Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONTEST A

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
TEST A

Description:
TEST A

Author:
JDT
(Other tests from this author)

Creation Date:
10/05/2022

Category:
Others

Number of questions: 439
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
When launching containers in Amazon ECS, where may PortMapping be defined? Security groups Amazon Elastic Container Registry (Amazon ECR) Container agent Task definition.
How should access keys be handled in AWS according to best practices? (Select two.) Use the same access key in all applications for consistency. Delete all access keys for the account root user. Leave unused access keys in the account for tracking purposes. Embed and encrypt access keys in code for continuous deployment. Use Amazon IAM roles instead of access keys where possible.
What is the run order of the hooks for in-place deployments in an AWS CodeDeploy deployment? Before Install -> Application Stop -> Application Start -> After Install Application Stop -> Before Install -> After Install -> Application Start Before Install -> Application Stop -> Validate Service -> Application Start Application Stop -> Before Install -> Validate Service -> Application Start.
Data is read from an Amazon DynamoDB database by an application. The program gets several ProvisionedThroughputExceeded errors many times a day for a duration of 15 seconds. What should be done with this exception? Create a new global secondary index for the table to help with the additional requests. Retry the failed read requests with exponential backoff. Immediately retry the failed read requests. Use the DynamoDB ג€UpdateItemג€ API to increase the provisioned throughput capacity of the table.
All data in transit between an EC2 instance and an Amazon EBS volume must be secured for a physician's office management application. Which one of the following strategies satisfies this criterion? (Select two.) Create encrypted snapshots into Amazon S3. Use Amazon RDS with encryption. Use IAM roles to limit access to the Amazon EBS volume. Enable EBS encryption. Leverage OS-level encryption.
What section of the document root must be included in an AWS CloudFormation template to include objects specified by the AWS Serverless Application Model (SAM) in addition to Resources? Conditions Globals Transform Properties.
A developer recognizes the need for centralized storage of application-level logs while designing an application that runs on Amazon EC2 in an Amazon VPC. Which AWS service can be utilized to store these logs securely? Amazon EC2 VPC Flow Logs Amazon CloudWatch Logs Amazon CloudSearch AWS CloudTrail.
What are the requirements for configuring container instances in an AWS Elastic Beanstalk multi-container Docker environment? An Amazon ECS task definition An Amazon ECS cluster A Dockerfile in an application package A CLI for Elastic Beanstalk.
A developer must install a serverless RESTful API on AWS regularly and consistently. Which strategies will be effective? (Select two.) Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file. Deploy a SAM template with an inline Swagger definition. Define a Swagger file. Deploy a SAM template that references the Swagger file. Define an inline Swagger definition in a Lambda function. Invoke the Lambda function.
Amazon Kinesis is used to load data into a stock market monitoring application. The Kinesis stream cannot keep up with the incoming data during simulated peak data rates testing. What step will enable Kinesis to handle peak-hour traffic? Install the Kinesis Producer Library (KPL) for ingesting data into the stream. Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod. Increase the shard count of the stream using UpdateShardCount. Ingest multiple records into the stream in a single call using PutRecords.
AWS services must be accessed and API calls must be made by an application running on an Amazon EC2 instance. What is the SAFEST approach to grant access to AWS services with the least amount of administration overhead? Use AWS KMS to store and retrieve credentials. Use EC2 instance profiles. Use AWS root user to make requests to the application. Store and retrieve credentials from AWS CodeCommit.
With production-distributed applications created as AWS Lambda functions, a developer must investigate performance issues. Other components of the applications are invoked by these distributed Lambda applications. What is the best way for a developer to discover and resolve the root cause of production performance issues? Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs. Use AWS CloudTrail and then examine the logs. Use AWS X-Ray, then examine the segments and errors. Run Amazon Inspector agents and then analyze performance.
What is the advantage of instantiating AWS clients outside the scope of the handler when constructing a Lambda function? Legibility and stylistic convention Taking advantage of connection re-use Better error handling Creating a new instance per invocation.
Thousands of sensitive audio and video data must be stored in an Amazon S3 bucket. All data written to this bucket must be encrypted according to organizational security rules. How can this policy's compliance be ensured? Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.
Before code is released into the production environment, the release process workflow of an application needs human review. What is the MOST EFFECTIVE method to do this using AWS CodePipeline? Use multiple pipelines to allow approval Use an approval action in a stage Disable the stage transition to allow manual approval Disable a stage just prior the deployment stage.
hen attempting to start or stop an Amazon EC2 instance using a boto3 script, the developer gets the following error message. boto.exception.BotoServerError:BotoServerError:503 Service Unavailable <?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>RequestLimitExceeded</Code> <Message>Request limit exceede. </Message></Error></Errors><RequestID>bfddec84-53b3-4701-b728-dceefb696ced</RequestID> </Response> What is the developer's responsibility in resolving this error message? Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of the client. Implement an exponential backoff algorithm for optimizing the number of API requests made to Amazon EC2. Increase the overall network bandwidth to handle higher API request rates. Upgrade to the latest AWS CLI version so that boto3 can handle higher request rates.
On an EC2 instance, an application is executing. The developer wishes to keep a statistic about his program in Amazon CloudWatch. How should this requirement be implemented optimally? Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to CloudWatch. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.
What are the best practices for using bespoke libraries in AWS Lambda? Host the library on Amazon S3 and reference to it from the Lambda function. Install the library locally and upload a ZIP file of the Lambda function. Import the necessary Lambda blueprint when creating the function. Modify the function runtime to include the necessary library.
The application components of a big firm are scattered across several AWS accounts. The organization must gather and display account-level trace data. What materials should be utilized to achieve these specifications? AWS X-Ray Amazon CloudWatch Amazon VPC flow logs Amazon Elasticsearch Service.
Amazon DynamoDB is used by an application that is deployed on Amazon EC2. The program makes a REST API request to DynamoDB. Periodically, when the application writes to a DynamoDB table, it gets a ProvisionedThroughputExceededException error. Which solutions will most effectively prevent this error? (Select two.) Modify the application code to perform exponential backoff when the error is received. Modify the application to use the AWS SDKs for DynamoDB. Increase the read and write throughput of the DynamoDB table. Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table. E. Create a second DynamoDB table. Distribute the reads and writes between two tables.
Amazon DynamoDB is used by a corporation to manage and track orders. The order date is used to split the DynamoDB table. During a sales event, the company receives a large spike in orders, forcing DynamoDB writes to choke, and the used throughput is considerably lower than the permitted throughput. How can this issue be rectified with MINIMAL expenses, according to AWS best practices? Create a new DynamoDB table for every order date. Increase the read and write capacity units of the DynamoDB table. Add a random number suffix to the partition key values. Add a global secondary index to the DynamoDB table.
An Amazon S3 bucket is used to host a static website. JavaScript is used on many HTML pages on the site to retrieve photos from another Amazon S3 bucket. When people explore the site, certain photos are not shown. What may be the underlying source of the problem? The referenced Amazon S3 bucket is in another region. The images must be stored in the same Amazon S3 bucket. Port 80 must be opened on the security group in which the Amazon S3 bucket is located. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.
Amazon Elastic Container Service is used to deploy a microservices application across several containers (Amazon ECS). A developer want to collect trace information across microservices and view the microservices architecture in order to optimize performance. Which solution will satisfy these criteria? Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the microservices. Install the AWS X-Ray daemon on each of the ECS instances. Configure AWS CloudTrail data events to capture the traffic between the microservices.
Each hour, a business must consume terabytes of data from hundreds of sources, which arrive practically continuously throughout the day. The quantity of texts produced changes during the day. For fraud detection and live operating dashboards, messages must be sent in real time. Which strategy will satisfy these criteria? Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift Use AWS Data Pipeline to automate the movement and transformation of data Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages.
A business processes papers that arrive through an Amazon S3 bucket. Through a web user interface, users may upload documents to an S3 bucket. When files are received in S3, an AWS Lambda function is executed to handle them, however the Lambda function periodically times out. What happens to the S3 event if the Lambda function is setup with the default settings? Notification of a failed S3 event is send as an email through Amazon SNS. The S3 event is sent to the default Dead Letter Queue. The S3 event is processed until it is successful. The S3 event is discarded after the event is retried twice.
On AWS Elastic Beanstalk, a gaming firm has created a web portal. Occasionally, the organization must deliver new versions three or four times every day. The organization must rapidly roll out new features to all users. The solution's performance effect must be kept to a minimum and its availability must be maximized. Which solution will satisfy these criteria? Use a rolling deployment policy to deploy to Amazon EC2 instances. Use an immutable deployment policy to deploy to Amazon EC2 instances. Use an all-at-once deployment policy to deploy to Amazon EC2 instances. Use a canary deployment strategy to deploy changes to Amazon EC2 instances.
