Month End Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Amazon Web Services > AWS Certified Associate > DVA-C02

DVA-C02 AWS Certified Developer - Associate Question and Answers

Question # 4

A developer is creating a stock trading application. The developer needs a solution to send text messages to application users to confirmation when a trade has been completed.

The solution must deliver messages in the order a user makes stock trades. The solution must not send duplicate messages.

Which solution will meet these requirements?

A.

Configure the application to publish messages to an Amazon Data Firehose delivery stream. Configure the delivery stream to have a destination of each user's mobile phone number that is passed in the trade confirmation message.

B.

Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Use the SendMessageln API call to send the trade confirmation messages to the queue. Use the SendMessageOut API to send the messages to users by using the information provided in the trade confirmation message.

C.

Configure a pipe in Amazon EventBridge Pipes. Connect the application to the pipe as a source. Configure the pipe to use each user's mobile phone number as a target. Configure the pipe to send incoming events to the users.

D.

Create an Amazon Simple Notification Service (SNS) FIFO topic. Configure the application to use the AWS SDK to publish notifications to the SNS topic to send SMS messages to the users.

Full Access
Question # 5

A company receives food orders from multiple partners. The company has a microservices application that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function to process the orders.

Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the future with the fewest code changes possible.

Which solution will meet these requirements in the MOST scalable way?

A.

Create a different Amazon Simple Notification Service (Amazon SNS) topic for each partner. Configure the Lambda function to publish messages for each partner to the partner's SNS topic.

B.

Create a different Lambda function for each partner. Configure the Lambda function to notify each partner's service endpoint directly.

C.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the Lambda function to publish messages with specific attributes to the SNS topic. Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the topic subscriptions.

D.

Create one Amazon Simple Notification Service (Amazon SNS) topic. Subscribe all partners to the SNS topic.

Full Access
Question # 6

A company runs an application on AWS The application stores data in an Amazon DynamoDB table Some queries are taking a long time to run These slow queries involve an attribute that is not the table's partition key or sort key

The amount of data that the application stores in the DynamoDB table is expected to increase significantly. A developer must increase the performance of the queries.

Which solution will meet these requirements'?

A.

Increase the page size for each request by setting the Limit parameter to be higher than the default value Configure the application to retry any request that exceeds the provisioned throughput.

B.

Create a global secondary index (GSI). Set query attribute to be the partition key of the index

C.

Perform a parallel scan operation by issuing individual scan requests in the parameters specify the segment for the scan requests and the total number of segments for the parallel scan.

D.

Turn on read capacity auto scaling for the DynamoDB table. Increase the maximum read capacity units (RCUs).

Full Access
Question # 7

A developer at a company needs to create a small application that makes the same API call once each day at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the company wants to implement this functionality on AWS.

Which solution meets these requirements in the MOST operationally efficient manner?

A.

Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS).

B.

Use an Amazon Linux crontab scheduled job that runs on Amazon EC2.

C.

Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.

D.

Use an AWS Batch job that is submitted to an AWS Batch job queue.

Full Access
Question # 8

A developer is building an application that stores objects in an Amazon S3 bucket. The bucket does not have versioning enabled. The objects are accessed rarely after 1 week. However, the objects must be immediately available at all times. The developer wants to optimize storage costs for the S3 bucket.

Which solution will meet this requirement?

A.

Create an S3 Lifecycle rule to expire objects after 7 days.

B.

Create an S3 Lifecycle rule to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days.

C.

Create an S3 Lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after 7 days.

D.

Create an S3 Lifecycle rule to delete objects that have delete markers.

Full Access
Question # 9

A developer is preparing to deploy an AWS CloudFormation stack for an application from a template that includes an IAM user.

The developer needs to configure the application's resources to retain the IAM user after successful creation. However, the developer also needs to configure the application to delete the IAM user if the stack rolls back.

A.

Update CloudFormation template with the following deletion policy:

AWSTemplateFormatVersion: '2010-05-09'

Resources:

appUser:

Type: AWS::IAM::User

DeletionPolicy: Retain

B.

Update CloudFormation template with the following deletion policy:

AWSTemplateFormatVersion: '2010-09-09'

Resources:

appUser:

Type: AWS::IAM::User

DeletionPolicy: RetainExceptOnCreate

C.

Update the CloudFormation service role to include the following policy:

{

"Version": "2012-10-17",

"Statement": [{

"Effect": "Allow",

"Action": ["cloudformation:UpdateTerminationProtection"],

"Resource": "*"

}]

}

D.

Update the stack policy to include the following statements:

{

"Statement": [{

"Effect": "Deny",

"Action": "Update:*",

"Principal": "*",

"Resource": "*",

"Condition": {

"StringEquals": {

"ResourceType": "AWS::IAM::User"

}

}

}]

}

Full Access
Question # 10

A company's application has an AWS Lambda function that processes messages from loT devices. The company wants to monitor the Lambda function to ensure that the Lambda function is meeting its required service level agreement (SLA).

A developer must implement a solution to determine the application's throughput in near real time. The throughput must be based on the number of messages that the Lambda function receives and processes in a given time period. The Lambda function performs initialization and post-processing steps that must not factor into the throughput measurement.

What should the developer do to meet these requirements?

A.

Use the Lambda function's ConcurrentExecutions metric in Amazon CloudWatch to measure the throughput.

B.

Modify the application to log the calculated throughput to Amazon CloudWatch Logs. Use Amazon EventBridge to invoke a separate Lambda function to process the logs on a schedule.

C.

Modify the application to publish custom Amazon CloudWatch metrics when the Lambda function receives and processes each message. Use the metrics to calculate the throughput.

D.

Use the Lambda function's Invocations metric and Duration metric to calculate the throughput in Amazon CloudWatch.

Full Access
Question # 11

A company has a website that is developed in PHP and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible.

A.

All at once

B.

Rolling

C.

Snapshots

D.

Immutable

Full Access
Question # 12

A developer has designed an application to store incoming data as JSON files in Amazon S3 objects. Custom business logic in an AWS Lambda function then transforms the objects, and the Lambda function loads the data into an Amazon DynamoDB table. Recently, the workload has experienced sudden and significant changes in traffic. The flow of data to the DynamoDB table is becoming throttled.

The developer needs to implement a solution to eliminate the throttling and load the data into the DynamoDB table more consistently.

Which solution will meet these requirements?

A.

Refactor the Lambda function into two functions. Configure one function to transform the data and one function to load the data into the DynamoDB table. Create an Amazon Simple Queue Service (Amazon SQS) queue in between the functions to hold the items as messages and to invoke the second function.

B.

Turn on auto scaling for the DynamoDB table. Use Amazon CloudWatch to monitor the table's read and write capacity metrics and to track consumed capacity.

C.

Create an alias for the Lambda function. Configure provisioned concurrency for the application to use.

D.

Refactor the Lambda function into two functions. Configure one function to store the data in the DynamoDB table. Configure the second function to process the data and update the items after the data is stored in DynamoDB. Create a DynamoDB stream to invoke the second function after the data is

stored.

Full Access
Question # 13

A developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.

