
to view the latest modifications once the application is deployed.

How can the Developer address this concern?

A. Remove the origin from the CloudFront configuration and add it again.

B. Disable forwarding of query strings and request headers from the CloudFront distribution configuration.

C. Invalidate all the application objects from the edge caches.

D. Disable the CloudFront distribution and enable it again to update all the edge locations.

Correct Answer: A

Community vote distribution

C (100%)

Question #161 Topic 1

Images are stored in an S3 bucket by an application. Notifications from Amazon S3 are utilized to invoke a Lambda code that resizes the pictures.
Each photograph is processed in less than a second.

How will AWS Lambda deal with the increased traffic?

A. Lambda will scale out to execute the requests concurrently.

B. Lambda will handle the requests sequentially in the order received.

C. Lambda will process multiple images in a single execution.

D. Lambda will add more compute to each execution to reduce processing time.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/scaling.html

Community vote distribution

A (100%)
Question #162 Topic 1

A developer is doing a refactoring operation on a monolithic application. The program does many activities in response to a POST request. Some
processes are carried out in concurrently, while others are carried out sequentially. These operations have been decoupled and repurposed as
AWS Lambda functions. Amazon API Gateway will process the POST request.

How should the developer launch the Lambda functions using API Gateway in the same order?

A. Use Amazon SQS to invoke the Lambda functions

B. Use an AWS Step Functions activity to run the Lambda functions

C. Use Amazon SNS to trigger the Lambda functions

D. Use an AWS Step Functions state machine to orchestrate the Lambda functions

Correct Answer: D
Reference:
https://aws.amazon.com/step-functions/

Community vote distribution

D (100%)

Question #163 Topic 1

A retailer's developer must include a fraud detection solution into the order processing system. Verification of an order by the fraud detection
solution takes between ten and thirty minutes. At its height, the website can process up to 100 orders per minute.

How can the fraud detection technology be integrated into the order processing pipeline in the most scalable manner?

A. Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution
installed on them to pull orders from this queue. Update the order with a pass or fails status.

B. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a
dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this
queue. Update the order with a pass or fails status.

C. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis
Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.

D. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders. Subscribe a Lambda function to
automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update
the order with a pass or fail status.

Correct Answer: D

Community vote distribution

B (100%)
Question #164 Topic 1

A developer is required to create an application that makes advantage of Amazon DynamoDB. The criteria include that the DynamoDB table's
contents must be 7KB in size and that reads must be highly consistent. The read pace is limited to three items per second, whereas the write rate
is limited to ten things per second.

What size DynamoDB table should the developer create to satisfy these requirements?

A. Read: 3 read capacity units Write: 70 write capacity units

B. Read: 6 read capacity units Write: 70 write capacity units

C. Read: 6 read capacity units Write: 10 write capacity units

D. Read: 3 read capacity units Write: 10 write capacity units

Correct Answer: B

Community vote distribution

B (100%)

Question #165 Topic 1

A business has a REST application made up of an Amazon API Gateway API and many AWS Lambda services. A developer is reacting to a warning
that the HTTP response error rate for the API Gateway API has suddenly risen. The developer must rapidly discover which Lambda function is
misbehaving.

Which solution will satisfy these criteria?

A. Implement error handling in the functions to write error logs to the AWS X-Ray API. Use the X-Ray console to query the logs.

B. Enable Amazon CloudWatch Logs and detailed CloudWatch metrics. Use CloudWatch Logs Insights to query the API Gateway logs.

C. Download the API Gateway logs and Lambda invocation logs from Amazon S3. Perform a line-by-line search against them.

D. Export the API Gateway logs and Lambda invocation logs from Amazon EventBridge (Amazon CloudWatch Events) and Amazon
CloudWatch Logs. Perform a line-by-line search against them.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/compute/error-handling-patterns-in-amazon-api-gateway-and-aws-lambda/

Community vote distribution

B (100%)
Question #166 Topic 1

An application becomes unresponsive due to the following error: The bucket given does not exist.

Where IS THE BEST PLACE TO START THE ANALYSIS OF THE ROOT CAUSES?

A. Check the Elastic Load Balancer logs for DeleteBucket requests.

B. Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors.

C. Check AWS X-Ray for Amazon S3 DeleteBucket alarms.

D. Check AWS CloudTrail for a DeleteBucket event.

Correct Answer: D
Reference:
https://github.com/serverless/serverless-graphql/issues/72

Community vote distribution

D (100%)

Question #167 Topic 1

A developer is testing an application that asynchronously executes an AWS Lambda function. The Lambda function fails to process after two
retries during the testing phase.

How can the developer debug the error?

A. Configure AWS CloudTrail logging to investigate the invocation failures

B. Configure Dead Letter Queues by sending events to Amazon SQS for investigation

C. Configure Amazon Simple Workflow Service to process any direct unprocessed events

D. Configure AWS Config to process any direct unprocessed events

Correct Answer: B
Reference:
https://www.concurrencylabs.com/blog/how-to-operate-aws-lambda/

Community vote distribution

B (100%)
Question #168 Topic 1

A developer has an on-premises stateful web server that is being transferred to AWS. The developer's flexibility in the new design must be
increased.

How should the developer approach refactoring the program to increase its elasticity? (Select two.)

A. Use pessimistic concurrency on Amazon DynamoDB

B. Use Amazon CloudFront with an Auto Scaling group

C. Use Amazon CloudFront with an AWS Web Application Firewall

D. Store session state data in an Amazon DynamoDB table

E. Use an ELB with an Auto Scaling group

Correct Answer: DE

Question #169 Topic 1

Amazon API Gateway is being used by a media business to handle microservices configured as AWS Lambda functions. The development team of
the corporation intends to release a new version of its API. To prevent impacting current customers when the new API is launched, the firm intends
to provide all users a three-month grace period during which they may migrate from the old API to the new API.

Which implementation technique should the business utilize to accomplish this objective?

A. Update the Lambda functions. Configure the API to use Lambda proxy integration.

B. Update the Lambda functions. Provide the API client with the new Lambda endpoints.

C. Use API Gateway to deploy a new stage that uses updated Lambda functions and provides users with a new URL.

D. Use API Gateway to redirect requests based on a request header to updated Lambda functions. Configure a 90-day expiration on the old
API.

Correct Answer: C
Question #170 Topic 1

A business wishes to establish continuous integration for its AWS workloads. The firm wishes to activate unit tests in its pipeline in response to
updates to its code repository and to be alerted of pipeline failure events.

How are these stipulations to be met?

A. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of
failure events.

B. Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events.

C. Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure
events.

D. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification
of failure events.

Correct Answer: A

Community vote distribution

A (100%)

Question #171 Topic 1

A business is designing a report that will be performed through AWS Step Functions. Amazon CloudWatch detects issues in the Task State
Machine for Step Functions. To debug each operation, the state input must be included in the state output, along with the error message.

Which coding technique preserves both the original input and the state error?

A. Use ResultPath in a Catch statement to include the error with the original input.

B. Use InputPath in a Catch statement and set the value to null.

C. Use ErrorEquals in a Retry statement to include the error with the original input.

D. Use OutputPath in a Retry statement and set the value to $.

Correct Answer: A
Use ResultPath in a Catch to include the error with the original input.
Reference:
https://docs.aws.amazon.com/step-functions/latest/dg/input-output-resultpath.html
Question #172 Topic 1

A company uses AWS CodePipeline to manage continuous integration/continuous delivery (CI/CD) pipelines for its application. Before staging
artifacts for testing, a developer must create unit tests and execute them as part of the process.

How should the developer implement unit tests into their continuous integration/continuous delivery pipelines?

A. Create a separate CodePipeline pipeline to run unit tests

B. Update the AWS CodeBuild specification to include a phase for running unit tests

C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests

D. Create a testing branch in AWS CodeCommit to run unit tests

Correct Answer: D

Community vote distribution

B (100%)

Question #173 Topic 1

A status dashboard is shown by an application. A 1 KB message from a SQS queue is used to update the status. Although the status changes
seldom, the Developer must keep the time between the message's arrival in the queue and the dashboard update as short as possible.

Which strategy results in the smallest delay between dashboard updates?

A. Retrieve the messages from the queue using long polling every 20 seconds.

B. Reduce the size of the messages by compressing them before sending.

C. Retrieve the messages from the queue using short polling every 10 seconds.

D. Reduce the size of each message payload by sending it in two parts.

Correct Answer: A

Community vote distribution

A (100%)
Question #174 Topic 1

A firm is introducing the option to save currency (or gift cards) to its very successful casual gaming website. Users must be able to exchange this
value for the goods of other users on the site. This would involve either updating both users' information in a single transaction or totally rolling
back both users' records.

Which AWS database choices provide the needed transactional capabilities for this new feature? (Select two.)

A. Amazon DynamoDB with operations made with the ConsistentRead parameter set to true

B. Amazon ElastiCache for Memcached with operations made within a transaction block

C. Amazon Aurora MySQL with operations made within a transaction block

D. Amazon DynamoDB with reads and writes made using Transact* operations

E. Amazon Redshift with operations made within a transaction block.

Correct Answer: BD

Community vote distribution

CD (100%)

Question #175 Topic 1

On Amazon ECS, a corporation is running a Docker application. The application's load must be scaled depending on the past 15 seconds' user
activity.

How should a developer instrument code to ensure it satisfies the requirement?

A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

Correct Answer: B

Question #176 Topic 1

A developer must construct an AWS application that will consume Amazon SQS messages ranging in size from 1KB to 1GB.

How should Amazon Simple Queue Service (SQS) messages be managed?

A. Use Amazon S3 and the Amazon SQS CLI.

B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.

C. Use Amazon EBS and the Amazon SQS CLI.

D. Use Amazon EFS and the Amazon SQS CLI.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html

Community vote distribution

B (100%)
Question #177 Topic 1

A developer is using AWS CLI, however it is stalling out when performing list commands on a large number of resources.

How can this time-out be avoided?

A. Use pagination

B. Use shorthand syntax

C. Use parameter values

D. Use quoting strings

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-pagination.html

Question #178 Topic 1

A developer has developed a Lambda function and is discovering that it is taking longer than planned to execute. The Developer determined that
increasing computing capacity might enhance performance after some debugging.
What is the best way for the developer to boost Lambda computing resources?

A. Run on a larger instance size with more compute capacity.

B. Increase the maximum execution time.

C. Specify a larger compute capacity when calling the Lambda function.

D. Increase the allocated memory for the Lambda function.

Correct Answer: D

Community vote distribution

D (100%)

Question #179 Topic 1

A business builds, bundles, and packages its apps on-premises and stores them locally using a third-party technology. The firm runs its front-end
apps on Amazon EC2 instances.

How does one deploy an application from the source control system to the EC2 instances?

A. Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle in a .zip, .tar, or .tar.gz format.

B. Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.

C. Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances.

D. Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances.

Correct Answer: A
Reference:
https://aws.amazon.com/codedeploy/faqs/

Community vote distribution

B (100%)
Question #180 Topic 1

A developer is using Amazon API Gateway to create a WebSocket API. The payload submitted to this API is JSON with an action key included. This
key may take on one of three values: create, update, or delete. The developer must interact with several routes dependent on the value of the
incoming JSON payload's action key.

How can the developer execute this operation using the LESS settings possible?

A. Deploy the WebSocket API to three stages for the respective routes: create, update, and remove

B. Create a new route key and set the name as action

C. Set the value of the route selection expression to action

D. Set the value of the route selection expression to $request.body.action

Correct Answer: B

Community vote distribution

D (100%)

Question #181 Topic 1

Amazon Kinesis Data Streams enables an application to ingest and handle huge streams of data records in real time. Utilizing the Amazon Kinesis
Client Library, Amazon EC2 instances ingest and process data from the shards of the Kinesis data stream (KCL). The program manages failure
situations and eliminates the need for backup personnel. The program indicates that a particular shard is getting much more data than
anticipated. The €hot€ shard is resharded to react to variations in the pace of data flow.

If the initial number of shards in the Kinesis data stream is four, and the number of shards increases to six after resharding, what is the maximum
number of EC2 instances that can be deployed to process data from all the shards?

A. 12

B. 6

C. 4

D. 1

Correct Answer: B

Community vote distribution

B (100%)
Question #182 Topic 1

A developer is constructing a template for the AWS Serverless Application Model (AWS SAM). Multiple AWS Lambda functions, an Amazon S3
bucket, and an Amazon CloudFront distribution are defined in the AWS SAM template. One of the Lambda functions is executed on the CloudFront
distribution's Lambda@Edge. The S3 bucket is specified as the CloudFront distribution's origin.

While the developer installs the AWS SAM template in the eu-west-1 Region, the developer encounters an error when attempting to create the
stack.
What may have precipitated this problem?

A. CloudFront distributions can be created only in the us-east-1 Region.

B. Lambda@Edge functions can be created only in the us-east-1 Region.

C. A single AWS SAM template cannot contain multiple Lambda functions.

D. The CloudFront distribution and the S3 bucket cannot be created in the same Region.

Correct Answer: C
Reference:
https://itnext.io/creating-aws-lambda-applications-with-sam-dd13258c16dd?gi=dc8343f6c2ba

Community vote distribution

B (100%)

Question #183 Topic 1

A business provides services to a large number of downstream customers. Each customer has the option of connecting to one or more services.
As a result, a complicated architecture that is difficult to manage and scales poorly has emerged. To administer various customer services, the
organization requires a single interface.
Which AWS service should this architecture be refactored with?

A. AWS Lambda

B. AWS X-Ray

C. Amazon SQS

D. Amazon API Gateway

Correct Answer: D
Question #184 Topic 1

A corporation has automated their release pipelines using AWS CodePipeline. The development team is currently developing an AWS Lambda
function that will deliver alerts when the status of each stage's action changes.

How do I correlate the Lambda function with the event source?

A. Create a trigger that invokes the Lambda function from the Lambda console by selecting CodePipeline as the event source.

B. Create an event trigger and specify the Lambda function from the CodePipeline console.

C. Create an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function.

D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/devops/using-aws-step-functions-state-machines-to-handle-workflow-driven-aws-codepipeline-actions/

Community vote distribution

D (67%) B (33%)

Question #185 Topic 1

On the website of a worldwide ecommerce corporation, users are encouraged to post evaluations for things they have bought. Seasonal products
are available. Products are popular for a brief period of time and then go out of favor the following season.
Customers provide feedback in their native tongue. A developer is using Amazon Translate to construct a new function that will translate
customer feedback into more languages. The website now features hundreds of thousands of goods and millions of reviews. The majority of
reviews will be seen in one or two languages.

How can this new feature be implemented in the MOST cost-effective manner possible?

A. Update the application code that writes the review to the database to translate the review into all supported languages. Persist a copy of
each translation in the database for future visitors.

B. Update the application code that reads the review from the database to check an Amazon ElastiCache cluster for translated reviews. If a
visitor is requesting a review and language combination that is not in the cache, configure the application to translate it and store it in the
cache with a TTL of 1 month.

C. Update the application code that reads the review from the database to translate the review in real time and return the translated version
without persisting it.

D. Set up a database change stream to write events to a stream each time a customer writes a review. Configure an AWS Lambda function to
read the events from the stream, translate the review into all supported languages, and update the review database to include all translations
for future visitors.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html

Community vote distribution

B (64%) C (36%)
Question #186 Topic 1

A custom library is used by an application to perform HTTP calls directly to AWS service endpoints. The program is suffering transitory problems,
which cause processes to halt when they are encountered for the first time. The application has been requested to be more robust by adding error
retries and exponential backoff.

How should a developer apply the modifications with the LITTLEEST amount of custom code possible?

A. Add a Retry-After HTTP header to API requests

B. Use the AWS CLI to configure the retry settings in a named profile

C. Change the custom library to retry on 5xx errors only

D. Use an AWS SDK and set retry-specific configurations

Correct Answer: B
Reference:
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html

Community vote distribution

D (100%)

Question #187 Topic 1

A business demands that AWS Lambda functions built by developers record problems in order for System Administrators to resolve issues more
efficiently.

What should developers do to address this need?

A. Publish errors to a dedicated Amazon SQS queue.

B. Create an Amazon CloudWatch Events event trigger based on certain Lambda events.

C. Report errors through logging statements in Lambda function code.

D. Set up an Amazon SNS topic that sends logging statements upon failure.

Correct Answer: B

Community vote distribution

C (100%)
Question #188 Topic 1

In the console, a developer transformed an existing application to an AWS Lambda function. While the application works OK on a local laptop, it
fails to import a module when evaluated in the Lambda interface.

Which of the following may be used to correct the error?

A. Install the missing module and specify the current directory as the target. Create a ZIP file to include all files under the current directory,
and upload the ZIP file.

B. Install the missing module in a lib directory. Create a ZIP file to include all files under the lib directory, and upload the ZIP file as dependency
file.

C. In the Lambda code, invoke a Linux command to install the missing modules under the /usr/lib directory.

D. In the Lambda console, create a LB_LIBRARY_PATH environment and specify the value for the system library path.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf

Community vote distribution

A (100%)

Question #189 Topic 1

A gaming business is in the process of creating a mobile game application for the iOS and Android operating systems. This mobile game encrypts
user data and keeps it locally on the device. The business wants consumers to be able to play the game on numerous devices. Without developing
a backend application, the organization needs to synchronize user data across devices.

Which Amazon Web Services (AWS) offering or functionality should the business use to achieve these requirements?

A. AWS Lambda@Edge

B. Amazon S3 Transfer Acceleration

C. Amazon DynamoDB Accelerator (DAX)

D. AWS Amplify with AWS AppSync

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/mobile/appsync-microservices/
Question #190 Topic 1

There are three separate environments in a company: development, quality assurance, and production. The company wishes to deploy its code in
three stages: development, QA, and finally production.
What AWS service may be used to fulfill this need?

A. Use AWS CodeCommit to create multiple repositories to deploy the application.

B. Use AWS CodeBuild to create, configure, and deploy multiple build application projects.

C. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.

D. Use AWS CodeDeploy to create multiple deployment groups.

Correct Answer: C

Community vote distribution

D (60%) B (40%)

Question #191 Topic 1

An application is composed of two components: one for handling HTTP requests and another for doing background processing operations. Each
component must be self-scaling. The developer want to use AWS Elastic Beanstalk to deploy this application.

How, in light of these criteria, should this application be deployed?

A. Deploy the application in a single Elastic Beanstalk environment.

B. Deploy each component in a separate Elastic Beanstalk environment.

C. Use multiple Elastic Beanstalk environments for the HTTP component, but one environment for the background task component.

D. Use multiple Elastic Beanstalk environments for the background task component, but one environment for the HTTP component.

Correct Answer: D

Community vote distribution

B (100%)

Question #192 Topic 1

A business runs a bespoke application on a series of on-premises Linux servers that are connected to Amazon API Gateway through Amazon API
Gateway. On the API test stage, AWS X-Ray tracing has been enabled.

How can a developer implement X-Ray tracing with the LEAST amount of setup on on-premises servers?

A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

B. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

C. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the
PutTraceSegments API call.

D. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the
PutTelemetryRecords API call.

Correct Answer: A

Community vote distribution

B (100%)
Question #193 Topic 1

An organization is hosting huge files in Amazon S3 and developing a web application to provide end users with meta-data about the files. A user
picks an item to download based on its information. The company requires a technique for indexing files and retrieving metadata with a single-
digit millisecond delay.

Which Amazon Web Services (AWS) service should be utilized to do this?

A. Amazon DynamoDB

B. Amazon EC2

C. AWS Lambda

D. Amazon RDS

Correct Answer: A
Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at
any scale. It is a fully managed database and supports both document and key-value data models. Its flexible data model and reliable
performance make it a great fit for mobile, web, gaming, ad-tech, Internet of Things (IoT), and many other applications.
Reference:
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/database-services.html

Community vote distribution

A (100%)

Question #194 Topic 1

A developer has created a web application and want to swiftly deploy it on an AWS Tomcat server. The developer want to be free of the
responsibility of managing the underlying infrastructure.

According to these criteria, what is the simplest approach to deploy the application?

A. AWS CloudFormation

B. AWS Elastic Beanstalk

C. Amazon S3

D. AWS CodePipeline

Correct Answer: B
Reference:
https://aws.amazon.com/answers/web-applications/aws-web-app-deployment-java/

Community vote distribution

B (100%)
Question #195 Topic 1

A developer uses Amazon ECS to host an e-commerce API. The application's fluctuating and spiking demand is causing order processing to take
an excessive amount of time. The program manages Amazon Simple Queue Service (SQS) queues. Throughout the day, the
ApproximateNumberOfMessagesVisible metric jumps to very high levels, resulting in Amazon CloudWatch alert violations. Other ECS metrics for
API containers are within acceptable ranges.

What measures can the developer take to boost performance while keeping costs down?

A. Target tracking scaling policy

B. Docker Swarm

C. Service scheduler

D. Step scaling policy

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/

Community vote distribution

D (67%) A (33%)

Question #196 Topic 1

A developer is configuring the Amazon API Gateway to support their business's goods. Registered developers may use the API to query and
change their environments. For financial and security concerns, the organization want to restrict the number of requests that end users may
submit. Management want to provide registered developers with the option of purchasing bigger packages that support a greater number of
requests.

How can the developer do this with the LEAST amount of management overhead?

A. Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If a registered user chooses a larger package,
create a stage for them, adjust the values, and share the new URL with them.

B. Set up Amazon CloudWatch API logging in API Gateway. Create a filter based on the user and requestTime fields and create an alarm on
this filter. Write an AWS Lambda function to analyze the values and requester information, and respond accordingly. Set up the function as the
target for the alarm. If a registered user chooses a larger package, update the Lambda code with the values.

C. Enable Amazon CloudWatch metrics for the API Gateway stage. Set up CloudWatch alarms based off the Count metric and the ApiName,
Method, Resource, and Stage dimensions to alerts when request rates pass the threshold. Set the alarm action to Deny. If a registered user
chooses a larger package, create a user-specific alarm and adjust the values.

D. Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage. If a registered user chooses a
larger package, create a custom plan with the appropriate values and associate the plan with the user.

Correct Answer: D

Community vote distribution

D (100%)
Question #197 Topic 1

A developer must re-implement the order fulfillment system's business logic. To determine where to acquire an item, the business logic must make
queries to several sellers. The whole procedure might take up to a week.

What is the MOST EFFECTIVE and SIMPLICIT method of implementing a system that satisfies these requirements?

A. Use AWS Step Functions to execute parallel Lambda functions, and join the results.

B. Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results.

C. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results.

D. Use Amazon CloudWatch Events to orchestrate the Lambda functions.

Correct Answer: D

Community vote distribution

A (100%)

Question #198 Topic 1

A business is moving from a monolithic architecture to one based on microservices. The developers must redesign the program in such a way that
the many microservices may interact asynchronously without compromising performance.

Which managed Amazon Web Services (AWS) services will offer asynchronous message passing? (Select two.)

A. Amazon SQS

B. Amazon Cognito

C. Amazon Kinesis

D. Amazon SNS

E. Amazon ElastiCache

Correct Answer: AD

Community vote distribution

AD (100%)

Question #199 Topic 1

A small internet business is gearing up for its yearly sales extravaganza. As traffic to the company's application grows, the development team
wishes to be alerted when the CPU usage of the Amazon EC2 instance surpasses 80%.

Which solution will satisfy this criterion?

A. Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

B. Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

C. Create a cron job on the EC2 instance that executes the --describe-instance-information command on the host instance every 15 minutes
and sends the results to an Amazon SNS topic.

D. Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a
notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

Correct Answer: A
Question #200 Topic 1

Amazon S3 is structured as follows: S3:/BUCKET/FOLDERNAME/FILENAME.zip

Which S3 best practice would enhance speed when a single bucket receives thousands of PUT requests per second?

A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip

B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip

C. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip

D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip

Correct Answer: B
Reference:
http://jayendrapatil.com/aws-s3-best-practices/

Community vote distribution

D (60%) B (40%)

Question #201 Topic 1

Amazon API Gateway is used in a company's new mobile application. As the development team completes a new version of its APIs, a developer
must roll out the API modification securely and transparently.

What is the SIMPLEST method for a developer to deploy a new API version to a restricted number of consumers using API Gateway?

A. Create a new API in API Gateway. Direct a portion of the traffic to the new API using an Amazon Route 53 weighted routing policy.

B. Validate the new API version and promote it to production during the window of lowest expected utilization.

C. Implement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined
threshold.

D. Use the canary release deployment option in API Gateway. Direct a percentage of the API traffic using the canarySettings setting.

Correct Answer: D

Community vote distribution

D (100%)
Question #202 Topic 1

A programmer is developing a REST API that will allow users to add goods to a shopping list. The service is developed on Amazon API Gateway
and integrates with AWS Lambda. The shopping list items are sent to the function as query string arguments.

How should the developer transform query string parameters to Lambda function arguments?

A. Enable request validation

B. Include the Amazon Resource Name (ARN) of the Lambda function

C. Change the integration type

D. Create a mapping template

Correct Answer: C
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html

Community vote distribution

D (100%)

Question #203 Topic 1

A firm is compiling a website using AWS CodeBuild from source code saved in AWS CodeCommit. Due to a recent modification to the source code,
the CodeBuild project is unable to assemble the website correctly.

How is the developer to determine the root cause of the failures?

A. Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.

B. Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.

C. Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.

D. Manually re-run the build process on a local machine so that the output can be visualized.

Correct Answer: A

Community vote distribution

C (100%)
Question #204 Topic 1

Over SSH, a developer connects to AWS CodeCommit. The SSH keys used to connect to AWS CodeCommit are associated with the following user:

The developer is responsible for creating and deleting branches.

Which particular IAM permissions, based on the concept of least privilege, should be added?

A. ‫ג‬€codecommit:CreateBranch‫ ג‬€‫ג‬€codecommit:DeleteBranch‫ג‬€

B. ‫ג‬€codecommit:Put*‫ג‬€

C. ‫ג‬€codecommit:Update*‫ג‬€

D. ‫ג‬€codecommit:*‫ג‬€

Correct Answer: C

Community vote distribution

A (100%)
Question #205 Topic 1

A developer is attempting to monitor the status of an application by running a cron job that returns 1 when the service is up and 0 when it is down.
The developer wrote code to publish the custom metrics to Amazon CloudWatch and set an alert using the AWS CLI put-metric-alarm function.
The Developer, on the other hand, is unable to issue an alert since the custom metrics are not visible in the CloudWatch interface.

What is the source of this problem?

A. Sending custom metrics using the CLI is not supported.

B. The Developer needs to use the put-metric-data command.

C. The Developer must use a unified CloudWatch agent to publish custom metrics.

D. The code is not running on an Amazon EC2 instance.

Correct Answer: B

Community vote distribution

B (100%)

Question #206 Topic 1

Amazon Kinesis Streams is being used by a web application to store clickstream data that may not be utilized for up to 12 hours.

How can the developer encrypt data in the Kinesis Streams at rest?

A. Enable SSL connections to Kinesis

B. Use Amazon Kinesis Consumer Library

C. Encrypt the data once it is at rest with a Lambda function

D. Enable server-side encryption in Kinesis Streams

Correct Answer: D
Reference:
https://aws.amazon.com/about-aws/whats-new/2017/07/amazon-kinesis-streams-introduces-server-side-encryption/
Question #207 Topic 1

A business is building a web application that will enable workers to submit their profile pictures to a private Amazon S3 bucket. There is no
restriction on the size of the profile images that should be shown each time an employee checks in. The images cannot be made publicly available
for security reasons.

What is a long-term feasible solution to this situation?

A. Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when
the employee logs in.

B. Save the picture‫ג‬€™s S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download
pictures once they log in.

C. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a
picture.

D. Save the picture‫ג‬€™s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in.
Return the URL to the browser.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/

Community vote distribution

D (100%)

Question #208 Topic 1

A company's ecommerce website is experiencing large traffic surges, resulting in database performance issues. Users remark that viewing the
website takes an excessive amount of time.
A developer want to use Amazon ElastiCache to construct a caching layer. The website must be responsive regardless of whatever product a user
visits, and product information and pricing must be updated consistently.

Which policy for writing to the cache will meet these requirements?

A. Write to the cache directly and sync the backend at a later time

B. Write to the backend first and wait for the cache to expire

C. Write to the cache and the backend at the same time

D. Write to the backend first and invalidate the cache

Correct Answer: A
Reference:
https://aws.amazon.com/elasticache/faqs/

Community vote distribution

C (100%)
Question #209 Topic 1

A business is developing a stock trading application. The program requires a latency of less than one millisecond to handle trading requests. The
firm stores all trade data in Amazon DynamoDB, which is utilized to perform each trading request.
A development team conducts load testing on the application and discovers that the time required to get data is longer than intended. The
development team need a solution that significantly improves data retrieval time with the least amount of work feasible.

Which solution satisfies these criteria?

A. Add local secondary indexes (LSIs) for trading data.

B. Store trading data in Amazon S3 and use Transfer Acceleration.

C. Add retries with exponential back-off for DynamoDB queries

D. Use DynamoDB Accelerator to cache trading data.

Correct Answer: A

Community vote distribution

D (100%)

Question #210 Topic 1

A business runs an application that makes use of an Amazon RDS DB instance as the database. A developer must implement database encryption
at rest.

Which measures should the developer perform in combination to satisfy this requirement? (Select two.)

A. Enable encryption on the DB instance in the AWS Management Console.

B. Stop the DB instance.

C. Restore the DB instance from the encrypted snapshot.

D. Take a snapshot of the DB instance, and create an encrypted copy of the snapshot.

E. Create a customer managed key in AWS Key Management Service (AWS KMS).

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Community vote distribution

CD (67%) BD (33%)
Question #211 Topic 1

Amazon CloudFront is being used by an organization to guarantee that its users have low-latency access to their online application. The business
determined that all communication between users and CloudFront, as well as all traffic between CloudFront and the web application, should be
encrypted.

How are these stipulations to be met? (Select two.)

A. Use AWS KMS to encrypt traffic between CloudFront and the web application.

B. Set the Origin Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€.

C. Set the Origin‫ג‬€™s HTTP Port to 443.

D. Set the Viewer Protocol Policy to ‫ג‬€HTTPS Only‫ג‬€ or ‫ג‬€Redirect HTTP to HTTPS‫ג‬€.

E. Enable the CloudFront option Restrict Viewer Access.

Correct Answer: CD

Community vote distribution

BD (100%)

Question #212 Topic 1

A developer is transferring an application from on-premises to AWS. Currently, the program accepts user uploads and stores them to a server-side
local directory. All uploads must be preserved and instantly accessible to all instances within an Auto Scaling group.

Which strategy will satisfy these criteria?

A. Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.

B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.

C. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).

D. Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.

Correct Answer: D

Community vote distribution

B (100%)
Question #213 Topic 1

The Amazon API Gateway exposes a collection of APIs to clients. The API Gateway has enabled caching for these APIs. Customers have
requested an option to clear this cache for each API.

What may be done to enable API clients to invalidate the API Cache?

A. Ask customers to use AWS credentials to call the InvalidateCache API.

B. Ask customers to invoke an AWS API endpoint which invalidates the cache.

C. Ask customers to pass an HTTP header called Cache-Control:max-age=0.

D. Ask customers to add a query string parameter called ‫ג‬€INVALIDATE_CACHE‫ג‬€ when making an API call.

Correct Answer: B

Community vote distribution

C (100%)

Question #214 Topic 1

A programmer is now working on an ecommerce website. The developer want to inspect server logs without having to log in to each application
server separately. The website is built in Python and operates on numerous Amazon EC2 instances. It must be extremely available.

How can the developer upgrade the program with the fewest possible modifications to fulfill these requirements?

A. Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch.

B. Set up centralized logging by using Amazon Elasticsearch Service (Amazon ES), Logstash, and Kibana.

C. Scale down the application to one larger EC2 instance where only one instance is recording logs.

D. Install the unified Amazon CloudWatch agent on the EC2 instances. Configure the agent to push the application logs to CloudWatch.

Correct Answer: D

Community vote distribution

D (100%)
Question #215 Topic 1

A developer is updating a bespoke application that is currently running on AWS Elastic Beanstalk.
What solutions will update the Elastic Beanstalk environment with the new application version after the Developer completes the changes? (Select
two.)

A. Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console

B. Package the application code into a .tar file, create a new application version from the AWS Management Console, then update the
environment by using AWS CLI

C. Package the application code into a .tar file, and upload and deploy the packaged application from the AWS Management Console

D. Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update
the environment by using AWS CLI

E. Package the application code into a .zip file, create a new application version from the AWS Management Console, then rebuild the
environment by using AWS CLI

Correct Answer: CD

Community vote distribution

AD (100%)

Question #216 Topic 1

A developer has been requested to write an AWS Lambda function that is called whenever objects in an Amazon DynamoDB database are updated.
The function has been built, and the Lambda execution role has been granted the necessary permissions. Although Amazon DynamoDB streams
have been enabled for the table, the function continues to fail to execute.

Which option would allow the Lambda function to be triggered by DynamoDB database updates?