A considerable amount of read capacity is being used by queries to an Amazon DynamoDB database. There are a high number of huge characteristics in the table. The program does not need the whole set of attribute data. How may DynamoDB expenses be lowered while application performance be maximized? Batch all the writes, and perform the write operations when no or few reads are being performed. Create a global secondary index with a minimum set of projected attributes. Implement exponential backoffs in the application. Load balance the reads to the table using an Application Load Balancer.
Data is stored in an S3 bucket by an application operating on EC2 instances. All data must be encrypted in transit, according to security rules. How can the developer encrypt all traffic to the S3 bucket? Install certificates on the EC2 instances. Create a bucket policy that allows traffic where SecureTransport is true. Create an HTTPS redirect on the EC2 instances. Create a bucket policy that denies traffic where SecureTransport is false.
A corporation is employing an Amazon CloudFront distribution to provide private media content from Amazon S3. A developer must use the signed URL to encrypt the media content. What should the developer do to comply with this stipulation? Use an access Key and a secret access key to generate an S3 presigned URL. Replace the S3 hostname with a CloudFront distribution name in the URL. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a public key and key ID to sign the CloudFront URL. Create an SSH-2 DSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key ID to sign the CloudFront URL. Create an SSH-2 RSA key pair. Upload the public key to CloudFront, and assign the public key to a trusted signer. Use a private key and key ID to sign the CloudFront URL.
A business is processing records from an Amazon Kinesis data stream using an AWS Lambda function. The firm suddenly noticed that records were being processed slowly. A developer finds that the function's iterator age metric is growing and the Lambda run time is consistently more than expected. Which activities should the developer do to boost the performance of the processor? (Select two.) Increase the number of shards of the Kinesis data stream. Decrease the timeout of the Lambda function. Increase the memory that is allocated to the Lambda function. Decrease the number of shards of the Kinesis data stream. Increase the timeout of the Lambda function.
An program overwrites an item in Amazon S3, then reads the identical object instantaneously. Why might the program sometimes get an object's previous version? S3 overwrite PUTS are eventually consistent, so the application may read the old object. The application needs to add extra metadata to label the latest version when uploading to Amazon S3. All S3 PUTS are eventually consistent, so the application may read the old object. The application needs to explicitly specify latest version when retrieving the object.
A legacy service has a SOAP interface that is XML-based. The developer want to use the Amazon API Gateway to expose the service's capabilities to external customers. Which approach is necessary to do this? Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer. Create a SOAP API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer. Create a SOAP API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is handled by old bespoke code that is prone to failure. Which AWS Service can assist with state machine refactoring and management? AWS Data Pipeline AWS SNS with AWS SQS Amazon Elastic MapReduce AWS Step Functions.
A business is building a new online game using the Amazon ECS platform. The design will have four separate Amazon ECS services, each of which will need unique permissions to various AWS services. By bin packing the containers depending on memory reservation, the business hopes to optimize the utilization of the underlying Amazon EC2 instances. Which configuration would enable the Development team to accomplish these criteria in the most secure manner possible? Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services, then associate that instance role with the underlying EC2 instances. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to reference the associated IAM role. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and configure the ECS cluster to reference that group. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to referenׁe the associated IAM role.
A developer wishes to search and filter log data in order to troubleshoot an application. Amazon CloudWatch Logs stores the application logs. To count exceptions in the application logs, the Developer sets a new metric filter. The logs, on the other hand, return no results. What is the cause for the absence of filtered results? A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC CloudWatch Logs only publishes metric data for events that happen after the filter is created The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket.
The processing of an Amazon SQS message by an application takes longer than planned. What should the developer do to ensure that other instances of the program do not get the same message? Make a ReceiveMessage call to get the same message again from the queue Issue a DeleteMessage call to delete the message from the queue Use SendMessage to pass the message to the dead letter queue Send a ChangeMessageVisibility call to extend VisibilityTimeout.
For its application database tier, a corporation uses Amazon RDS MySQL instances, and for its web tier, Apache Tomcat servers. Repeated read requests make up the majority of database queries from web apps. Which AWS service would benefit from the addition of an in-memory store for repeated read queries? Amazon RDS Multi-AZ Amazon SQS Amazon ElastiCache Amazon RDS read replica.
A business is deploying AWS resources using AWS CloudFormation templates. The organization requires an upgrade to one of its Amazon Web Services CloudFormation stacks. What can the business do to ascertain the effect of the adjustments on the operating resources? Investigate the change sets. Investigate the stack policies. Investigate the Metadata section. Investigate the Resources section.
A developer is trying to upload an object to an S3 bucket that has default encryption enabled using the Amazon S3 PutObject API action. A 400 Bad Request error is sent to the developer. Which of the following is the most probable source of this error? The API operation cannot access the encryption key. The HTTP Content-Length header is missing. The object exceeds the maximum object size that is allowed. The S3 bucket exceeds the maximum storage capacity that is allowed.
As a big state machine, the existing design makes use of several Lambda functions calling one another. This state machine's coordination is handled by old bespoke code that is prone to failure. Which AWS Service can assist with state machine refactoring and management? (same) AWS Data Pipeline AWS SNS with AWS SQS Amazon Elastic MapReduce AWS Step Functions.
A business uses Amazon EC2 instances to execute a bespoke web application behind an Application Load Balancer. The instances are managed as part of an Auto Scaling group. The company's development team deploys all services through AWS CloudFormation. When the development team runs a new instance of the program, it takes time to install and setup. Which sequence of actions should a developer follow to improve efficiency while launching a new instance? (Select two.) Use an AWS Marketplace Amazon Machine Image (AMI) with a prebuilt application. Create a prebuilt Amazon Machine Image (AMI) with the application installed and configured. Update the launch template resource in the CloudFormation template. Use AWS Systems Manager Run Command to install and configure the application. Use CloudFormation helper scripts to install and configure the application.
An API Gateway and AWS Lambda are used in a serverless application. Where should the Lambda function's session data be stored between function calls? In an Amazon DynamoDB table In an Amazon SQS queue In the local filesystem In an SQLite session table using ג€"DSQLITE_ENABLE_SESSION.
A Linux, Apache, MySQL, and PHP (LAMP) stack is used to construct an on-premises application. The developer want to host this application on Amazon Web Services. Which of the following AWS service sets is appropriate for running this stack? Amazon API Gateway, Amazon S3 AWS Lambda, Amazon DynamoDB Amazon EC2, Amazon Aurora Amazon Cognito, Amazon RDS Amazon ECS, Amazon EBS.
When a developer calls the Amazon CloudWatch API, he receives HTTP 400: ThrottlingException errors sporadically. When a call is not successful, no data is obtained. Which best practice should be implemented first in order to remedy this issue? Contact AWS Support for a limit increase. Use the AWS CLI to get the metrics Analyze the applications and remove the API call Retry the call with exponential backoff.
A developer is in the process of developing an event handling system. The developer established a normal Amazon SQS queue to process messages asynchronously. According to quality assurance testing, some events were handled several times. What is the preferred method for preventing events from being handled multiple times? Change long polling to short polling. Use a FIFO queue and configure deduplication. Convert the standard SQS queue into a FIFO queue. Send the messages with message timers.
Where in the application source bundle should an Elastic Beanstalk configuration file called healthcheckur1.config be placed? In the root of the application In the bin folder In healthcheckur1.config.ebextension under root In the .ebextensions folder.
Before data is sent to a downstream service, it is processed by a Lambda function. Each byte of data is around 1MB in size. Following a security assessment, the function must now encrypt data prior to transmitting it downstream. Which API call is necessary to encrypt the data? Pass the data to the KMS ReEncrvpt API for encryption. Use the KMS GenerateDataKev API to get an encryption key. Use the KMS GenerateDataKeyWithoutPlainText API to get an encryption key. Pass the data to KMS as part of the Encrypt API for encryption.
A corporation uses Amazon API Gateway and the API Gateway native API key validation to maintain a REST service. Users can now join up for the service through a new registration website that was recently developed by the corporation. The registration page uses CreateApiKey to generate a new API key and sends it to the user. The user receives a 403 Forbidden error when attempting to call the API with this key. Existing API users are unaffected and can continue to utilize it. What changes to the code will allow these additional users to access the API? The createDeployment method must be called so the API can be redeployed to include the newly created API key. The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key. The importApiKeys method must be called to import all newly created API keys into the current stage of the API. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.
Multiple EC2 instances are used to execute an application behind an ELB. Where is the ideal place to store session data so that it can be consistently delivered over numerous requests? Write data to Amazon ElastiCache Write data to Amazon Elastic Block Store. Write data to Amazon EC2 Instance Store. Write data to the root filesystem.