How can session data be externalized, keeping latency at the LOWEST possible value?

A.

Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage.

B.

Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage.

C.

Create an Amazon ElastiCache (Memcached) cluster, then implement session handling at the application level to leverage the cluster for session data storage.

D.

Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage.

Full Access
Question # 14

In a move toward using microservices, a company's management team has asked all development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.

What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

A.

Use AWS Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B.

Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C.

Use Amazon Data Firehose to deliver all changes from the Accounts database to the Payments database.

D.

Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Full Access
Question # 15

A developer is working on an ecommerce website The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available

How can the developer update the application to meet these requirements with MINIMUM changes?

A.

Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch

B.

Set up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch Dashboards

C.

Scale down the application to one larger EC2 instance where only one instance is recording logs

D.

Install the unified Amazon CloudWatch agent on the EC2 instances Configure the agent to push the application logs to CloudWatch

Full Access
Question # 16

A developer needs to deploy an application running on AWS Fargate using Amazon ECS The application has environment variables that must be passed to a container for the application to initialize.

How should the environment variables be passed to the container?

A.

Define an array that includes the environment variables under the environment parameter within the service definition.

B.

Define an array that includes the environment variables under the environment parameter within the task definition.

C.

Define an array that includes the environment variables under the entryPoint parameter within the task definition.

D.

Define an array that includes the environment variables under the entryPoint parameter within the service definition.

Full Access
Question # 17

A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an 1AM developer group. The test events must be editable by any of the 1AM users in the 1AM developer group.

Which solution will meet these requirements?

A.

Create and store the test events in Amazon S3 as JSON objects. Allow S3 bucket access to all 1AM users.

B.

Create the test events. Configure the event sharing settings to make the test events shareable.

C.

Create and store the test events in Amazon DynamoDB. Allow access to DynamoDB by using 1AM roles.

D.

Create the test events. Configure the event sharing settings to make the test events private.

Full Access
Question # 18

An 1AM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the 1AM access key and secret access key, which allow full administrative access.

Given that multiple modes of 1AM access are present for this EC2 instance, which of the following is correct?

A.

The EC2 instance will only be able to list the S3 buckets.

B.

The EC2 instance will only be able to list the contents of one S3 bucket at a time.

C.

The EC2 instance will be able to perform all actions on any S3 bucket.

D.

The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Full Access
Question # 19

A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world ate experiencing high latency flue lo sialic content on theEC2 instance. even during non-peak hours.

When companion of steps mill resolves the latency issue? (Select TWO)

A.

Double the Auto Scaling group's maximum number of servers

B.

Host the application code on AWS lambda

C.

Scale vertically by resizing the EC2 instances

D.

Create an Amazon Cloudfront distribution to cache the static content

E.

Store the application’s sialic content in Amazon S3

Full Access
Question # 20

A company uses Amazon DynamoDB as a data store for its order management system. The company frontend application stores orders in a DynamoDB table. The DynamoDB table is configured to send change events to a DynamoDB stream. The company uses an AWS Lambda function to log and process the incoming orders based on data from the DynamoDB stream.

An operational review reveals that the order quantity of incoming orders is sometimes set to 0. A developer needs to create a dashboard that will show how many unique customers this problem affects each day.

What should the developer do to implement the dashboard?

A.

Grant the Lambda function's execution role permissions to upload logs to Amazon CloudWatch Logs. Implement a CloudWatch Logs Insights query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1-day periods. Add the CloudWatch Logs Insights query to a CloudWatch dashboard.

B.

Use Amazon Athena to query AWS CtoudTrail API logs for API calls. Implement an Athena query that selects the number of unique customers for orders with order quantity equal to 0 and groups the results in 1-day periods. Add the Athena query to an Amazon CloudWatch dashboard.

C.

Configure the Lambda function to send events to Amazon EventBridge. Create an EventBridge rule that groups the number of unique customers for orders with order quantity equal to 0 in 1-day periods. Add a CloudWatch dashboard as the target of the rule.

D.

Turn on custom Amazon CloudWatch metrics for the DynamoDB stream of the DynamoOB table. Create a CloudWatch alarm that groups the number of unique customers for orders with order quantity equal to 0 in 1-day periods. Add the CloudWatch alarm to a CloudWatch dashboard.

Full Access
Question # 21

A developer needs to retrieve all data from an Amazon DynamoDB table that matches a particular partition key.

Which solutions will meet this requirement in the MOST operationally efficient way? (Select TWO.)

A.

Use the Scan API and a filter expression to match on the key.

B.

Use the GetItem API with a request parameter for key that contains the partition key name and specific key value.

C.

Use the ExecuteStatement API and a filter expression to match on the key.

D.

Use the GetItem API and a PartiQL statement to match on the key.

E.

Use the ExecuteStatement API and a PartiQL statement to match on the key.

Full Access
Question # 22

A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.

What is the simplest way to do this?

A.

Write a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance.

B.

Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.

C.

Each day, create a new table to hold session data; delete the previous day's table.

D.

Add an attribute with the expiration time; name the attribute ItemExpiration.

Full Access
Question # 23

A developer is receiving HTTP 400: ThrottlingException errors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved.

What best practice should first be applied to address this issue?

A.

Contact AWS Support for a limit increase.

B.

Use the AWS CLI to get the metrics.

C.

Analyze the applications and remove the API call.

D.

Retry the call with exponential backoff.

Full Access
Question # 24

A company has built an AWS Lambda function to convert large image files into output files that can be used in a third-party viewer application The company recently added a new module to the function to improve the output of the generated files However, the new module has increased the bundle size and has increased the time that is needed to deploy changes to the function code.

How can a developer increase the speed of the Lambda function deployment?

A.

Use AWS CodeDeploy to deploy the function code

B.

Use Lambda layers to package and load dependencies.

C.

Increase the memory size of the function.

D.

Use Amazon S3 to host the function dependencies

Full Access
Question # 25

A developer maintains a critical business application that uses Amazon DynamoDB as the primary data store The DynamoDB table contains millions of documents and receives 30-60 requests each minute The developer needs to perform processing in near-real time on the documents when they are added or updated in the DynamoDB table

How can the developer implement this feature with the LEAST amount of change to the existing application code?

A.

Set up a cron job on an Amazon EC2 instance Run a script every hour to query the table for changes and process the documents

B.

Enable a DynamoDB stream on the table Invoke an AWS Lambda function to process the documents.

C.

Update the application to send a PutEvents request to Amazon EventBridge. Create an EventBridge rule to invoke an AWS Lambda function to process the documents.

D.

Update the application to synchronously process the documents directly after the DynamoDB write

Full Access
Question # 26

A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node.js application.

To minimize these bugs, the developer wants to implement automated testing of Lambda functions in an environment that closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (CI/CD) pipeline before the AWS Cloud Development Kit (AWS CDK) deployment.

Which solution will meet these requirements?

A.

Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response. Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run the test scripts.

B.

Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda documentation. Invoke the handler function by using a unit testing framework. Check the response. Document how to run the unit testing framework for the other developers on the team. Update the CI/CD pipeline to run the unit testing framework.

C.