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table

B. Configure event source mapping for the Lambda function

C. Map an Amazon SNS topic to the DynamoDB streams

D. Increase the maximum execution time (timeout) setting of the Lambda function

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html

Community vote distribution

B (100%)
Question #217 Topic 1

A developer is debugging connection difficulties between an Amazon Web Services Lambda function and an Amazon EC2 machine running
Amazon Linux 2. Even if the Lambda function is enabled to access resources on the EC2 instance's network, the Lambda function and the EC2
instance are unable to interact.

How can the developer see the network traffic between the Lambda function and the Amazon Elastic Compute Cloud instance?

A. Inspect the VPC flow logs for network activity.

B. Use the traceroute command on the EC2 instance to check connectivity.

C. Analyze the Amazon CloudWatch metrics for network traffic.

D. Use the telnet command on the EC2 instance to check connectivity.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

Community vote distribution

A (100%)

Question #218 Topic 1

Amazon API Gateway is used by a business to manage access to a collection of microservices built as AWS Lambda functions. The corporation
makes a small breaking update to one of the APIs in response to a bug report.
To minimize the effect of the new API's deployment on current customers, the business intends to provide clients six months to transition from v1
to v2.

Which strategy should the developer use to deal with this change?

A. Update the underlying Lambda function and provide clients with the new Lambda invocation URL.

B. Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.

C. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.

D. Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.

Correct Answer: C

Community vote distribution

C (100%)
Question #219 Topic 1

A program may have hundreds of users. Each user may access the application through various devices. The Developer want to give these users
unique IDs regardless of the device they are using.

Which mechanism should be utilized to generate unique identifiers?

A. Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.

B. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.

C. Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.

D. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.

Correct Answer: D

Community vote distribution

C (100%)

Question #220 Topic 1

A business wishes to transition an imaging service to Amazon EC2 while adhering to industry best practices for security. The photos are obtained
and read from an Amazon S3 bucket that is not publicly accessible.

What actions should a developer take to ensure compliance with these requirements?

A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the Amazon EBS volume of the
EC2 instance.

B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2
instance.

C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.

D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

Community vote distribution

C (100%)
Question #221 Topic 1

A business makes use of continuous integration and delivery platforms. A developer now wants to automate the distribution of software packages
to both Amazon EC2 instances and on-premises virtual machines.

Which AWS service should be utilized for this purpose?

A. AWS CodePipeline

B. AWS CodeBuild

C. AWS Elastic Beanstalk

D. AWS CodeDeploy

Correct Answer: D

Community vote distribution

D (100%)

Question #222 Topic 1

How does AWS KMS's Envelope Encryption work?

A. The Customer Master Key is used to encrypt/decrypt a data key. The Plaintext Data Key is used to encrypt customer data.

B. Two encryption keys are used. The Customer Master Key encrypts customer data. The Data Key is used to re-encrypt the encrypted data.

C. Two encryption keys are used. The Data Key encrypts customer data. The ‫¡׀‬ustomer Master Key is used to re-encrypt the encrypted data.

D. The Customer Master Key is used to encrypt/decrypt a data key. The Encrypted Data Key is used to encrypt customer data.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Community vote distribution

A (100%)

Question #223 Topic 1

A developer must construct an application that supports SAML and Facebook authentication. Additionally, it must provide access to AWS services
such as Amazon DynamoDB.

Which AWS service or feature will allow for the LEAST amount of extra code to achieve these requirements?

A. AWS AppSync

B. Amazon Cognito identity pools

C. Amazon Cognito user pools

D. Amazon Lambda@Edge

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-saml/

Community vote distribution

B (100%)
Question #224 Topic 1

A developer is troubleshooting an AWS Lambda function that is being used in conjunction with an Amazon API Gateway. HTTP status code 200 is
returned whenever the API Gateway endpoint is contacted, despite the fact that AWS Lambda is logging a 4xx error.

What modification is required to deliver an appropriate error code through the API Gateway?

A. Enable CORS in the API Gateway method settings

B. Use a Lambda proxy integration to return HTTP codes and headers

C. Enable API Gateway error pass-through.

D. Return the value in the header x-Amzn-ErrorType.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Community vote distribution

B (100%)

Question #225 Topic 1

A developer is developing a three-tier web application that must support at least 5000 requests per minute. According to the requirements, the
web layer should be fully stateless, whereas the application should keep user session data.

How may session data be externalized while minimizing latency?

A. Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database
instance for session data storage

B. Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application
level to leverage the shared file system for session data storage

C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for
session data storage

D. Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage

Correct Answer: A

Community vote distribution

C (100%)
Question #226 Topic 1

A development team is now working on a case management system that will enable the processing and evaluation of medical claims. Users log in
to share medical and financial information.
Sensitive data such as medical records, medical imaging, bank statements, and invoices are uploaded to Amazon S3 as part of the program. All
papers must be sent and kept securely. All access to documents must be documented for auditing purposes.

Which technique is the MOST SECURE?

A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.

B. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.

C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Correct Answer: D

Community vote distribution

C (50%) D (50%)

Question #227 Topic 1

A developer is developing a web application that will allow end users to exchange encrypted documents. The papers are saved on Amazon S3 in a
private bucket. Only verified users should be able to download certain documents when requested, and only for a period of 15 minutes.

How is the developer to adhere to these specifications?

A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

Community vote distribution

B (100%)
Question #228 Topic 1

A front-end web application handles user authentication with Amazon Cognito user pools. Using the AWS SDK for JavaScript, a developer
integrates Amazon DynamoDB into the application.

How might a developer contact the API safely without disclosing the access or secret keys?

A. Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.

B. Run the web application in an Amazon EC2 instance with the instance profile configured.

C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.

D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html

Question #229 Topic 1

A business administers a website that is hosted on Amazon EC2 instances that are routed via an Elastic Load Balancer. CPU use is limited on EC2
Instances. The technical staff at the organization is responsible for securing incoming internet traffic.

Which combination of actions will satisfy these criteria? (Select two.)

A. Configure the Elastic Load Balancer with SSL passthrough.

B. Configure SSL certificates on the Elastic Load Balancer.

C. Configure the Elastic Load Balancer with a Loadable Storage System.

D. Install SSL certificates on the EC2 instances.

E. Configure the Elastic Load Balancer with SSL termination.

Correct Answer: BE
Reference:
https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/

Community vote distribution

BE (100%)
Question #230 Topic 1

In AWS Lambda, a developer is developing an application. To facilitate testing and deployments, the Developer need the ability to change the
database connection string without affecting the Lambda code.

How is this criterion to be met?

A. Store the connection string as a secret in AWS Secrets Manager.

B. Store the connection string in an IAM user account.

C. Store the connection string in AWS KMS.

D. Store the connection string as a Lambda layer.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/developer/net-core-configuration-provider-for-aws-systems-manager/

Community vote distribution

A (100%)

Question #231 Topic 1

A developer wants to monitor an application that is deployed on Amazon EC2 instances using AWS X-Ray.

What procedures must be taken to do the monitoring?

A. Deploy the X-Ray SDK with the application and use X-Ray annotation.

B. Install the X-Ray daemon and instrument the application code.

C. Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events.

D. Deploy the X-Ray SDK with the application and instrument the application code.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/aws/category/aws-x-ray/

Community vote distribution

B (100%)
Question #232 Topic 1

When deploying new application versions on AWS Elastic Beanstalk, an application's error rate increases, resulting in service deterioration for
customers. This, the Development team thinks, is due to the capacity loss throughout the deployment processes. The team want to update the
environment's deployment policy configuration to one that maintains full capacity during deployment while using current instances.

Which deployment strategy will satisfy these criteria while using current instances?

A. All at once

B. Rolling

C. Rolling with additional batch

D. Immutable

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/developer/version-2-of-the-aws-elastic-beanstalk-windows-server-platform/

Community vote distribution

C (100%)

Question #233 Topic 1

A business has a web application that is authenticated by an Amazon Cognito user pool. The business want to construct a login page including
the business's logo.

What actions should a developer take to ensure compliance with these requirements?

A. Create a hosted user interface in Amazon Cognito and customize it with the company logo.

B. Create a login page with the company logo and upload it to Amazon Cognito.

C. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito.

D. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.

Correct Answer: D
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-hosted-web-ui/

Community vote distribution

A (100%)
Question #234 Topic 1

A programmer is developing a serverless ecommerce application using AWS Lambda. An asynchronous workflow is responsible for managing the
checkout process and must arrange the execution of many Lambda functions. Each item in the shopping cart triggers a separate function in the
process. The developer orchestrates the process using AWS Step Functions.
The checkout process is currently executing the Lambda functions serially, and the developer want to optimize the procedure's speed.

What actions should the developer take to ensure compliance with these requirements?

A. Use a Choice state to identify the size of the cart and invoke a specific Lambda function with the entire cart content.

B. Use a Retry field for a second run to process all the items that failed.

C. Use a Parallel state to iterate over all the items in parallel.

D. Use a Map state to iterate over all the items in the cart.

Correct Answer: D

Community vote distribution

C (88%) 13%

Question #235 Topic 1

To increase read speed, an application makes use of a single-node Amazon ElastiCache for Redis instance. Demand for the application has grown
significantly over time, putting an increasing strain on the ElastiCache instance. It is vital that this cache layer is capable of handling the load and
being robust in the event of a node failure.

What can be done by the developer to meet load and resilience requirements?

A. Add a read replica instance.

B. Migrate to a Memcached cluster.

C. Migrate to an Amazon Elasticsearch Service cluster.

D. Vertically scale the ElastiCache instance.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis.Groups.html

Community vote distribution

A (100%)
Question #236 Topic 1

A developer intends to create a REST API via the usage of an Amazon API Gateway and AWS Lambda. The developer will be responsible for
managing three unique environments: development, test, and production.

How should the application be delivered with the least amount of resources possible?

A. Create a separate API Gateway and separate Lambda function for each environment in the same Region.

B. Assign a Region for each environment and deploy API Gateway and Lambda to each Region.

C. Create one API Gateway with multiple stages with one Lambda function with multiple aliases.

D. Create one API Gateway and one Lambda function, and use a REST parameter to identify the environment.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/compute/using-api-gateway-stage-variables-to-manage-lambda-functions/

Community vote distribution

C (100%)

Question #237 Topic 1

A corporation is transferring its on-premises web application from a single server to AWS. To balance the demand, the firm wants to deploy
numerous servers behind an Elastic Load Balancer (ELB) and to keep session data in memory on the web server. The organization does not want
to lose session data in the event of a server failure or outage, and it also wants to minimize user downtime.

Where should the organization relocate session data to most effectively decrease downtime and increase the fault tolerance of customers'
session data?

A. An Amazon ElastiCache for Redis cluster

B. A second Amazon EBS volume

C. The web server‫ג‬€™s primary disk

D. An Amazon EC2 instance dedicated to session data

Correct Answer: A

Community vote distribution

A (100%)
Question #238 Topic 1

A development team is deploying a two-tier application in production using AWS Elastic Beanstalk. The application comprises of a load-balanced
web tier and an Amazon RDS database layer. The team want to partition the RDS instance from the Elastic Beanstalk instance.

How is this possible?

A. Use the Elastic Beanstalk CLI to disassociate the database.

B. Use the AWS CLI to disassociate the database.

C. Change the deployment policy to disassociate the database.

D. Recreate a new Elastic Beanstalk environment without Amazon RDS.

Correct Answer: C

Community vote distribution

D (100%)

Question #239 Topic 1

A developer is attempting to get data from the demoman-table database in Amazon DynamoDB. The developer set the AWS CLI to utilize the
credentials of a particular IAM user and ran the following command:

The command produced errors and returned no rows.

Which of the following is the MOST LIKELY CAUSE of these problems?

A. The command is incorrect; it should be rewritten to use put-item with a string argument.

B. The developer needs to log a ticket with AWS Support to enable access to the demoman-table.

C. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API.

D. The IAM user needs an associated policy with read access to demoman-table.

Correct Answer: D

Community vote distribution

D (100%)
Question #240 Topic 1

A developer has established a new AWS IAM user with the s3:putObject permission, which enables him to write to a particular Amazon S3 bucket.
As a default, this S3 bucket employs server-side encryption with AWS KMS controlled keys (SSE-KMS). When contacting the PutObject API with
the IAM user's access key and secret key, the application encountered an access denied error.

How is this problem to be resolved?

A. Update the policy of the IAM user to allow the s3:Encrypt action.

B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.

C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.

D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-error-kms/

Community vote distribution

C (100%)

Question #241 Topic 1

On Amazon EC2 instances, a developer has code that requires read-only access to an Amazon DynamoDB database.

What is the MOST secure method for the Developer to do this task?

A. Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys
rotate.

B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.

C. Run all code with only AWS account root user access keys to ensure maximum access to services.

D. Use an IAM role with Administrator access applied to the EC2 instance.

Correct Answer: B

Community vote distribution

B (100%)
Question #242 Topic 1

A developer is developing an AWS Lambda function that makes Amazon DynamoDB available. The Lambda function must obtain and change
certain properties of an object, or construct the item if it does not exist. Access to the main key is granted to the Lambda function.

Which IAM permissions should the developer obtain to enable this capability in the Lambda function?

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable

C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable

D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html

Community vote distribution

D (100%)

Question #243 Topic 1

A developer is working on a financial transaction management program. Multi-factor authentication (MFA) will be needed as part of the login
procedure to increase security.

Which services are available to the developer in order to achieve these requirements?

A. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes

B. Amazon Cognito with MFA

C. AWS Directory Service

D. AWS IAM with MFA enabled

Correct Answer: D
Reference:
https://acloud.guru/forums/aws-cda-2018/discussion/-MDjup08bTIQmngW7M6-/IAM%20with%20MFA%20or%20Cognito%20with%20MFA%3F

Community vote distribution

B (100%)
Question #244 Topic 1

A programmer is developing an application that will handle a stream of data given by the user. The data stream must be received concurrently and
in real time by various Amazon EC2-based processing apps. Each processor must be capable of restarting without losing data if service is
interrupted. The Application Architect intends to expand the number of processors in the near future and wants to reduce data duplication.

Which solution will meet these criteria?

A. Publish the data to Amazon SQS.

B. Publish the data to Amazon Kinesis Data Firehose.

C. Publish the data to Amazon CloudWatch Events.

D. Publish the data to Amazon Kinesis Data Streams.

Correct Answer: D
Reference:
https://aws.amazon.com/kinesis/data-streams/faqs/

Question #245 Topic 1

A developer is developing a Lambda function to create and export a file. While the program is running, it needs 100 MB of temporary storage for
transient files. These files are no longer required after the function has been completed.

How can the developer manage temporary files most efficiently?

A. Store the files in EBS and delete the files at the end of the Lambda function.

B. Copy the files to EFS and delete the files at the end of the Lambda function.

C. Store the files in the /tmp directory and delete the files at the end of the Lambda function.

D. Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Correct Answer: C
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=174119

Community vote distribution

C (100%)
Question #246 Topic 1

A business is in the process of building a serverless ecommerce web application. The application must perform synchronized, all-or-nothing
updates to various products in the company's Amazon DynamoDB inventory database.

Which solution will satisfy these criteria?

A. Enable transactions for the DynamoDB table. Use the BatchWriteItem operation to update the items.

B. Use the TransactWriteItems operation to group the changes. Update the items in the table.

C. Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update the table based on the grouped changes.

D. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions. Write a backend process to sync the Aurora DB
table and the DynamoDB table.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/mobile/appsync-caching-transactions/

Community vote distribution

B (100%)

Question #247 Topic 1

A business developed a serverless application that incorporates the customers' preferred actors. The business's data was stored in an Amazon
DynamoDB database. The table is divided into three sections: actor, film, and year.
Each actor appears in a number of films and may feature in numerous films in a single calendar year. The firm is interested in discovering which of
the customers' favorite actors were in the same film and which films were released in the same year. A developer must create the DynamoDB
database in such a way that the response time for such queries is as short as possible.

Which solution satisfies these criteria?

A. Create a composite primary key with Actor as the partition key and Movie as the sort key Use Year as the sort key for a global secondary
index (GSI).

B. Create a composite primary key with Actor as the partition key and Year as the sort key Use Movie as the sort key for a global secondary
index (GSI).

C. Create a composite primary key with Movie as the partition key and Actor as the sort key Use Year as the sort key for a global secondary
index (GSI).

D. Create a simple primary key with Actor as the partition key. Use Year as the sort key for a local secondary index (LSI).

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html
Question #248 Topic 1

A developer is working on a mobile app and requires any changes to user profile data to be distributed to all devices that access the same identity.
The developer does not wish to maintain the user profile data on a back end.
What is the most efficient approach for the Developer to use Amazon Cognito to meet these requirements?

A. Use Cognito federated identities.

B. Use a Cognito user pool.

C. Use Cognito Sync.

D. Use Cognito events.

Correct Answer: A

Community vote distribution

C (100%)

Question #249 Topic 1

A developer wishes to revert to a prior version of an AWS Lambda function in the case of deployment issues.

How can the developer do this with the FEWEST possible effect on users?

A. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the
newly deployed version. If too many errors are encountered, point the alias back to the previous version.

B. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10%
of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version.

C. Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application
back to the previous version using the version number in the Amazon Resource Name (ARN).

D. Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to
the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version.
Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.

Correct Answer: A

Community vote distribution

B (100%)
Question #250 Topic 1

A legacy program running on-premises caches data files locally and writes shared pictures to local drives.

What is required to enable horizontal scalability during the application's migration to AWS?

A. Modify the application to have both shared images and caching data written to Amazon EBS.

B. Modify the application to read and write cache data on Amazon S3, and also store shared images on S3.

C. Modify the application to use Amazon S3 for serving shared images; cache data can then be written to local disks.

D. Modify the application to read and write cache data on Amazon S3, while continuing to write shared images to local disks.

Correct Answer: B

Community vote distribution

C (100%)

Question #251 Topic 1

A developer chooses to use Amazon S3 to store highly secure data and want to build server-side encryption (SSE) with granular control over who
may access the master key. For security reasons, company policy demands that the master key be established, cycled, and deactivated easily as
necessary.

Which option is most appropriate for meeting these requirements?

A. SSE with Amazon S3 managed keys (SSE-S3)

B. SSE with AWS KMS managed keys (SSE-KMS)

C. SSE with AWS Secrets Manager

D. SSE with customer-provided encryption keys

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

Community vote distribution

B (100%)
Question #252 Topic 1

A server-side application running on Amazon EC2 instances needs access assets contained in an Amazon S3 bucket that have been secured using
AWS KMS encryption keys (SSE-KMS). To decrypt the items, the program must have access to the customer master key (CMK).

Which sequence of actions will provide access to the application? (Select two.)

A. Write an S3 bucket policy that grants the bucket access to the key.

B. Grant access to the key in the IAM EC2 role attached to the application‫ג‬€™s EC2 instances.

C. Write a key policy that enables IAM policies to grant access to the key.

D. Grant access to the key in the S3 bucket‫ג‬€™s ACL

E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.

Correct Answer: AE

Community vote distribution

BC (100%)

Question #253 Topic 1

Amazon Cognito is being used by a social networking firm to synchronize profiles across many mobile devices, enabling end users to enjoy a
consistent experience.

Which of the following setups enables customers to be notified quietly whenever an update is ready for their other devices?

A. Modify the user pool to include all the devices which keep them in sync.

B. Use the SyncCallback interface to receive notifications on the application.

C. Use an Amazon Cognito stream to analyze the data and push the notifications.

D. Use the push synchronization feature with the appropriate IAM role.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sync.html

Community vote distribution

D (100%)
Question #254 Topic 1

The Lambda function below is invoked through an API request made using Amazon API Gateway. The Lambda function typically executes in less
than a second.
The Lambda function's pseudocode is displayed in the exhibit.

Which two measures may be performed to increase this Lambda function's performance without raising the cost of the solution? (Select two.)

A. Package only the modules the Lambda function requires

B. Use Amazon DynamoDB instead of Amazon RDS

C. Move the initialization of the variable Amazon RDS connection outside of the handler function

D. Implement custom database connection pooling with the Lambda function

E. Implement local caching of Amazon RDS data so Lambda can re-use the cache

Correct Answer: AC

Community vote distribution

AC (50%) CE (50%)
Question #255 Topic 1

A developer has constructed a huge Lambda function, but deployment encounters the following error:
ClientError: When invoking the CreateFunction action, an error occurred (InvalidParameterValueException): The unzipped file size must not exceed
XXXXXXX bytes€TM, where XXXXXXXX is the current Lambda limit.

What is the Developer's role in resolving this issue?

A. Submit a limit increase request to AWS Support to increase the function to the size needed.

B. Use a compression algorithm that is more efficient than ZIP.

C. Break the function into multiple smaller Lambda functions.

D. ZIP the ZIP file twice to compress it further.

Correct Answer: C

Question #256 Topic 1

A developer is using Amazon S3 to store sensitive data created by an application. The developer want to encrypt the data while it is in transit. A
corporate policy demands an audit trail detailing when and by whom the master key was used.

Which encryption method will satisfy these criteria?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with AWS KMS managed keys (SSE-KMS)

C. Server-side encryption with customer-provided keys (SSE-C)

D. Server-side encryption with self-managed keys

Correct Answer: B
Similar to SSE-S3, but with some additional benefits along with some additional charges for using this service. provides you with an audit trail
of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key
that is unique to you.

Community vote distribution

B (100%)
Question #257 Topic 1

An Amazon EC2 instance is configured with an IAM role that expressly forbids access to all Amazon S3 API activities. The EC2 instance
credentials file contains the IAM access key and secret access key, both of which provide full administrative access.

Which of the following statements is accurate in light of the fact that this EC2 instance supports several types of IAM access?

A. The EC2 instance will only be able to list the S3 buckets.

B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.

C. The EC2 instance will be able to perform all actions on any S3 bucket.

D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Correct Answer: A

Community vote distribution

C (100%)

Question #258 Topic 1

A developer is storing application data in Amazon DynamoDB. The developer want to further optimize the application's performance by minimizing
the time required to conduct read and write operations.

Which DynamoDB functionality should be utilized to accomplish these goals?

A. Amazon DynamoDB Streams

B. Amazon DynamoDB Accelerator

C. Amazon DynamoDB global tables

D. Amazon DynamoDB transactions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html

Community vote distribution

B (75%) C (25%)
Question #259 Topic 1

A developer wrote configuration requirements for an AWS Elastic Beanstalk application in a file entitled healthcheckurl.yaml in their application
source bundle's.ebextensions/directory. The following information is included in the file:

Following the application's start, the health check is not executed on the right route, despite the fact that it is legitimate.

How can this configuration file be corrected?

A. Convert the file to JSON format.

B. Rename the file to a .config extension.

C. Change the configuration section from options_settings to resources.

D. Change the namespace of the option settings to a custom namespace.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

Community vote distribution

B (100%)

Question #260 Topic 1

A developer is developing an AWS Lambda function to produce and publish a weekly newsletter to 100,000 subscribers dynamically. This mail
includes both static and dynamic content. The developer need a highly scalable and quick storage location for the photographs that will be
hyperlinked throughout the newsletter.

Where is the developer supposed to save these images?

A. Use an Amazon DynamoDB table with DynamoDB Streams and read capacity auto scaling enabled.

B. Use an Amazon S3 bucket and S3 Transfer Acceleration to speed up the image download.

C. Use an Amazon Aurora database with a public DNS endpoint and auto scaling enabled.

D. Use an Amazon S3 backed Amazon CloudFront distribution with a high Time-to-Live (TTL) to maximize caching.

Correct Answer: A

Community vote distribution

D (100%)
Question #261 Topic 1

An application is being developed that will use Amazon SQS to handle messages from a large number of independent senders. Messages from
each sender must be handled in the order in which they are received.

Which SQS functionality should the developer implement?

A. Configure each sender with a unique MessageGroupId

B. Enable MessageDeduplicationIds on the SQS queue

C. Configure each message with unique MessageGroupIds.

D. Enable ContentBasedDeduplication on the SQS queue

Correct Answer: A

Question #262 Topic 1

A developer is writing transactions to the €SystemUpdates€ DynamoDB database, which has five write capacity units.

Which of the following options provides the maximum read throughput?

A. Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size

B. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size

C. Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size

D. Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size

Correct Answer: B

Question #263 Topic 1

A developer works in an environment that includes various Amazon Web Services accounts and AWS Lambda functions that handle identical 100
KB payloads. The developer wishes to centralize the payloads' origin in a single account and have all Lambda functions triggered whenever the
parent account's starting event happens.

How can the developer build the process in the most efficient manner possible, ensuring that all Lambda functions with multiple accounts are run
when an event occurs?

A. Create a Lambda function in the parent account and use cross-account IAM roles with the AWS Security Token Service (AWS STS)
AssumeRole API call to make AWS Lambda invoke the API call to invoke all the cross-account Lambda functions.

B. Subscribe all the multi-account Lambda functions to an Amazon SNS topic and make a SNS Publish API call with the payload to the SNS
topic.

C. Set up an Amazon SQS queue with the queue policy permitting the ReceiveMessage action for multi-account Lambda functions. Then send
the payload to the SQS queue using the sqs:SendMessage permission and poll the queue using multi-account Lambda functions.

D. Use a worker on an Amazon EC2 instance to poll for the payload event. Invoke all Lambda functions using the Lambda Invoke API after
using cross-account IAM roles with the AWS Security Token Service (AWS STS) AssumeRole API call.

Correct Answer: D

Community vote distribution

B (100%)
Question #264 Topic 1

A developer wishes to improve the performance of reads from an unencrypted Amazon S3 bucket. Each second, the program needs 100,000 read
requests. Priority is given to cost-effectiveness.

What is the MOST SIMPLE method for implementing these requirements?

A. Create 20 or more prefixes in Amazon S3. Place files by prefixes. Read in parallel by prefixes.

B. Create 20 or more AWS accounts. Create a bucket in each account. Read in parallel by bucket.

C. Deploy Memcached on Amazon EC2. Cache the files in memory. Retrieve from the Memcached cache.

D. Copy all files to Amazon DynamoDB. Index the files with S3 metadata. Retrieve from DynamoDB.

Correct Answer: B

Community vote distribution

A (100%)

Topic 1 - Single Topic

Question #265 Topic 1

A developer used Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS to construct a dashboard for an application. The developer
need an authentication system that enables users to log in and access their dashboard. It must be available through mobile apps, desktop
applications, and tablets, and it must maintain user preferences across platforms.

Which AWS service should the developer use to accommodate this situation of authentication?

A. AWS KMS

B. Amazon Cognito

C. AWS Directory Service

D. Amazon IAM

Correct Answer: B
Question #266 Topic 1

A developer is deploying an application to Amazon EC2 using AWS CodeDeploy. The developer wishes to modify the permissions on a particular
deployment file.

Which lifecycle event should a developer utilize to do this task?

A. AfterInstall

B. DownloadBundle

C. BeforeInstall

D. ValidateService

Correct Answer: A
You can use the AfterInstall deployment lifecycle event for tasks such as configuring your application or changing file permissions.
Reference:
https://aws.amazon.com/codedeploy/faqs/

Community vote distribution

A (100%)

Question #267 Topic 1

A multinational corporation runs an application on Amazon EC2 instances that provides image files stored in Amazon S3. User queries from the
browser generate a lot of traffic, which leads in performance degradation.

Which optimization technique should a developer use to boost the speed of an application?

A. Create multiple prefixes in the S3 bucket to increase the request rate.

B. Create an Amazon ElastiCache cluster to cache and serve frequently accessed items.

C. Use Amazon CloudFront to serve the content of images stored in Amazon S3.

D. Submit a ticket to AWS Support to request a rate limit increase for the S3 bucket.

Correct Answer: C

Community vote distribution

C (100%)
Question #268 Topic 1

A business operates a two-tier application that runs on an Amazon EC2 server and manages all of its AWS-based e-commerce operations. During
peak periods, the backend servers responsible for processing orders become overburdened with requests. As a consequence, certain orders are
unable to be processed. A developer must provide a way for refactoring the program.

Which initiatives will provide more flexibility during peak periods while staying economically viable? (Select two.)

A. Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.

B. Implement an Amazon SQS queue to decouple the front-end and backend servers.

C. Use an Amazon SNS queue to decouple the front-end and backend servers.

D. Migrate the backend servers to on-premises and pull from an Amazon SNS queue.

E. Modify the backend servers to pull from an Amazon SQS queue.

Correct Answer: BE

Community vote distribution

BE (100%)

Question #269 Topic 1

A developer wishes to protect sensitive configuration data, including passwords, database strings, and application licensing numbers. Access to
this sensitive data must be monitored for audit reasons in the future.

Where, in accordance with security best practices and operational needs, should sensitive information be stored?

A. In an encrypted file on the source code bundle; grant the application access with Amazon IAM

B. In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM

C. On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data

D. As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/how-to-enhance-the-security-of-sensitive-customer-data-by-using-amazon-cloudfront-field-level-
encryption/

Community vote distribution

B (100%)
Question #270 Topic 1

A developer has been requested to modify the source code for an AWS Lambda function. AWS CloudFormation templates are used to administer
the function. The template is designed to load the source code from a bucket on Amazon S3. The Developer prepared a.ZIP file deployment
package containing the modifications manually and placed it in the appropriate location on Amazon S3. When the function is executed, the
modifications to the code are not implemented.

What procedure must be followed to ensure that the function is updated to reflect the changes?

A. Delete the .ZIP file on S3, and re-upload by using a different object key name.

B. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.

C. Ensure that the function source code is base64-encoded before uploading the deployment package to S3.

D. Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.

Correct Answer: D

Community vote distribution

B (100%)

Question #271 Topic 1

A developer is using AWS CloudFormation to create a deployment package. Two distinct templates are included in the package: one for the
infrastructure and another for the application. The application must be contained inside the VPC built using the infrastructure template's
infrastructure template.

How can the application stack make reference to the VPC established using the infrastructure template's infrastructure template?

A. Use the Ref function to import the VPC into the application stack from the infrastructure template.

B. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.

C. Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template.

D. Use the Fn::GetAtt function to include the attribute of the VPC in the application template.

Correct Answer: A

Community vote distribution

B (100%)
Question #272 Topic 1

A developer is developing an application that will handle a high volume of queries. Requests must be handled in the order they are received, and
each request should only be processed once.

To do this, how should Amazon SQS be deployed?

A. Configure First in First out (FIFO) delivery in a standard Amazon SQS queue to process requests.

B. Use an SQS FIFO queue to process requests.

C. Use the SetOrder attribute to ensure sequential request processing.

D. Convert the standard queue to a FIFO queue by renaming the queue to use the .fifo suffix.

Correct Answer: B
Reference:
https://medium.com/awesome-cloud/aws-difference-between-sqs-standard-and-fifo-first-in-first-out-queues-28d1ea5e153

Community vote distribution

B (100%)

Question #273 Topic 1

A development team deploys applications using AWS Elastic Beanstalk. The team has limited the number of application versions to 25 by
configuring the application version lifecycle policy. Despite this, the source bundle gets destroyed from the Amazon S3 source bucket regardless
of the lifespan policy.

What should a developer do in the Elastic Beanstalk application's version lifecycle settings to ensure that the source code is retained in the S3
bucket?

A. Change the Set the application versions limit by total count setting to zero.

B. Disable the Lifecycle policy setting.

C. Change the Set the application version limit by age setting to zero.

D. Set Retention to Retain source bundle in S3.

Correct Answer: D
Reference:
https://digitalcloud.training/certification-training/aws-developer-associate/aws-compute/elastic-beanstalk/

Community vote distribution

D (100%)
Question #274 Topic 1

A business requires data encryption at rest but wishes to utilize an AWS managed service while maintaining control over its own master key.

Which of the following Amazon Web Services (AWS) services is appropriate for meeting these requirements?

A. SSE with Amazon S3

B. SSE with AWS KMS

C. Client-side encryption

D. AWS IAM roles and policies

Correct Answer: B

Question #275 Topic 1

A developer is creating a distributed application that will be constructed utilizing a microservices architecture and will span numerous Amazon
Web Services accounts. The operations team of the business need the ability to examine and troubleshoot application problems from a
centralized account.

How is the developer to adhere to these specifications?

A. Use an Amazon X-Ray agent with role assumption to publish data into the centralized account.

B. Use Amazon X-Ray and create a new IAM user to publish the access keys into the centralized account.

C. Use VPC Flow Logs to collect applications logs across different accounts.

D. Enable AWS CloudTrail to publish the trails in an Amazon S3 bucket in the centralized account.

Correct Answer: A
Reference:
https://aws.amazon.com/xray/faqs/#:~:text=Yes%2C%20the%20X-Ray%20agent,application%20into%20a%20central%20account
.

Community vote distribution

A (100%)
Question #276 Topic 1

The website of a business is hosted on an Amazon EC2 instance, which utilizes Auto Scaling to automatically scale the environment during peak
periods. Worldwide, website visitors are experiencing increased latency as a result of static material on the EC2 instance, even during off-peak
hours.

Which sequence of actions will overcome the problem of latency? (Select two.)