A development team is now supporting an application that saves cumulative gaming outcomes in an in-memory store. A database is used to keep individual outcomes. The team must employ automated scaling as part of the migration to AWS. The team is aware that this will result in uneven outcomes. Where should the team keep these gathered game outcomes in order to achieve the highest level of consistency without jeopardizing performance? Amazon S3 Amazon RDS Amazon ElastiCache Amazon Kinesis.
A developer is developing an application for Amazon EC2 instances. To read and write records, the application must establish a connection to an Amazon DynamoDB database. The security staff must change access keys on a regular basis. Which technique will meet these criteria? Create an IAM role with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the application as environment variables. Create an IAM user with read and write access to the DynamoDB table. Store the user name and password in the application and generate access keys using an AWS SDK. Create an IAM role, configure read and write access for the DynamoDB table, and attach to the EC2 instances. Create an IAM user with read and write access to the DynamoDB table. Generate access keys for the user and store the access keys in the application as a credentials file.
A developer is using Amazon S3 to store critical documents that need encryption at rest. At the very least, the encryption keys must be cycled yearly. What is the simplest method for doing this? Encrypt the data before sending it to Amazon S3 Import a custom key into AWS KMS with annual rotation enabled Use AWS KMS with automatic key rotation Export a key from AWS KMS to encrypt the data.
A business delivers APIs as a service and binds all of its users to a service level agreement (SLA). What should the organization do to ensure compliance with each SLA? Enable throttling limits for each method in Amazon API Gateway Create a usage plan for each user and request API keys to access the APIs Enable API rate limiting in Amazon Cognito for each user Enable default throttling limits for each stage after deploying the APIs.
A developer created a static website hosted on Amazon S3 that uses Amazon API Gateway and AWS Lambda to conduct web service queries. The site is now displaying an error message that reads as follows: The requested resource does not have an Access-Control-Allow-Origin€TM header. As a result, origin € null€TM is denied access. ג€ What is the Developer's responsibility in resolving this issue? Enable cross-origin resource sharing (CORS) on the S3 bucket. Enable cross-origin resource sharing (CORS) for the method in API Gateway Add the Access-Control-Request-Method header to the request Add the Access-Control-Request-Headers header to the request.
Returning consumers may log in to see personalized web pages on an e-commerce site. The process is shown below: 1 user logs in 2 database quried for user 3 display customized entry page On EC2 instances, an application is executing. The database that records user accounts and preferences is hosted on Amazon RDS. While waiting for the login stage to finish, the website freezes or loads slowly. The remainder of the site's components are properly optimized. Which of the following strategies will effectively fix this situation? (Select two.) Implement the user login page as an asynchronous Lambda function. Use Amazon ElastiCache for MemCached to cache user data. Use an Amazon Application Load Balancer to load balance the traffic to the website. Call the database asynchronously so the code can continue executing. Batch login requests from hundreds of users together as a single read request to the database.
A vast number of tiny messages are ingested by an application and stored in a database. AWS Lambda is used to power the application. A development team is making adjustments to the processing logic of the program. Each message is processing more than 15 minutes in testing. The team is worried that the present backend will fail to function properly. Which improvements to the backend system should be implemented to guarantee that each message is treated in the most scalable manner possible? Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the queue and process messages as they arrive. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the messages as they arrive. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increased processing time. Change the application to directly insert the body of the message into an Amazon RDS database.
An application developer is tasked with integrating Amazon CloudWatch into an on-premises environment. According to AWS security best practices, how should the application use CloudWatch? Configure AWS credentials in the application server with an AWS SDK Implement and proxy API-calls through an EC2 instance Store IAM credentials in the source code to enable access Add the application server SSH-key to AWS.
A developer attempts to use the command aws configure after installing the AWS CLI and gets the following error: aws: command not found Error: aws: command not found Which of the following is the most probable source of this error? The aws executable is not in the PATH environment variable. Access to the aws executable has been denied to the installer. Incorrect AWS credentials were provided. The aws script does not have an executable file mode.
A business utilizes AWS CodeBuild and AWS CodeCommit to implement a continuous build process. Developers routinely submit code throughout the development period, resulting in large build failures. The firm is looking for a solution that would generate code prior to developers pushing it to the main branch. Which option best fits these criteria in terms of cost-effectiveness? Configure am Amazon EC2 instance with the CodeBuild agent to build the code. Configure CodeBuild jobs on AWS for each branch build process. Configure the CodeBuild agent to build the code in the local system. Configure a Jenkins plugin for CodeBuild to run the code build process.
In an Amazon DynamoDB database, a game holds user game data. Individual users should not have access to the gaming data of other players. How is this possible? Encrypt the game data with individual user keys. Restrict access to specific items based on certain primary key values. Stage data in SQS queues to inject metadata before accessing DynamoDB. Read records from DynamoDB and discard irrelevant data client-side.
A multi-Amazon EC2 instance application reads messages from a typical Amazon SQS queue. All communications must be encrypted at rest as a requirement of the program. When feasible, developers are urged to employ approaches that enable centralized key management and reduce support needs. Which of the following solutions adheres to these specifications? Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client. Create an SQS queue, and encrypt the queue by using sewer-side encryption with AWS KMS. Create an SQS queue, and encrypt the queue by using client-side encryption.
A business operates an e-commerce website that makes use of Amazon DynamoDB to dynamically adjust the price of products in real time. At any one moment, numerous changes to price information for a specific product may occur concurrently. This results in the overwriting of the original editor's modifications without a thorough review procedure. Which write option in DynamoDB should be used to avoid this overwriting? Concurrent writes Conditional writes Atomic writes Batch writes.
A developer must use an AWS CloudFormation template to launch a new AWS Lambda function. Which processes are responsible for deploying Lambda functions? (Select two.) Upload the code to an AWS CodeCommit repository, then add a reference to it in an AWS::Lambda::Function resource in the template. Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the template. Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to it in an AWS::Lambda::Function resource in the template. Upload the function code to a private Git repository, then add a reference to it in an AWS::Lambda::Function resource in the template.
A developer want to utilize AWS X-Ray to monitor the end-to-end performance of a user request across the whole software stack. The developer modified the program, tested it, and discovered that it is capable of sending traces to AWS X-Ray. The traces, on the other hand, are not accessible when the program is deployed to an EC2 instance. Which of the following is most likely to result in this situation? (Select two.) The traces are reaching X-Ray, but the Developer does not have access to view the records. The X-Ray daemon is not installed on the EC2 instance. The X-Ray endpoint specified in the application configuration is incorrect. The instance role does not have ג€xray:BatchGetTracesג€ and ג€xray:GetTraceGraphג€ permissions. The instance role does not have ג€xray:PutTraceSegmentsג€ and ג€xray:PutTelemetryRecordsג€ permissions.
An application extracts metadata from files uploaded to an S3 bucket using Lambda functions; the information is then saved in Amazon DynamoDB. The program begins to behave strangely, and the developer want to investigate the Lambda function code's logs for faults. Where would the Developer look for logs based on this system configuration? Amazon S3 AWS CloudTrail Amazon CloudWatch Amazon DynamoDB.
What is the purpose of an Amazon SQS delay queue? Messages are hidden for a configurable amount of time when they are first added to the queue. Messages are hidden for a configurable amount of time after they are consumed from the queue. The consumer can poll the queue for a configurable amount of time before retrieving a message. Message cannot be deleted for a configurable amount of time after they are consumed from the queue.
A business is developing an ecommerce website, and the static data will be stored on Amazon S3. The business anticipates roughly 1,000 GET and PUT requests per second (TPS). All queries must be logged and maintained for auditing reasons. Which approach is the MOST cost-effective? Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
A business has an application in which reading items from Amazon S3 is conditional on the user type. There are two sorts of users: registered and visitor. The firm now has 25,000 users and is expanding at a rapid pace. Depending on the user type, data is fetched from an S3 bucket. Which techniques are advised for accommodating both sorts of users? (Select two.) Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects. Use S3 bucket policies to restrict read access to specific IAM users. Use Amazon Cognito to provide access using authenticated and unauthenticated roles. Create a new IAM user for each user and grant read access. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.
Using Amazon API Gateway, a developer has established a REST API. The developer want to keep track of which callers and how they utilize the API. Additionally, the developer want to have control over the duration of the logs. What actions should the developer take to ensure compliance with these requirements? Enable API Gateway execution logging. Delete old logs using API Gateway retention settings. Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs. Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring AWS Lambda function. Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function.
A huge e-commerce site is being developed that will use Amazon S3 to distribute static items. More than 300 GET requests per second will be served from the Amazon S3 bucket. What changes should be made to improve performance? (Select two.) Integrate Amazon CloudFront with Amazon S3. Enable Amazon S3 cross-region replication. Delete expired Amazon S3 server log files. Configure Amazon S3 lifecycle rules. Randomize Amazon S3 key name prefixes.