Install the AWS Serverless Application Model (AWS SAM) CLI tool. Use the sam local generate-event command to generate sample events for the automated tests. Create automated test scripts that use the sam local invoke command to invoke the Lambda functions. Check the response. Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run the test scripts.

D.

Create sample events based on the Lambda documentation. Create a Docker container from the Node.js base image to invoke the Lambda functions. Check the response. Document how to run the Docker container for the other developers on the team. Update the CllCD pipeline to run the Docker container.

Full Access
Question # 27

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key. the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

A.

The createDeploymer.t method must be called so the API can be redeployed to include the newly created API key.

B.

The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key

C.

The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D.

The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Full Access
Question # 28

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

Which solution will meet these requirements in the MOST operationally efficient way?

A.

Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments

B.

Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.

C.

Configure the environment variables in the application code Use different names for each environment type

D.

Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret

Full Access
Question # 29

A developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The developer needs to create/delete branches

Which specific IAM permissions need to be added based on the principle of least privilege?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 30

A developer needs to set up an API to provide access to an application and its resources. The developer has a TLS certificate. The developer must have the ability to change the default base URL of the API to a custom domain name. The API users are distributed globally. The solution must minimize API latency.

A.

Create an Amazon CloudFront distribution that uses an AWS Lambda@Edge function to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.

B.

Create an Amazon API Gateway REST API. Use the private endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.

C.

Create an Amazon API Gateway REST API. Use the edge-optimized endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.

D.

Create an Amazon CloudFront distribution that uses CloudFront Functions to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.

Full Access
Question # 31

A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.

The developer needs to implement a solution to support the following use cases:

For a given title and release year, get all details about the movie that has that title and release year.

For a given title, get all details about all movies that have that title.

For a given genre, get all details about all movies in that genre.

Which data store configuration will meet these requirements?

A.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

B.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

C.

On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

D.

On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

Full Access
Question # 32

A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards. Which caching strategy will meet these requirements?

A.

A read-through cache

B.

A write-behind cache

C.

A lazy-loading cache

D.

A write-through cache

Full Access
Question # 33

A company is developing a serverless application that requires storage of sensitive API keys as environment variables for various services. The application requires the automatic rotation of the encryption keys every year.

Which solution will meet these requirements with no development effort?

A.

Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager.

B.

Encrypt the environment variables by using AWS Key Management Service (AWS KMS) customer managed keys. Enable automatic key rotation.

C.

Encrypt the environment variables by using AWS Key Management Service (AWS KMS) AWS managed keys. Configure a custom AWS Lambda function to automate key rotation.

D.

Encrypt the environment variables by using AWS Systems Manager Parameter Store. Set up automatic rotation in Parameter Store.

Full Access
Question # 34

A company has a serverless application that uses Amazon API Gateway backed by AWS Lambda proxy integration. The company is developing several backend APIs. The company needs a landing page to provide an overview of navigation to the APIs.

A developer creates a new /LandingPage resource and a new GET method that uses mock integration.

What should the developer do next to meet these requirements?

A.

Configure the integration request mapping template with Content-Type of text/html and statusCode of 200. Configure the integration response mapping template with Content-Type of application/json. In the integration response mapping template, include the LandingPage HTML code that references the APIs.

B.

Configure the Integration request mapping template with Content-Type of application/json. In the integration request mapping template, include the LandingPage HMTL code that references the APIs. Configure the integration response mapping template with Content-Type of text/html and statusCode of 200.

C.

Configure the integration request mapping template with Content-Type of application/json and statusCode of 200. Configure the integration response mapping template with Content-Type of text/html. In the integration response mapping template, include the LandingPage HTML code that references the APIs.

D.

Configure the integration request mapping template with Content-Type of text/html. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content-Type of application/json and statusCode of 200.

Full Access
Question # 35

A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.

Which actions should the developer take to increase the processing speed? (Choose two.)

A.

Increase the number of shards of the Kinesis data stream.

B.

Decrease the timeout of the Lambda function.

C.

Increase the memory that is allocated to the Lambda function.

D.

Decrease the number of shards of the Kinesis data stream.

E.

Increase the timeout of the Lambda function.

Full Access
Question # 36

A company needs to harden its container images before the images are in a running state. The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that orchestrates a continuous integration and continuous delivery (CI/CD) workflow.

Dynamic application security testing occurs in the final stage of the pipeline after a new image is deployed to a development namespace in the EKS cluster. A developer needs to place an analysis stage before this deployment to analyze the container image earlier in the CI/CD pipeline.

Which solution will meet these requirements with the MOST operational efficiency?

A.

Build the container image and run the docker scan command locally. Mitigate any findings before pushing changes to the source code repository. Write a pre-commit hook that enforces the use of this workflow before commit.

B.

Create a new CodePipeline stage that occurs after the container image is built. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.

C.

Create a new CodePipeline stage that occurs after source code has been retrieved from its repository. Run a security scanner on the latest revision of the source code. Fail the pipeline if there are findings.

D.

Add an action to the deployment stage of the pipeline so that the action occurs before the deployment to the EKS cluster. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.

Full Access
Question # 37

A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.

A.

"Condition": { "ArnLike": { "aws

":"arn:aws:states:ap-south-1:111111111111:stateMachine

" } }

B.

"Condition": { "ArnLike": { "aws

":"arn:aws:states:ap-south-1:*:stateMachine

" } }

Full Access
Question # 38

A company is developing a serverless application by using AWS Lambda functions. One of the Lambda functions needs to access an Amazon RDS DB instance. The DB instance is in a private subnet inside a VPC.

The company creates a role that includes the necessary permissions to access the DB instance. The company then assigns the role to the Lambda function. A developer must take additional action to give the Lambda function access to the DB instance.

What should the developer do to meet these requirements?

A.

Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function.

B.

Set up an AWS Direct Connect connection between the Lambda function and the DB instance.

C.

Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance.

D.

Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

Full Access
Question # 39

A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company Limit the ability to download a premier content file in the S3 Bucket to paid subscribers only?

A.

Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B.

Generate a pre-signed object URL for the premier content file when a pad subscriber requests a download.

C.

Add a Docket policy that requires multi-factor authentication for request to access the S3 bucket objects.

D.

Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Full Access
Question # 40

A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda function is configured in VPC mode and needs to connect to an existing Amazon RDS for SOL Server DB instance. The DB instance is deployed in a private subnet and accepts connections by using port 1433.

When the developer tests the function, the function reports an error when it tries to connect to the database.

Which combination of steps should the developer take to diagnose this issue? (Select TWO.)

A.

Check that the function's security group has outbound access on port 1433 to the DB instance's security group. Check that the DB instance's security group has inbound access on port 1433 from the function's security group.

B.

Check that the function's security group has Inbound access on port 1433 from the DB Instance's security group. Check that the DB instance's security group has outbound access on port 1433 to the function's security group.

C.

Check that the VPC is set up for a NAT gateway. Check that the DB instance has the public access option turned on.

D.

Check that the function's execution role permissions include rds:DescribeDBInstances, rds: ModifyDB Instance, and rds:DescribeDBSecurityGroups for the DB instance.

E.