A. Double the Auto Scaling group‫ג‬€™s maximum number of servers.

B. Host the application code on AWS Lambda.

C. Scale vertically by resizing the EC2 instances.

D. Create an Amazon CloudFront distribution to cache the static content.

E. Store the application‫ג‬€™s static content in Amazon S3.

Correct Answer: CE
Reference:
https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/

Community vote distribution

DE (100%)

Question #277 Topic 1

A developer is developing a website that will be housed in an Amazon S3 bucket that has support for static website hosting. The developer will
utilize Amazon Route 53 to provide DNS services and will redirect the company's domain to the bucket through an alias record. One S3 item must
be redirected to a different URL by the developer.

What should the developer employ to ensure that the redirect from a website page works properly?

A. A Route 53 CNAME alias record that points to the new location

B. An S3 object-level redirect through system-defined metadata

C. A Route 53 A record that points to the new location

D. A redirect that is configured within the S3 bucket‫ג‬€™s policy

Correct Answer: A
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RoutingToS3Bucket.html

Community vote distribution

B (100%)
Question #278 Topic 1

A developer is looking at performance concerns with an application. The program is composed of hundreds of microservices, and each API
request may have a lengthy call stack. The developer must isolate the problematic component.

Which AWS service or functionality should the developer utilize to collect data about what is occurring and isolate the fault?

A. AWS X-Ray

B. VPC Flow Logs

C. Amazon GuardDuty

D. Amazon Macie

Correct Answer: A
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html

Community vote distribution

A (100%)

Question #279 Topic 1

A developer is developing a Linux application that will be hosted on AWS Elastic Beanstalk. The application's requirements indicate that it must
retain full capacity throughout upgrades while keeping costs to a minimum.

Which deployment policy for Elastic Beanstalk should the developer select for the environment?

A. Immutable

B. Rolling

C. All at Once

D. Rolling with additional batch

Correct Answer: A
Reference:
https://aws.amazon.com/about-aws/whats-new/2016/04/aws-elastic-beanstalk-adds-two-new-deployment-policies-and-amazon-linux-ami-
2016-03- update/

Community vote distribution

D (100%)
Question #280 Topic 1

A recent migration of a company's web, application, and NoSQL database layers to AWS. Auto Scaling is being used by the organization to scale
the web and application layers.
Over 95% of Amazon DynamoDB queries are for repeated reads.

How can the NoSQL layer of DynamoDB be scaled up to handle these repetitive requests?

A. Amazon EMR

B. Amazon DynamoDB Accelerator

C. Amazon SQS

D. Amazon CloudFront

Correct Answer: B
Reference:
https://aws.amazon.com/dynamodb/dax/

Community vote distribution

B (100%)

Question #281 Topic 1

A developer wishes to encrypt new objects that an application uploads to an Amazon S3 bucket. There must be a record of who used the key
throughout this procedure. There should be no difference in the application's performance.

Which form of encryption satisfies these criteria?

A. Server-side encryption using S3-managed keys

B. Server-side encryption with AWS KMS-managed keys

C. Client-side encryption with a client-side symmetric master key

D. Client-side encryption with AWS KMS-managed keys

Correct Answer: B

Community vote distribution

B (100%)
Question #282 Topic 1

Three microservice projects are created by a developer and are stored in distinct folders under the same AWS CodeCommit repository. Each
project is served by a distinct AWS CodePipeline pipeline. When a developer pushes modifications to a single microservice, all three pipelines
begin to execute.
The developer must ensure that only necessary pipelines are executed. The developer is not permitted to alter the organization of the repository.

Which solution will satisfy these criteria?

A. For each of the three microservice projects, create a separate CodeCommit repository.

B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function to evaluate changes to the
repository and run the appropriate pipeline.

C. Create an Amazon API Gateway API that is backed by an AWS Lambda function to determine the appropriate pipeline to run. Add the API
endpoint to a webhook in CodeCommit.

D. Migrate all three pipelines to a single pipeline. Add conditional stages to build a certain microservice project.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/devops/adding-custom-logic-to-aws-codepipeline-with-aws-lambda-and-amazon-cloudwatch-events/

Community vote distribution

B (100%)

Question #283 Topic 1

A developer is currently building code for an Amazon Web Services Lambda function. The function will act as a Lambda authorizer, allowing
Amazon API Gateway to manage access to a certain API.

Along with the primary identity, what should this code return following successful authentication?

A. An HTTP response status code of 200 that indicates successful completion

B. An integer 0 that indicates successful completion

C. The Amazon Resource Name (ARN) of an IAM role that will be assumed for authentication

D. A policy document with desired permissions

Correct Answer: C
Reference:
https://www.alexdebrie.com/posts/lambda-custom-authorizers/

Community vote distribution

D (75%) C (25%)
Question #284 Topic 1

Continuous integration/continuous delivery (CI/CD) systems are being used by a business. A developer needs automate the distribution of a
software application bundle to Amazon EC2 instances and on-premises virtual servers.

Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements?

A. AWS Cloud9

B. AWS CodeBuild

C. AWS Elastic Beanstalk

D. AWS CodeDeploy

Correct Answer: D
Reference:
https://aws.amazon.com/devops/

Question #285 Topic 1

A smartphone application that allows users to see photographs from an S3 bucket is being developed by a developer. Users must be able to log in
using their Amazon credentials as well as their Facebook® and/or Google® accounts.
How will the Developer be able to implement this authentication feature?

A. Use Amazon Cognito with web identity federation.

B. Use Amazon Cognito with SAML-based identity federation.

C. Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket.

D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Correct Answer: A
Reference:
http://jayendrapatil.com/tag/iam-role/
Question #286 Topic 1

A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The application's
data is kept in an Amazon DynamoDB database, and all instances maintain records in real time. At times, an instance retrieves outdated data. The
Developer want to rectify issue by ensuring that readings are very consistent.

How is this accomplished by the Developer?

A. Set ConsistentRead to true when calling GetItem.

B. Create a new DynamoDB Accelerator (DAX) table.

C. Set Consistency to strong when calling UpdateTable.

D. Use the GetShardIterator command.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadConsistency.html

Community vote distribution

A (100%)

Question #287 Topic 1

A developer is developing a web application for AWS Lambda. Users will be able to log in and see private documents using the application. All
pages in the application must adhere to the company's branding guidelines.

How can the developer host the sign-in pages with the LESS custom code possible?

A. Upload files for the sign-in pages with the required branding to an Amazon S3 bucket. Configure static website hosting for the S3 bucket.

B. Create a Lambda function to serve the sign-in pages with the required branding. Configure Amazon API Gateway to route traffic to the
function.

C. Create a Lambda@Edge function to serve the sign-in pages with the required branding. Configure Amazon CloudFront to invoke the function
in response to user requests.

D. Configure an Amazon Cognito user pool with an Amazon Cognito hosted UI for the sign-in pages. Customize the pages with the required
branding.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html

Community vote distribution

D (100%)
Question #288 Topic 1

An AWS Lambda function is being written by a developer. The developer want to record critical events that occur during the Lambda function's
execution and to provide a unique identifier that will allow the events to be associated with a single function invocation.

Which of the following will assist the developer in achieving this goal?

A. Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console.

B. Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file.

C. Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console.

D. Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file.

Correct Answer: A

Community vote distribution

A (100%)

Question #289 Topic 1

A business has an Amazon S3 bucket holding premium material that it wants to make accessible exclusively to paying website subscribers.
Currently, the S3 bucket's default permissions set all objects to private to avoid inadvertently exposing premier material to non-paying website
users.

How is the corporation able to restrict access to a premium content file in the S3 bucket to just paying subscribers?

A. Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

C. Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.

D. Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Correct Answer: B

Community vote distribution

B (100%)
Question #290 Topic 1

A developer hosts static websites using Amazon S3 buckets. The developer builds two S3 buckets: one for the code and another for the assets,
which include picture and video files. When a user tries to access the assets bucket from the code bucket, access is forbidden, and the website
application displays a 403 error.

How should the Developer approach this situation?

A. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access.

B. Edit the bucket policy of the assets bucket to open access to all principals.

C. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any origin to access the assets.

D. Change the code bucket to use AWS Lambda functions instead of static website hosting.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html

Community vote distribution

C (100%)

Question #291 Topic 1

A business created a set of APIs that are provided through the Amazon API Gateway. The API requests must be authenticated using a supplier of
OpenID-based identification, such as Amazon or Facebook. Access to the APIs should be based on a specific authorisation mechanism.

Which approach is the most straightforward and secure to employ when developing an authentication and authorisation strategy for APIs?

A. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.

B. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web
Token to the API to authenticate each API call.

C. Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by
passing user credentials to the APIs for authentication and authorization.

D. Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.

Correct Answer: A
Question #292 Topic 1

When a Developer attempts to execute an AWS CodeBuild project, an error occurs because the cumulative length of all environment variables
exceeds the maximum character limit.

What is the suggested course of action?

A. Add the export LC_ALL=‫ג‬€en_US.utf8‫ג‬€ command to the pre_build section to ensure POSIX localization.

B. Use Amazon Cognito to store key-value pairs for large numbers of environment variables.

C. Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables.

D. Use AWS Systems Manager Parameter Store to store large numbers of environment variables.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/troubleshooting.html

Question #293 Topic 1

A developer is now working on an application that manages papers that are ten megabytes in size and include very sensitive data. The application
will encrypt data on the client side using AWS KMS.

Which procedures must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId
parameter

B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Correct Answer: A

Community vote distribution

D (100%)
Question #294 Topic 1

A software business must ensure that documents provided by users are maintained securely in Amazon S3. At rest, the documents must be
encrypted in Amazon S3.
The firm does not want to operate its security infrastructure in-house, but it need additional protection to maintain control over its encryption keys
in order to comply with industry laws.

Which encryption technique should a developer use in order to satisfy these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with customer-provided encryption keys (SSE-C)

C. Server-side encryption with AWS KMS managed keys (SSE-KMS)

D. Client-side encryption

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

Community vote distribution

( 00%)

Question #295 Topic 1

A developer has developed an application that can concurrently upload tens of thousands of items to Amazon S3 under a single AWS account. As
part of the new criteria, data stored in S3 must be encrypted on the server using AWS KMS (SSE-KMS). After making this update, the application's
performance degrades.

Which of the following is the MOST LIKELY source of application latency?

A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys.

B. The AWS KMS API calls limit is less than needed to achieve the desired performance.

C. The client encryption of the objects is using a poor algorithm.

D. KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.

Correct Answer: B
Question #296 Topic 1

A developer has created an application for Amazon Kinesis Data Streams. With increased use and traffic, the application often receives
ProvisionedThroughputExceededException error messages.

How should the developer proceed in order to address the error? (Select two.)

A. Use Auto Scaling to scale the stream for better performance

B. Increase the delay between the GetRecords call and the PutRecords call

C. Increase the number of shards in the data stream

D. Specify a shard iterator using the ShardIterator parameter

E. Implement exponential backoff on the GetRecords call and the PutRecords call

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/streams/latest/dev/troubleshooting-consumers.html

Community vote distribution

CE (100%)

Question #297 Topic 1

A business has a website built in PHP and WordPress and is hosted on AWS Elastic Beanstalk. The website requires a new version to be deployed
in the Elastic Beanstalk environment. The firm cannot afford to have the website unavailable in the event of an update failure. Deployments must
have a negligible effect and be reversible as quickly as feasible.

Which type of deployment should be used?

A. All at once

B. Rolling

C. Snapshots

D. Immutable

Correct Answer: D
Question #298 Topic 1

A development team is in the process of developing a new application that will operate on AWS. While the test and production environments will
be hosted on Amazon EC2 instances, developers will use their own computers to execute their environments.

Which of the following is the EASIEST and MOST SECURE method for local development computers to access AWS services?

A. Use an IAM role to assume a role and execute API calls using the role.

B. Create an IAM user to be shared with the entire development team; provide the development team with the access key.

C. Create an IAM user for each developer on the team; provide each developer with a unique access key.

D. Set up a federation through an Amazon Cognito user pool.

Correct Answer: D

Community vote distribution

C (100%)

Question #299 Topic 1

A developer is developing an AWS Lambda function to handle data coming from an Amazon Kinesis Data Stream. When the Lambda function
parses the data and comes across an empty field, it returns an error. The function duplicates the records in the Kinesis stream. There are no
duplicate entries when the Developer examines the stream output without using the Lambda function.

What accounts for the duplicates?

A. The Lambda function did not advance the Kinesis stream pointer to the next record after the error.

B. The Lambda event source used asynchronous invocation, resulting in duplicate records.

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

D. The Lambda function is not keeping up with the amount of data coming from the stream.

Correct Answer: A

Community vote distribution

C (100%)
Question #300 Topic 1

The code of a developer is saved in an Amazon S3 bucket. The code must be distributed across many AWS Lambda accounts in the same Region
as the S3 bucket as an AWS Lambda function. The Lambda function will be launched using a custom AWS CloudFormation template for each
account.

What is the MOST SECURE method for granting access to Lambda code stored in an S3 bucket?

A. Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of ‫ג‬€AWS‫ג‬€:
[account numbers].

B. Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of ‫*ג‬€‫ג‬€.

C. Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket‫ג‬€™s account number in
the resource.

D. Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of ‫*ג‬€‫ג‬€ to allow access to the S3 bucket.

Correct Answer: D

Community vote distribution

A (100%)

Question #301 Topic 1

A developer is developing a web application that will be deployed on Amazon EC2 instances behind an application load balancer that will be
visible to the public (ALB). In front of the ALB, the developer must install an Amazon CloudFront distribution. Additionally, the developer must
verify that client data that originates outside the VPC is secured during transit.

Which configuration options in CloudFront should the developer use to achieve these requirements? (Select two.)

A. Restrict viewer access by using signed URLs.

B. Set the Origin Protocol Policy setting to Match Viewer.

C. Enable field-level encryption.

D. Enable automatic object compression.

E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.

Correct Answer: AE

Community vote distribution

BE (100%)
Question #302 Topic 1

A developer transferred a web application to Amazon Web Services (AWS). As part of the move, the developer used a blue/green deployment to
automate the continuous integration/continuous improvement (CI/CD) process. The deployment creates new Amazon EC2 instances in an Auto
Scaling group, which is configured to run behind a new Application Load Balancer. Following the move, the Developer started receiving complaints
from users who had been booted off the system. Additionally, the system needs users to log in upon each new deployment.

How are these problems to be resolved?

A. Use rolling updates instead of a blue/green deployment

B. Externalize the user sessions to Amazon ElastiCache

C. Turn on sticky sessions in the Application Load Balancer

D. Use multicast to replicate session information

Correct Answer: C

Community vote distribution

B (100%)

Question #303 Topic 1

A development team want to instrument their code in order to offer AWS X-Ray with more specific information than simply outgoing and incoming
requests provide. This will result in
Because the Development team generates a vast quantity of data, they want to create indexing so they can filter it.

What actions should the development team take to accomplish this?

A. Add annotations to the segment document and the code

B. Add metadata to the segment document and the code

C. Configure the necessary X-Ray environment variables

D. Install required plugins for the appropriate AWS SDK

Correct Answer: A
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html

Community vote distribution

A (100%)
Question #304 Topic 1

A developer creates an AWS Lambda function and uploads it to Amazon S3 in the form of a.ZIP file. The developer modifies the code and sends an
updated.ZIP file to Amazon S3. Lambda, on the other hand, runs the preceding code.

How can the Developer resolve this in the LEAST obtrusive manner possible?

A. Create another Lambda function and specify the new .ZIP file.

B. Call the update-function-code API.

C. Remove the earlier .ZIP file first, then add the new .ZIP file.

D. Call the create-alias API.

Correct Answer: B

Community vote distribution

B (100%)

Question #305 Topic 1

A programmer is developing an application that will process data that has been uploaded to an Amazon S3 bucket. The developer anticipates that
the data will be processed in less than one minute on average.

How can the developer deploy and activate the program efficiently and with the least amount of latency?

A. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload.

B. Deploy the application as an AWS Lambda function and invoke it with an S3 event notification.

C. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event.

D. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-s3.html

Community vote distribution

B (100%)
Question #306 Topic 1

A supplier is now developing a new RESTful API that will allow consumers to inquire the status of their orders. The following API endpoint was
requested by the consumers.
http://www.supplierdomain.com/status/customerID

Which of the following application architectures satisfies the specification? (Select two.)

A. Amazon SQS; Amazon SNS

B. Elastic Load Balancing; Amazon EC2

C. Amazon ElastiCache; Amazon Elacticsearch Service

D. Amazon API Gateway; AWS Lambda

E. Amazon S3; Amazon CloudFront

Correct Answer: DE

Question #307 Topic 1

A developer wishes to activate AWS X-Ray for a secure application hosted on Amazon ECS.

Which sequence of actions enables X-Ray? (Select three.)

A. Create a Docker image that runs the X-Ray daemon.

B. Add instrumentation to the application code for X-Ray.

C. Install the X-Ray daemon on the underlying EC2 instance.

D. Configure and use an IAM EC2 instance role.

E. Register the application with X-Ray.

F. Configure and use an IAM role for tasks.

Correct Answer: BCE

Reference:
https://aws.amazon.com/blogs/aws/category/aws-x-ray/

Community vote distribution

ABF (100%)
Question #308 Topic 1

A development team wishes to build and deploy an application instantly after a modification to the source code is made.

Which methods could be utilized to initiate the deployment? (Select two.)

A. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start whenever a file in the bucket changes.

B. Store the source code in an encrypted Amazon EBS volume. Configure AWS CodePipeline to start whenever a file in the volume changes.

C. Store the source code in an AWS CodeCommit repository. Configure AWS CodePipeline to start whenever a change is committed to the
repository.

D. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start every 15 minutes.

E. Store the source code in an Amazon EC2 instance‫ג‬€™s ephemeral storage. Configure the instance to start AWS CodePipeline whenever
there are changes to the source code.

Correct Answer: BC
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html

Community vote distribution

AC (100%)

Question #309 Topic 1

For collaborative software development, a business need a version control system. The system's features must contain the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking

Which AWS service will satisfy these criteria?

A. AWS CodePipeline

B. Amazon S3

C. AWS CodeBuild

D. AWS CodeCommit

Correct Answer: D
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html

Community vote distribution

D (100%)
Question #310 Topic 1

A corporation has integrated AWS CodeDeploy into their cloud native continuous integration and delivery (CI/CD) stack. Automatic rollbacks are
enabled during the deployment of a new version of a popular web application from on-premises to Amazon EC2.

What happens if the new version's deployment fails due to code regression?

A. The last known good deployment is automatically restored using the snapshot stored in Amazon S3.

B. CodeDeploy switches the Amazon Route 53 alias records back to the known good green deployment and terminates the failed blue
deployment.

C. A new deployment of the last known version of the application is deployed with a new deployment ID.

D. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production.

Correct Answer: B

Community vote distribution

C (100%)

Question #311 Topic 1

A business has developed a serverless application that makes use of Amazon Simple Queue Service (Amazon SQS) and an Amazon Web Services
Lambda function. On the final day of each month, the application gets data in a SQS queue. Within one day, the function successfully processes all
of the data in the queue.
A comprehensive AWS bill reveals a high volume of SQS API queries throughout the month, despite the fact that the queue gets data only on the
month's last day.

What is causing the increased API requests?

A. Lambda is using long polling to check for messages in the SQS queue.

B. The SQS queue is sending ping messages to Lambda.

C. The function is not automatically deleting the messages from the SQS queue.

D. Visibility timeout is not set to 0 to remove the extra API requests.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html

Community vote distribution

A (50%) C (50%)
Question #312 Topic 1

A developer is hard at work on a project that would store hundreds of millions of product reviews in an Amazon DynamoDB database. The records
include the following data elements:

Which field would provide the MOST consistent performance when used as the partition key in DynamoDB?

A. starRating

B. reviewID

C. comment

D. productID

Correct Answer: B

Community vote distribution

D (50%) B (50%)

Question #313 Topic 1

To facilitate the adoption of microservices, a company's management team has directed all development teams to design their services in such a
way that API queries are limited to the data store for that service. One team is developing its own Payments service with its own database; the
service requires data from the Accounts database. Both instances make use of Amazon DynamoDB.

Which technique will result in the simplest, most decoupled, and most reliable mechanism for obtaining near-real-time Accounts database
updates?

A. Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C. Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.

D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Correct Answer: D
Reference:
https://aws.amazon.com/blogs/database/how-to-perform-ordered-data-replication-between-applications-by-using-amazon-dynamodb-streams/

Community vote distribution

D (100%)
Question #314 Topic 1

A developer has created a Lambda function that will be responsible for adding new customers to an RDS database hundreds of times per hour.
Lambda is set to use 512MB of RAM and is based on the following pseudocode:

The developer observes that the Lambda execution time is much longer than intended after testing the Lambda function.

What actions should the developer take to boost performance?

A. Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use.

B. Increase the size of the RDS database to allow for an increased number of database connections each hour.

C. Move the database connection and close statement out of the handler. Place the connection in the global space.

D. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.

Correct Answer: C

Question #315 Topic 1

An on-premises application makes regular requests to Amazon S3 for file storage. As the application's use grows, €LimitExceeded€ faults are
reported.

What has to be done to resolve this error?

A. Implement exponential backoffs in the application.

B. Load balance the application to multiple servers.

C. Move the application to Amazon EC2.

D. Add a one second delay to each API call.

Correct Answer: A

Community vote distribution

A (100%)
Question #316 Topic 1

A development team chooses to utilize AWS X-Ray to monitor application code in order to undertake performance analysis and root cause
investigation.

What steps must the team take to begin using X-Ray? (Select two.)

A. Log instrumentation output into an Amazon SQS queue.

B. Use a visualization tool to view application traces.

C. Instrument application code using the AWS SDK.

D. Install the X-Ray agent on the application servers.

E. Create an Amazon DynamoDB table to store the trace logs.

Correct Answer: BD
Reference:
https://aws.amazon.com/blogs/mt/analyze-debug-applications-aws-x-trace-data-grafana/

Community vote distribution

CD (100%)

Question #317 Topic 1

A developer is extending a client-side application with a feature that enables users to submit films to an Amazon S3 bucket.

What is the MOST SECURE method for authorizing the application to write files to the S3 bucket?

A. Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user
authentication within the client- side application.

B. Create a new IAM policy and a corresponding IAM user with permissions to write to the S3 bucket. Store the key and the secret for the user
in the application code. Use the key to authenticate the video uploads.

C. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket.
Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL.

D. Generate a new IAM key and a corresponding secret by using the AWS account root user credentials. Store the key and the secret for the
user in the application code. Use the key to authenticate the video uploads.

Correct Answer: D

Community vote distribution

C (100%)
Question #318 Topic 1

A firm has created a new serverless application using AWS Lambda functions and will deploy it using the AWS Serverless Application Model (AWS
SAM) command-line interface.

Prior to deploying the application, which step should the developer complete?

A. Compress the application to a .zip file and upload it into AWS Lambda

B. Test the new AWS Lambda function by first tracing it in AWS X-Ray

C. Bundle the serverless application using a SAM package

D. Create the application environment using the eb create my-env command

Correct Answer: A
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-application-model.pdf

Community vote distribution

C (100%)

Question #319 Topic 1

Lambda functions are packaged for deployment in a variety of settings, such as development, test, and production. Each ecosystem is endowed
with its own collection of resources, such as databases.

How can the Lambda function make use of the current environment's resources?

A. Apply tags to the Lambda functions.

B. Hardcore resources in the source code.

C. Use environment variables for the Lambda functions.

D. Use separate function for development and production.

Correct Answer: C
Question #320 Topic 1

A business is organizing a session for external users and want to share reference materials with them for seven days. The reference papers are
stored in an Amazon S3 bucket that the firm controls.

What is the SECUREST method of sharing documents with external users?

A. Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days.

B. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users.

C. Create temporary IAM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the
credentials after 7 days.

D. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

Community vote distribution

A (100%)

Question #321 Topic 1

A development team want to use Amazon ECS to host its container workloads. Each container in an application must exchange data with another
container in order to gather logs and metrics.

What actions should the development team take to ensure that these criteria are met?

A. Create two pod specifications. Make one to include the application container and the other to include the other container. Link the two pods
together.

B. Create two task definitions. Make one to include the application container and the other to include the other container. Mount a shared
volume between the two tasks.

C. Create one task definition. Specify both containers in the definition. Mount a shared volume between those two containers.

D. Create a single pod specification. Include both containers in the specification. Mount a persistent volume to both containers.

Correct Answer: A

Community vote distribution

C (100%)
Question #322 Topic 1

A business wishes to relocate its web application to AWS and use Auto Scaling to manage peak demands. According to the Solutions Architect,
the optimum measure for an Auto Scaling event is the concurrent user count.

What information should the developer utilize to determine how to autoscale depending on concurrent users?

A. An Amazon SNS topic to be triggered when a concurrent user threshold is met

B. An Amazon Cloudwatch Networkin metric

C. Amazon CloudFront to leverage AWS Edge Locations

D. A Custom Amazon CloudWatch metric for concurrent users.

Correct Answer: D

Question #323 Topic 1

A business wishes to ensure that no more than one person in its Admin group has the permanent permission to remove an Amazon EC2 resource.
There should be no modifications to the current Admin group policy.

What tools should a developer use to ensure that these criteria are met?

A. AWS managed policy

B. Inline policy

C. IAM trust relationship

D. AWS Security Token Service (AWS STS)

Correct Answer: A
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Community vote distribution

B (100%)

Question #324 Topic 1

A business needs that all data saved in Amazon DynamoDB tables be encrypted at rest using keys owned by the business.

How can a developer satisfy these needs WITHOUT making changes to the application?

A. Use the AWS Encryption SDK to encrypt items before insertion.

B. Enable table-level encryption with an AWS managed customer master key (CMK).

C. Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table.

D. Import key material in DynamoDB, and enable table-level encryption.

Correct Answer: B

Community vote distribution

B (100%)
Question #325 Topic 1

A developer has created a market application that utilizes Amazon DynamoDB and Amazon ElastiCache to store price data. The market's prices
fluctuate often. Sellers have began to complain that when they alter the price of an item, the price in the product listing does not really change.

What may be causing this problem?

A. The cache is not being invalidated when the price of the item is changed

B. The price of the item is being retrieved using a write-through ElastiCache cluster

C. The DynamoDB table was provisioned with insufficient read capacity

D. The DynamoDB table was provisioned with insufficient write capacity

Correct Answer: A

Community vote distribution

A (100%)

Question #326 Topic 1

A business uses an Amazon SQS standard queue to hold messages delivered from the application's front-end to back-end tiers. The backend tier
parses the message and inserts it into a database in Amazon DynamoDB. A developer notices that multiple entries are being saved in the
DynamoDB database, despite the fact that AWS CloudTrail only captures one Amazon SQS message per item.

What modification is required to remedy this issue?

A. Enable queue de-duplication to prevent duplicate messages.

B. Modify the front-end tier to use the MessageGroupID argument.

C. Modify the application logic to use Amazon SNS between Amazon SQS and the front-end tier.

D. Change the Amazon SQS queue type to first-in, first-out (FIFO).

Correct Answer: B

Community vote distribution

D (67%) B (33%)

Question #327 Topic 1

A developer is debugging an application's permissions for making modifications to an Amazon RDS database. The developer has access to the
application's IAM role.

Which command structure should be used by the developer to verify role permissions?

A. aws sts assume-role

B. aws iam attach-role-policy

C. aws ssm resume-session

D. aws rds add-role-to-db-cluster

Correct Answer: A
Question #328 Topic 1

A developer is responsible for the administration of an application that communicates with Amazon RDS. Following observations of sluggish
performance with read queries, the developer uses Amazon ElastiCache to automatically update the cache following the main database update.

What will be the outcome of this caching strategy?

A. Caching will increase the load on the database instance because the cache is updated for every database update.

B. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data.

C. The cache will become large and expensive because the infrequently requested data is also written to the cache.

D. Overhead will be added to the initial response time because the cache is updated only after a cache miss.

Correct Answer: D
Reference:
https://aws.amazon.com/elasticache/faqs/

Community vote distribution

C (100%)

Question #329 Topic 1

During the most recent deployment of a new application, a corporation suffered some downtime. AWS Elastic Beanstalk partitioned the
environment's Amazon EC2 instances into batches and delivered the new version one batch at a time after deactivating them. As a result, full
capacity was not maintained during the deployment process.
The developer intends to deliver a new version of the program and is seeking a policy that will ensure maximum capacity and mitigate the
consequences of a failure deployment.

Which deployment strategy is appropriate for the developer?

A. Immutable

B. All at Once

C. Rolling

D. Rolling with an Additional Batch

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

Community vote distribution

A (100%)
Question #330 Topic 1

A corporation employs 25,000 people and is expanding. The business is developing an application that will be exclusive to its workers. A
developer is storing photos in Amazon S3 and application data in Amazon RDS. The organization demands that all employee data remain in the
old Security Assertion Markup Language (SAML) employee directory and is not interested in replicating employee data on AWS.

How can the developer ensure that the workers who will be utilizing this program have allowed access to their own application data?

A. Use Amazon VPC and keep all resources inside the VPC, and use a VPC link for the S3 bucket with the bucket policy.

B. Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy.

C. Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the cognito-
identity.amazonaws.com:sub variable to grant access to the employees.

D. Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their
personal data only.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html

Community vote distribution

C (100%)

Question #331 Topic 1

A nightly batch process populates a DynamoDB database with 1 million new entries. The records are required for one hour, and the table must be
completely emptied by the next night's batch operation.

Which strategy is the MOST efficient and cost-effective for supplying an empty table?

A. Use DeleteItem using a ConditionExpression.

B. Use BatchWriteItem to empty all of the rows.

C. Write a recursive function that scans and calls out DeleteItem.

D. Create and then delete the table after the task has completed.

Correct Answer: A

Community vote distribution

D (100%)
Question #332 Topic 1

A developer ran an AWS CLI command and encountered the following error:

What step should the developer take to make this mistake understandable to humans?

A. Make a call to AWS KMS to decode the message.

B. Use the AWS STS decode-authorization-message API to decode the message.

C. Use an open source decoding library to decode the message.

D. Use the AWS IAM decode-authorization-message API to decode this message.

Correct Answer: B

Question #333 Topic 1

A business is developing a compute-intensive application that will operate on an Amazon EC2 fleet. The program stores data on associated
Amazon EBS drives. Because the program will be processing sensitive data, all data must be encrypted.

What steps should a developer take to guarantee data is encrypted on disk without sacrificing performance?

A. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.

B. Add logic to write all data to an encrypted Amazon S3 bucket.

C. Add a custom encryption algorithm to the application that will encrypt and decrypt all data.

D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

Community vote distribution

A (100%)
Question #334 Topic 1

A developer is writing a script to automate the serverless application deployment process. The developer want to build the application using an
existing AWS Serverless Application Model (AWS SAM) template.

What tools should the developer use in order to complete the project? (Select two.)

A. Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward.

B. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward.

C. Call aws s3 cp to upload the AWS SAM template to Amazon S3. Call aws lambda update-function-code to create the application.

D. Create a ZIP package locally and call aws serverlessrepo create-application to create the application.

E. Create a ZIP package and upload it to Amazon S3. Call aws cloudformation create-stack to create the application.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-getting-started-hello-world.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-cli-package.html

Community vote distribution

AB (100%)
Question #335 Topic 1

A gaming application saves player scores in an Amazon DynamoDB database with the following four columns: user id, user name, user score, and
user rank. Users are only permitted to edit their names. Web identity federation authenticates a user.

Which set of criteria should be put to the dynamodb: PutItem API call's policy associated with the role?
A.

B.

C.

D.

Correct Answer: C
Question #336 Topic 1

A developer is monitoring an Amazon EC2 instance that is executing an application. The developer has created a custom Amazon CloudWatch
measure with a 1 second data granularity. The developer want to be alerted within 30 seconds of any concerns using Amazon Simple Notification
Service (Amazon SNS).

Which CloudWatch method meets this criterion?

A. Configure a high-resolution CloudWatch alarm.

B. Set up a custom CloudWatch dashboard.

C. Use Amazon CloudWatch Logs Insights.

D. Change to a default CloudWatch metric.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/acw-ug.pdf
(14)

Community vote distribution

A (100%)

Question #337 Topic 1

A developer has created an application that makes use of Amazon Cognito's authentication and authorisation capabilities. When a user logs in
successfully, the application produces a user record in an Amazon DynamoDB database.

How should the user be authenticated and a record created in the DynamoDB table?

A. Authenticate and get a token from an Amazon Cognito user pool. Use the token to access DynamoDB.

B. Authenticate and get a token from an Amazon Cognito identity pool. Use the token to access DynamoDB.

C. Authenticate and get a token from an Amazon Cognito user pool. Exchange the token for AWS credentials with an Amazon Cognito identity
pool. Use the credentials to access DynamoDB.

D. Authenticate and get a token from an Amazon Cognito identity pool. Exchange the token for AWS credentials with an Amazon Cognito user
pool. Use the credentials to access DynamoDB.