A business in the us-east-1 Region has installed web servers on Amazon EC2 instances running Amazon Linux. Amazon Elastic Block Store is used to back up the EC2 instances (Amazon EBS). A developer want to guarantee that all of these instances use an AWS Key Management Service (AWS KMS) key to offer encryption at rest. How can a developer use an AWS KMS key to enable encryption at rest on existing and new instances? Use AWS Certificate Manager (ACM) to generate a TLS certificate. Store the private key in AWS KMS. Use AWS KMS on the instances to enable TLS encryption. Manually enable EBS encryption with AWS KMS on running instances. Then enable EBS encryption by default for new instances. Enable EBS encryption by default. Create snapshots from the running instances. Replace running instances with new instances from snapshots. Export the AWS KMS key to the application. Encrypt all application data by using the exported key. Enable EBS encryption by default to encrypt all other data.
A developer is developing an application that will use Amazon S3 to store data. Before data is transmitted to Amazon S3 for storage, management requires that it be secured. The Security team is responsible for managing the encryption keys. Which strategy should the developer use to satisfy these requirements? Implement server-side encryption using customer-provided encryption keys (SSE-C). Implement server-side encryption by using a client-side master key. Implement client-side encryption using an AWS KMS managed customer master key (CMK). Implement client-side encryption using Amazon S3 managed keys.
A developer has designed a software package that will be distributed utilizing IAM roles across many EC2 servers. What measures may be taken to validate IAM access to Amazon Kinesis Streams records? (Select two.) Use the AWS CLI to retrieve the IAM group. Query Amazon EC2 metadata for in-line IAM policies. Request a token from AWS STS, and perform a describe action. Perform a get action using the ג€"-dry-run argument. Validate the IAM role policy with the IAM policy simulator.
A developer must verify that an application's IAM credentials are not abused or exploited when running on Amazon EC2. What should the developer do to ensure the security of user credentials? Environment variables AWS credentials file Instance profile credentials Command line options.
A developer has created an Amazon S3 bucket to store JSON data. The developer want to share an item with a select set of individuals in a safe manner. How can the developer allow temporary access to the items stored in the S3 bucket in a safe manner? Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket's S3 URL. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL. Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL. Configure static web hosting on the S3 bucket. Provide the bucket's web URL.
Page load times on a website steadily increase as more people visit the system concurrently. According to the analysis, a user profile is being loaded from a database on each web page viewed by a user, which increases database load and page load delay. The developer chooses to cache the user profile data in order to remedy this problem. Which caching approach would most effectively solve this situation? Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through caching strategy. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strateg.
A business is developing a Java application that will be deployed to Amazon Web Services. The firm creates a pipeline for the project using AWS CodePipeline. CodePipeline must build and deploy the application on the AWS Cloud whenever a team member makes changes to the source code. Which AWS services combination does the business need to utilize to achieve these requirements? Amazon S3, AWS CodeBuild, and AWS CodeCommit Amazon S3, AWS CodeBuild, and Amazon Elastic Container Service (Amazon ECS) AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy Amazon CodeGuru, AWS CodeCommit, and AWS CodeBuild.
A developer is about to launch an AWS Lambda function that will use a substantial amount of CPU. Which technique will minimize the function's average runtime? Deploy the function into multiple AWS Regions. Deploy the function into multiple Availability Zones. Deploy the function using Lambda layers. Deploy the function with its memory allocation set to the maximum amount.
A business is operating an application that is powered by AWS Lambda services. When a Lambda function is required to download a 50MB file from the Internet on each run, performance difficulties arise. Multiple times per second, this function is invoked. Which approach would result in the greatest performance boost? Cache the file in the /tmp directory Increase the Lambda maximum execution time Put an Elastic Load Balancer in front of the Lambda function Cache the file in Amazon S3.
An HTTPS clone URL for an AWS CodeCommit repository is supplied to a developer. What configuration is required prior to cloning this repository? Use AWS KMS to set up public and private keys for use with AWS CodeCommit. Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories. Use AWS Certificate Manager to provision public and private SSL/TLS certificates. Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommitl.
A Linux EC2 instance operating on Amazon Web Services requires management of the AWS architecture. How may an Amazon EC2 instance be configured to perform secure AWS API calls? Sign the AWS CLI command using the signature version 4 process. Run the aws configure AWS CLI command and specify the access key id and secret access key. Specify a role for the EC2 instance with the necessary privileges. Pass the access key id and secret access key as parameters for each AWS CLI command.
What is needed to use AWS X-Ray to trace Lambda-based applications? Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray. Use an IAM execution role to give the Lambda function permissions and enable tracing. Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace.
A developer wishes to lower the execution time of a complete Amazon DynamoDB database scan during off-peak hours without impairing typical workloads. During non-peak hours, workloads average around half of the highly constant read capacity units. How would the Developer optimize this scan if he or she were the developer? Use parallel scans while limiting the rate Use sequential scans Increase read capacity units during the scan operation Change consistency to eventually consistent during the scan operation.
A developer has an on-premises legacy application. Other AWS-hosted apps rely on the on-premises application for optimal operation. In the event of any application failures, the Developer want to be able to monitor and debug all apps from a single location using Amazon CloudWatch. How is this accomplished by the Developer? Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch. Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for CloudWatch. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.
Amazon API Gateway is being used by a developer to act as an HTTP proxy for a backend endpoint. Three distinct settings exist: development, testing, and production. Each environment has a step in the API that corresponds to it. Without building a new API for each step, the developer must route traffic to distinct backend destinations. Which solution will satisfy these criteria? Add a model to the API. Add a schema to differentiate the different backend endpoints Create stage variables. Configure the variables in the HTTP integration request of the API. Use API custom authorizers to create an authorizer for each of the different stages. Update the integration response of the API to add different backend endpoint.
A development team has released ten applications that are operating on Amazon EC2 instances. A graphical representation of the data is required by the Operations team. For each application, there is one critical performance metric. For convenient monitoring, all of these metrics should be presented on a single screen. Which actions should the developer take to use Amazon CloudWatch to do this? Create a custom namespace with a unique metric name for each application. Create a custom dimension with a unique metric name for each application. Create a custom event with a unique metric name for each application. Create a custom alarm with a unique metric name for each application.
On AWS, a business hosts a multi-tiered web application. During a recent increase in traffic, one of Amazon RDS's key relational databases was unable to handle the volume. Certain read queries for frequently visited objects failed, resulting in error messages being shown to users. What can be done to reduce the effect of future traffic surges on database read queries most efficiently? Use Amazon S3 to cache database query results. Use Amazon RDS as a custom origin for Amazon CloudFront. Use local storage and memory on Amazon EC2 instances to cache data. Use Amazon ElastiCache in front of the primary database to cache data.
Due to increasing demand, an application is having performance challenges. This increasing demand is for read-only historical records that are extracted using bespoke views and queries from an Amazon RDS-hosted database. A developer's objective is to optimize performance without altering the database's structure. Which technique will maximize performance while minimizing management costs? Deploy Amazon DynamoDB, move all the data, and point to DynamoDB. Deploy Amazon ElastiCache for Redis and cache the data for the application. Deploy Memcached on Amazon EC2 and cache the data for the application. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance.
A business must send firmware upgrades to all of its consumers worldwide. Which solution will provide simple and secure control of download access at the lowest possible cost? Use Amazon CloudFront with signed URLs for Amazon S3 Create a dedicated Amazon CloudFront Distribution for each customer Use Amazon CloudFront with AWS Lambda@Edge Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.
A business want to use Amazon API Gateway to enable authentication for its new REST service. Each request must include HTTP headers including a client ID and a user ID in order to authenticate the calls. These credentials must be matched to data stored in an Amazon DynamoDB database for authentication. What actions MUST the company take to implement this authorization in the API global Gateway? Implement an AWS Lambda authorizer that references the DynamoDB authentication table Create a model that requires the credentials, then grant API Gateway access to the authentication table Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table Implement an Amazon Cognito authorizer that references the DynamoDB authentication table.
A developer is in the process of transferring legacy apps to AWS. These apps will be launched on Amazon EC2 instances and will utilize MongoDB as their main data storage. Management expects developers to make minimal modifications to apps while using AWS services. Which option should the developer use to host MongoDB on Amazon Web Services (AWS)? Install MongoDB on the same instance where the application is running. Deploy Amazon DocumentDB in MongoDB compatibility mode. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB. Replicate the existing MongoDB workload to Amazon DynamoDB.
Through an API, a company's fleet of Amazon EC2 instances collects data from millions of consumers. To guarantee high access rates, the servers batch the data, create an object for each user, and upload the objects to an S3 bucket. Customer ID, Server ID, TS-Server (TimeStamp and Server ID), the object's size, and a timestamp are the object's properties. A developer wishes to locate all items gathered for a particular user during a certain time period. How can the developer accomplish this need after establishing an S3 object created event? Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes. Run an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.