Check that the function's execution rote permissions include ec2: CreateNetworklnterface. ec2: DescribeNetworklnterfaces. and ec2: DeleteNetworklnterface.

Full Access
Question # 41

A developer at a company recently created a serverless application to process and show data from business reports. The application's user interface (UI) allows users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the UI.

The company's Ul team reports that the request to process a file is often returning timeout errors because of the see or complexity of the files. The Ul team wants the API to provide an immediate response so that the Ul can deploy a message while the files are being processed. The backend process that is invoked by the API needs to send an email message when the report processing is complete.

What should the developer do to configure the API to meet these requirements?

A.

Change the API Gateway route to add an X-Amz-Invocation-Type header win a sialic value of 'Event' in the integration request Deploy the API Gateway stage to apply the changes.

B.

Change the configuration of the Lambda function that implements the request to process a file. Configure the maximum age of the event so that the Lambda function will ion asynchronously.

C.

Change the API Gateway timeout value to match the Lambda function ominous value. Deploy the API Gateway stage to apply the changes.

D.

Change the API Gateway route to add an X-Amz-Target header with a static value of 'A sync' in the integration request Deploy me API Gateway stage to apply the changes.

Full Access
Question # 42

A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node is application. To minimize these bugs, the developer wants to impendent automated testing of Lambda functions in an environment that Closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (Ct/CO) pipeline before the AWS Cloud Development Kit (AWS COK) deployment.

Which solution will meet these requirements?

A.

Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response Document the test scripts for the other developers on the team Update the CI/CD pipeline to run the test scripts.

B.

Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda Documentation Invoke the handler function by using a unit testing framework. Check the response Document how to run the unit testing framework for the other developers on the team. Update the OCD pipeline to run the unit testing framework.

C.

Install the AWS Serverless Application Model (AWS SAW) CLI tool Use the Sam local generate-event command to generate sample events for me automated tests. Create automated test scripts that use the Sam local invoke command to invoke the Lambda functions. Check the response Document the test scripts tor the other developers on the team Update the CI/CD pipeline to run the test scripts.

D.

Create sample events based on the Lambda documentation. Create a Docker container from the Node is base image to invoke the Lambda functions. Check the response Document how to run the Docker container for the more developers on the team update the CI/CD pipeline to run the Docker container.

Full Access
Question # 43

A developer is creating an AWS Lambda function that consumes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue. The developer notices that the Lambda function processes some messages multiple times.

How should developer resolve this issue MOST cost-effectively?

A.

Change the Amazon SQS standard queue to an Amazon SQS FIFO queue by using the Amazon SQS message deduplication ID.

B.

Set up a dead-letter queue.

C.

Set the maximum concurrency limit of the AWS Lambda function to 1

D.

Change the message processing to use Amazon Kinesis Data Streams instead of Amazon SQS.

Full Access
Question # 44

When a developer tries to run an AWS Code Build project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters.

What is the recommended solution?

A.

Add the export LC-_ALL" on _ US, tuft" command to the pre _ build section to ensure POSIX Localization.

B.

Use Amazon Cognate to store key-value pairs for large numbers of environment variables

C.

Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables

D.

Use AWS Systems Manager Parameter Store to store large numbers ot environment variables

Full Access
Question # 45

A developer is writing an AWS Lambda function. The developer wants to log key events that occur while the Lambda function runs. The developer wants to include a unique identifier to associate the events with a specific function invocation. The developer adds the following code to the Lambda function:

Which solution will meet this requirement?

A.

Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to standard output.

B.

Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to a file.

C.

Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to standard output.

D.

Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to a file.

Full Access
Question # 46

A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.

How can a developer meet these requirements?

A.

Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.

B.

Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

C.

Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

D.

Create an 1AM user for each API user, attach an invoke permissions policy to the API. and use an I AM authorizer in API Gateway.

Full Access
Question # 47

A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3.000 MB file is uploaded, the Lambda function does not launch.

Which of the following Is a possible reason for the Lambda function's inability to launch?

A.

The S3 event notification does not activate for files that are larger than 1.000 MB.

B.

The resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3.

C.

Lambda functions cannot be invoked directly from an S3 event.

D.

The S3 bucket needs to be made public.

Full Access
Question # 48

A company is building an application to accept data from customers. The data must be encrypted at rest and in transit.

The application uses an Amazon API Gateway API that resolves to AWS Lambda functions. The Lambda functions store the data in an Amazon Aurora MySQL DB cluster. The application worked properly during testing.

A developer configured an Amazon CloudFront distribution with field-level encryption that uses an AWS Key Management Service (AWS KMS) key. After the configuration of the distribution, the application behaved unexpectedly. All the data in the database changed from plaintext to ciphertext.

The developer must ensure that the data is not stored in the database as the ciphertext from the CloudFront field-level encryption.

Which solution will meet this requirement?

A.

Change the CloudFront Viewer protocol policy from "HTTP and HTTPS" to "HTTPS only."

B.

Add a Lambda function that uses the KMS key to decrypt the data fields before saving the data to the database.

C.

Enable encryption on the DB cluster by using the same KMS key that is used in CloudFront.

D.

Request and deploy a new SSL certificate to use with the CloudFront distribution.

Full Access
Question # 49

An online food company provides an Amazon API Gateway HTTP API 1o receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table.

The company expects to onboard additional partners Some to me panthers require additional Lambda function to receive orders. The company has created an Amazon S3 bucket. The company needs 10 store all orders and updates m the S3 bucket for future analysis

How can the developer ensure that an orders and updates are stored to Amazon S3 with the LEAST development effort?

A.

Create a new Lambda function and a new API Gateway API endpoint. Configure the new Lambda function to write to the S3 bucket. Modify the original Lambda function to post updates to the new API endpoint.

B.

Use Amazon Kinesis Data Streams to create a new data stream. Modify the Lambda function to publish orders to the oats stream Configure in data stream to write to the S3 bucket.

C.

Enable DynamoDB Streams on me DynamoOB table. Create a new lambda function. Associate the stream's Amazon Resource Name (ARN) with the Lambda Function Configure the Lambda function to write to the S3 bucket as records appear in the table’s stream.

D.

Modify the Lambda function to punish to a new Amazon. Simple Lambda function receives orders. Subscribe a new Lambda function to the topic. Configure the new Lambda function to write to the S3 bucket as updates come through the topic.

Full Access
Question # 50

An online sales company is developing a serverless application that runs on AWS. The application uses an AWS Lambda function that calculates order success rates and stores the data in an Amazon DynamoDB table. A developer wants an efficient way to invoke the Lambda function every 15 minutes.

Which solution will meet this requirement with the LEAST development effort?

A.

Create an Amazon EventBridge rule that has a rate expression that will run the rule every 15 minutes. Add the Lambda function as the target of the EventBridge rule.

B.

Create an AWS Systems Manager document that has a script that will invoke the Lambda function on Amazon EC2. Use a Systems Manager Run Command task to run the shell script every 15 minutes.

C.

Create an AWS Step Functions state machine. Configure the state machine to invoke the Lambda function execution role at a specified interval by using a Wait state. Set the interval to 15 minutes.