Correct Answer: D

Community vote distribution

C (100%)
Question #338 Topic 1

A developer must adapt the architecture of an application to accommodate new functional requirements. Amazon DynamoDB is used to store
application data, which is processed for analysis in a nightly batch. System analysts do not like to wait until the next day to examine processed
data and have requested that it be made accessible in near-real time.

Which application architectural pattern would allow real-time data processing?

A. Event driven

B. Client-server driven

C. Fan-out driven

D. Schedule driven

Correct Answer: A
Reference:
https://tanzu.vmware.com/content/blog/introduction-to-event-driven-architecture-and-apache-kafka

Community vote distribution

A (100%)

Question #339 Topic 1

A developer must alter an Alexa skill that is powered by an AWS Lambda function in order to provide access to an Amazon DynamoDB database in
a second account. A role has been established in the second account with rights to access the table.

What method should be used to access the table?

A. Modify the Lambda function execution role‫ג‬€™s permissions to include the new role.

B. Change the Lambda function execution role to be the new role.

C. Assume the new role in the Lambda function when accessing the table.

D. Store the access key and the secret key for the new role and use then when accessing the table.

Correct Answer: A
Reference:
https://aws.amazon.com/blogs/security/how-to-create-an-aws-iam-policy-to-grant-aws-lambda-access-to-an-amazon-dynamodb-table/

Community vote distribution

C (100%)
Question #340 Topic 1

A business has developed a Java AWS Lambda function that will be invoked whenever a user uploads an image to an Amazon S3 bucket. The
code changes the original picture to a variety of various formats before copying the generated photos to another Amazon S3 bucket.
No photos are being transferred to the second Amazon S3 bucket, as discovered by the developers. They evaluated the code on an Amazon EC2
instance with 1GB of RAM and discovered that it runs in an average of 500 seconds.

Which of the following is the MOST LIKELY source of the problem?

A. The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance

B. Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted.

C. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is not completing.

D. There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js.

Correct Answer: C

Question #341 Topic 1

A development team is tasked with the task of creating a mobile application that will need multi-factor authentication.

Which measures should be made in order to accomplish this? (Select two.)

A. Use Amazon Cognito to create a user pool and create users in the user pool.

B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.

C. Enable multi-factor authentication for the Amazon Cognito user pool.

D. Use AWS IAM to create IAM users.

E. Enable multi-factor authentication for the users created in AWS IAM.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-
mfa.html#:~:text=To%20configure%20MFA%20in%20the,the%20risk%
2Dbased%20adaptive%20authentication.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

Community vote distribution

AC (100%)
Question #342 Topic 1

A developer is combining an Amazon API Gateway with an AWS Lambda function in order to create an application. When the developer attempts
to use the API, he or she gets the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502

What is the developer's responsibility in resolving the error?

A. Change the HTTP endpoint of the API to an HTTPS endpoint

B. Change the format of the payload sent to the API Gateway

C. Change the format of the Lambda function response to the API call

D. Change the authorization header in the API call to access the Lambda function

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/malformed-502-api-gateway/

Community vote distribution

C (100%)

Question #343 Topic 1

A developer is establishing a position that will provide access to Amazon S3 buckets. The developer creates the role using the AWS CLI create-role
command.

Which policy should be implemented to enable Amazon EC2 to take over the role?

A. Managed policy

B. Trust policy

C. Inline policy

D. Service control policy (SCP)

Correct Answer: B
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-cli

Community vote distribution

B (100%)
Question #344 Topic 1

A developer observed that an application responsible for processing messages in an Amazon SQS queue was falling behind on a regular basis.
Although the program is capable of processing several messages concurrently, it receives only one message at a time.

What can the developer do to boost the amount of messages received by the application?

A. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

B. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1.

C. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.

D. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html

Community vote distribution

C (100%)

Question #345 Topic 1

A business intends to install an application on Amazon Web Services (AWS) behind an Elastic Load Balancer. The program makes use of an
HTTP/HTTPS listener and hence requires access to the client's IP addresses.

Which load-balancing system satisfies these criteria?

A. Use an Application Load Balancer and the X-Forwarded-For headers.

B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application.

C. Use an Application Load Balancer. Register the targets by the instance ID.

D. Use a Network Load Balancer and the X-Forwarded-For headers.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

Community vote distribution

A (100%)
Question #346 Topic 1

A developer wants to create an application that enables new users to register and establish new accounts. Additionally, people with social media
profiles must be able to log in using their social media credentials.

Which Amazon Web Services (AWS) service or functionality may be leveraged to fulfill these requirements?

A. AWS IAM

B. Amazon Cognito identity pools

C. Amazon Cognito user pools

D. AWS Directory Service

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/apn/how-to-authenticate-users-into-your-apps-using-application-load-balancer-and-centrify/

Community vote distribution

C (100%)

Question #347 Topic 1

A business has transferred a classic application to a fleet of Amazon EC2 instances. The application is now storing data in a MySQL database that
is deployed on a single EC2 instance. The organization has chosen to move the database from the EC2 instance to Amazon RDS MySQL.

What steps should the developer take to adapt the application to enable Amazon RDS data storage?

A. Update the database connection parameters in the application to point to the new RDS instance.

B. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.

C. Create a new EC2 instance with an IAM role that allows access to the new RDS database.

D. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.

Correct Answer: A

Community vote distribution

A (100%)
Question #348 Topic 1

A program at a company logs all information to Amazon S3. Every time a new log file is created, an AWS Lambda function is called to process it.
The code works and collects all of the essential data. When looking through the Lambda function logs, however, duplicate entries with the same
request ID are discovered.
What's the source of the duplicate entries?

A. The S3 bucket name was specified incorrectly.

B. The Lambda function failed, and the Lambda service retried the invocation with a delay.

C. There was an S3 outage, which caused duplicate entries of the same log file.

D. The application stopped intermittently and then resumed.

Correct Answer: B

Question #349 Topic 1

A developer has been tasked with the responsibility of developing a real-time dashboard web application that visualizes the key prefixes and
storage capacity of items stored in Amazon S3 buckets.
The Amazon S3 metadata will be stored in Amazon DynamoDB.

What is the most cost-effective and best solution for keeping the real-time dashboard current with the condition of the objects in the Amazon S3
buckets?

A. Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects
and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change.

B. Use Amazon S3 Event Notification backed by a Lambda function to persist the metadata into DynamoDB. Have the web application poll the
DynamoDB table to reflect this change.

C. Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist the metadata into DynamoDB. Have the web
application poll the DynamoDB table to reflect this change.

D. Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist the metadata into DynamoDB. Have the web
application poll the DynamoDB table to reflect this change.

Correct Answer: A

Community vote distribution

B (100%)
Question #350 Topic 1

A developer created an application that runs on AWS Lambda and makes use of the AWS Serverless Application Model (AWS SAM).

What is the proper sequence of action for a successful application deployment?

A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from
Amazon EBS.

B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3.

C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use.

D. 1. Build the SAM template locally. 2. Package the SAM template from AWS CodeCommit. 3. Deploy the SAM template to CodeCommit.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-deploying.html

Community vote distribution

B (100%)

Question #351 Topic 1

A developer is developing a serverless application using AWS Lambda and is required to establish a REST API that utilizes the HTTP GET
technique.

What has to be specified to satisfy this criterion? (Select two.)

A. A Lambda@Edge function

B. An Amazon API Gateway with a Lambda function

C. An exposed GET method in an Amazon API Gateway

D. An exposed GET method in the Lambda function

E. An exposed GET method in Amazon Route 53

Correct Answer: BC
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-getting-started-with-rest-apis.html

Community vote distribution

BC (100%)
Question #352 Topic 1

On AWS Lambda, a developer is developing an image microservice. The service relies on a number of libraries that are not included in the Lambda
runtime environment.

Which approach should the developer choose while developing the Lambda deployment package?

A. Create a ZIP file with the source code and all dependent libraries.

B. Create a ZIP file with the source code and a script that installs the dependent libraries at runtime.

C. Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment
variable LD_LIBRARY_PATH

D. Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.

Correct Answer: B

Community vote distribution

A (100%)

Question #353 Topic 1

A business want to containerize and deploy an existing three-tier web application on Amazon ECS Fargate. Session data is used by the program to
keep track of user activity.

Which strategy would result in the BEST customer experience?

A. Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster.

B. Create a session table in Amazon Redshift and save the session data in the database table.

C. Enable session stickiness in the existing Network Load Balancer and manage the session data in the container.

D. Use an Amazon S3 bucket as data store and save the session data in the bucket.

Correct Answer: C

Community vote distribution

A (100%)
Question #354 Topic 1

An Amazon EC2 application establishes connections to an Amazon RDS SQL Server database. The developer does not want to keep the
database's user name and password in the code. Additionally, the developer would want to have the credentials rotated automatically.

What is the SAFEST method for storing and accessing database credentials?

A. Create an IAM role that has permissions to access the database. Attach the role to the EC2 instance.

B. Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed.

C. Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance‫ג‬€™s user data to download the
credentials from Amazon S3 as the instance boots.

D. Store the user name and password credentials directly in the source code. No further action is needed because the source code is stored in
a private repository.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/

Community vote distribution

B (100%)

Question #355 Topic 1

Which of the following are effective use cases for Amazon ElastiCache? (Select two.)

A. Improve the performance of S3 PUT operations.

B. Improve the latency of deployments performed by AWS CodeDeploy.

C. Improve latency and throughput for read-heavy application workloads.

D. Reduce the time required to merge AWS CodeCommit branches.

E. Improve performance of compute-intensive applications.

Correct Answer: CE
Reference:
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/elasticache-use-cases.html

Community vote distribution

CE (100%)
Question #356 Topic 1

A developer is developing a web application that requires authentication but also requires guest access in order to allow restricted access to
users who do not want to login.

Which service can assist the application in allowing guest access?

A. IAM temporary credentials using AWS STS.

B. Amazon Directory Service

C. Amazon Cognito with unauthenticated access enabled

D. IAM with SAML integration

Correct Answer: C
Reference:
https://aws.amazon.com/cognito/faqs/

Question #357 Topic 1

A web application is developed to enable new users to register using their email addresses. The program will store user characteristics and
anticipates millions of users signing up.

What should the developer do to accomplish the design objectives?

A. Amazon Cognito user pools

B. AWS Mobile Hub user data storage

C. Amazon Cognito Sync

D. AWS Mobile Hub cloud logic

Correct Answer: A
Reference:
https://aws.amazon.com/cognito/

Community vote distribution

A (100%)
Question #358 Topic 1

A development team is constructing a new application that will operate on Amazon EC2 and make use of Amazon DynamoDB for storage. All
developers have IAM user accounts allocated to the same IAM group. Currently, developers may create EC2 instances, but they must also be
allowed to launch EC2 instances with an instance role that grants access to Amazon DynamoDB.

Which AWS IAM modifications are required to enable this feature when establishing an instance role?

A. Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB
to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and
iam:PassRole permissions for the role.

B. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon
EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole
permission for the role.

C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows
DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the
iam:PassRole permission for the role.

D. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon
EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole
permission for the role.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/glue/latest/dg/attach-policy-iam-user.html

Community vote distribution

B (100%)

Question #359 Topic 1

A business is transferring its on-premises MySQL database to Amazon RDS for MySQL. The firm has read-intensive workloads and wants to ensure
that its code is refactored to obtain the best possible read performance for its queries.

How is this aim to be accomplished?

A. Add database retries to effectively use RDS with vertical scaling

B. Use RDS with multi-AZ deployment

C. Add a connection string to use an RDS read replica for read queries

D. Add a connection string to use a read replica on an EC2 instance.

Correct Answer: C
Question #360 Topic 1

Each day, a business runs an application that is responsible for processing several thousand external callbacks. The company's system
administrators want to know the total number of calls received on a rolling basis, and they want this data to be accessible for a period of ten days.
Additionally, the organization want to be able to send automatic notifications when the number of callbacks surpasses predefined criteria.

What is the MOST cost-effective method for tracking and alerting on these statistics?

A. Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds.

B. Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds.

C. Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends
the required alerts.

D. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System
Administrators.

Correct Answer: C

Question #361 Topic 1

A developer has created an AWS Lambda function in Java. The developer want to determine the location of a performance bottleneck in the code.

Which actions should be done to ascertain the existence of the bottleneck?

A. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the CloudWatch console to analyze the resulting
data.

B. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the Amazon CloudWatch console to analyze
the resulting data.

C. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the X-Ray console to analyze the resulting
data.

D. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the AWS X-Ray console to analyze the resulting
data.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/xray/latest/devguide/xray-guide.pdf

Community vote distribution

C (100%)
Question #362 Topic 1

A developer is configuring a CPU-intensive AWS Lambda function that runs once per hour. The function typically runs in 45 seconds, but may take
up to one minute at times. The timeout parameter is set to three minutes, and the other settings are left alone. The developer must optimize this
function's execution time.

Which solution will satisfy this criterion?

A. Redeploy the function within the default VPC.

B. Increase the function's memory.

C. Redeploy the function by using Lambda layers.

D. Increase the function's reserved concurrency.

Correct Answer: B

Community vote distribution

B (100%)

Question #363 Topic 1

A Developer is using an AWS VPN connection based on the Border Gateway Protocol (BGP) to connect from on-premises to Amazon EC2
instances in the Developer's account. The Developer may access an EC2 instance in subnet A but not in subnet B of the same VPC.

Which log files may the developer examine to determine if traffic reaches subnet B?

A. VPN logs

B. BGP logs

C. VPC Flow Logs

D. AWS CloudTrail logs

Correct Answer: C

Community vote distribution

C (100%)

Question #364 Topic 1

A developer needs to use Amazon ECS to deploy an application running on AWS Fargate. The application has environment variables that must be
given to a container during initialization.

How should the container's environment variables be passed?

A. Define an array that includes the environment variables under the environment parameter within the service definition.

B. Define an array that includes the environment variables under the environment parameter within the task definition.

C. Define an array that includes the environment variables under the entryPoint parameter within the task definition.

D. Define an array that includes the environment variables under the entryPoint parameter within the service definition.

Correct Answer: B

Community vote distribution

B (100%)
Question #365 Topic 1

A business has an internet-facing application that makes use of Web Identity Federation to receive a temporary credential from Amazon Web
Services Security Token Service (AWS STS).
The application then makes use of the token to get access to AWS services.
Take a look at the following response:

Which rights are connected with the application's call, based on the answer displayed?

A. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1

B. Permissions associated with the default role used when the AWS service was built

C. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE

D. Permissions associated with the account that owns the AWS service

Correct Answer: C

Community vote distribution

A (100%)
Question #366 Topic 1

AWS Elastic Beanstalk applications must be deployed in several regions and each region requires a unique Amazon Machine Image (AMI).

Which AWS CloudFormation template key should be used to define the region-specific AMI?

A. Parameters

B. Outputs

C. Mappings

D. Resources

Correct Answer: C
Reference:
https://docs.aws.amazon.com/marketplace/latest/userguide/cloudformation.html

Community vote distribution

C (100%)

Question #367 Topic 1

A development team want to move code from a GitHub repository to AWS CodeCommit.

What is required to transfer a cloned repository to CodeCommit via HTTPS?

A. A GitHub secure authentication token

B. A public and private SSH key file

C. A set of Git credentials generated from IAM

D. An Amazon EC2 IAM role with CodeCommit permissions

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-migrate-repository-existing.html

Community vote distribution

C (100%)
Question #368 Topic 1

Amazon API Gateway is being used by a business to handle its public-facing API. The CISO stipulates that the APIs may be utilized just by test
account users.

What is the SAFEST method for restricting API access to users of this specific AWS account?

A. Client-side SSL certificates for authentication

B. API Gateway resource policies

C. Cross-origin resource sharing (CORS)

D. Usage plans

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/compute/control-access-to-your-apis-using-amazon-api-gateway-resource-policies/

Community vote distribution

B (100%)

Question #369 Topic 1

On AWS, an application makes use of third-party APIs. The developer needs to monitor API faults in the code and wants to be notified when the
number of failures exceeds a predefined threshold.

How is the Developer going to fulfill these requirements?

A. Publish a custom metric on Amazon CloudWatch and use Amazon SES for notification.

B. Use an Amazon CloudWatch API-error metric and use Amazon SNS for notification.

C. Use an Amazon CloudWatch API-error metric and use Amazon SES for notification.

D. Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification.

Correct Answer: D
Question #370 Topic 1

Amazon API Gateway is being used by an organization to give a public API named €Survey€ for gathering user feedback on its goods. The survey
API is divided into phases called €DEV€ and €PROD€ and consists of a single resource called €/feedback€ that enables users to
retrieve/create/update individual feedback postings.
A Swagger file with version control is used to describe a new API for retrieving numerous feedback postings. To add the new API resource €/
listFeedbackForProduct€, the developer modifies the Swagger file that defines the API, uploads the file to the organization's version control
system, and uses the API Gateway's Import API function to update the Survey API. Following successful import, the developer performs tests
against the DEV stage and discovers that the resource €/listFeedbackForProduct€ is missing.

What is the MOST LIKELY explanation for the resource's non-availability?

A. Even though the Swagger import was successful, resource creation failed afterwards.

B. There is a propagation delay of several minutes in creating API Gateway resources after import.

C. The developer needs to restart the API Gateway stage after import in order to apply the changes.

D. The developer needs to create a new deployment after import in order to deploy the changes.

Correct Answer: C

Community vote distribution

( 00%)

Question #371 Topic 1

A developer is doing maintenance on an application hosted on AWS Elastic Beanstalk. The new version of the software is incompatible with the
previous version. To properly deploy the update, a complete cutover to the new, updated version must be conducted on all instances
simultaneously, with the option to roll back modifications in the event of a new version deployment failure.

How can this be accomplished with the MINIMUM amount of downtime possible?

A. Use the Elastic Beanstalk All at once deployment policy to update all instances simultaneously.

B. Perform an Elastic Beanstalk Rolling with additional batch deployment.

C. Deploy the new version in a new Elastic Beanstalk environment and swap environment URLs.

D. Perform an Elastic Beanstalk Rolling deployment.

Correct Answer: D
Elastic Beanstalk has rolled out a couple of features over the last year that make zero-downtime deployment.
Reference:
https://rollout.io/blog/batch-deployment-in-aws-elastic-beanstalk/

Community vote distribution

C (100%)
Question #372 Topic 1

It takes 40 seconds for an application to process instructions received through Amazon SQS message.

Assuming the SQS queue is set with the default VisibilityTimeout value, what is the BEST approach to guarantee that no other instances may
obtain a message that has already been handled or is still being processed after it is received?

A. Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use the DeleteMessage API to delete the message.

B. Use the DeleteMessage API call to delete the message from the queue, then call DeleteQueue API to remove the queue.

C. Use the ChangeMessageVisibility API to decrease the timeout value, then use the DeleteMessage API to delete the message.

D. Use the DeleteMessageVisibility API to cancel the VisibilityTimeout, then use the DeleteMessage API to delete the message.

Correct Answer: A

Question #373 Topic 1

A developer constructed a Lambda function for the backend of a web application. When the Lambda function is tested using the AWS Lambda
interface, the developer can see that it is being performed, but no log data is created in Amazon CloudWatch Logs, even after several minutes.

What may have resulted in this situation?

A. The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs.

B. The Lambda function is missing CloudWatch Logs as a source trigger to send log data.

C. The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.

D. The Lambda function is missing a target CloudWatch Log group.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions.html
(see note)

Question #374 Topic 1

An application will consume data at a rapid rate from a variety of sources and must store it in an Amazon S3 bucket.

Which service would be the most effective in accomplishing this task?

A. Amazon Kinesis Firehose

B. Amazon S3 Acceleration Transfer

C. Amazon SQS

D. Amazon SNS

Correct Answer: A

Community vote distribution

A (100%)
Question #375 Topic 1

A business is building an application that will be accessible through the Amazon API Gateway's REST API. Only registered users should be able to
access specific API resources. The token in use should expire automatically and should be updated on a regular basis.

How can a developer adhere to these specifications?

A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials
generated by the identity pool.

B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

D. Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.

Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/

Community vote distribution

C (100%)

Question #376 Topic 1

A developer uses the AWS CLI to create a role in order to get a set of temporary security credentials.

Which of the following environment variables or AWS configuration file must be specified in order to authenticate with AWS?

A. AccessKeyId SecretAccessKey, and AssumedRoleId

B. UserId, SessionToken, and AssumedRoleId

C. AccessKeyId, SecretAccessKey, and SessionToken

D. UserId, SessionToken and Credentials

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
Question #377 Topic 1

Which approaches will aid in mitigating this circumstance? (Select two.)

A. Implement retries with exponential backoff

B. Use a PutRecord API instead of PutRecords

C. Reduce the frequency and/or size of the requests

D. Use Amazon SNS instead of Kinesis

E. Reduce the number of KCL consumers

Correct Answer: AC

Community vote distribution

AC (100%)

Question #378 Topic 1

A developer is developing a web application that makes use of Amazon API Gateway to expose an AWS Lambda function for the purpose of
processing client requests. The developer detects that the API Gateway times out during testing, despite the fact that the Lambda function
completes inside the specified time limit.

Which of the following Amazon CloudWatch API Gateway metrics may assist the developer in troubleshooting the issue? (Select two.)

A. CacheHitCount

B. IntegrationLatency

C. CacheMissCount

D. Latency

E. Count

Correct Answer: AD
Question #379 Topic 1

An on-premises e-commerce web application with shared session information is being transferred to AWS. The program must be fault resilient
and inherently highly scalable, with any service interruptions having little impact on the user experience.

What is the optimal method for storing session state?

A. Store the session state in Amazon ElastiCache

B. Store the session state in Amazon CloudFront

C. Store the session state in Amazon S3

D. Enable session stickiness using elastic load balancers

Correct Answer: A

Question #380 Topic 1

A business is maintaining an on-premises NoSQL database to host a vital component of an application that is experiencing scalability challenges.
The organization wishes to move the application to Amazon DynamoDB, taking into account the following factors:
✑ Optimize frequent queries
✑ Reduce read latencies
✑ Plan for frequent queries on certain key attributes of the table

Which method would assist in accomplishing these goals?

A. Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes.

B. Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table.

C. Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table.

D. Create an AWS Auto Scaling policy for the DynamoDB table.

Correct Answer: A

Community vote distribution

A (100%)

Question #381 Topic 1

A developer is creating a fault-tolerant environment that will store client sessions.

How can the developer assure that no sessions are lost in the event of a failure of an Amazon EC2 instance?

A. Use sticky sessions with an Elastic Load Balancer target group.

B. Use Amazon SQS to save session data.

C. Use Amazon DynamoDB to perform scalable session handling.

D. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Correct Answer: A

Community vote distribution

C (100%)
Question #382 Topic 1

Locally, a developer tested an application before deploying it to AWS Lambda. While remote testing the application, the Lambda function returns
an access denied error.

How can this problem be resolved?

A. Update the Lambda function's execution role to include the missing permissions.

B. Update the Lambda function's resource policy to include the missing permissions.

C. Include an IAM policy document at the root of the deployment package and redeploy the Lambda function.

D. Redeploy the Lambda function using an account with access to the AdministratorAccess policy.

Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/access-denied-lambda-s3-bucket/

Community vote distribution

A (100%)

Question #383 Topic 1

A developer is developing an application's authentication and authorisation mechanisms. The developer must take care that user credentials are
never made public.

How should the developer tackle this requirement?

A. Store the user credentials in Amazon DynamoDB. Build an AWS Lambda function to validate the credentials and authorize users.

B. Deploy a custom authentication and authorization API on an Amazon EC2 instance. Store the user credentials in Amazon S3 and encrypt
the credentials using Amazon S3 server-side encryption.

C. Use Amazon Cognito to configure a user pool, and user the Cognito API to authenticate and authorize the user.

D. Store the user credentials in Amazon RDS. Enable the encryption option for the Amazon RDS DB instances. Build an API using AWS Lambda
to validate the credentials and authorize users.

Correct Answer: C
Reference:
https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

Community vote distribution

C (100%)
Question #384 Topic 1

A developer wishes to operate a PHP website in conjunction with an NGINX proxy and bundle them together as Docker containers in a single
environment. The developer need a managed environment that is fully automated in terms of provisioning and load balancing. The developer has
little control over the setup and must keep operating overhead to a minimum.

How should the developer structure the website to adhere to these specifications?

A. Create a new application in AWS Elastic Beanstalk that is preconfigured for a multicontainer Docker environment. Upload the code, and
deploy it to a web server environment.

B. Deploy the code on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.

C. Construct an AWS Cloud Formation template that launches Amazon EC2 instances. Install and configure the PHP code by using cfn helper
scripts.

D. Upload the code for the PHP website into an Amazon S3 bucket. Host the website from the S3 bucket.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/docker.html

Question #385 Topic 1

A developer is constructing a template that will be used to deploy an application through AWS CloudFormation. This is a serverless application
that makes use of Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.

Which tool should the developer use to create simpler syntax for serverless resource expressions?

A. CloudFormation serverless intrinsic functions

B. AWS serverless express

C. An AWS serverless application model

D. A CloudFormation serverless plugin

Correct Answer: C
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-application-fundamentals.html
Question #386 Topic 1

A business maintains an AWS CloudFormation template in the form of a single file. The template is capable of launching and establishing a whole
infrastructure stack.

Which best practice would improve the template's maintainability?

A. Use nested stacks for common template patterns.

B. Embed credentials to prevent typos.

C. Remove mappings to decrease the number of variables.

D. Use AWS::Include to reference publicly-hosted template files.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html

Community vote distribution

A (100%)

Question #387 Topic 1

A developer must provide non-logged-in guest users access to an Amazon Cognito-enabled site in order to read files stored in an Amazon S3
bucket.

How is the Developer to comply with these requirements?

A. Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.

B. Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources.

C. Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources.

D. Create a new user pool, disable authentication access, and grant access to AWS resources.

Correct Answer: D

Question #388 Topic 1

A developer want to use Amazon EC2 Auto Scaling in order to scale a web application. The developer want to avoid session loss during scale-in
events.

How can the developer preserve and share the session state across several EC2 instances?

A. Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume to each EC2 instance in the group.

B. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API.

C. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each EC2 instance in the group to the topic.

D. Write the sessions to an Amazon Redshift cluster. Configure the application to use the Amazon Redshift API.

Correct Answer: B
Reference:
https://aws.amazon.com/memcached/
Question #389 Topic 1

On AWS, a developer is developing a new sophisticated application. The application is composed of a number of microservices that are hosted on
Amazon EC2. The developer want to ascertain which microservice incurs the most amount of delay while processing a request.

Which technique should the developer use to determine this?

A. Instrument each microservice request using the AWS X-Ray SDK. Examine the annotations associated with the requests.

B. Instrument each microservice request using the AWS X-Ray SDK. Examine the subsegments associated with the requests.

C. Instrument each microservice request using the AWS X-Ray SDK. Examine the Amazon CloudWatch EC2 instance metrics associated with
the requests.

D. Instrument each microservice request using the Amazon CloudWatch SDK. Examine the CloudWatch EC2 instance metrics associated with
the requests.

Correct Answer: C

Community vote distribution

B (100%)

Question #390 Topic 1

An application must encrypt data that is written to Amazon S3, where the keys are controlled in-house and S3 handles the encryption.

Which encryption method should be used?

A. Use server-side encryption with Amazon S3-managed keys

B. Use server-side encryption with AWS KMS-managed keys

C. Use client-side encryption with customer master keys

D. Use server-side encryption with customer-provided keys

Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

Community vote distribution

D (100%)
Question #391 Topic 1

A developer must handle AWS infrastructure as code and be able to deploy multiple identical copies, stage changes, and roll back to prior
versions.

Which technique satisfies these criteria?

A. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure.

B. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure.

C. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure.

D. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.

Correct Answer: D

Community vote distribution

D (100%)

Question #392 Topic 1

A developer has created a multi-threaded application that runs on an Amazon EC2 instance fleet. The operations team has requested a graphical
tool for tracking the number of threads that are currently operating over time.

What is the MOST EFFECTIVE method of completing this request?

A. Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand.

B. Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call with the current thread count.

C. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph.

D. Periodically write the current thread count to a table using Amazon DynamoDB and use Amazon CloudFront to create a graph.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html

Community vote distribution

A (67%) B (33%)
Question #393 Topic 1

A deployment package utilizes the AWS CLI to put files into any S3 bucket in the account, using environment variables to keep access keys. The
package is operating on Amazon EC2 instances that have been updated to run with an assumed IAM role and a more restricted policy that
restricts access to a single bucket. Following the update, the Developer login into the host and retains the ability to write to all of the account's S3
buckets.

What is the MOST LIKELY REASON for this occurrence?

A. An IAM inline policy is being used on the IAM role

B. An IAM managed policy is being used on the IAM role

C. The AWS CLI is corrupt and needs to be reinstalled

D. The AWS credential provider looks for instance profile credentials last

Correct Answer: B

Question #394 Topic 1

A developer is tasked with the task of developing a mobile application on a shoestring budget. The solution needs a scalable service that enables
clients to register and authenticate for the mobile application utilizing the organization's existing SAML 2.0 identity provider.

Which Amazon Web Services (AWS) offering should be utilized to fulfill these requirements?

A. AWS Lambda

B. Amazon Cognito

C. AWS IAM

D. Amazon EC2

Correct Answer: B

Question #395 Topic 1

A developer is developing an AWS Lambda function that generates temporary files smaller than 10 MB in size during operation. Throughout
execution, the temporary files will be viewed and updated several times. There is no need for the Developer to store or retrieve these files in the
future.

What directory should the temporary file be saved to?

A. the /tmp directory

B. Amazon EFS

C. Amazon EBS

D. Amazon S3

Correct Answer: A
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
(23)

Community vote distribution

A (100%)
Question #396 Topic 1

A business requires a new REST API that can deliver data on the contents of an Amazon S3 bucket, such as the number of items stored inside.
The organization has opted to build the new API as a microservice and to use AWS Lambda and Amazon API Gateway.

How could the developer verify that the microservice gets access to the required Amazon S3 bucket while keeping to security best practices?

A. Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function
source code.

B. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.

C. Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket.

D. Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.

Correct Answer: C

Community vote distribution

B (100%)

Question #397 Topic 1

A developer is developing a mobile application that will operate without requiring users to log in.

Which approach is the MOST EFFECTIVE for granting people access to AWS resources?

A. Use an identity provider to securely authenticate with the application.

B. Create an AWS Lambda function to create an IAM user when a user accesses the application.

C. Create credentials using AWS KMS and apply these credentials to users when using the application.

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

Correct Answer: C

Community vote distribution

D (100%)

Question #398 Topic 1

A developer has built an S3 bucket called s3:/mycoolapp and configured server-wide logging with a path of s3:/mycoolapp/logs. The developer
copied 100 KB of Cascading Style Sheets (CSS) files to the subdirectory s3:/mycoolapp/css and then ceased work. When the developer returned a
few days later, the bucket had grown to 50 GB in size.

What is the MOST LIKELY REASON for this occurrence?

A. The CSS files were not compressed and S3 versioning was enabled.

B. S3 replication was enabled on the bucket.

C. Logging into the same bucket caused exponential log growth.

D. An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access.

Correct Answer: B
Question #399 Topic 1

A developer is developing a new application that will be accessible to users through an Amazon API Gateway-created API. The users must be
validated using the Security Assertion Markup Language (SAML) by a third-party identity provider. After users have been validated, they will need
access to further AWS services, such as Amazon S3 and Amazon DynamoDB.

How are these stipulations to be met?

A. Use an Amazon Cognito user pool with SAML as the resource server.

B. Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers.

C. Use the AWS IAM service to provide the sign-up and sign-in functionality.

D. Use Amazon CloudFront signed URLs to connect with the SAML identity provider.

Correct Answer: A

Community vote distribution

B (100%)

Question #400 Topic 1

A business is in the process of building a new web application in Python. The application must be deployed using AWS Elastic Beanstalk via the
AWS Management Console. The developer produces an Elastic Beanstalk source bundle, which he or she then uploads through the console.

Which of the following are prerequisites for developing the source bundle? (Select two.)

A. The source bundle must include the ebextensions.yaml file

B. The source bundle must not include a top-level directory

C. The source bundle must be compressed with any required dependencies in a top-level parent folder

D. The source bundle must be created as a single .zip or .war file

E. The source bundle must be uploaded into Amazon EFS

Correct Answer: CD
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications-sourcebundle.html

Community vote distribution

BD (100%)
Question #401 Topic 1

A developer is conducting an investigation on behalf of a business. Certain queries transit via an Amazon API Gateway endpoint but never reach
the AWS Lambda function that supports the endpoint. The developer discovers that a second Lambda function sometimes exceeds the maximum
concurrency limit for the AWS account.

How can the developer resolve this situation?