A business need a fully managed source control solution that is compatible with AWS. By sharing sets of changes peer-to-peer, the service must guarantee that revision control synchronizes various dispersed repositories. All users must be productive regardless of whether they are connected to a network. Which version control system should I use? Subversion AWS CodeBuild AWS CodeCommit AWS CodeStar.
A developer is tasked with the responsibility of creating a cache layer in front of Amazon RDS. In the event of a service outage, it is costly to regenerate cached material. Which of the following implementations would work best in terms of uptime? Implement Amazon ElastiCache Redis in Cluster Mode Install Redis on an Amazon EC2 instance. Implement Amazon ElastiCache Memcached. Migrate the database to Amazon Redshift.
On an Amazon EC2 instance, a developer is executing an application. When the program attempts to read from an Amazon S3 bucket, it fails. The developer discovers that the S3 read permission is missing from the related IAM role. The developer must enable the application to read from the S3 bucket. Which solution satisfies this need with the MINIMUM amount of application downtime? Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance Add the permission to the role so that the change will take effect automatically Add the permission to the role. Hibernate and restart the existing EC2 instance. Add the permission to the S3 bucket. Restart the EC2 instance.
A developer wishes to get a list of objects from an Amazon DynamoDB table's global secondary index. Which DynamoDB API call should the developer use to utilize the fewest read capacity units possible? Scan operation using eventually-consistent reads Query operation using strongly-consistent reads Query operation using eventually-consistent reads Scan operation using strongly-consistent reads.
A corporation is deploying one of their apps using AWS CodePipeline. The delivery pipeline is triggered by modifications to the master branch of an AWS CodeCommit repository and utilizes AWS CodeBuild for the test and build phases, as well as AWS CodeDeploy for application deployment. For many months, the pipeline has operated effectively with no adjustments. AWS CodeDeploy failed to deploy the updated application as planned after a recent modification to the application's source code. What may be the underlying causes? (Select two.) The change was not made in the master branch of the AWS CodeCommit repository. One of the earlier stages in the pipeline failed and the pipeline has terminated. One of the Amazon EC2 instances in the company's AWS CodePipeline cluster is inactive. The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy. AWS CodePipeline does not have permissions to access AWS CodeCommit.
A developer is attempting to use the SDK to perform API requests. The application's IAM user credentials need multi-factor authentication for all API requests. Which mechanism does the developer use to get access to the API that is protected by multi-factor authentication? GetFederationToken GetCallerIdentity GetSessionToken DecodeAuthorizationMessage.
There are two categories of members on a video-hosting website: those who pay a charge and those who do not. Each video upload creates a message in Amazon Simple Queue Service (SQS). Each video is processed by a fleet of Amazon EC2 instances that poll Amazon SQS. The developer must guarantee that the developer processes the films submitted by paying users first. How is the developer to achieve this criterion? Create two SQS queues: one for paying members, and one for non-paying members. Poll the paying member queue first and then poll the non-paying member queue. Use SQS to set priorities on individual items within a single queue; give the paying members' videos the highest priority. Use SQS to set priorities on individual items within a single queue and use Amazon SNS to encode the videos. Create two Amazon SNS topics: one for paying members and one for non-paying members. Use SNS topic subscription priorities to differentiate between the two types of members.
A development team is composed of ten individuals. The manager want to offer access to user-specific folders in an Amazon S3 bucket, similar to a home directory for each team member. The sample of the IAM policy for the team member with the username €TeamMemberX€ is as follows: { "Sid":Allows3ActionToFolders", "Effect": "Allow", "Action": ["s3:*"], "Resource": ["arn:aws:s3:::company-name/home/TeamMemberX/*"] } Rather of generating unique policies for each team member, how may this policy excerpt be made general for all team members? Use IAM policy condition Use IAM policy principal Use IAM policy variables Use IAM policy resource.
The development team is now hard at work developing an API that will be provided through the Amazon API gateway. Three environments will service the API: development, test, and production. All three phases of the API Gateway are set to consume 237 GB of cache. Which deployment option is the MOST cost-effective? Create a single API Gateway with all three stages. Create three API Gateways, one for each stage in a single AWS account. Create an API Gateway in three separate AWS accounts. Enable the cache for development and test environments only when needed.
On Amazon EC2 ECS, two containerized microservices are hosted. The first microservice reads a database instance from Amazon RDS Aurora, while the second microservice reads a table from Amazon DynamoDB. How can the bare minimal rights be provided to each microservice? Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS agent configuration file. Run the first microservice with an IAM role for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only access to DynamoDB. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB.
A developer is debugging a three-tier application hosted on Amazon EC2 instances. Between the application servers and database servers, there is a connection issue. Which Amazon Web Services (AWS) services or tools should be utilized to determine which component is faulty? (Make a selection of at least two.) AWS CloudTrail AWS Trusted Advisor Amazon VPC Flow Logs Network access control lists AWS Config rules.
A program inserts data into an Amazon DynamoDB database. As the application expands to thousands of instances, intermittent ThrottlingException problems are thrown by calls to the DynamoDB API. The application is written in a language that is not supported by the AWS SDK. What procedure should be followed in the event of an error? Add exponential backoff to the application logic Use Amazon SQS as an API message bus Pass API calls through Amazon API Gateway Send the items to DynamoDB through Amazon Kinesis Data Firehose.
A developer is using serverless components to create a highly secure healthcare application. This application involves writing temporary data to an AWS Lambda function's /tmp storage. How should this data be encrypted by the developer? Enable Amazon EBS volume encryption with an AWS KMS CMK in the Lambda function configuration so that all storage attached to the Lambda function is encrypted. Set up the Lambda function with a role and key policy to access an AWS KMS CMK. Use the CMK to generate a data key used to encrypt all data prior to writing to /tmp storage. Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp storage. Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function.
A business requires security for its current website, which is hosted behind an Elastic Load Balancer. Amazon EC2 instances hosting the website are CPU restricted. How can the website be secured without raising the CPU burden on the Amazon EC2 web servers? (Select two.) Configure an Elastic Load Balancer with SSL pass-through. Configure SSL certificates on an Elastic Load Balancer. Configure an Elastic Load Balancer with a Loadable Storage System. Install SSL certificates on the EC2 instances. Configure an Elastic Load Balancer with SSL termination.
A software engineer created a Node.js AWS Lambda function to do CPU-intensive data processing. The Lambda function takes around 5 minutes to finish with the default parameters. Which strategy should a developer employ to expedite the finishing process? Instead of using Node.js, rewrite the Lambda function using Python. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function. Allocate the maximum available CPU units to the function. Increase the available memory to the function.
A developer will handle AWS services through the AWS CLI on a local development server. What can be done to guarantee that the CLI executes commands using the Developer's IAM permissions? Specify the Developer's IAM access key ID and secret access key as parameters for each CLI command. Run the aws configure CLI command, and provide the Developer's IAM access key ID and secret access key. Specify the Developer's IAM user name and password as parameters for each CLI command. Use the Developer's IAM role when making the CLI command.
A client wishes to host its source code on AWS Elastic Beanstalk. The client should undertake deployment with minimum downtime and should keep application access logs exclusively on existing instances. Which deployment strategy would meet these criteria? Rolling All at once Rolling with an additional batch Immutable.
A development team chooses to use AWS CodePipeline and AWS CodeCommit to implement a continuous integration/continuous delivery (CI/CD) method for a new application. Management, on the other hand, requires a human to evaluate and approve the code prior to it being released to production. How can the development team include a manual approver into the continuous integration/continuous delivery pipeline? Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted. If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy approved commits without interruption. Add an approval step to CodeCommit. Commits will not be saved until approved. Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.
developer is now working on a serverless Java app. Initial testing indicates that a cold start for AWS Lambda functions takes around 8 seconds on average. What should the developer do to lessen the time required for a cold start? (Select two.) Add the Spring Framework to the project and enable dependency injection. Reduce the deployment package by including only needed modules from the AWS SDK for Java. Increase the memory allocation setting for the Lambda function. Increase the timeout setting for the Lambda function. Change the Lambda invocation mode from synchronous to asynchronous.
A business created an online event platform. The firm conducts quizzes and creates leaderboards based on the quiz results for each event. The organization maintains leaderboard data in Amazon DynamoDB and preserves it for 30 days after the conclusion of an event. The firm then deletes the outdated leaderboard data through a scheduled process. The DynamoDB table has a fixed write capacity defined. When the scheduled deletion task runs during months with a high volume of events, the DynamoDB write API calls are throttled. A developer must construct a long-term solution that permanently deletes historical leaderboard data and maximizes write performance. Which solution satisfies these criteria? Configure a TTL attribute for the leaderboard data. Use DynamoDB Streams to schedule and delete the leaderboard data. Use AWS Step Functions to schedule and delete the leaderboard data. Set a higher write capacity when the scheduled delete job runs.