D.

Provision a small Amazon EC2 instance. Set up a cron job that invokes the Lambda function every 15 minutes.

Full Access
Question # 51

A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container Service (Amazon ECS) During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, after 15 minutes elapse, the company must route all the remaining live traffic to the new version of the deployed application.

Which CodeDeploy predefined configuration will meet these requirements?

A.

CodeDeployDefault ECSCanary10Percent15Minutes

B.

CodeDeployDefault LambdaCanary10Percent5Minutes

C.

CodeDeployDefault LambdaCanary10Percent15Minutes

D.

CodeDeployDefault ECSLinear10PercentEvery1 Minutes

Full Access
Question # 52

A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.

How can the developer incorporate the list of approved instance types in the CloudFormation template?

A.

Create a separate CloudFormation template for each EC2 instance type in the list.

B.

In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.

C.

In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.

D.

In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

Full Access
Question # 53

A developer has written the following IAM policy to provide access to an Amazon S3 bucket:

Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?

A.

Access on all buckets except the “DOC-EXAMPLE-BUCKET” bucket

B.

Access on all buckets that start with “DOC-EXAMPLE-BUCKET” except the “DOC-EXAMPLE-BUCKET/secrets” bucket

C.

Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket along with access to all S3 actions for objects in the “DOC-EXAMPLE-BUCKET” bucket that start with “secrets”

D.

Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket except on objects that start with “secrets”

Full Access
Question # 54

A developer is creating an application that will be deployed on IoT devices. The application will send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign each API request a unique identifier. The volume of API requests from the application can randomly increase at any given time of day.

During periods of request throttling, the application might need to retry requests. The API must be able to handle duplicate requests without inconsistencies or data loss.

Which solution will meet these requirements?

A.

Create an Amazon RDS for MySQL DB instance. Store the unique identifier for each request in a database table. Modify the Lambda function to check the table for the identifier before processing the request.

B.

Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to check the table for the identifier before processing the request.

C.

Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to return a client error response when the function receives a duplicate request.

D.

Create an Amazon ElastiCache for Memcached instance. Store the unique identifier for each request in the cache. Modify the Lambda function to check the cache for the identifier before processing the request.

Full Access
Question # 55

A developer is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.

How should the developer manage the deployment of the new version?

A.

Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

B.

Deploy the new version in a new CloudFormation stack. After testing is complete, update the application's DNS records for the new stack.

C.

Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.

D.

Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

Full Access
Question # 56

A developer runs an application that displays scores for sports games on Amazon EC2 instances. The application uses a Redis client to retrieve the scores from an Amazon ElastiCache (Redis OSS) cluster.

The developer observes increased latency during operations on the cache because of connection failures to the cluster. The developer needs to resolve the latency issues.

A.

Configure the Redis client to use an exponential backoff retry strategy to establish cache connections.

B.

Store the scores in the application's memory. Perform bulk set operations on the scores that are stored in memory.

C.

Configure the Redis client in the application to persist connections to the cluster by implementing a connection pool.

D.

Deploy more nodes in the ElastiCache cluster. Update the Redis client to discover the new nodes.

Full Access
Question # 57

An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The app cation calls the DynamoDB REST API Periodically the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table.

Which solutions will mitigate this error MOST cost-effectively^ (Select TWO)

A.

Modify the application code to perform exponential back off when the error is received.

B.

Modify the application to use the AWS SDKs for DynamoDB.

C.

Increase the read and write throughput of the DynamoDB table.

D.

Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.

E.

Create a second DynamoDB table Distribute the reads and writes between the two tables.

Full Access
Question # 58

A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.

Which solution will meet these requirements?

A.

Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

B.

Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

C.

Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

D.

Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

Full Access
Question # 59

A company is building a content authoring application. The application has multiple user groups, such as content creator, reviewer, approver, and administrator. The company needs to assign users fine-grained permissions for specific parts of the application.

The company needs a solution to configure, maintain, and analyze user permissions. The company wants a solution that can be easily adapted to work with newer applications in the future. The company must use a third-party OpenID Connect (OIDC) identity provider (IdP) to authenticate users.

A.

Configure an Amazon Cognito identity pool for the application. Use the identity pool identities within the application to manage user permissions.

B.

Configure the application to check user permissions upon request. Configure the application logic to manage user permissions.

C.

Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions.

D.

Set up an IAM role for each user group. Assign users appropriate IAM roles. Configure the application to determine appropriate permissions for each user based on the user's IAM role.

Full Access
Question # 60

A developer is creating an application that must be able to generate API responses without backend integrations. Multiple internal teams need to work with the API while the application is still in development.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Create an Amazon API Gateway REST API. Set up a proxy resource that has the HTTP proxy integration type.

B.

Create an Amazon API Gateway HTTP API. Provision a VPC link, and set up a private integration on the API to connect to a VPC.

C.

Create an Amazon API Gateway HTTP API. Enable mock integration on the method of the API resource.

D.

Create an Amazon API Gateway REST API. Enable mock integration on the method of the API resource.

Full Access
Question # 61

A developer is updating an Amazon API Gateway REST API to have a mock endpoint. The developer wants to update the integration request mapping template so the endpoint will respond to mock integration requests with specific HTTP status codes based on various conditions.

A.

{ if( $input.params(‘integration’) == "mock" ) "statusCode": 404 else "statusCode": 500 end }

B.

{ if( $input.params('scope') == "internal" ) "statusCode": 200 else "statusCode": 500 end }

C.

{ if( $input.path("integration") ) "statusCode": 200 else "statusCode":404 end }

D.

{ if( $context.integration.status ) "statusCode": 200 else "statusCode": 500 end }

Full Access
Question # 62

A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created. However, the function fails when it attempts to write to the DynamoDB table.

What is the MOST likely cause of this issue?

A.

The Lambda function's concurrency limit has been exceeded.

B.

DynamoDB table requires a global secondary index (GSI) to support writes.

C.

The Lambda function does not have IAM permissions to write to DynamoDB.

D.

The DynamoDB table is not running in the same Availability Zone as the Lambda function.

Full Access
Question # 63

A company notices that credentials that the company uses to connect to an external software as a service (SaaS) vendor are stored in a configuration file as plaintext.

The developer needs to secure the API credentials and enforce automatic credentials rotation on a quarterly basis.

Which solution will meet these requirements MOST securely?

A.

Use AWS Key Management Service (AWS KMS) to encrypt the configuration file. Decrypt the configuration file when users make API calls to the SaaS vendor. Enable rotation.

B.

Retrieve temporary credentials from AWS Security Token Service (AWS STS) every 15 minutes. Use the temporary credentials when users make API calls to the SaaS vendor.

C.

Store the credentials in AWS Secrets Manager and enable rotation. Configure the API to have Secrets Manager access.

D.

Store the credentials in AWS Systems Manager Parameter Store and enable rotation. Retrieve the credentials when users make API calls to the SaaS vendor.

Full Access
Question # 64

A company wants to automate part of its deployment process. A developer needs to automate the process of checking for and deleting unused resources that supported previously deployed stacks but that are no longer used.