A. Manually reduce the concurrent quota at the account level.

B. Add another API Gateway stage for the endpoint. Shard the requests.

C. Request to increase the Lambda concurrency quota through the Service Quotas dashboard.

D. Reduce the throttling quota in the API Gateway endpoint.

Correct Answer: C

Question #402 Topic 1

A developer is building a serverless website containing HTML files, photos, videos, and JavaScript content (client-side scripts).
Which service combination should the Developer utilize to build the website?

A. Amazon S3 and Amazon CloudFront

B. Amazon EC2 and Amazon ElastiCache

C. Amazon ECS and Redis

D. AWS Lambda and Amazon API Gateway

Correct Answer: A
Reference:
https://d1.awsstatic.com/whitepapers/Building%20Static%20Websites%20on%20AWS.pdf

Question #403 Topic 1

The upload to Amazon S3 of a 15 GB item fails. The error message reads as follows: "Your proposed upload exceeds the maximum allowed object
size"

How will the Developer submit this object?

A. Upload the object using the multi-part upload API.

B. Upload the object over an AWS Direct Connect connection.

C. Contact AWS Support to increase the object size limit.

D. Upload the object to another AWS region.

Correct Answer: A
Reference:
https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KACOEWK92oCmeCwuj4t/s3-question-on-multi-part-upload

Community vote distribution

A (100%)
Question #404 Topic 1

A developer is developing AWS CloudFormation templates to handle the deployment of an application in Amazon Elastic Container Service
(Amazon ECS) using AWS CodeDeploy. The developer want to automatically deploy updated versions of the program to a subset of users prior to
making the new version generally accessible.

How should the developer handle the new version's deployment?

A. Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

B. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application‫ג‬€™s DNS records for the new
stack.

C. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.

D. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-cloudformation-templates.html

Community vote distribution

A (100%)

Question #405 Topic 1

A developer wants to upload data to Amazon S3 and wishes to encrypt the data during the upload process.

Which of the following solutions is the most appropriate for our task? (Select two.)

A. Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint

B. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key

C. Set up Server-Side Encryption with AWS KMS-Managed Keys

D. Transfer the data over an SSL connection

E. Set up Server-Side Encryption with S3-Managed Keys

Correct Answer: BD

Question #406 Topic 1

Where should the appspec.yml file be stored for AWS CodeDeploy to function properly?

A. In the root of the application source code directory structure

B. In the bin folder along with all the complied code

C. In an S3 bucket

D. In the same folder as the application configuration files

Correct Answer: A
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file.html
Question #407 Topic 1

A developer is developing a serverless web application and managing many development branches. The developer want to avoid having to update
the Amazon API Gateway target endpoint with each new code push.

Which solution would enable the developer to efficiently submit code without having to update the API Gateway?

A. Associate different AWS Lambda functions to an API Gateway target endpoint.

B. Create different stages in API Gateway, then associate API Gateway with AWS Lambda.

C. Create aliases and versions in AWS Lambda.

D. Tag the AWS Lambda functions with different names.

Correct Answer: C

Community vote distribution

C (100%)

Question #408 Topic 1

AWS Lambda produces a 3MB JSON file on a daily basis and then uploads it to an Amazon S3 bucket. Because the file includes sensitive
information, the Developer must encrypt it before to uploading it to the bucket.

Which of the following should the Developer change to guarantee that the data is encrypted before being uploaded to the bucket?

A. Use the default AWS KMS customer master key for S3 in the Lambda function code.

B. Use the S3 managed key and call the GenerateDataKey API to encrypt the file.

C. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

D. Use a custom KMS customer master key created for S3 in the Lambda function code.

Correct Answer: C

Question #409 Topic 1

A developer is developing an application that requires identifying the public IPv4 address of the Amazon EC2 instance on which it is running.

How is the program going to find this data?

A. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.

B. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/.

C. Get the application to run IFCONFIG to get the public IP address.

D. Get the application to run IPCONFIG to get the public IP address.

Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
Question #410 Topic 1

A developer want to automatically create a record in an Amazon DynamoDB table whenever a new file is uploaded to an Amazon S3 bucket.

Which sequence of actions would be required to accomplish this?

A. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insert the records into DynamoDB.

B. Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB.

C. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.

D. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.

Correct Answer: B

Community vote distribution

B (100%)

Question #411 Topic 1

A developer has developed an application that runs on Amazon EC2 instances and produces a value on a minutely basis. The developer want to
monitor and graph the data produced over time without periodically login into the instance.

Which strategy should the developer use to accomplish this objective?

A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.

B. Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.

C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.

D. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.

Correct Answer: C

Community vote distribution

C (100%)

Question #412 Topic 1

A developer is developing an AWS Lambda function that creates a new file upon execution. Each new file must be checked into the same AWS
CodeCommit repository.

How should the developer go about doing this?

A. When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change.

B. After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository.

C. Use an AWS SDK to instantiate a CodeCommit client. Invoke the put_file method to add the file to the repository.

D. Upload the new to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the
repository.

Correct Answer: A

Community vote distribution

C (100%)
Question #413 Topic 1

A developer is publishing vital log data to a log group formed two months ago in Amazon CloudWatch Logs. The developer must encrypt the log
data using an AWS KMS customer master key (CMK) in order to ensure that future data is encrypted in accordance with the company's security
policy.

How is the Developer going to fulfill this requirement?

A. Use the CloudWatch Logs console and enable the encrypt feature on the log group

B. Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN)

C. Use the KMS console and associate the CMK with the log group

D. Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)

Correct Answer: D
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

Community vote distribution

D (100%)

Question #414 Topic 1

A developer must create a mobile application that enables users to read and write data from an Amazon DynamoDB database used to store each
user's status.
The solution must restrict data access so that users may only access their own data.

Which of the following solutions is the most secure?

A. Embed AWS access credentials into the application and create DynamoDB queries that limit user access.

B. Use Amazon Cognito identity pools to assign unique identifiers and provide user access.

C. Modify the DynamoDB table to allow public read and writes, then add client-side filtering.

D. Create a web portal for users to create an account on AWS Directory Service.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_specific-table.html

Community vote distribution

B (100%)
Question #415 Topic 1

A developer has an application that must receive and handle a huge number of incoming data streams before distributing them to several
downstream users.

Which serverless solution should the developer use in order to achieve these requirements?

A. Amazon RDS MySQL stored procedure with AWS Lambda

B. AWS Direct Connect with AWS Lambda

C. Amazon Kinesis Data Streams with AWS Lambda

D. Amazon EC2 bash script with AWS Lambda

Correct Answer: C
Reference:
https://aws.amazon.com/kinesis/data-analytics/faqs/

Community vote distribution

C (100%)

Question #416 Topic 1

A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The developer
want to externalize session state in order to facilitate the application's operation.

Which services will address these requirements? (Select two.)

A. Amazon DynamoDB

B. Amazon Cognito

C. Amazon ElastiCache

D. Amazon EBS

E. Amazon SQS

Correct Answer: BD
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=238457

Community vote distribution

AC (100%)
Question #417 Topic 1

A developer must invoke an AWS Lambda function depending on the lifecycle activity of an item in an Amazon DynamoDB database.

How does the developer go about developing the solution?

A. Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda function synchronously from the SNS message.

B. Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda function asynchronously from the SNS message.

C. Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream.

D. Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html

Question #418 Topic 1

A developer need temporary access to resources located in a different account.

What is the MOST SECURE method of doing this?

A. Use the Amazon Cognito user pools to get short-lived credentials for the second account.

B. Create a dedicated IAM access key for the second account, and send it by mail.

C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.

D. Establish trust, and add an SSH key for the second account to the IAM user.

Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Question #419 Topic 1

A developer want to verify that the Amazon EC2 instances running in AWS Elastic Beanstalk execute a certain set of commands prior to the
application being available for usage.

Which feature of Elastic Beanstalk enables the developer to achieve this?

A. Rolling update

B. Immutable update

C. User data

D. .ebextensions

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html

Community vote distribution

D (100%)
Question #420 Topic 1

A team of developers is responsible for migrating an application running on AWS Elastic Beanstalk from a Classic Load Balancer to an Application
Load Balancer.

How should the job be completed using the AWS Management Console?

A. 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the
new version of the application code to the environment.

B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as
used in the original environment. 3. Run the swap-environment-cnames action.

C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the
original environment. 3. Run the swap-environment-cnames action.

D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements.
3. Rebuild the environment with the new load balancer type.

Correct Answer: A

Community vote distribution

B (100%)

Question #421 Topic 1

AWS Lambda functions must read data from an Amazon RDS MySQL database contained inside a VPC and also connect to a public endpoint on
the internet to get extra data.

Which actions must be made to provide access to both the RDS resource and the public endpoint by the function? (Select two.)

A. Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.

B. Modify the default network access control list to allow outbound traffic.

C. Add a NAT Gateway to the VPC.

D. Modify the default configuration of the Lambda function to associate it with a VPC public subnet.

E. Add an environmental variable to the Lambda function to allow outbound internet access.

Correct Answer: AC
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/vpc.html
Question #422 Topic 1

An application uses Amazon DynamoDB as its data storage and requires the ability to read 100 items per second in highly consistent reads. Each
item is around 5 KB in size.

What should the provisioned read throughput of the table be set to?

A. 50 read capacity units

B. 100 read capacity units

C. 200 read capacity units

D. 500 read capacity units

Correct Answer: C

Community vote distribution

C (100%)

Question #423 Topic 1

A developer has registered a new AWS account and is required to design a scalable AWS Lambda function that satisfies the following concurrent
execution requirements:
✑ Average execution time of 100 seconds
✑ 50 requests per second

Which procedure must be followed prior to deployment in order to avoid errors?

A. Implement dead-letter queues to capture invocation errors

B. Add an event source from Amazon API Gateway to the Lambda function

C. Implement error handling within the application code

D. Contact AWS Support to increase the concurrent execution limits

Correct Answer: B

Community vote distribution

D (100%)
Question #424 Topic 1

A Developer has created code for an application and want to share it with other team members in order to get feedback. The shared application
code must be kept in a long-term, version-controlled environment with batch change tracking.

Which Amazon Web Services (AWS) service should the developer use?

A. AWS CodeBuild

B. Amazon S3

C. AWS CodeCommit

D. AWS Cloud9

Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/codecommit-user.pdf

Community vote distribution

C (100%)

Question #425 Topic 1

A developer is developing an application that makes use of an Amazon API Gateway REST API and an AWS Lambda function that communicates
with an Amazon DynamoDB database. During testing, the developer notices excessive latency while performing API queries.

How can the developer determine the total latency and pinpoint performance bottlenecks?

A. Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck.

B. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests.

C. Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs.

D. Enable VPC Flow Logs to capture and analyze network traffic within the VPC.

Correct Answer: B
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html

Community vote distribution

B (100%)
Question #426 Topic 1

A developer using AWS CodeDeploy to automate the deployment of an application that connects to a remote MySQL database. The developer
wishes to access encrypted secrets such as API keys and database passwords safely.

Which of the following alternatives would need the LEAST amount of administrative work?

A. Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from
Amazon EC2 instances.

B. Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.

C. Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets
from EC2 instances.

D. Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.

Correct Answer: A

Community vote distribution

D (100%)

Question #427 Topic 1

A developer is establishing an Auto Scaling group for instances that must submit a custom metric to Amazon CloudWatch.

Which technique is the SECUREST approach for authenticating a CloudWatch PUT request?

A. Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the
credentials as needed.

B. Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the
instance user data.

C. Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.

D. Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

Correct Answer: D
Question #428 Topic 1

Given the AWS CloudFormation template below:

Which method is the MOST EFFECTIVE for referencing the newly created Amazon S3 bucket from another AWS CloudFormation template?

A. Add an Export declaration to the Outputs section of the original template and use ImportValue in other templates.

B. Add Exported: true to the ContentBucket in the original template and use ImportResource in other templates.

C. Create a custom AWS CloudFormation resource that gets the bucket name from the ContentBucket resource of the first stack.

D. Use Fn::Include to include the existing template in other templates and use the ContentBucket resource directly.

Correct Answer: C

Community vote distribution

A (100%)

Question #429 Topic 1

A developer is transferring code to an Amazon Lambda function that will interact with an Amazon Aurora MySQL database.

What is the SECUREST method for authenticating the function against the database?

A. Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems
Manager when the Lambda function needs to connect to the database.

B. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.

C. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the
credentials. Use AWS KMS to encrypt the data.

D. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.

Correct Answer: B
Reference:
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/

Community vote distribution

B (50%) D (50%)
Question #430 Topic 1

A developer has an Amazon DynamoDB table that requires provisioning in order to meet user needs. The application must have the following
features:

✑ Average item size: 10 KB

✑ Item reads each second: 10 strongly consistent
✑ Item writes each second: 2 transactional

Which read and write capability satisfies these needs most economically?

A. Read 10; write 2

B. Read 30; write 40

C. Use on-demand scaling

D. Read 300; write 400

Correct Answer: B

Community vote distribution

B (50%) C (50%)

Question #431 Topic 1

A developer wishes to deliver multi-value headers to an AWS Lambda function that is registered with an Application Load Balancer as a target
(ALB).

What actions should the developer take to accomplish this?

A. Place the Lambda function and target group in the same account.

B. Send the request body to the Lambda function with a size less than 1 MB.

C. Include the Base64 encoding status, status code, status description, and headers in the Lambda function.

D. Enable the multi-value headers on the ALB.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html#enable-multi-value-headers
Question #432 Topic 1

A developer is developing a new AWS Serverless Application Model (AWS SAM) template that includes an AWS Lambda function. The Lambda
function executes sophisticated code. The developer want to run the Lambda function on a larger CPU.

What should the developer do to comply with this stipulation?

A. Increase the runtime engine version.

B. Increase the timeout.

C. Increase the number of Lambda layers.

D. Increase the memory.

Correct Answer: D
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html

Question #433 Topic 1

A web application is being developed to audit several Amazon Web Services accounts. The application will be hosted in Account A and will need
access to AWS services hosted in Accounts B and C.

What is the SAFEST method for the application to access AWS services in each audited account?

A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles

B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions

C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application

D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys

Correct Answer: D

Community vote distribution

A (100%)
Question #434 Topic 1

Given the source code for an AWS Lambda function in the local file store.py, which includes the handler function get store, and the accompanying
AWS CloudFormation template:

What should be done to prepare the template for deployment through the AWS Command Line Interface command aws cloudformation deploy?

A. Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.

B. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template.

C. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive.

D. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.

Correct Answer: D

Community vote distribution

B (100%)

Question #435 Topic 1

How can a developer debug AWS Lambda code delivered using AWS Serverless Application Model (AWS SAM)?

A. Download the Lambda code locally and use the AWS CLI to execute it

B. Use the Lambda console to connect the debugger

C. Use AWS SAM to invoke a function locally in debug mode

D. Connect a third-party-compatible integrated development environment (IDE) to the Lambda debugger endpoint

Correct Answer: C
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html

Community vote distribution

C (100%)
Question #436 Topic 1

When designing an AWS Lambda function that processes Amazon Kinesis Data Streams, administrators must get a notification including the
processed data.

How should the developer create the function responsible for sending processed data to the Administrators?

A. Separate the Lambda handler from the core logic

B. Use Amazon CloudWatch Events to send the processed data

C. Publish the processed data to an Amazon SNS topic

D. Push the processed data to Amazon SQS

Correct Answer: B

Community vote distribution

C (100%)

Question #437 Topic 1

AWS CodeBuild generates the source code for an application, develops the Docker image, uploads it to Amazon Elastic Container Registry
(Amazon ECR), and tags it with a unique identifier.

If developers already have the AWS CLI setup on their workstations, how are the Docker images downloaded to the workstations?

A. Run the following: docker pull REPOSITORY URI : TAG

B. Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

C. Run the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

D. Run the output of the following: aws ecr get-download-url-for-layer and then run: docker pull REPOSITORY URI : TAG

Correct Answer: B

Question #438 Topic 1

A developer is developing a Lambda function and want to use external libraries that are not included in the standard Lambda libraries.

Which operation would result in the least amount of Lambda compute time being consumed?

A. Install the dependencies and external libraries at the beginning of the Lambda function.

B. Create a Lambda deployment package that includes the external libraries.

C. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location.

D. Install the external libraries in Lambda to be available to all Lambda functions.

Correct Answer: D

Community vote distribution

B (100%)
Question #439 Topic 1

The following conditions apply to an application:

✑ Performance efficiency of seconds with up to a minute of latency.

✑ The data storage size may grow up to thousands of terabytes.
✑ Per-message sizes may vary between 100 KB and 100 MB.
✑ Data can be stored as key/value stores supporting eventual consistency.

Which AWS service would be the MOST cost-effective to accomplish these requirements?

A. Amazon DynamoDB

B. Amazon S3

C. Amazon RDS (with a MySQL engine)

D. Amazon ElastiCache

Correct Answer: B

Community vote distribution

B (100%)
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 1

Free Questions for DVA-C02

Shared by Deleon on 04-10-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 2

Question 1
Question Type: MultipleChoice

A developer is investigating an issue in part of a company's application. In the application

messages are sent to an Amazon Simple Queue Service (Amazon SQS) queue The AWS Lambda
function polls messages from the SQS queue and sends email messages by using Amazon Simple
Email Service (Amazon SES) Users have been receiving duplicate email messages during periods
of high traffic.

Which reasons could explain the duplicate email messages? (Select TWO.)

Options:
A- Standard SQS queues support at-least-once message delivery
B- Standard SQS queues support exactly-once processing, so the duplicate email messages are
because of user error.
C- Amazon SES has the DomainKeys Identified Mail (DKIM) authentication incorrectly configured
D- The SQS queue's visibility timeout is lower than or the same as the Lambda function's timeout.
E- The Amazon SES bounce rate metric is too high.

Answer:
A

Explanation:
SQS Delivery Behavior:Standard SQS queues guarantee at-least-once delivery, meaning
messages may be processed more than once. This can lead to duplicate emails in this scenario.

Visibility Timeout:If the visibility timeout on the SQS queue is too short, a message might become
visible for another consumer before the first Lambda function finishes processing it. This can also
lead to duplicates.

Amazon SQS Delivery Semantics:[invalid URL removed]

Amazon SQS Visibility

Timeout:https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-vi
sibility-timeout.html
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 3

Question 2
Question Type: MultipleChoice

A company is migrating its PostgreSQL database into the AWS Cloud. The company wants to use
a database that will secure and regularly rotate database credentials. The company wants a
solution that does not require additional programming overhead.

Which solution will meet these requirements?

Options:
A- Use Amazon Aurora PostgreSQL tor the database. Store the database credentials in AWS
Systems Manager Parameter Store Turn on rotation.
B- Use Amazon Aurora PostgreSQL for the database. Store the database credentials in AWS
Secrets Manager Turn on rotation.
C- Use Amazon DynamoDB for the database. Store the database credentials in AWS Systems
Manager Parameter Store Turn on rotation.
D- Use Amazon DynamoDB for the database. Store the database credentials in AWS Secrets
Manager Turn on rotation.

Answer:
B

Explanation:
This solution meets the requirements because it uses a PostgreSQL-compatible database that can
secure and regularly rotate database credentials without requiring additional programming
overhead. Amazon Aurora PostgreSQL is a relational database service that is compatible with
PostgreSQL and offers high performance, availability, and scalability. AWS Secrets Manager is a
service that helps you protect secrets needed to access your applications, services, and IT
resources. You can store database credentials in AWS Secrets Manager and use them to access
your Aurora PostgreSQL database. You can also enable automatic rotation of your secrets
according to a schedule or an event. AWS Secrets Manager handles the complexity of rotating
secrets for you, such as generating new passwords and updating your database with the new
credentials. Using Amazon DynamoDB for the database will not meet the requirements because it
is a NoSQL database that is not compatible with PostgreSQL. Using AWS Systems Manager
Parameter Store for storing and rotating database credentials will require additional
programming overhead to integrate with your database.
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 4

Question 3
Question Type: MultipleChoice

A developer creates a static website for their department The developer deploys the static assets
for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The
developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket

The developer notices users can access the root URL and specific pages but cannot access
directories without specifying a file name. For example, /products/index.html works, but /products
returns an error The developer needs to enable accessing directories without specifying a file
name without exposing the S3 bucket publicly.

Which solution will meet these requirements'?

Options:
A- Update the CloudFront distribution's settings to index.html as the default root object is set
B- Update the Amazon S3 bucket settings and enable static website hosting. Specify index html
as the Index document Update the S3 bucket policy to enable access. Update the CloudFront
distribution's origin to use the S3 website endpoint
C- Create a CloudFront function that examines the request URL and appends index.html when
directories are being accessed Add the function as a viewer request CloudFront function to the
CloudFront distribution's behavior.
D- Create a custom error response on the CloudFront distribution with the HTTP error code set to
the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP
response code to the HTTP 200 OK response code

Answer:
B

Explanation:
Problem: Directory access without file names fails.

S3 Static Website Hosting:

Configuring S3 as a static website enables automatic serving ofindex.htmlfor directory requests.

Bucket policies ensure correct access permissions.

Updating the CloudFront origin simplifies routing.

Avoiding Public Exposure: The S3 website endpoint allows CloudFront to access content without
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 5

making the bucket public.

S3 Static Website
Hosting:https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html

Question 4
Question Type: MultipleChoice

A developer is designing a serverless application for a game in which users register and log in
through a web browser The application makes requests on behalf of users to a set of AWS
Lambda functions that run behind an Amazon API Gateway HTTP API

The developer needs to implement a solution to register and log in users on the application's
sign-in page. The solution must minimize operational overhead and must minimize ongoing
management of user identities.

Which solution will meet these requirements'?

Options:
A- Create Amazon Cognito user pools for external social identity providers Configure 1AM roles
for the identity pools.
B- Program the sign-in page to create users' 1AM groups with the 1AM roles attached to the
groups
C- Create an Amazon RDS for SQL Server DB instance to store the users and manage the
permissions to the backend resources in AWS
D- Configure the sign-in page to register and store the users and their passwords in an Amazon
DynamoDB table with an attached IAM policy.

Answer:
A

Explanation:
Amazon Cognito User Pools:A managed user directory service, simplifying user registration and
login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google,
Facebook), reducing development effort.
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 6

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS
resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials
independently.

Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web

Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-i
ntegration.html

Question 5
Question Type: MultipleChoice

A developer needs to deploy an application running on AWS Fargate using Amazon ECS The
application has environment variables that must be passed to a container for the application to
initialize.

How should the environment variables be passed to the container?

Options:
A- Define an array that includes the environment variables under the environment parameter
within the service definition.
B- Define an array that includes the environment variables under the environment parameter
within the task definition.
C- Define an array that includes the environment variables under the entryPoint parameter within
the task definition.
D- Define an array that includes the environment variables under the entryPoint parameter within
the service definition.

Answer:
B

Explanation:
This solution allows the environment variables to be passed to the container when it is launched
by AWS Fargate using Amazon ECS. The task definition is a text file that describes one or more
containers that form an application. It contains various parameters for configuring the containers,
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 7

such as CPU and memory requirements, network mode, and environment variables. The
environment parameter is an array of key-value pairs that specify environment variables to pass
to a container. Defining an array that includes the environment variables under the entryPoint
parameter within the task definition will not pass them to the container, but use them as
command-line arguments for overriding the default entry point of a container. Defining an array
that includes the environment variables under the environment or entryPoint parameter within
the service definition will not pass them to the container, but cause an error because these
parameters are not valid for a service definition.

Question 6
Question Type: MultipleChoice

An developer is building a serverless application by using the AWS Serverless Application Model
(AWS SAM). The developer is currently testing the application in a development environment.
When the application is nearly finsihed, the developer will need to set up additional testing and
staging environments for a quality assurance team.

The developer wants to use a feature of the AWS SAM to set up deployments to multiple
environments.

Which solution will meet these requirements with the LEAST development effort?

Options:
A- Add a configuration file in TOML format to group configuration entries to every environment.
Add a table for each testing and staging environment. Deploy updates to the environments by
using the sam deploy command and the --config-env flag that corresponds to the each
environment.
B- Create additional AWS SAM templates for each testing and staging environment. Write a
custom shell script that uses the sam deploy command and the --template-file flag to deploy
updates to the environments.
C- Create one AWS SAM configuration file that has default parameters. Perform updates to the
testing and staging environments by using the ---parameter-overrides flag in the AWS SAM CLI
and the parameters that the updates will override.
D- Use the existing AWS SAM template. Add additional parameters to configure specific attributes
for the serverless function and database table resources that are in each environment. Deploy
updates to the testing and staging environments by using the sam deploy command.

Answer:
A
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 8

Explanation:
The correct answer is A. Add a configuration file in TOML format to group configuration entries to
every environment. Add a table for each testing and staging environment. Deploy updates to the
environments by using the sam deploy command and the --config-env flag that corresponds to
the each environment.

A . Add a configuration file in TOML format to group configuration entries to every environment.
Add a table for each testing and staging environment. Deploy updates to the environments by
using the sam deploy command and the --config-env flag that corresponds to the each
environment. This is correct. This solution will meet the requirements with the least development
effort, because it uses a feature of the AWS SAM CLI that supports a project-level configuration
file that can be used to configure AWS SAM CLI command parameter values1. The configuration
file can have multiple environments, each with its own set of parameter values, such as stack
name, region, capabilities, and more2. The developer can use the --config-env option to specify
which environment to use when deploying the application3. This way, the developer can avoid
creating multiple templates or scripts, or manually overriding parameters for each environment.

B . Create additional AWS SAM templates for each testing and staging environment. Write a
custom shell script that uses the sam deploy command and the --template-file flag to deploy
updates to the environments. This is incorrect. This solution will not meet the requirements with
the least development effort, because it requires creating and maintaining multiple templates
and scripts for each environment. This can introduce duplication, inconsistency, and complexity
in the deployment process.

C . Create one AWS SAM configuration file that has default parameters. Perform updates to the
testing and staging environments by using the ---parameter-overrides flag in the AWS SAM CLI
and the parameters that the updates will override. This is incorrect. This solution will not meet
the requirements with the least development effort, because it requires manually specifying and
overriding parameters for each environment every time the developer deploys the application.
This can be error-prone, tedious, and inefficient.

D . Use the existing AWS SAM template. Add additional parameters to configure specific
attributes for the serverless function and database table resources that are in each environment.
Deploy updates to the testing and staging environments by using the sam deploy command. This
is incorrect. This solution will not meet the requirements with the least development effort,
because it requires modifying the existing template and adding complexity to the resource
definitions for each environment. This can also make it difficult to manage and track changes
across different environments.

1: AWS SAM CLI configuration file - AWS Serverless Application Model

2: Configuration file basics - AWS Serverless Application Model

3: Specify a configuration file - AWS Serverless Application Model

 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 9

Question 7
Question Type: MultipleChoice

A company has an ecommerce application. To track product reviews, the company's

development team uses an Amazon DynamoDB table.

Every record includes the following

* A Review ID a 16-digrt universally unique identifier (UUID)

* A Product ID and User ID 16 digit UUlDs that reference other tables

* A Product Rating on a scale of 1-5

* An optional comment from the user

The table partition key is the Review ID. The most performed query against the table is to find
the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query"?

Options:
A- A global secondary index (GSl) with Product ID as the partition key and Product Rating as the
sort key
B- A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort
key
C- A local secondary index (LSI) with Product ID as the partition key and Product Rating as the
sort key
D- A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

Answer:
A

Explanation:
This solution allows the fastest response for the query because it enables the query to use a
single partition key value (the Product ID) and a range of sort key values (the Product Rating) to
find the matching items. A global secondary index (GSI) is an index that has a partition key and
an optional sort key that are different from those on the base table. A GSI can be created at any
time and can be queried or scanned independently of the base table. A local secondary index
(LSI) is an index that has the same partition key as the base table, but a different sort key. An LSI
can only be created when the base table is created and must be queried together with the base
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 10

table partition key. Using a GSI with Product ID as the partition key and Review ID as the sort key
will not allow the query to use a range of sort key values to find the highest ratings. Using an LSI
with Product ID as the partition key and Product Rating as the sort key will not work because
Product ID is not the partition key of the base table. Using an LSI with Review ID as the partition
key and Product ID as the sort key will not allow the query to use a single partition key value to
find the matching items.

Question 8
Question Type: MultipleChoice

A developer is testing a RESTful application that is deployed by using Amazon API Gateway and
AWS Lambda When the developer tests the user login by using credentials that are not valid, the
developer receives an HTTP 405 METHOD_NOT_ALLOWED error The developer has verified that
the test is sending the correct request for the resource

Which HTTP error should the application return in response to the request?

Options:
A- HTTP 401
B- HTTP 404
C- HTTP 503
D- HTTP 505

Answer:
A

Explanation:
HTTP Status Codes:Each HTTP status code has a specific meaning in RESTful APIs.

HTTP 405 (Method Not Allowed):Indicates that the request method (e.g., POST) is not supported
for the specified resource.

HTTP 401 (Unauthorized):Represents a failure to authenticate, which is the appropriate response

for invalid login credentials.

HTTP Status Codes:https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 11

Question 9
Question Type: MultipleChoice

A developer supports an application that accesses data in an Amazon DynamoDB table. One of
the item attributes is expirationDate in the timestamp format. The application uses this attribute
to find items, archive them, and remove them from the table based on the timestamp value

The application will be decommissioned soon, and the developer must find another way to
implement this functionality. The developer needs a solution that will require the least amount of
code to write.

Which solution will meet these requirements?

Options:
A- Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an
AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda
function.
B- Create two AWS Lambda functions one to delete the items and one to process the items
Create a DynamoDB stream Use the Deleteltem API operation to delete the items based on the
expirationDate attribute Use the GetRecords API operation to get the items from the DynamoDB
stream and process them
C- Create two AWS Lambda functions, one to delete the items and one to process the items.
Create an Amazon EventBndge scheduled rule to invoke the Lambda Functions Use the
Deleteltem API operation to delete the items based on the expirationDate attribute. Use the
GetRecords API operation to get the items from the DynamoDB table and process them.
D- Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue
Service (Amazon SQS> dead-letter queue as the target to delete the items Create an AWS
Lambda function to process the items

Answer:
A

Explanation:
TTL for Automatic Deletion:DynamoDB's Time-to-Live effortlessly deletes expired items without
manual intervention.

DynamoDB Stream:Captures changes to the table, including deletions of expired items, triggering
downstream actions.

Lambda for Processing:A Lambda function connected to the stream provides custom logic for
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 12

handling the deleted items.

Code Efficiency:This solution leverages native DynamoDB features and stream-based processing,
minimizing the need for custom code.

DynamoDB TTL
Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html

DynamoDB Streams
Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.
html

Question 10
Question Type: MultipleChoice

A company has built an AWS Lambda function to convert large image files into output files that
can be used in a third-party viewer application The company recently added a new module to the
function to improve the output of the generated files However, the new module has increased the
bundle size and has increased the time that is needed to deploy changes to the function code.

How can a developer increase the speed of the Lambda function deployment?

Options:
A- Use AWS CodeDeploy to deploy the function code
B- Use Lambda layers to package and load dependencies.
C- Increase the memory size of the function.
D- Use Amazon S3 to host the function dependencies

Answer:
B

Explanation:
Problem: Large bundle size increases Lambda deployment time.

Lambda Layers: Layers let you package dependencies separately from your function code. This
optimizes the deployment package, making updates faster.

Modularization: Breaking down dependencies into layers improves code organization and
reusability.
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 13

AWS Lambda Layers:https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html

Question 11
Question Type: MultipleChoice

A developer is testing an application that invokes an AWS Lambda function asynchronously.

During the testing phase the Lambda function fails to process after two retries.

How can the developer troubleshoot the failure?

Options:
A- Configure AWS CloudTrail logging to investigate the invocation failures.
B- Configure Dead Letter Queues by sending events to Amazon SQS for investigation.
C- Configure Amazon Simple Workflow Service to process any direct unprocessed events.
D- Configure AWS Config to process any direct unprocessed events.

Answer:
B

Explanation:
This solution allows the developer to troubleshoot the failure by capturing unprocessed events in
a queue for further analysis. Dead Letter Queues (DLQs) are queues that store messages that
could not be processed by a service, such as Lambda, for various reasons, such as configuration
errors, throttling limits, or permissions issues. The developer can configure DLQs for Lambda
functions by sending events to either an Amazon Simple Queue Service (SQS) queue or an
Amazon Simple Notification Service (SNS) topic. The developer can then inspect the messages in
the queue or topic to identify and fix the root cause of the failure. Configuring AWS CloudTrail
logging will not capture invocation failures for asynchronous Lambda invocations, but only record
API calls made by or on behalf of Lambda. Configuring Amazon Simple Workflow Service (SWF) or
AWS Config will not process any direct unprocessed events, but require additional integration and
configuration.

Question 12
Question Type: MultipleChoice
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 14

A developer needs to build an AWS CloudFormation template that self-populates the AWS Region
variable that deploys the CloudFormation template

What is the MOST operationally efficient way to determine the Region in which the template is
being deployed?

Options:
A- Use the AWS:.Region pseudo parameter
B- Require the Region as a CloudFormation parameter
C- Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic
function
D- Dynamically import the Region by referencing the relevant parameter in AWS Systems
Manager Parameter Store

Answer:
A

Explanation:
Pseudo Parameters:CloudFormation provides pseudo parameters that reference runtime context,
including the current AWS Region.