A programmer is developing a new application that will make use of an Amazon DynamoDB database. All objects older than 48 hours must be eliminated, according to the standard. Which solution will satisfy this criterion? Create a new attribute that has the Number data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted. Create a new attribute that has the String data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted. Create a new attribute that has the Number data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted. Create a new attribute that has the String data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.
Amazon Kinesis is being used to handle clickstream data for an application. Periodic spikes occur in the clickstream data flow into Kinesis. Occasionally, the PutRecords API request fails, and the logs indicate that the unsuccessful call provides the following response: { FailRecordCount": 1, ..... ..."21269319989900637946712965403778482371", } Which approaches will aid in mitigating this circumstance? (Select two.) Implement retries with exponential backoff. Use a PutRecord API instead of PutRecords. Reduce the frequency and/or size of the requests. Use Amazon SNS instead of Kinesis. Reduce the number of KCL consumers.
AWS Lambda functions must connect to an external site using a user name and password that are rotated on a regular basis. These elements must be securely stored and cannot be included inside the function code. Which AWS services may be utilized in conjunction with one another to achieve this? (Select two.) AWS Certificate Manager (ACM) AWS Systems Manager Parameter Store AWS Trusted Advisor AWS KMS Amazon GuardDuty.
A development team is hard at work on a mobile application that will enable users to submit images to Amazon S3. The company anticipates that hundreds of thousands of people will use the app concurrently during a single event. After the images are submitted, the backend service scans and parses them for objectionable material. Which strategy is the MOST robust way to accomplish this aim while also smoothing out transitory backend service traffic spikes? Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploaded pictures are detected, the Lambda function will scan and parse them. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event source to trigger an AWS Lambda function. In the Lambda function, scan and parse the picture. When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda function to scan and parse the picture. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected, invoke an AWS Lambda function to scan and parse it.
A developer has developed a web application that will be hosted on Amazon EC2 instances. The program creates and uploads thousands of new items to the same AWS Region's Amazon S3 bucket. Each item is less than 1 MB in size. The program is taking an excessive amount of time to operate. How might the application's performance be enhanced? Use the S3 Multipart Upload API. Use S3 Transfer Acceleration. Upload the objects in parallel to Amazon S3. Add a random prefix to the object Keys.
In an Amazon DynamoDB database, a business caches session information for a web application. The organization want to automate the process of deleting obsolete entries from the table. What is the easiest method for doing this? Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute. Each day, create a new table to hold session data; delete the previous day's table. Add an attribute with the expiration time; name the attribute ItemExpiration.
Two Amazon DynamoDB tables are accessed using an AWS Lambda function. A developer wishes to optimize the Lambda function's performance by finding bottlenecks inside the function. How can a developer determine the duration of DynamoDB API calls? Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs. Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.
When new items are produced in a bucket, a developer uses Amazon S3 as the event source to run a Lambda function. The bucket notification configuration stores the information about the event source mapping. The developer is experimenting with various Lambda function versions and is constantly required to alter notification settings to ensure that Amazon S3 invokes the proper version. What is the MOSTefficient and effective method for mapping the S3 event to Lambda? Use a different Lambda trigger. Use Lambda environment variables. Use a Lambda alias. Use Lambda tags.
On a local development workstation, a developer has constructed a Node.js web application. The developer want to host the website on AWS. The developer desires a solution that has the fewest operational overhead and requires no code modifications. Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements? AWS Elastic Beanstalk Amazon EC2 AWS Lambda Amazon Elastic Kubernetes Service (Amazon EKS).
A business operates an application on AWS Lambda@Edge. The application offers material that adapts according on the device being used by the viewer. The number of hits by device type is written to logs in Amazon CloudWatch Logs that are saved in a log group. For each device type, the organization must provide an Amazon CloudWatch custom metric. Which strategy will satisfy these criteria? Create a CloudWatch Logs Insights query to extract the device type information from the logs and to create a custom metric with device type as a dimension. Create a CloudWatch metric filter to extract metrics from the log files with device type as a dimension. Update the application to write its logs in the CloudWatch embedded metric format with device type as a dimension. Configure the CloudWatch Logs agent for Lambda integration. Update the application to use the StatsD protocol to emit the metrics.
A programmer is developing a new application that will make advantage of Amazon S3. To comply with regulatory standards, the Developer must encrypt data in transit. How is this accomplished by the Developer? Use s3:x-amz-acl as a condition in the S3 bucket policy. Use Amazon RDS with default encryption. Use aws:SecureTransport as a condition in the S3 bucket policy. Turn on S3 default encryption for the S3 bucket.
On Amazon EC2, a developer is developing an application. During testing, the developer experienced a €Access Denied€ error on many API requests to AWS services. The developer must alter the permissions previously granted to the instance. How can these needs be accomplished with the fewest possible adjustments and downtime? Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance. Delete the existing IAM role. Attach a new IAM role with the needed permissions. Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance. Update the attached IAM role adding the needed permissions.
An existing serverless application handles picture files that have been uploaded. At the moment, the process is implemented using a single Lambda function that accepts an image file, processes it, and saves it in Amazon S3. The application's users now demand picture thumbnail production. Users desire to minimize the time required to complete picture uploads. How can thumbnail creation be integrated into an application while still adhering to user expectations and requiring little modifications to current code? Change the existing Lambda function handling the uploads to create thumbnails at the time of upload. Have the function store both the image and thumbnail in Amazon S3. Create a second Lambda function that handles thumbnail generation and storage. Change the existing Lambda function to invoke it asynchronously. Create an S3 event notification with a Lambda function destination. Create a new Lambda function to generate and store thumbnails. Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function that processes the queue, and generates and stores thumbnails.
A developing program requires the storage of hundreds of video files. Prior to storage, the data must be encrypted inside the program using a unique key for each video file. How should the application's developer code it? Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.
A developer wishes to give systems administrators access to the log data of an application operating on an EC2 instance. In Amazon CloudWatch, which of the following provides monitoring of this metric? Retrieve the log data from CloudWatch using the GetMetricData API call. Retrieve the log data from AWS CloudTrail using the LookupEvents API call. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.
business is creating an application that will operate on several Amazon EC2 instances in an Auto Scaling group and will have access to an Amazon EC2 database. The program must save the credentials necessary to connect to the database. Periodic secret rotation must be supported in the application, and the program should remain unchanged when a secret changes. How can these needs be met in the SAFEST manner possible? Associate an IAM role to the EC2 instance where the application is running with permission to access the database. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets. Configure the application to store secrets in Amazon S3 object metadata. Hard code the database secrets in the application code itself.
A developer used a CLI command to register an AWS Lambda function as a target for an Application Load Balancer (ALB). However, when the client submits requests via the ALB, the Lambda function is not called. Why isn't the Lambda function called? A Lambda function cannot be registered as a target for an ALB. A Lambda function can be registered with an ALB using AWS Management Console only. The permissions to invoke the Lambda function are missing. Cross-zone is not enabled on the ALB.
A corporation has numerous developers stationed across the world who are progressively upgrading code for a development project. When developers upload code simultaneously, internet connection is poor, and uploading code for deployment in AWS Elastic Beanstalk takes a long time. Which approach will result in the smallest amount of administrative work and the shortest upload and deployment times? Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk. Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk. Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the instance to Elastic Beanstalk.
A development team deploys a Java-based web application using AWS Elastic Beanstalk. The team want to guarantee that any modifications to the source code or settings are automatically distributed to new instances. The team configures Elastic Beanstalk such that immutable updates are used. However, an issue occurs the first time the new update policy is used to deploy a modification. Which of the following is the MOST LIKELY CAUSE of this problem? Immutable updates are not supported for Java-based applications. The account has reached its on-demand instance limit. Immutable updates are only supported for m4.large and larger instance types. The developer must also modify the .ebextensions/immutable-updates.config file to enable immutable updates.
What are the procedures for launching a templatized serverless application using the AWS CLI? Use AWS CloudFormation get-template then CloudFormation execute-change-set. Use AWS CloudFormation validate-template then CloudFormation create-change-set. Use AWS CloudFormation package then CloudFormation deploy. Use AWS CloudFormation create-stack then CloudFormation update-stack.
A cluster of Amazon EC2 instances hosts an application. When attempting to read items encrypted using server-side encryption using AWS KMS managed keys (SSE-KMS) from a single Amazon S3 bucket, the application encounters the following error: Service: AWSKMS; Status Code: 400; Error Code: ThrottlingEx.. Which measures should be made in combination to avoid this failure? (Select two.) Contact AWS Support to request an AWS KMS rate limit increase. Perform error retries with exponential backoff in the application code. Contact AWS Support to request a S3 rate limit increase. Import a customer master key (CMK) with a larger key size. Use more than one customer master key (CMK) to encrypt S3 data.