The company has a central application that uses the AWS Cloud Development Kit (AWS CDK) to manage all deployment stacks. The stacks are spread out across multiple accounts. The developer’s solution must integrate as seamlessly as possible within the current deployment process.

Which solution will meet these requirements with the LEAST amount of configuration?

A.

In the central AWS CDK application, write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CloudPormation template from a JSON file. Use the template to attach the function code to an AWS Lambda function and lo invoke the Lambda function when the deployment slack runs.

B.

In the central AWS CDK application. write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CDK custom resource Use the custom resource to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.

C.

In the central AWS CDK, write a handler function m the code that uses AWS SDK calls to check for and delete unused resources. Create an API in AWS Amplify Use the API to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.

D.

In the AWS Lambda console write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CDK custom resource. Use the custom resource to import the Lambda function into the stack and to Invoke the Lambda function when the deployment stack runs.

Full Access
Question # 65

A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads. The company wants to refactor the code to achieve optimum read performance for queries.

Which solution will meet this requirement with LEAST current and future effort?

A.

Use a multi-AZ Amazon RDS deployment. Increase the number of connections that the code makes to the database or increase the connection pool size if a connection pool is in use.

B.

Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access the secondary RDS instance.

C.

Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

D.

Use open source replication software to create a copy of the MySQL database on an Amazon EC2 instance. Modify the application code so that queries use the IP address of the EC2 instance.

Full Access
Question # 66

A developer migrated a legacy application to an AWS Lambda function. The function uses a third-party service to pull data with a series of API calls at the end of each month. The function than processes the data to generate the monthly reports. The function has Been working with no issues so far.

The third-party service recently issued a restriction to allow a feed number to API calls each minute and each day. If the API calls exceed the limit tor each minute or each day, then the service will produce errors. The API also provides the minute limit and daily limit in the response header. This restriction might extend the overall process to multiple days because the process is consuming more API calls than the available limit.

What is the MOST operationally efficient way to refactor the server less application to accommodate this change?

A.

Use an AWS Step Functions State machine to monitor API failures. Use the Wait state to delay calling the Lambda function.

B.

Use an Amazon Simple Queue Service (Amazon SQS) queue to hold the API calls. Configure the Lambda function to poll the queue within the API threshold limits.

C.

Use an Amazon CloudWatch Logs metric to count the number of API calls. Configure an Amazon CloudWatch alarm flat slops the currently running instance of the Lambda function when the metric exceeds the API threshold limits.

D.

Use Amazon Kinesis Data Firehose to batch me API calls and deliver them to an Amazon S3 bucket win an event notification to invoke the Lambda function.

Full Access
Question # 67

A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses 1AM permissions to restrict access to the S3 bucket. The customers can access only their own files.

Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.

Which solution will meet these requirements?

A.

Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false.

B.

Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read.

C.

Add an 1AM policy to the 1AM users to enforce the usage of the AWS SDK.

D.

Add an 1AM policy to the 1AM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read.

Full Access
Question # 68

A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated.

Which solution will meet these requirements?

A.

Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.

B.

Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.

C.

Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.

D.

Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.

Full Access
Question # 69

A developer wants to deploy a new version of an AWS Elastic Beanstalk application. During deployment the application must maintain full capacity and avoid service interruption. Additionally, the developer must minimize the cost of additional resources that support the deployment.

Which deployment method should the developer use to meet these requirements?

A.

All at once

B.

Rolling with additional batch

C.

Bluegreen

D.

Immutable

Full Access
Question # 70

A company deploys a new application to AWS. The company is streaming application logs to Amazon CloudWatch Logs. The company's development team must receive notification by email when the word "ERROR" appears in any log lines. A developer sets up an Amazon SNS topic and subscribes the development team to the topic.

What should the developer do next to meet the requirements?

A.

Select the appropriate log group. Create a CloudWatch metric filter with "ERROR" as the search term. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher.

B.

In CloudWatch Logs Insights, select the appropriate log group. Create a metric query to search for the term "ERROR" in the logs. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher.

C.

Select the appropriate log group. Create an SNS subscription filter with "ERROR" as the filter pattern. Select the SNS topic as the destination.

D.

Create a CloudWatch alarm that includes "ERROR" as a filter pattern, a log group dimension that defines the appropriate log group, and a destination that notifies the SNS topic.

Full Access
Question # 71

A developer received the following error message during an AWS CloudFormation deployment:

Which action should the developer take to resolve this error?

A.

Contact AWS Support to report an issue with the Auto Scaling Groups (ASG> service.

B.

Add a DependsOn attribute to the ASGInstanceRole12345678 resource in the CloudFormation template. Then delete the stack.

C.

Modify the CloudFormation template to retain the ASGInstanceRolet 2345678 resource. Then manually delete the resource after deployment.

D.

Add a force parameter when calling CloudFormation with the role-am of ASGInstanceRole12345678.

Full Access
Question # 72

A company has a serverless application that uses an Amazon API Gateway API to invoke an AWS Lambda function. A developer creates a fix for a defect in the Lambda function code. The developer wants to deploy this fix to the production environment. To test the changes, the developer needs to send 10% of the live production traffic to the updated Lambda function version.

Options:

A.

A. Publish a new version of the Lambda function that contains the updated code.

B.

B. Set up a new stage in API Gateway with a new Lambda function version. Enable weighted routing in API Gateway stages.

C.

C. Create an alias for the Lambda function. Configure weighted routing on the alias. Specify a 10% weight for the new Lambda function version.

D.

D. Set up a routing policy on a Network Load Balancer. Configure 10% of the traffic to go to the new Lambda function version.

E.

E. Set up a weighted routing policy by using Amazon Route 53. Configure 10% of the traffic to go to the new Lambda function version.

Full Access
Question # 73

A company has an application that is deployed on AWS Elastic Beanstalk. The application generates user-specific PDFs and stores the PDFs in an Amazon S3 bucket. The application then uses Amazon Simple Email Service (Amazon SES) to send the PDFs by email to subscribers.

Users no longer access the PDFs 90 days after the PDFs are generated. The S3 bucket is not versioned and contains many obsolete PDFs.

A developer must reduce the number of files in the S3 bucket by removing PDFs that are older than 90 days.

Which solution will meet this requirement with the LEAST development effort?

A.

Update the application code. In the code, add a rule to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

B.

Create an AWS Lambda function. Program the Lambda function to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

C.

Create an S3 Lifecycle rule for the S3 bucket to expire objects after 90 days.

D.

Partition the S3 objects with a // key prefix. Create an AWS Lambda function to remove objects that have prefixes that have reached the expiration date.

Full Access
Question # 74

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.

What is the MOST operationally efficient solution that meets this requirement?

A.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D.

Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Full Access
Question # 75

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.

Which AWS service or tool should the developer use to define serverless resources in YAML?

A.

CloudFormation serverless intrinsic functions

B.

AWS Elastic Beanstalk

C.

AWS Serverless Application Model (AWS SAM)

D.

AWS Cloud Development Kit (AWS CDK)

Full Access
Question # 76

A developer is building an application that uses an Amazon RDS for PostgreSQL database. To meet security requirements, the developer needs to ensure that data is encrypted at rest. The developer must be able to rotate the encryption keys on demand.