Operational Efficiency:TheAWS::Regionpseudo parameter offers the most direct and self-

contained way to obtain the Region dynamically within the template.

CloudFormation Pseudo
Parameters:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-paramet
er-reference.html
 Sample Questions for Amazon DVA-C02 Exam By Deleon - Page 15

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 1

Free Questions for DVA-C02

Shared by Farrell on 14-03-2023
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 2

Question 1
Question Type: MultipleChoice

A company has developed a new serverless application using AWS Lambda functions that will be
deployed using the AWS Serverless Application Model (AWS SAM) CLI.

Which step should the developer complete prior to deploying the application?

Options:
A- Compress the application to a zip file and upload it into AWS Lambda.
B- Test the new AWS Lambda function by first tracing it m AWS X-Ray.
C- Bundle the serverless application using a SAM package.
D- Create the application environment using the eb create my-env command.

Answer:
C

Explanation:
This step should be completed prior to deploying the application because it prepares the
application artifacts for deployment. The AWS Serverless Application Model (AWS SAM) is a
framework that simplifies building and deploying serverless applications on AWS. The AWS SAM
CLI is a command-line tool that helps you create, test, and deploy serverless applications using
AWS SAM templates. The sam package command bundles the application artifacts, such as
Lambda function code and API definitions, and uploads them to an Amazon S3 bucket. The
command also returns a CloudFormation template that is ready to be deployed with the sam
deploy command. Compressing the application to a zip file and uploading it to AWS Lambda will
not work because it does not use AWS SAM templates or CloudFormation. Testing the new
Lambda function by first tracing it in AWS X-Ray will not prepare the application for deployment,
but only monitor its performance and errors. Creating the application environment using the eb
create my-env command will not work because it is a command for AWS Elastic Beanstalk, not
AWS SAM.

Question 2
Question Type: MultipleChoice

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambd
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 3

a. The development team tests the API and validates responses for the known use cases before
deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand
will meet these requirements?

Options:
A- Sam local invoke
B- Sam local generate-event
C- Sam local start-lambda
D- Sam local start-api

Answer:
D

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications2.Thesam local start-
apisubcommand of AWS SAM CLI is used to simulate a REST API by starting a new local
endpoint3. Therefore, option D is correct.

Question 3
Question Type: MultipleChoice

A company built an online event platform For each event the company organizes quizzes and
generates leaderboards that are based on the quiz scores. The company stores the leaderboard
data in Amazon DynamoDB and retains the data for 30 days after an event is complete The
company then uses a scheduled job to delete the old leaderboard data

The DynamoDB table is configured with a fixed write capacity. During the months when many
events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.

A developer must create a long-term solution that deletes the old leaderboard data and optimizes
write throughput

Which solution meets these requirements?

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 4

Options:
A- Configure a TTL attribute for the leaderboard data
B- Use DynamoDB Streams to schedule and delete the leaderboard data
C- Use AWS Step Functions to schedule and delete the leaderboard data.
D- Set a higher write capacity when the scheduled delete job runs

Answer:
A

Explanation:
DynamoDB TTL (Time-to-Live):A native feature that automatically deletes items after a specified
expiration time.

Efficiency:Eliminates the need for scheduled deletion jobs, optimizing write throughput by
avoiding potential throttling conflicts.

Seamless Integration:TTL works directly within DynamoDB, requiring minimal development

overhead.

DynamoDB TTL
Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html

Question 4
Question Type: MultipleChoice

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write
access to an Amazon DynamoDB table The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the
DynamoDB table?

Options:
A- Attach the existing 1AM policy to the Lambda function.
B- Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach
the role to the Lambda function
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 5

C- Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add
the user access key ID and secret access key as environment variables in the Lambda function.
D- Add the AWS account root user access key ID and secret access key as encrypted environment
variables in the Lambda function

Answer:
B

Explanation:
Principle of Least Privilege:Granting specific permissions through an IAM role is more secure than
directly attaching policies to a function or using root user credentials.

IAM Roles for Lambda:Designed to provide temporary credentials to Lambda functions, enhancing
security.

Reusability:The existing IAM policy ensures the correct S3 and DynamoDB access is granted.

IAM Roles for Lambda

Documentation:https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

IAM Best Practices:https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Question 5
Question Type: MultipleChoice

A company has an application that runs as a series of AWS Lambda functions. Each Lambda
function receives data from an Amazon Simple Notification Service (Amazon SNS) topic and
writes the data to an Amazon Aurora DB instance.

To comply with an information security policy, the company must ensure that the Lambda
functions all use a single securely encrypted database connection string to access Aurora.

Which solution will meet these requirements'?

Options:
A- Use IAM database authentication for Aurora to enable secure database connections for ail the
Lambda functions.
B- Store the credentials and read the credentials from an encrypted Amazon RDS DB instance.
C- Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 6

D- Use Lambda environment variables with a shared AWS Key Management Service (AWS KMS)
key for encryption.

Answer:
A

Explanation:
This solution will meet the requirements by using IAM database authentication for Aurora, which
enables using IAM roles or users to authenticate with Aurora databases instead of using
passwords or other secrets. The developer can use IAM database authentication for Aurora to
enable secure database connections for all the Lambda functions that access Aurora DB instance.
The developer can create an IAM role with permission to connect to Aurora DB instance and
attach it to each Lambda function. The developer can also configure Aurora DB instance to use
IAM database authentication and enable encryption in transit using SSL certificates. This way, the
Lambda functions can use a single securely encrypted database connection string to access
Aurora without needing any secrets or passwords. Option B is not optimal because it will store
the credentials and read them from an encrypted Amazon RDS DB instance, which may introduce
additional costs and complexity for managing and accessing another RDS DB instance. Option C
is not optimal because it will store the credentials in AWS Systems Manager Parameter Store as a
secure string parameter, which may require additional steps or permissions to retrieve and
decrypt the credentials from Parameter Store. Option D is not optimal because it will use Lambda
environment variables with a shared AWS Key Management Service (AWS KMS) key for
encryption, which may not be secure or scalable as environment variables are stored as plain
text unless encrypted with AWS KMS.

Question 6
Question Type: MultipleChoice

A company has an ecommerce application. To track product reviews, the company's

development team uses an Amazon DynamoDB table.

Every record includes the following

* A Review ID a 16-digrt universally unique identifier (UUID)

* A Product ID and User ID 16 digit UUlDs that reference other tables

* A Product Rating on a scale of 1-5

* An optional comment from the user

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 7

The table partition key is the Review ID. The most performed query against the table is to find
the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query"?

Options:
A- A global secondary index (GSl) with Product ID as the partition key and Product Rating as the
sort key
B- A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort
key
C- A local secondary index (LSI) with Product ID as the partition key and Product Rating as the
sort key
D- A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

Answer:
A

Explanation:
This solution allows the fastest response for the query because it enables the query to use a
single partition key value (the Product ID) and a range of sort key values (the Product Rating) to
find the matching items. A global secondary index (GSI) is an index that has a partition key and
an optional sort key that are different from those on the base table. A GSI can be created at any
time and can be queried or scanned independently of the base table. A local secondary index
(LSI) is an index that has the same partition key as the base table, but a different sort key. An LSI
can only be created when the base table is created and must be queried together with the base
table partition key. Using a GSI with Product ID as the partition key and Review ID as the sort key
will not allow the query to use a range of sort key values to find the highest ratings. Using an LSI
with Product ID as the partition key and Product Rating as the sort key will not work because
Product ID is not the partition key of the base table. Using an LSI with Review ID as the partition
key and Product ID as the sort key will not allow the query to use a single partition key value to
find the matching items.

Question 7
Question Type: MultipleChoice

A developer needs to deploy an application running on AWS Fargate using Amazon ECS The
application has environment variables that must be passed to a container for the application to
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 8

initialize.

How should the environment variables be passed to the container?

Options:
A- Define an array that includes the environment variables under the environment parameter
within the service definition.
B- Define an array that includes the environment variables under the environment parameter
within the task definition.
C- Define an array that includes the environment variables under the entryPoint parameter within
the task definition.
D- Define an array that includes the environment variables under the entryPoint parameter within
the service definition.

Answer:
B

Explanation:
This solution allows the environment variables to be passed to the container when it is launched
by AWS Fargate using Amazon ECS. The task definition is a text file that describes one or more
containers that form an application. It contains various parameters for configuring the containers,
such as CPU and memory requirements, network mode, and environment variables. The
environment parameter is an array of key-value pairs that specify environment variables to pass
to a container. Defining an array that includes the environment variables under the entryPoint
parameter within the task definition will not pass them to the container, but use them as
command-line arguments for overriding the default entry point of a container. Defining an array
that includes the environment variables under the environment or entryPoint parameter within
the service definition will not pass them to the container, but cause an error because these
parameters are not valid for a service definition.

Question 8
Question Type: MultipleChoice

A company is migrating its PostgreSQL database into the AWS Cloud. The company wants to use
a database that will secure and regularly rotate database credentials. The company wants a
solution that does not require additional programming overhead.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 9

Which solution will meet these requirements?

Options:
A- Use Amazon Aurora PostgreSQL tor the database. Store the database credentials in AWS
Systems Manager Parameter Store Turn on rotation.
B- Use Amazon Aurora PostgreSQL for the database. Store the database credentials in AWS
Secrets Manager Turn on rotation.
C- Use Amazon DynamoDB for the database. Store the database credentials in AWS Systems
Manager Parameter Store Turn on rotation.
D- Use Amazon DynamoDB for the database. Store the database credentials in AWS Secrets
Manager Turn on rotation.

Answer:
B

Explanation:
This solution meets the requirements because it uses a PostgreSQL-compatible database that can
secure and regularly rotate database credentials without requiring additional programming
overhead. Amazon Aurora PostgreSQL is a relational database service that is compatible with
PostgreSQL and offers high performance, availability, and scalability. AWS Secrets Manager is a
service that helps you protect secrets needed to access your applications, services, and IT
resources. You can store database credentials in AWS Secrets Manager and use them to access
your Aurora PostgreSQL database. You can also enable automatic rotation of your secrets
according to a schedule or an event. AWS Secrets Manager handles the complexity of rotating
secrets for you, such as generating new passwords and updating your database with the new
credentials. Using Amazon DynamoDB for the database will not meet the requirements because it
is a NoSQL database that is not compatible with PostgreSQL. Using AWS Systems Manager
Parameter Store for storing and rotating database credentials will require additional
programming overhead to integrate with your database.

Question 9
Question Type: MultipleChoice

A developer is testing a RESTful application that is deployed by using Amazon API Gateway and
AWS Lambda When the developer tests the user login by using credentials that are not valid, the
developer receives an HTTP 405 METHOD_NOT_ALLOWED error The developer has verified that
the test is sending the correct request for the resource
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 10

Which HTTP error should the application return in response to the request?

Options:
A- HTTP 401
B- HTTP 404
C- HTTP 503
D- HTTP 505

Answer:
A

Explanation:
HTTP Status Codes:Each HTTP status code has a specific meaning in RESTful APIs.

HTTP 405 (Method Not Allowed):Indicates that the request method (e.g., POST) is not supported
for the specified resource.

HTTP 401 (Unauthorized):Represents a failure to authenticate, which is the appropriate response

for invalid login credentials.

HTTP Status Codes:https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

Question 10
Question Type: MultipleChoice

A developer has observed an increase in bugs in the AWS Lambda functions that a development
team has deployed in its Node.js application.

To minimize these bugs, the developer wants to implement automated testing of Lambda
functions in an environment that closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer
also needs to integrate the tests into the team's continuous integration and continuous delivery
(CI/CD) pipeline before the AWS Cloud Development Kit (AWS CDK) deployment.

Which solution will meet these requirements?

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 11

Options:
A- Create sample events based on the Lambda documentation. Create automated test scripts
that use the cdk local invoke command to invoke the Lambda functions. Check the response.
Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run
the test scripts.
B- Install a unit testing framework that reproduces the Lambda execution environment. Create
sample events based on the Lambda documentation. Invoke the handler function by using a unit
testing framework. Check the response. Document how to run the unit testing framework for the
other developers on the team. Update the CI/CD pipeline to run the unit testing framework.
C- Install the AWS Serverless Application Model (AWS SAM) CLI tool. Use the sam local generate-
event command to generate sample events for the automated tests. Create automated test
scripts that use the sam local invoke command to invoke the Lambda functions. Check the
response. Document the test scripts for the other developers on the team. Update the CI/CD
pipeline to run the test scripts.
D- Create sample events based on the Lambda documentation. Create a Docker container from
the Node.js base image to invoke the Lambda functions. Check the response. Document how to
run the Docker container for the other developers on the team. Update the CllCD pipeline to run
the Docker container.

Answer:
C

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications3.Thesam local generate-
eventcommand of AWS SAM CLI generates sample events for automated tests3.Thesam local
invokecommand is used to invoke Lambda functions3. Therefore, option C is correct.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 12

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 1

Free Questions for DVA-C02

Shared by Farrell on 14-03-2023
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 2

Question 1
Question Type: MultipleChoice

A company has developed a new serverless application using AWS Lambda functions that will be
deployed using the AWS Serverless Application Model (AWS SAM) CLI.

Which step should the developer complete prior to deploying the application?

Options:
A- Compress the application to a zip file and upload it into AWS Lambda.
B- Test the new AWS Lambda function by first tracing it m AWS X-Ray.
C- Bundle the serverless application using a SAM package.
D- Create the application environment using the eb create my-env command.

Answer:
C

Explanation:
This step should be completed prior to deploying the application because it prepares the
application artifacts for deployment. The AWS Serverless Application Model (AWS SAM) is a
framework that simplifies building and deploying serverless applications on AWS. The AWS SAM
CLI is a command-line tool that helps you create, test, and deploy serverless applications using
AWS SAM templates. The sam package command bundles the application artifacts, such as
Lambda function code and API definitions, and uploads them to an Amazon S3 bucket. The
command also returns a CloudFormation template that is ready to be deployed with the sam
deploy command. Compressing the application to a zip file and uploading it to AWS Lambda will
not work because it does not use AWS SAM templates or CloudFormation. Testing the new
Lambda function by first tracing it in AWS X-Ray will not prepare the application for deployment,
but only monitor its performance and errors. Creating the application environment using the eb
create my-env command will not work because it is a command for AWS Elastic Beanstalk, not
AWS SAM.

Question 2
Question Type: MultipleChoice

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambd
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 3

a. The development team tests the API and validates responses for the known use cases before
deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand
will meet these requirements?

Options:
A- Sam local invoke
B- Sam local generate-event
C- Sam local start-lambda
D- Sam local start-api

Answer:
D

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications2.Thesam local start-
apisubcommand of AWS SAM CLI is used to simulate a REST API by starting a new local
endpoint3. Therefore, option D is correct.

Question 3
Question Type: MultipleChoice

A company built an online event platform For each event the company organizes quizzes and
generates leaderboards that are based on the quiz scores. The company stores the leaderboard
data in Amazon DynamoDB and retains the data for 30 days after an event is complete The
company then uses a scheduled job to delete the old leaderboard data

The DynamoDB table is configured with a fixed write capacity. During the months when many
events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.

A developer must create a long-term solution that deletes the old leaderboard data and optimizes
write throughput

Which solution meets these requirements?

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 4

Options:
A- Configure a TTL attribute for the leaderboard data
B- Use DynamoDB Streams to schedule and delete the leaderboard data
C- Use AWS Step Functions to schedule and delete the leaderboard data.
D- Set a higher write capacity when the scheduled delete job runs

Answer:
A

Explanation:
DynamoDB TTL (Time-to-Live):A native feature that automatically deletes items after a specified
expiration time.

Efficiency:Eliminates the need for scheduled deletion jobs, optimizing write throughput by
avoiding potential throttling conflicts.

Seamless Integration:TTL works directly within DynamoDB, requiring minimal development

overhead.

DynamoDB TTL
Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html

Question 4
Question Type: MultipleChoice

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write
access to an Amazon DynamoDB table The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the
DynamoDB table?

Options:
A- Attach the existing 1AM policy to the Lambda function.
B- Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach
the role to the Lambda function
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 5

C- Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add
the user access key ID and secret access key as environment variables in the Lambda function.
D- Add the AWS account root user access key ID and secret access key as encrypted environment
variables in the Lambda function

Answer:
B

Explanation:
Principle of Least Privilege:Granting specific permissions through an IAM role is more secure than
directly attaching policies to a function or using root user credentials.

IAM Roles for Lambda:Designed to provide temporary credentials to Lambda functions, enhancing
security.

Reusability:The existing IAM policy ensures the correct S3 and DynamoDB access is granted.

IAM Roles for Lambda

Documentation:https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

IAM Best Practices:https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Question 5
Question Type: MultipleChoice

A company has an application that runs as a series of AWS Lambda functions. Each Lambda
function receives data from an Amazon Simple Notification Service (Amazon SNS) topic and
writes the data to an Amazon Aurora DB instance.

To comply with an information security policy, the company must ensure that the Lambda
functions all use a single securely encrypted database connection string to access Aurora.

Which solution will meet these requirements'?

Options:
A- Use IAM database authentication for Aurora to enable secure database connections for ail the
Lambda functions.
B- Store the credentials and read the credentials from an encrypted Amazon RDS DB instance.
C- Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 6

D- Use Lambda environment variables with a shared AWS Key Management Service (AWS KMS)
key for encryption.

Answer:
A

Explanation:
This solution will meet the requirements by using IAM database authentication for Aurora, which
enables using IAM roles or users to authenticate with Aurora databases instead of using
passwords or other secrets. The developer can use IAM database authentication for Aurora to
enable secure database connections for all the Lambda functions that access Aurora DB instance.
The developer can create an IAM role with permission to connect to Aurora DB instance and
attach it to each Lambda function. The developer can also configure Aurora DB instance to use
IAM database authentication and enable encryption in transit using SSL certificates. This way, the
Lambda functions can use a single securely encrypted database connection string to access
Aurora without needing any secrets or passwords. Option B is not optimal because it will store
the credentials and read them from an encrypted Amazon RDS DB instance, which may introduce
additional costs and complexity for managing and accessing another RDS DB instance. Option C
is not optimal because it will store the credentials in AWS Systems Manager Parameter Store as a
secure string parameter, which may require additional steps or permissions to retrieve and
decrypt the credentials from Parameter Store. Option D is not optimal because it will use Lambda
environment variables with a shared AWS Key Management Service (AWS KMS) key for
encryption, which may not be secure or scalable as environment variables are stored as plain
text unless encrypted with AWS KMS.

Question 6
Question Type: MultipleChoice

A company has an ecommerce application. To track product reviews, the company's

development team uses an Amazon DynamoDB table.

Every record includes the following

* A Review ID a 16-digrt universally unique identifier (UUID)

* A Product ID and User ID 16 digit UUlDs that reference other tables

* A Product Rating on a scale of 1-5

* An optional comment from the user

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 7

The table partition key is the Review ID. The most performed query against the table is to find
the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query"?

Options:
A- A global secondary index (GSl) with Product ID as the partition key and Product Rating as the
sort key
B- A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort
key
C- A local secondary index (LSI) with Product ID as the partition key and Product Rating as the
sort key
D- A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

Answer:
A

Explanation:
This solution allows the fastest response for the query because it enables the query to use a
single partition key value (the Product ID) and a range of sort key values (the Product Rating) to
find the matching items. A global secondary index (GSI) is an index that has a partition key and
an optional sort key that are different from those on the base table. A GSI can be created at any
time and can be queried or scanned independently of the base table. A local secondary index
(LSI) is an index that has the same partition key as the base table, but a different sort key. An LSI
can only be created when the base table is created and must be queried together with the base
table partition key. Using a GSI with Product ID as the partition key and Review ID as the sort key
will not allow the query to use a range of sort key values to find the highest ratings. Using an LSI
with Product ID as the partition key and Product Rating as the sort key will not work because
Product ID is not the partition key of the base table. Using an LSI with Review ID as the partition
key and Product ID as the sort key will not allow the query to use a single partition key value to
find the matching items.

Question 7
Question Type: MultipleChoice

A developer needs to deploy an application running on AWS Fargate using Amazon ECS The
application has environment variables that must be passed to a container for the application to
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 8

initialize.

How should the environment variables be passed to the container?

Options:
A- Define an array that includes the environment variables under the environment parameter
within the service definition.
B- Define an array that includes the environment variables under the environment parameter
within the task definition.
C- Define an array that includes the environment variables under the entryPoint parameter within
the task definition.
D- Define an array that includes the environment variables under the entryPoint parameter within
the service definition.

Answer:
B

Explanation:
This solution allows the environment variables to be passed to the container when it is launched
by AWS Fargate using Amazon ECS. The task definition is a text file that describes one or more
containers that form an application. It contains various parameters for configuring the containers,
such as CPU and memory requirements, network mode, and environment variables. The
environment parameter is an array of key-value pairs that specify environment variables to pass
to a container. Defining an array that includes the environment variables under the entryPoint
parameter within the task definition will not pass them to the container, but use them as
command-line arguments for overriding the default entry point of a container. Defining an array
that includes the environment variables under the environment or entryPoint parameter within
the service definition will not pass them to the container, but cause an error because these
parameters are not valid for a service definition.

Question 8
Question Type: MultipleChoice

A company is migrating its PostgreSQL database into the AWS Cloud. The company wants to use
a database that will secure and regularly rotate database credentials. The company wants a
solution that does not require additional programming overhead.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 9

Which solution will meet these requirements?

Options:
A- Use Amazon Aurora PostgreSQL tor the database. Store the database credentials in AWS
Systems Manager Parameter Store Turn on rotation.
B- Use Amazon Aurora PostgreSQL for the database. Store the database credentials in AWS
Secrets Manager Turn on rotation.
C- Use Amazon DynamoDB for the database. Store the database credentials in AWS Systems
Manager Parameter Store Turn on rotation.
D- Use Amazon DynamoDB for the database. Store the database credentials in AWS Secrets
Manager Turn on rotation.

Answer:
B

Explanation:
This solution meets the requirements because it uses a PostgreSQL-compatible database that can
secure and regularly rotate database credentials without requiring additional programming
overhead. Amazon Aurora PostgreSQL is a relational database service that is compatible with
PostgreSQL and offers high performance, availability, and scalability. AWS Secrets Manager is a
service that helps you protect secrets needed to access your applications, services, and IT
resources. You can store database credentials in AWS Secrets Manager and use them to access
your Aurora PostgreSQL database. You can also enable automatic rotation of your secrets
according to a schedule or an event. AWS Secrets Manager handles the complexity of rotating
secrets for you, such as generating new passwords and updating your database with the new
credentials. Using Amazon DynamoDB for the database will not meet the requirements because it
is a NoSQL database that is not compatible with PostgreSQL. Using AWS Systems Manager
Parameter Store for storing and rotating database credentials will require additional
programming overhead to integrate with your database.

Question 9
Question Type: MultipleChoice

A developer is testing a RESTful application that is deployed by using Amazon API Gateway and
AWS Lambda When the developer tests the user login by using credentials that are not valid, the
developer receives an HTTP 405 METHOD_NOT_ALLOWED error The developer has verified that
the test is sending the correct request for the resource
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 10

Which HTTP error should the application return in response to the request?

Options:
A- HTTP 401
B- HTTP 404
C- HTTP 503
D- HTTP 505

Answer:
A

Explanation:
HTTP Status Codes:Each HTTP status code has a specific meaning in RESTful APIs.

HTTP 405 (Method Not Allowed):Indicates that the request method (e.g., POST) is not supported
for the specified resource.

HTTP 401 (Unauthorized):Represents a failure to authenticate, which is the appropriate response

for invalid login credentials.

HTTP Status Codes:https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

Question 10
Question Type: MultipleChoice

A developer has observed an increase in bugs in the AWS Lambda functions that a development
team has deployed in its Node.js application.

To minimize these bugs, the developer wants to implement automated testing of Lambda
functions in an environment that closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer
also needs to integrate the tests into the team's continuous integration and continuous delivery
(CI/CD) pipeline before the AWS Cloud Development Kit (AWS CDK) deployment.

Which solution will meet these requirements?

 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 11

Options:
A- Create sample events based on the Lambda documentation. Create automated test scripts
that use the cdk local invoke command to invoke the Lambda functions. Check the response.
Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run
the test scripts.
B- Install a unit testing framework that reproduces the Lambda execution environment. Create
sample events based on the Lambda documentation. Invoke the handler function by using a unit
testing framework. Check the response. Document how to run the unit testing framework for the
other developers on the team. Update the CI/CD pipeline to run the unit testing framework.
C- Install the AWS Serverless Application Model (AWS SAM) CLI tool. Use the sam local generate-
event command to generate sample events for the automated tests. Create automated test
scripts that use the sam local invoke command to invoke the Lambda functions. Check the
response. Document the test scripts for the other developers on the team. Update the CI/CD
pipeline to run the test scripts.
D- Create sample events based on the Lambda documentation. Create a Docker container from
the Node.js base image to invoke the Lambda functions. Check the response. Document how to
run the Docker container for the other developers on the team. Update the CllCD pipeline to run
the Docker container.

Answer:
C

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications3.Thesam local generate-
eventcommand of AWS SAM CLI generates sample events for automated tests3.Thesam local
invokecommand is used to invoke Lambda functions3. Therefore, option C is correct.
 Amazon DVA-C02 DUMPS BY Farrell 14-03-2023 10QA dumpshq - Page 12

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 1

Free Questions for DVA-C02

Shared by Grimes on 12-12-2023
For More Free Questions and Preparation Resources

Check the Links on Last Page

 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 2

Question 1
Question Type: MultipleChoice

A developer is creating an AWS Lambda function that consumes messages from an Amazon
Simple Queue Service (Amazon SQS) standard queue. The developer notices that the Lambda
function processes some messages multiple times.

How should developer resolve this issue MOST cost-effectively?

Options:
A- Change the Amazon SQS standard queue to an Amazon SQS FIFO queue by using the Amazon
SQS message deduplication ID.
B- Set up a dead-letter queue.
C- Set the maximum concurrency limit of the AWS Lambda function to 1
D- Change the message processing to use Amazon Kinesis Data Streams instead of Amazon SQS.

Answer:
A

Explanation:
Amazon Simple Queue Service (Amazon SQS) is a fully managed queue service that allows you to
de-couple and scale for applications1.Amazon SQS offers two types of queues: Standard and FIFO
(First In First Out) queues1.The FIFO queue uses themessageDeduplicationIdproperty to treat
messages with the same value as duplicate2. Therefore, changing the Amazon SQS standard
queue to an Amazon SQS FIFO queue using the Amazon SQS message deduplication ID can help
resolve the issue of the Lambda function processing some messages multiple times. Therefore,
option A is correct.

Question 2
Question Type: MultipleChoice

A developer creates a static website for their department The developer deploys the static assets
for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The
developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket

The developer notices users can access the root URL and specific pages but cannot access
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 3

directories without specifying a file name. For example, /products/index.html works, but /products
returns an error The developer needs to enable accessing directories without specifying a file
name without exposing the S3 bucket publicly.

Which solution will meet these requirements'?

Options:
A- Update the CloudFront distribution's settings to index.html as the default root object is set
B- Update the Amazon S3 bucket settings and enable static website hosting. Specify index html
as the Index document Update the S3 bucket policy to enable access. Update the CloudFront
distribution's origin to use the S3 website endpoint
C- Create a CloudFront function that examines the request URL and appends index.html when
directories are being accessed Add the function as a viewer request CloudFront function to the
CloudFront distribution's behavior.
D- Create a custom error response on the CloudFront distribution with the HTTP error code set to
the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP
response code to the HTTP 200 OK response code

Answer:
B

Explanation:
Problem: Directory access without file names fails.

S3 Static Website Hosting:

Configuring S3 as a static website enables automatic serving ofindex.htmlfor directory requests.

Bucket policies ensure correct access permissions.

Updating the CloudFront origin simplifies routing.

Avoiding Public Exposure: The S3 website endpoint allows CloudFront to access content without
making the bucket public.

S3 Static Website
Hosting:https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 4

Question 3
Question Type: MultipleChoice

A developer uses AWS CloudFormation to deploy an Amazon API Gateway API and an AWS Step
Functions state machine The state machine must reference the API Gateway API after the
CloudFormation template is deployed The developer needs a solution that uses the state machine
to reference the API Gateway endpoint.

Which solution will meet these requirements MOST cost-effectively?

Options:
A- Configure the CloudFormation template to reference the API endpoint in the
DefinitionSubstitutions property for the AWS StepFunctions StateMachme resource.
B- Configure the CloudFormation template to store the API endpoint in an environment variable
for the AWS::StepFunctions::StateMachine resourc Configure the state machine to reference the
environment variable
C- Configure the CloudFormation template to store the API endpoint in a standard AWS:
SecretsManager Secret resource Configure the state machine to reference the resource
D- Configure the CloudFormation template to store the API endpoint in a standard
AWS::AppConfig;:ConfigurationProfile resource Configure the state machine to reference
the resource.

Answer:
A

Explanation:
CloudFormation and Dynamic Reference:TheDefinitionSubstitutionsproperty in CloudFormation
allows you to pass values into Step Functions state machines at runtime.

Cost-Effectiveness:This solution is cost-effective as it leverages CloudFormation's built-in

capabilities, avoiding the need for additional services like Secrets Manager or AppConfig.

AWS Step Functions State

Machine:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfu
nctions-statemachine.html

CloudFormation
DefinitionSubstitutions:https://github.com/aws-cloudformation/aws-cloudformation-resource-provi
ders-stepfunctions/issues/14
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 5

Question 4
Question Type: MultipleChoice

A developer needs to build an AWS CloudFormation template that self-populates the AWS Region
variable that deploys the CloudFormation template

What is the MOST operationally efficient way to determine the Region in which the template is
being deployed?

Options:
A- Use the AWS:.Region pseudo parameter
B- Require the Region as a CloudFormation parameter
C- Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic
function
D- Dynamically import the Region by referencing the relevant parameter in AWS Systems
Manager Parameter Store

Answer:
A

Explanation:
Pseudo Parameters:CloudFormation provides pseudo parameters that reference runtime context,
including the current AWS Region.

Operational Efficiency:TheAWS::Regionpseudo parameter offers the most direct and self-

contained way to obtain the Region dynamically within the template.

CloudFormation Pseudo
Parameters:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-paramet
er-reference.html

Question 5
Question Type: MultipleChoice

A company is building a compute-intensive application that will run on a fleet of Amazon EC2
instances. The application uses attached Amazon
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 6

Elastic Block Store (Amazon EBS) volumes for storing dat

a. The Amazon EBS volumes will be created at time of initial deployment. The

application will process sensitive information. All of the data must be encrypted. The solution
should not impact the application's performance.

Which solution will meet these requirements?

Options:
A- Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.
B- Configure the application to write all data to an encrypted Amazon S3 bucket.
C- Configure a custom encryption algorithm for the application that will encrypt and decrypt all
data.
D- Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the
data to ephemeral disks.

Answer:
A

Explanation:
Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with
Amazon EC2 instances1.Amazon EBS encryption offers a straight-forward encryption solution for
your EBS resources associated with your EC2 instances1.When you create an encrypted EBS
volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume, all data moving between the volume and the instance, all
snapshots created from the volume, and all volumes created from those snapshots1. Therefore,
option A is correct.

Question 6
Question Type: MultipleChoice

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambd

a. The development team tests the API and validates responses for the known use cases before
deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 7

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand
will meet these requirements?

Options:
A- Sam local invoke
B- Sam local generate-event
C- Sam local start-lambda
D- Sam local start-api

Answer:
D

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications2.Thesam local start-
apisubcommand of AWS SAM CLI is used to simulate a REST API by starting a new local
endpoint3. Therefore, option D is correct.

Question 7
Question Type: MultipleChoice

A developer wants to add request validation to a production environment Amazon API Gateway
API. The developer needs to test the changes

before the API is deployed to the production environment. For the test, the developer will send
test requests to the API through a testing tool.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A- Export the existing API to an OpenAPI file. Create a new API. Import the OpenAPI file. Modify
the new API to add request validation. Perform the tests. Modify the existing API to add request
validation. Deploy the existing API to production.
B- Modify the existing API to add request validation. Deploy the updated API to a new API
Gateway stage. Perform the tests. Deploy the updated API to the API Gateway production stage.
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 8

C- Create a new API. Add the necessary resources and methods, including new request validation.
Perform the tests. Modify the existing API to add request validation. Deploy the existing API to
production.
D- Clone the existing API. Modify the new API to add request validation. Perform the tests. Modify
the existing API to add request validation. Deploy the existing API to production.

Answer:
B

Explanation:
Amazon API Gateway allows you to create, deploy, and manage a RESTful API to expose backend
HTTP endpoints, AWS Lambda functions, or other AWS services1.You can use API Gateway to
perform basic validation of an API request before proceeding with the integration request1.When
the validation fails, API Gateway immediately fails the request, returns a 400 error response to
the caller, and publishes the validation results in CloudWatch Logs1.