AWS Lambda functions need read/write access to an Amazon S3 bucket and to an Amazon DynamoDB database. The appropriate IAM policy is already in place. How can I allow the Lambda function access to the S3 bucket and DynamoDB database in the MOST SECURE manner possible? Attach the existing IAM policy to the Lambda function. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.
The developer is developing a web application that uses a POST request to capture highly controlled and private user data. Amazon CloudFront is used to serve the web application. User names and phone numbers must be encrypted at the edge of the application stack and must stay encrypted throughout. What is the SECUREST method for meeting these requirements? Enforce Match Viewer with HTTPS Only on CloudFront. Use only the newest TLS security policy on CloudFront. Enforce a signed URL on CloudFront on the front end. Use field-level encryption on CloudFront.
Numerous apps make use of an Amazon RDS database instance to seek for previous data. The pace of queries is quite steady. When historical data is updated daily, the associated write traffic degrades the speed of read queries, affecting all application users. What can be done to minimize the effect on application users' performance? Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic. Create an RDS Read Replica and direct all read traffic to the replica. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.
A marketing firm maintains a dynamic website that receives a high volume of visitors. The firm want to shift the website infrastructure to AWS, which will manage all aspects of the website except development. Which option BEST satisfies these criteria? Use AWS VM Import to migrate a web server image to AWS. Launch the image on a compute-optimized Amazon EC2 instance. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the website on those instances. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instances. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the content at scale.
A program is supposed to process a large number of files. Each file processes an AWS Lambda call in four minutes. The Lambda function returns no useful data. What is the quickest method for processing all of the files? First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations. Make synchronous RequestResponse Lambda invocations and process the files one by one. Make asynchronous Event Lambda invocations and process the files in parallel. First join all the files, then process it all at once with an asynchronous Event Lambda invocation.
An online retailer used AWS CloudFormation to construct a serverless application utilizing AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB. The firm released a new version with significant enhancements to the Lambda function and put it to production. Following that, the application ceased to function. Which approach should be used to restart the program as soon as possible? Redeploy the application on Amazon EC2 so the Lambda function can resolve dependencies Migrate DynamoDB to Amazon RDS and redeploy the Lambda function Roll back the Lambda function to the previous version Deploy the latest Lambda function in a different Region.
A Global Secondary Index (GSI) is used by Amazon DynamoDB to facilitate read queries. The main table is heavily utilized for write operations, while the GSI is heavily used for read activities. When the Developer examines Amazon CloudWatch analytics, he observes that write operations to the main table are regularly throttled during periods of high write activity. However, write capacity units to the primary table remain accessible and unutilized. What is the reason for the table's throttling? The GSI write capacity units are underprovisioned There are not enough read capacity units on the primary table Amazon DynamoDB Streams is not enabled on the table A large write operation is being performed against another table.
AWS Organizations enables a business to manage many accounts. Account A utilizes an Amazon EC2 instance to host an application. The program makes advantage of the AWS command line interface to do automatic deployments in Account '. By using an EC2 IAM service role in Account A and an IAM role in Account ', an administrator established cross-account access. The application attempts to take the IAM role in Account' using the following command but is unable to deploy anything in Account'. Assume aws sts - -role —role-arn :aws:iam::AccountB-ID>:role/AccountB-Role€am:aws:iam::AccountB-ID>:role/AccountB-Role AccountB-Role-Session-Name € —role-session-name Which action is required next to enable the application to effectively utilise the credentials obtained via the usage of Account B's role? Configure the access key and secret access key of a valid IAM user from Account ׀’ in the environment variables. Configure the access key, secret access key, and token from the assume-role command in the environment variables. Create a CLI profile for the EC2 IAM service role in the AWS configuration file. Delete any access keys and secret access keys in the environment variables.
A business is developing a REST service utilizing an Amazon API Gateway integrated with AWS Lambda. For testing reasons, the service must run several versions. What is the MOST EFFECTIVE approach to do this? Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s) Create an API Gateway Lambda authorizer to route API clients to the correct API version Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s) Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context.
A developer has created a web application that is accessible to customers and is running on an Amazon EC2 instance. Every request made to the program is logged. Normally, the program operates without incident, but a traffic surge creates numerous logs, causing the disk to fill up and finally run out of memory. According to company policy, all historical logs must be consolidated for analysis. Which long-term remedy should the developer use to avoid a recurrence of the issue? Set up log rotation to rotate the file every day. Also set up log rotation to rotate after every 100 MB and compress the file. Install the Amazon CloudWatch agent on the instance to send the logs to CloudWatch. Delete the logs from the instance once they are sent to CloudWatch. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to automatically add volumes to the instance when it reaches a specified threshold. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs from the instance. Configure the rule to delete the logs after they have been pulled.
An application must handle the client's IP address. The application has been transferred to Amazon Web Services and is now protected by an Application Load Balancer (ALB). However, it seems as if all client IP addresses have become identical. The application must retain its horizontal scalability. What is the MOST cost-effective solution to this issue based on this scenario? Remove the application from the ALB. Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application. Remove the application from the ALB. Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol. Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can work properly if a list of IP addresses is passed in the header. Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.
A developer is attempting to use AWS CodeDeploy to deploy a serverless application. The application has been upgraded and requires re-deployment. What file does the developer need to edit to enable CodeDeploy to submit the change? dockerrun.aws.json buildspec.yml appspec.yml ebextensions.config.
All personally identifiable information (PII) is stored by a corporation in an Amazon DynamoDB database called PII in Account A. Access to the PII database is required by an application operating on Amazon EC2 instances in Account B. Account A's administrator established an IAM role called AccessPII with access credentials to the PII database and added Account B as a trusted entity. Which extra actions need developers take in order to have access to the table? (Select two.) Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies. Include the AssumeRole API in the application code logic to obtain credentials to access the PII table. Include the GetSessionToken API in the application code logic to obtain credentials to access the PII table.
Users will be required to access AWS services and will be able to update their own passwords, according to an application being developed by a business. Which of the following would allow the organization to manage users and authorization while allowing users to change their passwords on their own? Amazon Cognito identify pools and AWS STS Amazon Cognito identity pools and AWS IAM Amazon Cognito user pools and AWS KMS Amazon Cognito user pools and identity pools.
A developer enhanced an application that runs on an Amazon EC2 instance and makes use of Amazon SQS. The developer observed a large spike in Amazon SQS prices upon deployment. When monitoring the Amazon SQS metrics using Amazon CloudWatch, the developer saw that this queue receives an average of one message every minute. What can be done to lower this application's Amazon SQS costs? Increase the Amazon SQS queue polling timeout. Scale down the Amazon SQS queue to the appropriate size for low traffic demand. Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
A developer has configured an Amazon Kinesis Stream with four shards to accept records at a rate of up to 2500 per second. To handle these records, a Lambda function has been configured. Which records will be processed first? Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first-in, first-out) method. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API.
A developer is doing testing on a Docker-based application that communicates with Amazon DynamoDB using the AWS SDK. The program utilized IAM access credentials in the local development environment. The application is now prepared for ECS cluster deployment. In production, how should the application authenticate with AWS services? Configure an ECS task IAM role for the application to use Refactor the application to call AWS STS AssumeRole based on an instance role Configure AWS access key/secret access key environment variables with new credentials Configure the credentials file with a new access key/secret access key.
A developer is developing a website that will be hosted on Amazon's S3 service. Secure browser connections must be supported by the website. Which steps must the developer perform in combination to satisfy this requirement? (Select two.) Create an Elastic Load Balancer (ELB). Configure the ELB to direct traffic to the S3 bucket. Create an Amazon CloudFront distribution. Set the S3 bucket as an origin. Configure the Elastic Load Balancer with an SSL/TLS certificate. Configure the Amazon CloudFront distribution with an SSL/TLS certificate. Configure the S3 bucket with an SSL/TLS certificate.
An application has been created by a developer that publishes data to Amazon DynamoDB. Conditional writes have been enabled for the DynamoDB table. Writes are failing during high demand periods owing to a ConditionalCheckFailedException problem. How can the developer improve the dependability of the program when numerous clients try to write to the same record? Write data to an Amazon SNS topic. Increase the amount of write capacity for the table to anticipate short-term spikes or bursts in write operations. Implement a caching solution, such as DynamoDB Accelerator or Amazon ElastiCache. Implement error retries and exponential backoff with jitter.
A developer is automating the deployment of a new application using AWS Serverless Application Model (AWS SAM). One AWS Lambda function and one Amazon S3 bucket are included in the new application. The Lambda function must have read-only access to the S3 bucket. How should the developer setup AWS SAM to provide the S3 bucket the appropriate read permissions? Reference a second Lambda authorizer function. Add a custom S3 bucket policy to the Lambda function. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads. Reference the topic in the template. Add the S3ReadPolicy template to the Lambda function's execution role.