A.

Use an AWS KMS managed encryption key to encrypt the database.

B.

Create a symmetric customer managed AWS KMS key. Use the key to encrypt the database.

C.

Create a 256-bit AES-GCM encryption key. Store the key in AWS Secrets Manager, and enable managed rotation. Use the key to encrypt the database.

D.

Create a 256-bit AES-GCM encryption key. Store the key in AWS Secrets Manager. Configure an AWS Lambda function to perform key rotation. Use the key to encrypt the database.

Full Access
Question # 77

A company requires that all applications running on Amazon EC2 use 1AM roles to gam access to AWS services. A developer is modifying an application that currently relies on 1AM user access keys stored in environment variables to access Amazon DynamoDB tables using boto, the AWS SDK for Python.

The developer associated a role with the same permissions as the 1AM user to the EC2 instance, then deleted the 1AM user. When the application was restarted, the AWS

Access Denied Exception messages started appearing in the application logs. The developer was able to use their personal account on the server to run DynamoDB API commands using the AWS CLI.

What is the MOST likely cause of the exception?

A.

1AM policies might take a few minutes to propagate to resources.

B.

Disabled environment variable credentials are still being used by the application.

C.

The AWS SDK does not support credentials obtained using an instance role.

D.

The instance's security group does not allow access to http://169.254.169.254.

Full Access
Question # 78

A developer has created an AWS Lambda function that makes queries to an Amazon Aurora MySQL DB instance. When the developer performs a test the OB instance shows an error for too many connections.

Which solution will meet these requirements with the LEAST operational effort?

A.

Create a read replica for the DB instance Query the replica DB instance instead of the primary DB instance.

B.

Migrate the data lo an Amazon DynamoDB database.

C.

Configure the Amazon Aurora MySQL DB instance tor Multi-AZ deployment.

D.

Create a proxy in Amazon RDS Proxy Query the proxy instead of the DB instance.

Full Access
Question # 79

A developer is incorporating AWS X-Ray into an application that handles personal identifiable information (PII). The application is hosted on Amazon EC2 instances. The application trace messages include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes outside of the EC2 instances.

Which solution will meet these requirements?

A.

Manually instrument the X-Ray SDK in the application code.

B.

Use the X-Ray auto-instrumentation agent.

C.

Use Amazon Macie to detect and hide PII. Call the X-Ray API from AWS Lambda.

D.

Use AWS Distro for Open Telemetry.

Full Access
Question # 80

A developer previously deployed an AWS Lambda function as a .zip package. The developer needs to deploy the Lambda function as a container.

A.

Create an Amazon ECR repository in the same AWS Region as the Lambda function. Package the Lambda function into a container image. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function configuration to specify the repository URI and container image tag.

B.

Create an AWS SAM template that defines the Lambda function and its resources as code. Include a container image in the template, and store the container image in an Amazon S3 bucket. Deploy the AWS SAM template. Specify the S3 bucket URI.

C.

Create an AWS CloudFormation template that defines the Lambda function and its resources as code. Include a container image in the template, and store the image in an Amazon S3 bucket. Deploy the CloudFormation template. Specify the S3 bucket URI.

D.

Create an Amazon ECR repository in the same AWS Region as the Lambda function. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function to use the new image by specifying the repository URI.

Full Access
Question # 81

An application stores user data in Amazon S3 buckets in multiple AWS Regions. A developer needs to implement a solution that analyzes the user data in the S3 buckets to find sensitive information. The analysis findings from all the S3 buckets must be available in the eu-west-2 Region.

Which solution will meet these requirements with the LEAST development effort?

A.

Create an AWS Lambda function to generate findings. Program the Lambda function to send the findings to another S3 bucket in eu-west-2.

B.

Configure Amazon Made to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.

C.

Configure Amazon Inspector to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.

D.

Configure Amazon Macie to generate findings and to publish the findings to AWS CloudTrail. Use a CloudTrail trail to copy the results to eu-west-2.

Full Access
Question # 82

A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket.

Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)

A.

Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances

B.

Create an 1AM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances

C.

Modify the application to use the S3 GeneratePresignedUrl API call

D.

Modify the application to use the S3 GetObject API call and to return the object handle to the user

E.

Modify the application to delegate requests to the S3 bucket.

Full Access
Question # 83

A developer needs to write an AWS CloudFormation template on a local machine and deploy a CloudFormation stack to AWS.

What must the developer do to complete these tasks?

A.

Install the AWS CLI. Configure the AWS CLI by using an I AM user name and password.

B.

Install the AWS CLI. Configure the AWS CLI by using an SSH key.

C.

Install the AWS CLI. Configure the AWS CLI by using an 1AM user access key and secret key.

D.

Install an AWS software development kit (SDK). Configure the SDK by using an X.509 certificate.

Full Access
Question # 84

A company is preparing to migrate an application to the company's first AWS environment Before this migration, a developer is creating a proof-of-concept application to validate a model for building and deploying container-based applications on AWS.

Which combination of steps should the developer take to deploy the containerized proof-of-concept application with the LEAST operational effort? (Select TWO.)

A.

Package the application into a zip file by using a command line tool Upload the package to Amazon S3

B.

Package the application into a container image by using the Docker CLI. Upload the image to Amazon Elastic Container Registry (Amazon ECR)

C.

Deploy the application to an Amazon EC2 instance by using AWS CodeDeploy.

D.

Deploy the application to Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate

E.

Deploy the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate

Full Access
Question # 85

A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources.

A.

Use an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to an unauthenticated role that has access to the required resources.

B.

Set up an IAM user that has permissions to the required resources. Hardcode the IAM credentials in the web and mobile application.

C.

Generate temporary keys that are stored in AWS KMS. Use the temporary keys to access the required resources.

D.

Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use the temporary credentials to access the required resources.

Full Access
Question # 86

A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud based applications has hundreds of AWS Lambda functions that pull date from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambdas deployment bundle.

After 3 months of development the root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing and production environment. Each environment is managed in a separate AWS account.

When combination of steps Would the developer take to meet these environments MOST cost-effectively? (Select TWO)

A.

Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret

B.

Store the Root CA Cert as a Secure Sting parameter in aws Systems Manager Parameter Store Create a resource-based policy. Add IAM users to allow access to the policy.

C.

Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy to allow access to the bucket.

D.

Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location. Modify the runtime trust store inside the Lambda function handler.

E.

Refactor the Lambda code to load the Root CA Cert from the Root CA Cert's location. Modify the runtime trust store outside the Lambda function handler.

Full Access
Question # 87

A developer is working on a web application that uses Amazon DynamoDB as its data store The application has two DynamoDB tables one table that is named artists and one table that is named songs The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key

The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance.

Which solution will meet these requirements'?

A.

Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.

B.

Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table

C.

Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.

D.

Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.

Full Access
Question # 88

A developer is creating an application that uses an AWS Lambda function to transform and load data from an Amazon S3 bucket. When the developer tests the application, the developer finds that some invocations of the Lambda function are slower than others.