To test changes before deploying to a production environment, you can modify the existing API to
add request validation and deploy the updated API to a new API Gateway stage1. This allows you
to perform tests without affecting the production environment.Once testing is complete and
successful, you can then deploy the updated API to the API Gateway production stage1.

This approach has the least operational overhead as it avoids unnecessary creation of new APIs
or exporting and importing of APIs.It leverages the existing infrastructure and only requires
changes in the configuration of the existing API1.

Question 8
Question Type: MultipleChoice

A company developed an API application on AWS by using Amazon CloudFront, Amazon API
Gateway, and AWS Lambd

a. The API has a

minimum of four requests every second. A developer notices that many API users run the same
query by using the POST method. The developer

wants to cache the POST request to optimize the API resources.

Which solution will meet these requirements?

 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 9

Options:
A- Configure the CloudFront cache. Update the application to return cached content based upon
the default request headers.
B- Override the cache method in the selected stage of API Gateway. Select the POST method.
C- Save the latest request response in Lambda /tmp directory. Update the Lambda function to
check the /tmp directory.
D- Save the latest request in AWS Systems Manager Parameter Store. Modify the Lambda
function to take the latest request response from Parameter Store.

Answer:
B

Explanation:
Amazon API Gateway provides tools for creating and documenting web APIs that route HTTP
requests to Lambda functions2. You can secure access to your API with authentication and
authorization controls.Your APIs can serve traffic over the internet or can be accessible only
within your VPC2.You can override the cache method in the selected stage of API Gateway2.
Therefore, option B is correct.

Question 9
Question Type: MultipleChoice

A developer is troubleshooting an application in an integration environment. In the application,

an Amazon Simple Queue Service (Amazon SQS) queue consumes messages and then an AWS
Lambda function processes the messages. The Lambda function transforms the messages and
makes an API call to a third-party service.

There has been an increase in application usage. The third-party API frequently returns an HTTP
429 Too Many Requests error message. The error message prevents a significant number of
messages from being processed successfully.

How can the developer resolve this issue?

Options:
A- Increase the SQS event source's batch size setting.
B- Configure provisioned concurrency for the Lambda function based on the third-party API's
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 10

documented rate limits.

C- Increase the retry attempts and maximum event age in the Lambda function's asynchronous
configuration.
D- Configure maximum concurrency on the SQS event source based on the third-party service's
documented rate limits.

Answer:
D

Explanation:
Maximum concurrency for SQS as an event source allows customers to control the maximum
concurrent invokes by the SQS event source1.When multiple SQS event sources are configured to
a function, customers can control the maximum concurrent invokes of individual SQS event
source1.

In this scenario, the developer needs to resolve the issue of the third-party API frequently
returning an HTTP 429 Too Many Requests error message, which prevents a significant number of
messages from being processed successfully. To achieve this, the developer can follow these
steps:

Find out the documented rate limits of the third-party API, which specify how many requests can
be made in a given time period.

Configure maximum concurrency on the SQS event source based on the rate limits of the third-
party API. This will limit the number of concurrent invokes by the SQS event source and prevent
exceeding the rate limits of the third-party API.

Test and monitor the application performance and adjust the maximum concurrency value as
needed.

By using this solution, the developer can reduce the frequency of HTTP 429 errors and improve
the message processing success rate. The developer can also avoid throttling or blocking by the
third-party API.

Question 10
Question Type: MultipleChoice

A developer is building a new application on AWS. The application uses an AWS Lambda function
that retrieves information from an Amazon DynamoDB table. The developer hard coded the
DynamoDB table name into the Lambda function code. The table name might change over time.
The developer does not want to modify the Lambda code if the table name changes.
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 11

Which solution will meet these requirements MOST efficiently?

Options:
A- Create a Lambda environment variable to store the table name. Use the standard method for
the programming language to retrieve the variable.
B- Store the table name in a file. Store the file in the /tmp folder. Use the SDK for the
programming language to retrieve the table name.
C- Create a file to store the table name. Zip the file and upload the file to the Lambda layer. Use
the SDK for the programming language to retrieve the table name.
D- Create a global variable that is outside the handler in the Lambda function to store the table
name.

Answer:
A

Explanation:
The solution that will meet the requirements most efficiently is to create a Lambda environment
variable to store the table name. Use the standard method for the programming language to
retrieve the variable. This way, the developer can avoid hard-coding the table name in the
Lambda function code and easily change the table name by updating the environment variable.
The other options either involve storing the table name in a file, which is less efficient and secure
than using an environment variable, or creating a global variable, which is not recommended as
it can cause concurrency issues.

Question 11
Question Type: MultipleChoice

A company is building an application for stock trading. The application needs sub-millisecond
latency for processing trade requests. The company uses Amazon DynamoDB to store all the
trading data that is used to process each trading request A development team performs load
testing on the application and finds that the data retrieval time is higher than expected. The
development team needs a solution that reduces the data retrieval time with the least possible
effort.

Which solution meets these requirements'?

 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 12

Options:
A- Add local secondary indexes (LSis) for the trading data.
B- Store the trading data m Amazon S3 and use S3 Transfer Acceleration.
C- Add retries with exponential back off for DynamoDB queries.
D- Use DynamoDB Accelerator (DAX) to cache the trading data.

Answer:
D

Explanation:
This solution will meet the requirements by using DynamoDB Accelerator (DAX), which is a fully
managed, highly available, in-memory cache for DynamoDB that delivers up to a 10 times
performance improvement - from milliseconds to microseconds - even at millions of requests per
second. The developer can use DAX to cache the trading data that is used to process each
trading request, which will reduce the data retrieval time with the least possible effort. Option A
is not optimal because it will add local secondary indexes (LSIs) for the trading data, which may
not improve the performance or reduce the latency of data retrieval, as LSIs are stored on the
same partition as the base table and share the same provisioned throughput. Option B is not
optimal because it will store the trading data in Amazon S3 and use S3 Transfer Acceleration,
which is a feature that enables fast, easy, and secure transfers of files over long distances
between S3 buckets and clients, not between DynamoDB and clients. Option C is not optimal
because it will add retries with exponential backoff for DynamoDB queries, which is a strategy to
handle transient errors by retrying failed requests with increasing delays, not by reducing data
retrieval time.
 ebraindumps DVA-C02 QUESTIONS BY Grimes 12-12-2023 11QA - Page 13

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
Free Questions for DVA-C02 by vceexamstest
Shared by Sparks on 18-01-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

Question 1
Question Type: MultipleChoice

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance
with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to me S3 bucket in the MOST secure way?

Options:
A) Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access me
required S3 objects.

B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets
Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects.

C) Create a Lambda function execution role Attach a policy to the rote that grants access to specific objects in the S3 bucket.

D) Create a secret access key and access key ID with permission to access the S3 bucket Store the key and key ID as environment
variables m Lambda. Use the environment variables to access the required S3 objects.

Answer:
C
 Explanation:
This solution will meet the requirements by creating a Lambda function execution role, which is an IAM role that grants permissions to a
Lambda function to access AWS resources such as Amazon S3 objects. The developer can attach a policy to the role that grants access
to specific objects in the S3 bucket that are required by the application, following the principle of least privilege. Option A is not optimal
because it will hardcode the credentials that are required to access S3 objects in the application code, which is insecure and difficult to
maintain. Option B is not optimal because it will create a secret access key and access key ID with permission to access the S3 bucket,
which will introduce additional security risks and complexity for storing and managing credentials. Option D is not optimal because it will
store the secret access key and access key ID as environment variables in Lambda, which is also insecure and difficult to maintain.

Question 2
Question Type: MultipleChoice

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance
with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to me S3 bucket in the MOST secure way?
Options:
A) Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access me
required S3 objects.

B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets
Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects.

C) Create a Lambda function execution role Attach a policy to the rote that grants access to specific objects in the S3 bucket.

D) Create a secret access key and access key ID with permission to access the S3 bucket Store the key and key ID as environment
variables m Lambda. Use the environment variables to access the required S3 objects.

Answer:
C

Explanation:
This solution will meet the requirements by creating a Lambda function execution role, which is an IAM role that grants permissions to a
Lambda function to access AWS resources such as Amazon S3 objects. The developer can attach a policy to the role that grants access
to specific objects in the S3 bucket that are required by the application, following the principle of least privilege. Option A is not optimal
because it will hardcode the credentials that are required to access S3 objects in the application code, which is insecure and difficult to
maintain. Option B is not optimal because it will create a secret access key and access key ID with permission to access the S3 bucket,
which will introduce additional security risks and complexity for storing and managing credentials. Option D is not optimal because it will
store the secret access key and access key ID as environment variables in Lambda, which is also insecure and difficult to maintain.
To Get Premium Files for DVA-C02 Visit
https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 1

Free Questions for DVA-C02

Shared by Sampson on 29-01-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 2

Question 1
Question Type: MultipleChoice

A developer wants to add request validation to a production environment Amazon API Gateway
API. The developer needs to test the changes

before the API is deployed to the production environment. For the test, the developer will send
test requests to the API through a testing tool.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A- Export the existing API to an OpenAPI file. Create a new API. Import the OpenAPI file. Modify
the new API to add request validation. Perform the tests. Modify the existing API to add request
validation. Deploy the existing API to production.
B- Modify the existing API to add request validation. Deploy the updated API to a new API
Gateway stage. Perform the tests. Deploy the updated API to the API Gateway production stage.
C- Create a new API. Add the necessary resources and methods, including new request validation.
Perform the tests. Modify the existing API to add request validation. Deploy the existing API to
production.
D- Clone the existing API. Modify the new API to add request validation. Perform the tests. Modify
the existing API to add request validation. Deploy the existing API to production.

Answer:
B

Explanation:
Amazon API Gateway allows you to create, deploy, and manage a RESTful API to expose backend
HTTP endpoints, AWS Lambda functions, or other AWS services1.You can use API Gateway to
perform basic validation of an API request before proceeding with the integration request1.When
the validation fails, API Gateway immediately fails the request, returns a 400 error response to
the caller, and publishes the validation results in CloudWatch Logs1.

To test changes before deploying to a production environment, you can modify the existing API to
add request validation and deploy the updated API to a new API Gateway stage1. This allows you
to perform tests without affecting the production environment.Once testing is complete and
successful, you can then deploy the updated API to the API Gateway production stage1.

This approach has the least operational overhead as it avoids unnecessary creation of new APIs
or exporting and importing of APIs.It leverages the existing infrastructure and only requires
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 3

changes in the configuration of the existing API1.

Question 2
Question Type: MultipleChoice

A company hosts its application on AWS. The application runs on an Amazon Elastic Container
Service (Amazon ECS) cluster that uses AWS Fargate. The cluster runs behind an Application Load
Balancer The application stores data in an Amazon Aurora database A developer encrypts and
manages database credentials inside the application

The company wants to use a more secure credential storage method and implement periodic
credential rotation.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A- Migrate the secret credentials to Amazon RDS parameter groups. Encrypt the parameter by
using an AWS Key Management Service (AWS KMS) key Turn on secret rotation. Use 1AM policies
and roles to grant AWS KMS permissions to access Amazon RDS.
B- Migrate the credentials to AWS Systems Manager Parameter Store. Encrypt the parameter by
using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use 1AM policies
and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager
C- Migrate the credentials to ECS Fargate environment variables. Encrypt the credentials by using
an AWS Key Management Service (AWS KMS) key Turn on secret rotation. Use 1AM policies and
roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.
D- Migrate the credentials to AWS Secrets Manager. Encrypt the credentials by using an AWS Key
Management Service (AWS KMS) key Turn on secret rotation Use 1AM policies and roles to grant
Amazon ECS Fargate permissions to access to AWS Secrets Manager by using keys.

Answer:
D

Explanation:
Secrets Management:AWS Secrets Manager is designed specifically for storing and managing
sensitive credentials.

Built-in Rotation:Secrets Manager provides automatic secret rotation functionality, enhancing

security posture significantly.
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 4

IAM Integration:IAM policies and roles grant fine-grained access to ECS Fargate, ensuring the
principle of least privilege.

Reduced Overhead:This solution centralizes secrets management and automates rotation,

reducing operational overhead compared to the other options.

AWS Secrets Manager:https://aws.amazon.com/secrets-manager/

Secrets Manager
Rotation:https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html

IAM for Secrets

Manager:https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_iam-po
licies.html

Question 3
Question Type: MultipleChoice

A company has built an AWS Lambda function to convert large image files into output files that
can be used in a third-party viewer application The company recently added a new module to the
function to improve the output of the generated files However, the new module has increased the
bundle size and has increased the time that is needed to deploy changes to the function code.

How can a developer increase the speed of the Lambda function deployment?

Options:
A- Use AWS CodeDeploy to deploy the function code
B- Use Lambda layers to package and load dependencies.
C- Increase the memory size of the function.
D- Use Amazon S3 to host the function dependencies

Answer:
B

Explanation:
Problem: Large bundle size increases Lambda deployment time.

Lambda Layers: Layers let you package dependencies separately from your function code. This
optimizes the deployment package, making updates faster.
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 5

Modularization: Breaking down dependencies into layers improves code organization and
reusability.

AWS Lambda Layers:https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html

Question 4
Question Type: MultipleChoice

A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have
caching enabled in API Gateway. Customers need a way to invalidate the cache for each API
when they test the API.

What should a developer do to give customers the ability to invalidate the API cache?

Options:
A- Ask the customers to use AWS credentials to call the InvalidateCache API operation.
B- Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke
the API. Ask the customers to send a request that contains the
HTTP header when they make an API call.
C- Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API
operation.
D- Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke
the API. Ask the customers to add the INVALIDATE_CACHE query
string parameter when they make an API call.

Answer:
D

Question 5
Question Type: MultipleChoice

A developer is optimizing an AWS Lambda function and wants to test the changes in production
on a small percentage of all traffic. The Lambda function serves requests to a REST API in
Amazon API Gateway. The developer needs to deploy their changes and perform a test in
production without changing the API Gateway URL.

Which solution will meet these requirements?

 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 6

Options:
A- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function version. Upload and publish the
optimized Lambda function code. On the production API Gateway stage, define a canary release
and set the percentage of traffic to direct to the canary release. Update the API Gateway
endpoint to use the $LATEST version of the Lambda function. Publish the API to the canary stage.
B- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function version. Upload and publish the
optimized Lambda function code. Update the API Gateway endpoint to use the $LATEST version
of the Lambda function.
Deploy a new API Gateway stage.
C- Define an alias on the $LATEST version of the Lambda function. Update the API Gateway
endpoint to reference the new Lambda function alias. Upload and
publish the optimized Lambda function code. On the production API Gateway stage, define a
canary release and set the percentage of traffic to direct to the canary release. Update the API
Gateway endpoint to use the SLAT EST version of the Lambda function. Publish to the canary
stage.
D- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function
Deploy the API to the production API Gateway stage.

Answer:
C

Explanation:
A Lambda alias is a pointer to a specific Lambda function version or another alias1.A Lambda
alias allows you to invoke different versions of a function using the same name1.You can also
split traffic between two aliases by assigning weights to them1.

In this scenario, the developer needs to test their changes in production on a small percentage of
all traffic without changing the API Gateway URL. To achieve this, the developer can follow these
steps:

Define an alias on the $LATEST version of the Lambda function. This will create a new alias that
points to the latest code of the function.

Update the API Gateway endpoint to reference the new Lambda function alias. This will make the
API Gateway invoke the alias instead of a specific version of the function.

Upload and publish the optimized Lambda function code. This will update the $LATEST version of
the function with the new code.
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 7

On the production API Gateway stage, define a canary release and set the percentage of traffic to
direct to the canary release.This will enable API Gateway to perform a canary deployment on a
new API2.A canary deployment is a software development strategy in which a new version of an
API is deployed for testing purposes, and the base version remains deployed as a production
release for normal operations on the same stage2.The canary release receives a small
percentage of API traffic and the production release takes up the rest2.

Update the API Gateway endpoint to use the $LATEST version of the Lambda function. This will
make the canary release invoke the latest code of the function, which contains the optimized
changes.

Publish to the canary stage. This will deploy the changes to a subset of users for testing.

By using this solution, the developer can test their changes in production on a small percentage
of all traffic without changing the API Gateway URL.The developer can also monitor and compare
metrics between the canary and production releases, and promote or disable the canary as
needed2.

Question 6
Question Type: MultipleChoice

A developer is building a new application on AWS. The application uses an AWS Lambda function
that retrieves information from an Amazon DynamoDB table. The developer hard coded the
DynamoDB table name into the Lambda function code. The table name might change over time.
The developer does not want to modify the Lambda code if the table name changes.

Which solution will meet these requirements MOST efficiently?

Options:
A- Create a Lambda environment variable to store the table name. Use the standard method for
the programming language to retrieve the variable.
B- Store the table name in a file. Store the file in the /tmp folder. Use the SDK for the
programming language to retrieve the table name.
C- Create a file to store the table name. Zip the file and upload the file to the Lambda layer. Use
the SDK for the programming language to retrieve the table name.
D- Create a global variable that is outside the handler in the Lambda function to store the table
name.

Answer:
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 8

Explanation:
The solution that will meet the requirements most efficiently is to create a Lambda environment
variable to store the table name. Use the standard method for the programming language to
retrieve the variable. This way, the developer can avoid hard-coding the table name in the
Lambda function code and easily change the table name by updating the environment variable.
The other options either involve storing the table name in a file, which is less efficient and secure
than using an environment variable, or creating a global variable, which is not recommended as
it can cause concurrency issues.

Question 7
Question Type: MultipleChoice

A company runs a batch processing application by using AWS Lambda functions and Amazon API
Gateway APIs with deployment stages for development, user acceptance testing and production
A development team needs to configure the APIs in the deployment stages to connect to third-
party service endpoints.

Which solution will meet this requirement?

Options:
A- Store the third-party service endpoints in Lambda layers that correspond to the stage
B- Store the third-party service endpoints in API Gateway stage variables that correspond to the
stage
C- Encode the third-party service endpoints as query parameters in the API Gateway request URL.
D- Store the third-party service endpoint for each environment in AWS AppConfig

Answer:
B

Explanation:
API Gateway Stage Variables: These are designed for configuring dynamic values for your APIs in
different deployment stages (dev, test, prod). Here's how to use them for third-party endpoints:

In the API Gateway console,access the 'Stages' section of your API.

 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 9

For each stage,create a stage variable named something likethirdPartyEndpoint.

Set the value of this variable to the actual endpoint URL for that specific environment.

When configuring API requests within your API Gateway method,reference this endpoint
using${stageVariables.thirdPartyEndpoint}.

Why Stage Variables Excel Here:

Environment Isolation:This approach keeps the endpoint configuration specific to each

deployment stage,ensuring the right endpoints are used during development,testing,and
production cycles.

Ease of Management:You manage the endpoints directly through the API Gateway console
without additional infrastructure.

Amazon API Gateway Stage

Variables:https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html

Question 8
Question Type: MultipleChoice

A developer at a company needs to create a small application that makes the same API call once
each day at a designated time. The company does not have infrastructure in the AWS Cloud yet,
but the company wants to implement this functionality on AWS.

Which solution meets these requirements in the MOST operationally efficient manner?

Options:
A- Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS).
B- Use an Amazon Linux crontab scheduled job that runs on Amazon EC2.
C- Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.
D- Use an AWS Batch job that is submitted to an AWS Batch job queue.

Answer:
C

Explanation:
The correct answer is C. Use an AWS Lambda function that is invoked by an Amazon EventBridge
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 10

scheduled event.

C . Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.
This is correct. AWS Lambda is a serverless compute service that lets you run code without
provisioning or managing servers. Lambda runs your code on a high-availability compute
infrastructure and performs all of the administration of the compute resources, including server
and operating system maintenance, capacity provisioning and automatic scaling, and logging1.
Amazon EventBridge is a serverless event bus service that enables you to connect your
applications with data from a variety of sources2. EventBridge can create rules that run on a
schedule, either at regular intervals or at specific times and dates, and invoke targets such as
Lambda functions3. This solution meets the requirements of creating a small application that
makes the same API call once each day at a designated time, without requiring any infrastructure
in the AWS Cloud or any operational overhead.

A . Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS).
This is incorrect. Amazon EKS is a fully managed Kubernetes service that allows you to run
containerized applications on AWS4. Kubernetes cron jobs are tasks that run periodically on a
given schedule5. This solution could meet the functional requirements of creating a small
application that makes the same API call once each day at a designated time, but it would not be
the most operationally efficient manner. The company would need to provision and manage an
EKS cluster, which would incur additional costs and complexity.

B . Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. This is incorrect.
Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud6.
Crontab is a Linux utility that allows you to schedule commands or scripts to run automatically at
a specified time or date7. This solution could meet the functional requirements of creating a
small application that makes the same API call once each day at a designated time, but it would
not be the most operationally efficient manner. The company would need to provision and
manage an EC2 instance, which would incur additional costs and complexity.

D . Use an AWS Batch job that is submitted to an AWS Batch job queue. This is incorrect. AWS
Batch enables you to run batch computing workloads on the AWS Cloud8. Batch jobs are units of
work that can be submitted to job queues, where they are executed in parallel or sequentially on
compute environments9. This solution could meet the functional requirements of creating a small
application that makes the same API call once each day at a designated time, but it would not be
the most operationally efficient manner. The company would need to configure and manage an
AWS Batch environment, which would incur additional costs and complexity.

1: What is AWS Lambda? - AWS Lambda

2: What is Amazon EventBridge? - Amazon EventBridge

3: Creating an Amazon EventBridge rule that runs on a schedule - Amazon EventBridge

4: What is Amazon EKS? - Amazon EKS

5: CronJob - Kubernetes
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 11

6: What is Amazon EC2? - Amazon EC2

7: Crontab in Linux with 20 Useful Examples to Schedule Jobs - Tecmint

8: What is AWS Batch? - AWS Batch

9: Jobs - AWS Batch

Question 9
Question Type: MultipleChoice

A developer needs to build an AWS CloudFormation template that self-populates the AWS Region
variable that deploys the CloudFormation template

What is the MOST operationally efficient way to determine the Region in which the template is
being deployed?

Options:
A- Use the AWS:.Region pseudo parameter
B- Require the Region as a CloudFormation parameter
C- Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic
function
D- Dynamically import the Region by referencing the relevant parameter in AWS Systems
Manager Parameter Store

Answer:
A

Explanation:
Pseudo Parameters:CloudFormation provides pseudo parameters that reference runtime context,
including the current AWS Region.

Operational Efficiency:TheAWS::Regionpseudo parameter offers the most direct and self-

contained way to obtain the Region dynamically within the template.

CloudFormation Pseudo
Parameters:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-paramet
er-reference.html
Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 12
 Amazon DVA-C02 certscare ACTUAL QUESTIONS BY Sampson 29-01-2024 9QA - Page 13

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 1

Free Questions for DVA-C02

Shared by Gamble on 15-04-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 2

Question 1
Question Type: MultipleChoice

A developer is creating a mobile application that will not require users to log in.

What is the MOST efficient method to grant users access to AWS resources'?

Options:
A- Use an identity provider to securely authenticate with the application.
B- Create an AWS Lambda function to create an 1AM user when a user accesses the application.
C- Create credentials using AWS KMS and apply these credentials to users when using the
application.
D- Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited
access to resources.

Answer:
D

Explanation:
This solution is the most efficient method to grant users access to AWS resources without
requiring them to log in. Amazon Cognito is a service that provides user sign-up, sign-in, and
access control for web and mobile applications. Amazon Cognito identity pools support both
authenticated and unauthenticated users. Unauthenticated users receive access to your AWS
resources even if they aren't logged in with any of your identity providers (IdPs). You can use
Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to
resources, such as Amazon S3 buckets or DynamoDB tables. This degree of access is useful to
display content to users before they log in or to allow them to perform certain actions without
signing up. Using an identity provider to securely authenticate with the application will require
users to log in, which does not meet the requirement. Creating an AWS Lambda function to
create an IAM user when a user accesses the application will incur unnecessary costs and
complexity, and may pose security risks if not implemented properly. Creating credentials using
AWS KMS and applying them to users when using the application will also incur unnecessary
costs and complexity, and may not provide fine-grained access control for resources.

Question 2
Question Type: MultipleChoice
braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 3

A company is building a micro services app1 cation that consists of many AWS Lambda functions.
The development team wants to use AWS Serverless Application Model (AWS SAM) templates to
automatically test the Lambda functions. The development team plans to test a small percentage
of traffic that is directed to new updates before the team commits to a full deployment of the
application.

Which combination of steps will meet these requirements in the MOST operationally efficient
way? (Select TWO.)

Options:
A- Use AWS SAM CLI commands in AWS CodeDeploy lo invoke the Lambda functions lo lest the
deployment
B- Declare the EventlnvokeConfig on the Lambda functions in the AWS SAM templates with
OnSuccess and OnFailure configurations.
C- Enable gradual deployments through AWS SAM templates.
D- Set the deployment preference type to Canary10Percen130Minutes Use hooks to test the
deployment.
E- Set the deployment preference type to Linear10PefcentEvery10Minutes Use hooks to test the
deployment.

Answer:
C, D

Explanation:
This solution will meet the requirements by using AWS Serverless Application Model (AWS SAM)
templates and gradual deployments to automatically test the Lambda functions. AWS SAM
templates are configuration files that define serverless applications and resources such as
Lambda functions. Gradual deployments are a feature of AWS SAM that enable deploying new
versions of Lambda functions incrementally, shifting traffic gradually, and performing validation
tests during deployment. The developer can enable gradual deployments through AWS SAM
templates by adding a DeploymentPreference property to each Lambda function resource in the
template. The developer can set the deployment preference type to Canary10Percent30Minutes,
which means that 10 percent of traffic will be shifted to the new version of the Lambda function
for 30 minutes before shifting 100 percent of traffic. The developer can also use hooks to test the
deployment, which are custom Lambda functions that run before or after traffic shifting and
perform validation tests or rollback actions.
 braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 4

Question 3
Question Type: MultipleChoice

A company is creating an application that processes csv files from Amazon S3 A developer has
created an S3 bucket The developer has also created an AWS Lambda function to process the csv
files from the S3 bucket

Which combination of steps will invoke the Lambda function when a csv file is uploaded to
Amazon S3? (Select TWO.)

Options:
A- Create an Amazon EventBridge rule Configure the rule with a pattern to match the S3 object
created event
B- Schedule an Amazon EventBridge rule to run a new Lambda function to scan the S3 bucket.
C- Add a trigger to the existing Lambda function. Set the trigger type to EventBridge Select the
Amazon EventBridge rule.
D- Create a new Lambda function to scan the S3 bucket for recently added S3 objects
E- Add S3 Lifecycle rules to invoke the existing Lambda function

Answer:
A, E

Explanation:
Amazon EventBridge:A service that reacts to events from various AWS sources, including S3.
Rules define which events trigger actions (like invoking Lambda functions).

S3 Object Created Events:EventBridge can detect these, providing seamless integration for
automated CSV processing.

S3 Lifecycle Rules:Allow for actions based on object age or prefixes. These can directly trigger
Lambda functions for file processing.

Amazon EventBridge Documentation:https://docs.aws.amazon.com/eventbridge/

Working with S3 Event

Notifications:https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html

S3 Lifecycle
Configuration:https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.ht
ml
 braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 5

Question 4
Question Type: MultipleChoice

A company runs a payment application on Amazon EC2 instances behind an Application Load
Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The
application needs to retrieve application secrets during the application startup and export the
secrets as environment variables These secrets must be encrypted at rest and need to be rotated
every month.

Which solution will meet these requirements with the LEAST development effort?

Options:
A- Save the secrets in a text file and store the text file in Amazon S3 Provision a customer
managed key Use the key for secret encryption in Amazon S3 Read the contents of the text file
and read the export as environment variables Configure S3 Object Lambda to rotate the text file
every month
B- Save the secrets as strings in AWS Systems Manager Parameter Store and use the default AWS
Key Management Service (AWS KMS) key Configure an Amazon EC2 user data script to retrieve
the secrets during the startup and export as environment variables Configure an AWS Lambda
function to rotate the secrets in Parameter Store every month.
C- Save the secrets as base64 encoded environment variables in the application properties.
Retrieve the secrets during the application startup. Reference the secrets in the application code.
Write a script to rotate the secrets saved as environment variables.
D- Store the secrets in AWS Secrets Manager Provision a new customer master key Use the key
to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 user data script to
programmatically retrieve the secrets during the startup and export as environment variables

Answer:
D

Explanation:
AWS Secrets Manager:Built for managing secrets, providing encryption, automatic rotation, and
access control.

Customer Master Key (CMK):Provides an extra layer of control over encryption through AWS KMS.

Automatic Rotation:Enhances security by regularly changing the secret.

User Data Script:Allows secrets retrieval at instance startup and sets them as environment
 braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 6
variables for seamless use within the application.

AWS Secrets Manager Documentation:https://docs.aws.amazon.com/secretsmanager/

AWS KMS Documentation:https://docs.aws.amazon.com/kms/

User Data for EC2

Instances:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

Question 5
Question Type: MultipleChoice

A company has an analytics application that uses an AWS Lambda function to process transaction
data asynchronously A developer notices that asynchronous invocations of the Lambda function
sometimes fail When failed Lambda function invocations occur, the developer wants to invoke a
second Lambda function to handle errors and log details.

Which solution will meet these requirements?

Options:
A- Configure a Lambda function destination with a failure condition Specify Lambda function as
the destination type Specify the error-handling Lambda function's Amazon Resource Name (ARN)
as the resource
B- Enable AWS X-Ray active tracing on the initial Lambda function. Configure X-Ray to capture
stack traces of the failed invocations. Invoke the error-handling Lambda function by including the
stack traces in the event object.
C- Configure a Lambda function trigger with a failure condition Specify Lambda function as the
destination type Specify the error-handling Lambda function's Amazon Resource Name (ARN) as
the resource
D- Create a status check alarm on the initial Lambda function. Configure the alarm to invoke the
error-handling Lambda function when the alarm is initiated. Ensure that the alarm passes the
stack trace in the event object.

Answer:
A

Explanation:
Lambda Destinations on Failure:Allow routing asynchronous function invocations to specified
 braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 7
resources (like another Lambda function) upon failure.

Error Handling:The error-handling Lambda receives details about the failure, enabling logging and
custom actions.

Direct Integration:This solution leverages native Lambda functionality for a simpler

implementation.

Question 6
Question Type: MultipleChoice

A developer creates a static website for their department The developer deploys the static assets
for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The
developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket

The developer notices users can access the root URL and specific pages but cannot access
directories without specifying a file name. For example, /products/index.html works, but /products
returns an error The developer needs to enable accessing directories without specifying a file
name without exposing the S3 bucket publicly.

Which solution will meet these requirements'?

Options:
A- Update the CloudFront distribution's settings to index.html as the default root object is set
B- Update the Amazon S3 bucket settings and enable static website hosting. Specify index html
as the Index document Update the S3 bucket policy to enable access. Update the CloudFront
distribution's origin to use the S3 website endpoint
C- Create a CloudFront function that examines the request URL and appends index.html when
directories are being accessed Add the function as a viewer request CloudFront function to the
CloudFront distribution's behavior.
D- Create a custom error response on the CloudFront distribution with the HTTP error code set to
the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP
response code to the HTTP 200 OK response code

Answer:
B

Explanation:
braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 8
Problem: Directory access without file names fails.

S3 Static Website Hosting:

Configuring S3 as a static website enables automatic serving ofindex.htmlfor directory requests.

Bucket policies ensure correct access permissions.

Updating the CloudFront origin simplifies routing.

Avoiding Public Exposure: The S3 website endpoint allows CloudFront to access content without
making the bucket public.

S3 Static Website
Hosting:https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html
braindumpscollection DVA-C02 AWS Certified Developer - Associate VERIFIED QUESTIONS ANSWERS BY Gamble 15-04-2024
6QA - Page 9

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 1

Free Questions for DVA-C02

Shared by Barry on 24-05-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 2

Question 1
Question Type: MultipleChoice

A developer is working on an ecommerce website The developer wants to review server logs
without logging in to each of the application servers individually. The website runs on multiple
Amazon EC2 instances, is written in Python, and needs to be highly available

How can the developer update the application to meet these requirements with MINIMUM
changes?

Options:
A- Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be
reviewed in Amazon CloudWatch
B- Set up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch
Dashboards
C- Scale down the application to one larger EC2 instance where only one instance is recording
logs
D- Install the unified Amazon CloudWatch agent on the EC2 instances Configure the agent to
push the application logs to CloudWatch

Answer:
D

Explanation:
Centralized Logging Benefits: Centralized logging is essential for operational visibility in scalable
systems, especially those using multiple EC2 instances like our e-commerce website. CloudWatch
provides this capability, along with other monitoring features.

CloudWatch Agent: This is the best way to send custom application logs from EC2 instances to
CloudWatch. Here's the process:

Install the CloudWatch agent on each EC2 instance.