The developer needs to update the Lambda function to have predictable invocation durations that run with low latency. Any initialization activities, such as loading libraries and instantiating clients, must run during allocation time rather than during actual function invocations.

Which combination of steps will meet these requirements? (Select TWO.)

A.

Create a schedule group in Amazon EventBridge Scheduler to invoke the Lambda function.

B.

Configure provisioned concurrency for the Lambda function to have the necessary number of execution environments.

C.

Use the SLATEST version of the Lambda function.

D.

Configure reserved concurrency for the Lambda function to have the necessary number of execution environments.

E.

Deploy changes, and publish a new version of the Lambda function.

Full Access
Question # 89

A developer has an application that is composed of many different AWS Lambda functions. The Lambda functions all use some of the same dependencies. To avoid security issues the developer is constantly updating the dependencies of all of the Lambda functions. The result is duplicated effort to reach function.

How can the developer keep the dependencies of the Lambda functions up to date with the LEAST additional complexity?

A.

Define a maintenance window for the Lambda functions to ensure that the functions get updated copies of the dependencies.

B.

Upgrade the Lambda functions to the most recent runtime version.

C.

Define a Lambda layer that contains all of the shared dependencies.

D.

Use an AWS CodeCommit repository to host the dependencies in a centralized location.

Full Access
Question # 90

A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.

Which set of steps would be necessary to achieve this?

A.

Create an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB.

B.

Configure an S3 event to invoke an AWS Lambda function that inserts records into DynamoDB.

C.

Create an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.

D.

Create a cron job that will run at a scheduled time and insert the records into DynamoDB.

Full Access
Question # 91

A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI) The company uses AWS CloudFormation to provision the application The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region

An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational overhead

Which solution meets these requirements?

A.

Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AMI. Relaunch the stack for both Regions.

B.

Copy the custom AMI from us-east-1 to us-west-1. Update the AWS CloudFormation template for us-west-1 to refer to AMI ID for the copied AMI Relaunch the stack

C.

Build the custom AMI in us-west-1 Create a new AWS CloudFormation template to launch the stack in us-west-1 with the new AMI ID

D.

Manually deploy the application outside AWS CloudFormation in us-west-1.

Full Access
Question # 92

A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI and Amazon Cognito authentication.

The developer has a new version of the API that contains new endpoints and backward-incompatible interface changes. The developer needs to provide beta access to other developers on the team without affecting customers.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Define a development stage on the API Gateway API. Instruct the other developers to point the endpoints to the development stage.

B.

Define a new API Gateway API that points to the new API application code. Instruct the other developers to point the endpoints to the new API.

C.

Implement a query parameter in the API application code that determines which code version to call.

D.

Specify new API Gateway endpoints for the API endpoints that the developer wants to add.

Full Access
Question # 93

A developer is using AWS Step Functions to automate a workflow The workflow defines each step as an AWS Lambda function task The developer notices that runs of the Step Functions state machine fail in the GetResource task with either an UlegalArgumentException error or a TooManyRequestsException error

The developer wants the state machine to stop running when the state machine encounters an UlegalArgumentException error. The state machine needs to retry the GetResource task one additional time after 10 seconds if the state machine encounters a TooManyRequestsException error. If the second attempt fails, the developer wants the state machine to stop running.

How can the developer implement the Lambda retry functionality without adding unnecessary complexity to the state machine'?

A.

Add a Delay task after the GetResource task. Add a catcher to the GetResource task. Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be the Delay task Configure the Delay task to wait for an interval of 10 seconds Configure the next step to be the GetResource task.

B.

Add a catcher to the GetResource task Configure the catcher with an error type of TooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of 1. Configure the next step to be the GetResource task.

C.

Add a retrier to the GetResource task Configure the retrier with an error type of TooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of 1.

D.

Duplicate the GetResource task Rename the new GetResource task to TryAgain Add a catcher to the original GetResource task Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be TryAgain.

Full Access
Question # 94

A developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment. How can the developer achieve this with MINIMAL impact on users?

A.

Change the application to use an alias that points to the current version. Deploy the new version of the code Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version.

B.

Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version

C.

Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN).

D.

Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.

Full Access
Question # 95

A developer is building an ecommerce application that uses multiple AWS Lambda functions. Each function performs a specific step in a customer order workflow, such as order processing and inventory management.

The developer must ensure that the Lambda functions run in a specific order.

Which solution will meet this requirement with the LEAST operational overhead?

A.

Configure an Amazon Simple Queue Service (Amazon SQS) queue to contain messages about each step a function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue.

B.

Configure an Amazon Simple Notification Service (Amazon SNS) topic to contain notifications about each step a function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step each function must perform.

C.

Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order.

D.

Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order.

Full Access
Question # 96

A company is developing an ecommerce application that uses Amazon API Gateway APIs. The application uses AWS Lambda as a backend. The company needs to test the code in a dedicated, monitored test environment before the company releases the code to the production environment.

When solution will meet these requirements?

A.

Use a single stage in API Gateway. Create a Lambda function for each environment. Configure API clients to send a query parameter that indicates the endowment and the specific lambda function.

B.

Use multiple stages in API Gateway. Create a single Lambda function for all environments. Add different code blocks for different environments in the Lambda function based on Lambda environments variables.

C.

Use multiple stages in API Gateway. Create a Lambda function for each environment. Configure API Gateway stage variables to route traffic to the Lambda function in different environments.

D.

Use a single stage in API Gateway. Configure a API client to send a query parameter that indicated the environment. Add different code blocks tor afferent environments in the Lambda Junction to match the value of the query parameter.

Full Access
Question # 97

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

A.

Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B.

Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C.

Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D.

Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Full Access
Question # 98

A company's developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values

When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.

Which solution will meet these requirements with the LEAST development effort?

A.

Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.

B.

Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table

C.

Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table

D.

Modify the CloudFormation stack policy to deny updates on Parameter Store parameters

Full Access
Question # 99

A developer is creating an AWS Lambda function that searches for items from an Amazon DynamoDB table that contains customer contact information- The DynamoDB table items have the customer's email_address as the partition key and additional properties such as customer_type, name, and job_tltle.

The Lambda function runs whenever a user types a new character into the customer_type text input The developer wants the search to return partial matches of all the email_address property of a particular customer_type The developer does not want to recreate the DynamoDB table.

What should the developer do to meet these requirements?

A.

Add a global secondary index (GSI) to the DynamoDB table with customer_type as the partition key and email_address as the sort key Perform a query operation on the GSI by using the begvns_wth key condition expression With the emad_address property

B.

Add a global secondary index (GSI) to the DynamoDB table With ernail_address as the partition key and customer_type as the sort key Perform a query operation on the GSI by using the begins_wtth key condition expression With the emal_address property.

C.

Add a local secondary index (LSI) to the DynamoDB table With customer_type as the partition key and email_address as the sort key Perform a query operation on the LSI by using the begins_wlth key condition expression With the email_address property

D.

Add a local secondary Index (LSI) to the DynamoDB table With job_tltle as the partition key and emad_address as the sort key Perform a query operation on the LSI by using the begins_wrth key condition expression With the email_address property

Full Access