Configure the agent with a configuration file, specifying:

Which log files to collect.

The format in which to send logs to CloudWatch (e.g., JSON).

The specific CloudWatch Logs log group and log stream for these logs.
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 3

Viewing and Analyzing Logs: Once the agent is pushing logs, use the CloudWatch Logs console or
API:

View and search the logs across all instances.

Set up alarms based on log events.

Use CloudWatch Logs Insights for sophisticated queries and analysis.

Amazon CloudWatch
Logs:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

Unified CloudWatch
Agent:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html

CloudWatch Logs
Insights:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

Question 2
Question Type: MultipleChoice

A company is building a new application that runs on AWS and uses Amazon API Gateway to
expose APIs Teams of developers are working on separate components of the application in
parallel The company wants to publish an API without an integrated backend so that teams that
depend on the application backend can continue the development work before the API backend
development is complete.

Which solution will meet these requirements?

Options:
A- Create API Gateway resources and set the integration type value to MOCK Configure the
method integration request and integration response to associate a response with an HTTP status
code Create an API Gateway stage and deploy the API.
B- Create an AWS Lambda function that returns mocked responses and various HTTP status
codes. Create API Gateway resources and set the integration type value to AWS_PROXY Deploy
the API.
C- Create an EC2 application that returns mocked HTTP responses Create API Gateway resources
and set the integration type value to AWS Create an API Gateway stage and deploy the API.
D- Create API Gateway resources and set the integration type value set to HTTP_PROXY. Add
mapping templates and deploy the API. Create an AWS Lambda layer that returns various HTTP
status codes Associate the Lambda layer with the API deployment
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 4

Answer:
A

Explanation:
API Gateway Mocking:This feature is built for decoupling development dependencies. Here's the
process:

Create resources and methods in your API Gateway.

Set the integration type to 'MOCK'.

Define Integration Responses, mapping HTTP status codes to desired mocked responses (JSON,
etc.).

Deployment and Use:

Create a deployment stage for the API.

Frontend teams can call this API and get the mocked responses without a real backend.

Mocking API Gateway

APIs:https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-mock-integration.ht
ml

Question 3
Question Type: MultipleChoice

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambd

a. The development team tests the API and validates responses for the known use cases before
deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand
will meet these requirements?

Options:
A- Sam local invoke
B- Sam local generate-event
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 5

C- Sam local start-lambda

D- Sam local start-api

Answer:
D

Explanation:
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line
tool for local development and testing of Serverless applications2.Thesam local start-
apisubcommand of AWS SAM CLI is used to simulate a REST API by starting a new local
endpoint3. Therefore, option D is correct.

Question 4
Question Type: MultipleChoice

A company is creating an application that processes csv files from Amazon S3 A developer has
created an S3 bucket The developer has also created an AWS Lambda function to process the csv
files from the S3 bucket

Which combination of steps will invoke the Lambda function when a csv file is uploaded to
Amazon S3? (Select TWO.)

Options:
A- Create an Amazon EventBridge rule Configure the rule with a pattern to match the S3 object
created event
B- Schedule an Amazon EventBridge rule to run a new Lambda function to scan the S3 bucket.
C- Add a trigger to the existing Lambda function. Set the trigger type to EventBridge Select the
Amazon EventBridge rule.
D- Create a new Lambda function to scan the S3 bucket for recently added S3 objects
E- Add S3 Lifecycle rules to invoke the existing Lambda function

Answer:
A, E
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 6

Explanation:
Amazon EventBridge:A service that reacts to events from various AWS sources, including S3.
Rules define which events trigger actions (like invoking Lambda functions).

S3 Object Created Events:EventBridge can detect these, providing seamless integration for
automated CSV processing.

S3 Lifecycle Rules:Allow for actions based on object age or prefixes. These can directly trigger
Lambda functions for file processing.

Amazon EventBridge Documentation:https://docs.aws.amazon.com/eventbridge/

Working with S3 Event

Notifications:https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html

S3 Lifecycle
Configuration:https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.ht
ml

Question 5
Question Type: MultipleChoice

A company has deployed an application on AWS Elastic Beanstalk. The company has configured
the Auto Scaling group that is associated with the Elastic Beanstalk environment to have five
Amazon EC2 instances. If the capacity is fewer than four EC2 instances during the deployment,
application performance degrades. The company is using the all-at-once deployment policy.

What is the MOST cost-effective way to solve the deployment issue?

Options:
A- Change the Auto Scaling group to six desired instances.
B- Change the deployment policy to traffic splitting. Specify an evaluation time of 1 hour.
C- Change the deployment policy to rolling with additional batch. Specify a batch size of 1.
D- Change the deployment policy to rolling. Specify a batch size of 2.

Answer:
C
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 7

Explanation:
This solution will solve the deployment issue by deploying the new version of the application to
one new EC2 instance at a time, while keeping the old version running on the existing instances.
This way, there will always be at least four instances serving traffic during the deployment, and
no downtime or performance degradation will occur. Option A is not optimal because it will
increase the cost of running the Elastic Beanstalk environment without solving the deployment
issue. Option B is not optimal because it will split the traffic between two versions of the
application, which may cause inconsistency and confusion for the customers. Option D is not
optimal because it will deploy the new version of the application to two existing instances at a
time, which may reduce the capacity below four instances during the deployment.

Question 6
Question Type: MultipleChoice

A company is building a web application on AWS. When a customer sends a request, the
application will generate reports and then make the reports available to the customer within one
hour. Reports should be accessible to the customer for 8 hours. Some reports are larger than 1
MB. Each report is unique to the customer. The application should delete all reports that are older
than 2 days.

Which solution will meet these requirements with the LEAST operational overhead?

Options:
A- Generate the reports and then store the reports as Amazon DynamoDB items that have a
specified TTL. Generate a URL that retrieves the reports from DynamoDB. Provide the URL to
customers through the web application.
B- Generate the reports and then store the reports in an Amazon S3 bucket that uses server-side
encryption. Attach the reports to an Amazon Simple Notification Service (Amazon SNS) message.
Subscribe the customer to email notifications from Amazon SNS.
C- Generate the reports and then store the reports in an Amazon S3 bucket that uses server-side
encryption. Generate a presigned URL that contains an expiration date Provide the URL to
customers through the web application. Add S3 Lifecycle configuration rules to the S3 bucket to
delete old reports.
D- Generate the reports and then store the reports in an Amazon RDS database with a date
stamp. Generate an URL that retrieves the reports from the RDS database. Provide the URL to
customers through the web application. Schedule an hourly AWS Lambda function to delete
database records that have expired date stamps.
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 8

Answer:
C

Explanation:
This solution will meet the requirements with the least operational overhead because it uses
Amazon S3 as a scalable, secure, and durable storage service for the reports. The presigned URL
will allow customers to access their reports for a limited time (8 hours) without requiring
additional authentication. The S3 Lifecycle configuration rules will automatically delete the
reports that are older than 2 days, reducing storage costs and complying with the data retention
policy. Option A is not optimal because it will incur additional costs and complexity to store the
reports as DynamoDB items, which have a size limit of 400 KB. Option B is not optimal because it
will not provide customers with access to their reports within one hour, as Amazon SNS email
delivery is not guaranteed. Option D is not optimal because it will require more operational
overhead to manage an RDS database and a Lambda function for storing and deleting the
reports.

Question 7
Question Type: MultipleChoice

A developer maintains a critical business application that uses Amazon DynamoDB as the
primary data store The DynamoDB table contains millions of documents and receives 30-60
requests each minute The developer needs to perform processing in near-real time on the
documents when they are added or updated in the DynamoDB table

How can the developer implement this feature with the LEAST amount of change to the existing
application code?

Options:
A- Set up a cron job on an Amazon EC2 instance Run a script every hour to query the table for
changes and process the documents
B- Enable a DynamoDB stream on the table Invoke an AWS Lambda function to process the
documents.
C- Update the application to send a PutEvents request to Amazon EventBridge. Create an
EventBridge rule to invoke an AWS Lambda function to process the documents.
D- Update the application to synchronously process the documents directly after the DynamoDB
write
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 9

Answer:
B

Explanation:
DynamoDB Streams:Capture near real-time changes to DynamoDB tables, triggering downstream
actions.

Lambda for Processing:Lambda functions provide a serverless way to execute code in response
to events like DynamoDB Stream updates.

Minimal Code Changes:This solution requires the least modifications to the existing application.

DynamoDB
Streams:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html

AWS Lambda:https://aws.amazon.com/lambda/

Question 8
Question Type: MultipleChoice

A company is building a compute-intensive application that will run on a fleet of Amazon EC2
instances. The application uses attached Amazon

Elastic Block Store (Amazon EBS) volumes for storing dat

a. The Amazon EBS volumes will be created at time of initial deployment. The

application will process sensitive information. All of the data must be encrypted. The solution
should not impact the application's performance.

Which solution will meet these requirements?

Options:
A- Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.
B- Configure the application to write all data to an encrypted Amazon S3 bucket.
C- Configure a custom encryption algorithm for the application that will encrypt and decrypt all
data.
D- Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the
data to ephemeral disks.
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 10

Answer:
A

Explanation:
Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with
Amazon EC2 instances1.Amazon EBS encryption offers a straight-forward encryption solution for
your EBS resources associated with your EC2 instances1.When you create an encrypted EBS
volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume, all data moving between the volume and the instance, all
snapshots created from the volume, and all volumes created from those snapshots1. Therefore,
option A is correct.
 Amazon DVA-C02 DUMPS BY Barry 24-05-2024 8QA actualtestdumps - Page 11

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 1

Free Questions for DVA-C02

Shared by Hutchinson on 22-07-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 2

Question 1
Question Type: MultipleChoice

A company is creating an application that processes csv files from Amazon S3 A developer has
created an S3 bucket The developer has also created an AWS Lambda function to process the csv
files from the S3 bucket

Which combination of steps will invoke the Lambda function when a csv file is uploaded to
Amazon S3? (Select TWO.)

Options:
A- Create an Amazon EventBridge rule Configure the rule with a pattern to match the S3 object
created event
B- Schedule an Amazon EventBridge rule to run a new Lambda function to scan the S3 bucket.
C- Add a trigger to the existing Lambda function. Set the trigger type to EventBridge Select the
Amazon EventBridge rule.
D- Create a new Lambda function to scan the S3 bucket for recently added S3 objects
E- Add S3 Lifecycle rules to invoke the existing Lambda function

Answer:
A, E

Explanation:
Amazon EventBridge:A service that reacts to events from various AWS sources, including S3.
Rules define which events trigger actions (like invoking Lambda functions).

S3 Object Created Events:EventBridge can detect these, providing seamless integration for
automated CSV processing.

S3 Lifecycle Rules:Allow for actions based on object age or prefixes. These can directly trigger
Lambda functions for file processing.

Amazon EventBridge Documentation:https://docs.aws.amazon.com/eventbridge/

Working with S3 Event

Notifications:https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html

S3 Lifecycle
Configuration:https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.ht
ml
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 3

Question 2
Question Type: MultipleChoice

A developer is testing an application that invokes an AWS Lambda function asynchronously.

During the testing phase the Lambda function fails to process after two retries.

How can the developer troubleshoot the failure?

Options:
A- Configure AWS CloudTrail logging to investigate the invocation failures.
B- Configure Dead Letter Queues by sending events to Amazon SQS for investigation.
C- Configure Amazon Simple Workflow Service to process any direct unprocessed events.
D- Configure AWS Config to process any direct unprocessed events.

Answer:
B

Explanation:
This solution allows the developer to troubleshoot the failure by capturing unprocessed events in
a queue for further analysis. Dead Letter Queues (DLQs) are queues that store messages that
could not be processed by a service, such as Lambda, for various reasons, such as configuration
errors, throttling limits, or permissions issues. The developer can configure DLQs for Lambda
functions by sending events to either an Amazon Simple Queue Service (SQS) queue or an
Amazon Simple Notification Service (SNS) topic. The developer can then inspect the messages in
the queue or topic to identify and fix the root cause of the failure. Configuring AWS CloudTrail
logging will not capture invocation failures for asynchronous Lambda invocations, but only record
API calls made by or on behalf of Lambda. Configuring Amazon Simple Workflow Service (SWF) or
AWS Config will not process any direct unprocessed events, but require additional integration and
configuration.

Question 3
Question Type: MultipleChoice

A company needs to set up secure database credentials for all its AWS Cloud resources. The
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 4

company's resources include Amazon RDS DB instances Amazon DocumentDB clusters and
Amazon Aurora DB instances. The company's security policy mandates that database credentials
be encrypted at rest and rotated at a regular interval.

Which solution will meet these requirements MOST securely?

Options:
A- Set up IAM database authentication for token-based access. Generate user tokens to provide
centralized access to RDS DB instances. Amazon DocumentDB clusters and Aurora DB instances.
B- Create parameters for the database credentials in AWS Systems Manager Parameter Store Set
the Type parameter to Secure Sting. Set up automatic rotation on the parameters.
C- Store the database access credentials as an encrypted Amazon S3 object in an S3 bucket
Block all public access on the S3 bucket. Use S3 server-side encryption to set up automatic
rotation on the encryption key.
D- Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in
the AWS Secrets Manager console. Create secrets for the database credentials in Secrets
Manager Set up secrets rotation on a schedule.

Answer:
D

Explanation:
This solution will meet the requirements by using AWS Secrets Manager, which is a service that
helps protect secrets such as database credentials by encrypting them with AWS Key
Management Service (AWS KMS) and enabling automatic rotation of secrets. The developer can
create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the
AWS Secrets Manager console, which provides a sample code for rotating secrets for RDS DB
instances, Amazon DocumentDB clusters, and Amazon Aurora DB instances. The developer can
also create secrets for the database credentials in Secrets Manager, which encrypts them at rest
and provides secure access to them. The developer can set up secrets rotation on a schedule,
which changes the database credentials periodically according to a specified interval or event.
Option A is not optimal because it will set up IAM database authentication for token-based
access, which may not be compatible with all database engines and may require additional
configuration and management of IAM roles or users. Option B is not optimal because it will
create parameters for the database credentials in AWS Systems Manager Parameter Store, which
does not support automatic rotation of secrets. Option C is not optimal because it will store the
database access credentials as an encrypted Amazon S3 object in an S3 bucket, which may
introduce additional costs and complexity for accessing and securing the data.
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 5

Question 4
Question Type: MultipleChoice

A company has an application that stores data in Amazon RDS instances. The application
periodically experiences surges of high traffic that cause performance problems.

During periods of peak traffic, a developer notices a reduction in query speed in all database
queries.

The team's technical lead determines that a multi-threaded and scalable caching solution should
be used to offload the heavy read traffic. The solution needs to improve performance.

Which solution will meet these requirements with the LEAST complexity?

Options:
A- Use Amazon ElastiCache for Memcached to offload read requests from the main database.
B- Replicate the data to Amazon DynamoDB. Set up a DynamoDB Accelerator (DAX) cluster.
C. Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance.
Offload read requests from the main database to the standby
instance.
D- Use Amazon ElastiCache for Redis to offload read requests from the main database.

Answer:
D

Explanation:
Amazon ElastiCache for Memcached is a fully managed, multithreaded, and scalable in-memory
key-value store that can be used to cache frequently accessed data and improve application
performance1. By using Amazon ElastiCache for Memcached, the developer can reduce the load
on the main database and handle high traffic surges more efficiently.

To use Amazon ElastiCache for Memcached, the developer needs to create a cache cluster with
one or more nodes, and configure the application to store and retrieve data from the cache
cluster2.The developer can use any of the supported Memcached clients to interact with the
cache cluster3.The developer can also use Auto Discovery to dynamically discover and connect
to all cache nodes in a cluster4.

Amazon ElastiCache for Memcached is compatible with the Memcached protocol, which means
that the developer can use existing tools and libraries that work with Memcached1. Amazon
ElastiCache for Memcached also supports data partitioning, which allows the developer to
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 6

distribute data among multiple nodes and scale out the cache cluster as needed.

Using Amazon ElastiCache for Memcached is a simple and effective solution that meets the
requirements with the least complexity. The developer does not need to change the database
schema, migrate data to a different service, or use a different caching model. The developer can
leverage the existing Memcached ecosystem and easily integrate it with the application.

Question 5
Question Type: MultipleChoice

A company has developed a new serverless application using AWS Lambda functions that will be
deployed using the AWS Serverless Application Model (AWS SAM) CLI.

Which step should the developer complete prior to deploying the application?

Options:
A- Compress the application to a zip file and upload it into AWS Lambda.
B- Test the new AWS Lambda function by first tracing it m AWS X-Ray.
C- Bundle the serverless application using a SAM package.
D- Create the application environment using the eb create my-env command.

Answer:
C

Explanation:
This step should be completed prior to deploying the application because it prepares the
application artifacts for deployment. The AWS Serverless Application Model (AWS SAM) is a
framework that simplifies building and deploying serverless applications on AWS. The AWS SAM
CLI is a command-line tool that helps you create, test, and deploy serverless applications using
AWS SAM templates. The sam package command bundles the application artifacts, such as
Lambda function code and API definitions, and uploads them to an Amazon S3 bucket. The
command also returns a CloudFormation template that is ready to be deployed with the sam
deploy command. Compressing the application to a zip file and uploading it to AWS Lambda will
not work because it does not use AWS SAM templates or CloudFormation. Testing the new
Lambda function by first tracing it in AWS X-Ray will not prepare the application for deployment,
but only monitor its performance and errors. Creating the application environment using the eb
create my-env command will not work because it is a command for AWS Elastic Beanstalk, not
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 7

AWS SAM.

Question 6
Question Type: MultipleChoice

A developer needs to build an AWS CloudFormation template that self-populates the AWS Region
variable that deploys the CloudFormation template

What is the MOST operationally efficient way to determine the Region in which the template is
being deployed?

Options:
A- Use the AWS:.Region pseudo parameter
B- Require the Region as a CloudFormation parameter
C- Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic
function
D- Dynamically import the Region by referencing the relevant parameter in AWS Systems
Manager Parameter Store

Answer:
A

Explanation:
Pseudo Parameters:CloudFormation provides pseudo parameters that reference runtime context,
including the current AWS Region.

Operational Efficiency:TheAWS::Regionpseudo parameter offers the most direct and self-

contained way to obtain the Region dynamically within the template.

CloudFormation Pseudo
Parameters:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-paramet
er-reference.html
 Amazon DVA-C02 DUMPS BY Hutchinson 22-07-2024 6QA dumpssheet - Page 8

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 1

Free Questions for DVA-C02

Shared by Wilkerson on 09-08-2024
For More Free Questions and Preparation Resources

Check the Links on Last Page

 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 2

Question 1
Question Type: MultipleChoice

A developer is creating an Amazon DynamoDB table by using the AWS CLI The DynamoDB table
must use server-side encryption with an AWS owned encryption key

How should the developer create the DynamoDB table to meet these requirements?

Options:
A- Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key's
Amazon Resource Name (ARN) in the KMSMasterKeyld parameter during creation of the
DynamoDB table
B- Create an AWS Key Management Service (AWS KMS) AWS managed key Provide the key's
Amazon Resource Name (ARN) in the KMSMasterKeyld parameter during creation of the
DynamoDB table
C- Create an AWS owned key Provide the key's Amazon Resource Name (ARN) in the
KMSMasterKeyld parameter during creation of the DynamoDB table.
D- Create the DynamoDB table with the default encryption options

Answer:
D

Explanation:
Default SSE in DynamoDB:DynamoDB tables are encrypted at rest by default using an AWS
owned key (SSE-S3).

No Additional Action Needed:Creating a table without explicitly specifying a KMS key will use this
default encryption.

DynamoDB Server-Side
Encryption:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Encryption

Question 2
Question Type: MultipleChoice

A company has developed a new serverless application using AWS Lambda functions that will be
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 3

deployed using the AWS Serverless Application Model (AWS SAM) CLI.

Which step should the developer complete prior to deploying the application?

Options:
A- Compress the application to a zip file and upload it into AWS Lambda.
B- Test the new AWS Lambda function by first tracing it m AWS X-Ray.
C- Bundle the serverless application using a SAM package.
D- Create the application environment using the eb create my-env command.

Answer:
C

Explanation:
This step should be completed prior to deploying the application because it prepares the
application artifacts for deployment. The AWS Serverless Application Model (AWS SAM) is a
framework that simplifies building and deploying serverless applications on AWS. The AWS SAM
CLI is a command-line tool that helps you create, test, and deploy serverless applications using
AWS SAM templates. The sam package command bundles the application artifacts, such as
Lambda function code and API definitions, and uploads them to an Amazon S3 bucket. The
command also returns a CloudFormation template that is ready to be deployed with the sam
deploy command. Compressing the application to a zip file and uploading it to AWS Lambda will
not work because it does not use AWS SAM templates or CloudFormation. Testing the new
Lambda function by first tracing it in AWS X-Ray will not prepare the application for deployment,
but only monitor its performance and errors. Creating the application environment using the eb
create my-env command will not work because it is a command for AWS Elastic Beanstalk, not
AWS SAM.

Question 3
Question Type: MultipleChoice

A company is preparing to migrate an application to the company's first AWS environment Before
this migration, a developer is creating a proof-of-concept application to validate a model for
building and deploying container-based applications on AWS.

Which combination of steps should the developer take to deploy the containerized proof-of-
concept application with the LEAST operational effort? (Select TWO.)
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 4

Options:
A- Package the application into a zip file by using a command line tool Upload the package to
Amazon S3
B- Package the application into a container image by using the Docker CLI. Upload the image to
Amazon Elastic Container Registry (Amazon ECR)
C- Deploy the application to an Amazon EC2 instance by using AWS CodeDeploy.
D- Deploy the application to Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate
E- Deploy the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate

Answer:
B, E

Explanation:
Containerization:Packaging the application as a container image promotes portability and
standardization. Docker is the standard tool for containerization.

Amazon ECR:ECR is a managed container registry designed to work seamlessly with AWS
container services.

Fargate:ECS Fargate provides serverless container orchestration, minimizing operational

overhead for this proof-of-concept.

Docker:https://www.docker.com/

Amazon ECR:https://aws.amazon.com/ecr/

Question 4
Question Type: MultipleChoice

A company developed an API application on AWS by using Amazon CloudFront. Amazon API
Gateway, and AWS Lambd

a. The API has a minimum of four requests every second A developer notices that many API users
run the same query by using the POST method. The developer wants to cache the POST request
to optimize the API resources.

Which solution will meet these requirements'?

 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 5

Options:
A- Configure the CloudFront cache Update the application to return cached content based upon
the default request headers.
B- Override the cache method in me selected stage of API Gateway Select the POST method.
C- Save the latest request response in Lambda /tmp directory Update the Lambda function to
check the /tmp directory
D- Save the latest request m AWS Systems Manager Parameter Store Modify the Lambda function
to take the latest request response from Parameter Store

Answer:
A

Explanation:
This solution will meet the requirements by using Amazon CloudFront, which is a content delivery
network (CDN) service that speeds up the delivery of web content and APIs to end users. The
developer can configure the CloudFront cache, which is a set of edge locations that store copies
of popular or recently accessed content close to the viewers. The developer can also update the
application to return cached content based upon the default request headers, which are a set of
HTTP headers that CloudFront automatically forwards to the origin server and uses to determine
whether an object in an edge location is still valid. By caching the POST requests, the developer
can optimize the API resources and reduce the latency for repeated queries. Option B is not
optimal because it will override the cache method in the selected stage of API Gateway, which is
not possible or effective as API Gateway does not support caching for POST methods by default.
Option C is not optimal because it will save the latest request response in Lambda /tmp directory,
which is a local storage space that is available for each Lambda function invocation, not a cache
that can be shared across multiple invocations or requests. Option D is not optimal because it will
save the latest request in AWS Systems Manager Parameter Store, which is a service that
provides secure and scalable storage for configuration data and secrets, not a cache for API
responses.

Question 5
Question Type: MultipleChoice

A company has an ecommerce application. To track product reviews, the company's

development team uses an Amazon DynamoDB table.

Every record includes the following

* A Review ID a 16-digrt universally unique identifier (UUID)

 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 6

* A Product ID and User ID 16 digit UUlDs that reference other tables

* A Product Rating on a scale of 1-5

* An optional comment from the user

The table partition key is the Review ID. The most performed query against the table is to find
the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query"?

Options:
A- A global secondary index (GSl) with Product ID as the partition key and Product Rating as the
sort key
B- A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort
key
C- A local secondary index (LSI) with Product ID as the partition key and Product Rating as the
sort key
D- A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

Answer:
A

Explanation:
This solution allows the fastest response for the query because it enables the query to use a
single partition key value (the Product ID) and a range of sort key values (the Product Rating) to
find the matching items. A global secondary index (GSI) is an index that has a partition key and
an optional sort key that are different from those on the base table. A GSI can be created at any
time and can be queried or scanned independently of the base table. A local secondary index
(LSI) is an index that has the same partition key as the base table, but a different sort key. An LSI
can only be created when the base table is created and must be queried together with the base
table partition key. Using a GSI with Product ID as the partition key and Review ID as the sort key
will not allow the query to use a range of sort key values to find the highest ratings. Using an LSI
with Product ID as the partition key and Product Rating as the sort key will not work because
Product ID is not the partition key of the base table. Using an LSI with Review ID as the partition
key and Product ID as the sort key will not allow the query to use a single partition key value to
find the matching items.
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 7

Question 6
Question Type: MultipleChoice

A developer is optimizing an AWS Lambda function and wants to test the changes in production
on a small percentage of all traffic. The Lambda function serves requests to a REST API in
Amazon API Gateway. The developer needs to deploy their changes and perform a test in
production without changing the API Gateway URL.

Which solution will meet these requirements?

Options:
A- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function version. Upload and publish the
optimized Lambda function code. On the production API Gateway stage, define a canary release
and set the percentage of traffic to direct to the canary release. Update the API Gateway
endpoint to use the $LATEST version of the Lambda function. Publish the API to the canary stage.
B- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function version. Upload and publish the
optimized Lambda function code. Update the API Gateway endpoint to use the $LATEST version
of the Lambda function.
Deploy a new API Gateway stage.
C- Define an alias on the $LATEST version of the Lambda function. Update the API Gateway
endpoint to reference the new Lambda function alias. Upload and
publish the optimized Lambda function code. On the production API Gateway stage, define a
canary release and set the percentage of traffic to direct to the canary release. Update the API
Gateway endpoint to use the SLAT EST version of the Lambda function. Publish to the canary
stage.
D- Define a function version for the currently deployed production Lambda function. Update the
API Gateway endpoint to reference the new Lambda function
Deploy the API to the production API Gateway stage.

Answer:
C

Explanation:
A Lambda alias is a pointer to a specific Lambda function version or another alias1.A Lambda
alias allows you to invoke different versions of a function using the same name1.You can also
split traffic between two aliases by assigning weights to them1.
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 8

In this scenario, the developer needs to test their changes in production on a small percentage of
all traffic without changing the API Gateway URL. To achieve this, the developer can follow these
steps:

Define an alias on the $LATEST version of the Lambda function. This will create a new alias that
points to the latest code of the function.

Update the API Gateway endpoint to reference the new Lambda function alias. This will make the
API Gateway invoke the alias instead of a specific version of the function.

Upload and publish the optimized Lambda function code. This will update the $LATEST version of
the function with the new code.

On the production API Gateway stage, define a canary release and set the percentage of traffic to
direct to the canary release.This will enable API Gateway to perform a canary deployment on a
new API2.A canary deployment is a software development strategy in which a new version of an
API is deployed for testing purposes, and the base version remains deployed as a production
release for normal operations on the same stage2.The canary release receives a small
percentage of API traffic and the production release takes up the rest2.

Update the API Gateway endpoint to use the $LATEST version of the Lambda function. This will
make the canary release invoke the latest code of the function, which contains the optimized
changes.

Publish to the canary stage. This will deploy the changes to a subset of users for testing.

By using this solution, the developer can test their changes in production on a small percentage
of all traffic without changing the API Gateway URL.The developer can also monitor and compare
metrics between the canary and production releases, and promote or disable the canary as
needed2.

Question 7
Question Type: MultipleChoice

A company wants to automate part of its deployment process. A developer needs to automate
the process of checking for and deleting unused resources that supported previously deployed
stacks but that are no longer used.

The company has a central application that uses the AWS Cloud Development Kit (AWS CDK) to
manage all deployment stacks. The stacks are spread out across multiple accounts. The
developer's solution must integrate as seamlessly as possible within the current deployment
process.

Which solution will meet these requirements with the LEAST amount of configuration?
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 9

Options:
A- In the central AWS CDK application, write a handler function in the code that uses AWS SDK
calls to check for and delete unused resources. Create an AWS CloudPormation template from a
JSON file. Use the template to attach the function code to an AWS Lambda function and lo invoke
the Lambda function when the deployment slack runs.
B- In the central AWS CDK application. write a handler function in the code that uses AWS SDK
calls to check for and delete unused resources. Create an AWS CDK custom resource Use the
custom resource to attach the function code to an AWS Lambda function and to invoke the
Lambda function when the deployment stack runs.
C- In the central AWS CDK, write a handler function m the code that uses AWS SDK calls to check
for and delete unused resources. Create an API in AWS Amplify Use the API to attach the function
code to an AWS Lambda function and to invoke the Lambda function when the deployment stack
runs.
D- In the AWS Lambda console write a handler function in the code that uses AWS SDK calls to
check for and delete unused resources. Create an AWS CDK custom resource. Use the custom
resource to import the Lambda function into the stack and to Invoke the Lambda function when
the deployment stack runs.

Answer:
B

Explanation:
This solution meets the requirements with the least amount of configuration because it uses a
feature of AWS CDK that allows custom logic to be executed during stack deployment or deletion.
The AWS Cloud Development Kit (AWS CDK) is a software development framework that allows
you to define cloud infrastructure as code and provision it through CloudFormation. An AWS CDK
custom resource is a construct that enables you to create resources that are not natively
supported by CloudFormation or perform tasks that are not supported by CloudFormation during
stack deployment or deletion. The developer can write a handler function in the code that uses
AWS SDK calls to check for and delete unused resources, and create an AWS CDK custom
resource that attaches the function code to a Lambda function and invokes it when the
deployment stack runs. This way, the developer can automate the cleanup process without
requiring additional configuration or integration. Creating a CloudFormation template from a JSON
file will require additional configuration and integration with the central AWS CDK application.
Creating an API in AWS Amplify will require additional configuration and integration with the
central AWS CDK application and may not provide optimal performance or availability. Writing a
handler function in the AWS Lambda console will require additional configuration and integration
with the central AWS CDK application.
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 10

Question 8
Question Type: MultipleChoice

A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have
caching enabled in API Gateway. Customers need a way to invalidate the cache for each API
when they test the API.

What should a developer do to give customers the ability to invalidate the API cache?

Options:
A- Ask the customers to use AWS credentials to call the InvalidateCache API operation.
B- Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke
the API. Ask the customers to send a request that contains the
HTTP header when they make an API call.
C- Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API
operation.
D- Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke
the API. Ask the customers to add the INVALIDATE_CACHE query
string parameter when they make an API call.

Answer:
D

Question 9
Question Type: MultipleChoice

A developer uses AWS CloudFormation to deploy an Amazon API Gateway API and an AWS Step
Functions state machine The state machine must reference the API Gateway API after the
CloudFormation template is deployed The developer needs a solution that uses the state machine
to reference the API Gateway endpoint.

Which solution will meet these requirements MOST cost-effectively?

Options:
A- Configure the CloudFormation template to reference the API endpoint in the
DefinitionSubstitutions property for the AWS StepFunctions StateMachme resource.
B- Configure the CloudFormation template to store the API endpoint in an environment variable
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 11

for the AWS::StepFunctions::StateMachine resourc Configure the state machine to reference the
environment variable
C- Configure the CloudFormation template to store the API endpoint in a standard AWS:
SecretsManager Secret resource Configure the state machine to reference the resource
D- Configure the CloudFormation template to store the API endpoint in a standard
AWS::AppConfig;:ConfigurationProfile resource Configure the state machine to reference
the resource.

Answer:
A

Explanation:
CloudFormation and Dynamic Reference:TheDefinitionSubstitutionsproperty in CloudFormation
allows you to pass values into Step Functions state machines at runtime.

Cost-Effectiveness:This solution is cost-effective as it leverages CloudFormation's built-in

capabilities, avoiding the need for additional services like Secrets Manager or AppConfig.

AWS Step Functions State

Machine:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfu
nctions-statemachine.html

CloudFormation
DefinitionSubstitutions:https://github.com/aws-cloudformation/aws-cloudformation-resource-provi
ders-stepfunctions/issues/14
 Amazon DVA-C02 DUMPS BY Wilkerson 09-08-2024 9QA certsinside - Page 12

To Get Premium Files for DVA-C02 Visit

https://www.p2pexams.com/products/dva-c02

For More Free Questions Visit

https://www.p2pexams.com/amazon/pdf/dva-c02