A developer must use AWS KMS to encrypt a 100 GB object. What is the BEST course of action? Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data.
A real-time application processes millions of events that are received over an API. Which service might be utilized to enable concurrent processing of data by several users in the most cost-effective manner possible? Amazon SNS with fanout to an SQS queue for each application Amazon SNS with fanout to an SQS FIFO (first-in, first-out) queue for each application Amazon Kinesis Firehose Amazon Kinesis Streams.
A developer has created a serverless application that makes use of a variety of AWS services. The business logic is implemented using Lambda functions that rely on third-party libraries. Amazon API Gateway will be used to provide the Lambda function endpoints. The Lambda function will be used to store the data in Amazon DynamoDB. Although the developer is prepared to launch the program, he or she must have the ability to turn back. How, given these criteria, can this deployment be automated? Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package. Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template. Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource. Create a bash script which uses AWS CLI to package and deploy the application.
A firm is developing an application that will use an Amazon DynamoDB database to monitor athlete performance. A partition key (user id) and a sort key (sport name) uniquely identify each item in the database. The following illustration depicts the table's design: partition key : user id sort key : sport_name attributes: score score_datatime (Please note that not all table characteristics are shown.) A developer is requested to create a leaderboard application that would show the best performers (user id) for each sport name depending on their score. Which approach will enable the developer to most effectively retrieve results from the DynamoDB table? Use a DynamoDB query operation with the key attributes of user_id and sport_name and order the results based on the score attribute. Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and order the results based on the score attribute. Create a local secondary index with a primary key of sport_name and a sort key of score and get the results based on the score attribute.
On Amazon EC2 instances in a VPC, a corporation runs a standard three-tier application, including its NoSQL database. The business want to transition to Amazon DynamoDB. A developer observes during testing that the application running on the EC2 instances is unable to write data to the DynamoDB database. The developer must securely provide the application write access to the DynamoDB table. Which combination of acts satisfies these criteria? (Select two.) Create a gateway VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter. Create an interface VPC endpoint for DynamoDB. Specify the VPC ID in the --vpc-id parameter. Create an IAM user that allows write access to the DynamoDB table. Add the user to the EC2 Instances. Create an IAM role that allows write access to the DynamoDB table. Add the role to the EC2 instances. Create an IAM group that allows write access to the DynamoDB table. Add the group to the EC2 instances.
A developer is developing a serverless application that needs every ten minutes invocation of an AWS Lambda function. How can the function be triggered in an automated and serverless manner? Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda function. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.
A developer has submitted an update to an application that is delivered through Amazon CloudFront to a worldwide user base. Users are not able to view the latest modifications once the application is deployed. How can the Developer address this concern? Remove the origin from the CloudFront configuration and add it again. Disable forwarding of query strings and request headers from the CloudFront distribution configuration. Invalidate all the application objects from the edge caches. Disable the CloudFront distribution and enable it again to update all the edge locations.
Images are stored in an S3 bucket by an application. Notifications from Amazon S3 are utilized to invoke a Lambda code that resizes the pictures. Each photograph is processed in less than a second. How will AWS Lambda deal with the increased traffic? Lambda will scale out to execute the requests concurrently. Lambda will handle the requests sequentially in the order received. Lambda will process multiple images in a single execution. Lambda will add more compute to each execution to reduce processing time.
A retailer's developer must include a fraud detection solution into the order processing system. Verification of an order by the fraud detection solution takes between ten and thirty minutes. At its height, the website can process up to 100 orders per minute. How can the fraud detection technology be integrated into the order processing pipeline in the most scalable manner? Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.
A developer is doing a refactoring operation on a monolithic application. The program does many activities in response to a POST request. Some processes are carried out in concurrently, while others are carried out sequentially. These operations have been decoupled and repurposed as AWS Lambda functions. Amazon API Gateway will process the POST request. How should the developer launch the Lambda functions using API Gateway in the same order? Use Amazon SQS to invoke the Lambda functions Use an AWS Step Functions activity to run the Lambda functions Use Amazon SNS to trigger the Lambda functions Use an AWS Step Functions state machine to orchestrate the Lambda functions.
A developer is required to create an application that makes advantage of Amazon DynamoDB. The criteria include that the DynamoDB table's contents must be 7KB in size and that reads must be highly consistent. The read pace is limited to three items per second, whereas the write rate is limited to ten things per second. What size DynamoDB table should the developer create to satisfy these requirements? Read: 3 read capacity units Write: 70 write capacity units Read: 6 read capacity units Write: 70 write capacity units Read: 6 read capacity units Write: 10 write capacity units Read: 3 read capacity units Write: 10 write capacity units.
A business has a REST application made up of an Amazon API Gateway API and many AWS Lambda services. A developer is reacting to a warning that the HTTP response error rate for the API Gateway API has suddenly risen. The developer must rapidly discover which Lambda function is misbehaving. Which solution will satisfy these criteria? Implement error handling in the functions to write error logs to the AWS X-Ray API. Use the X-Ray console to query the logs. Enable Amazon CloudWatch Logs and detailed CloudWatch metrics. Use CloudWatch Logs Insights to query the API Gateway logs. Download the API Gateway logs and Lambda invocation logs from Amazon S3. Perform a line-by-line search against them. Export the API Gateway logs and Lambda invocation logs from Amazon EventBridge (Amazon CloudWatch Events) and Amazon CloudWatch Logs. Perform a line-by-line search against them.
An application becomes unresponsive due to the following error: The bucket given does not exist. Where IS THE BEST PLACE TO START THE ANALYSIS OF THE ROOT CAUSES? Check the Elastic Load Balancer logs for DeleteBucket requests. Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors. Check AWS X-Ray for Amazon S3 DeleteBucket alarms. Check AWS CloudTrail for a DeleteBucket event.
A developer is testing an application that asynchronously executes an AWS Lambda function. The Lambda function fails to process after two retries during the testing phase. How can the developer debug the error? Configure AWS CloudTrail logging to investigate the invocation failures Configure Dead Letter Queues by sending events to Amazon SQS for investigation Configure Amazon Simple Workflow Service to process any direct unprocessed events Configure AWS Config to process any direct unprocessed events.
A developer has an on-premises stateful web server that is being transferred to AWS. The developer's flexibility in the new design must be increased. How should the developer approach refactoring the program to increase its elasticity? (Select two.) Use pessimistic concurrency on Amazon DynamoDB Use Amazon CloudFront with an Auto Scaling group Use Amazon CloudFront with an AWS Web Application Firewall Store session state data in an Amazon DynamoDB table Use an ELB with an Auto Scaling group.
Amazon API Gateway is being used by a media business to handle microservices configured as AWS Lambda functions. The development team of the corporation intends to release a new version of its API. To prevent impacting current customers when the new API is launched, the firm intends to provide all users a three-month grace period during which they may migrate from the old API to the new API. Which implementation technique should the business utilize to accomplish this objective? Update the Lambda functions. Configure the API to use Lambda proxy integration. Update the Lambda functions. Provide the API client with the new Lambda endpoints. Use API Gateway to deploy a new stage that uses updated Lambda functions and provides users with a new URL. Use API Gateway to redirect requests based on a request header to updated Lambda functions. Configure a 90-day expiration on the old API.
A business wishes to establish continuous integration for its AWS workloads. The firm wishes to activate unit tests in its pipeline in response to updates to its code repository and to be alerted of pipeline failure events. How are these stipulations to be met? Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of failure events. Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events. Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure events. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification of failure events.
A business is designing a report that will be performed through AWS Step Functions. Amazon CloudWatch detects issues in the Task State Machine for Step Functions. To debug each operation, the state input must be included in the state output, along with the error message. Which coding technique preserves both the original input and the state error? Use ResultPath in a Catch statement to include the error with the original input. Use InputPath in a Catch statement and set the value to null. Use ErrorEquals in a Retry statement to include the error with the original input. Use OutputPath in a Retry statement and set the value to $.
A company uses AWS CodePipeline to manage continuous integration/continuous delivery (CI/CD) pipelines for its application. Before staging artifacts for testing, a developer must create unit tests and execute them as part of the process. How should the developer implement unit tests into their continuous integration/continuous delivery pipelines? Create a separate CodePipeline pipeline to run unit tests Update the AWS CodeBuild specification to include a phase for running unit tests Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests Create a testing branch in AWS CodeCommit to run unit tests.
A status dashboard is shown by an application. A 1 KB message from a SQS queue is used to update the status. Although the status changes seldom, the Developer must keep the time between the message's arrival in the queue and the dashboard update as short as possible. Which strategy results in the smallest delay between dashboard updates? Retrieve the messages from the queue using long polling every 20 seconds. Reduce the size of the messages by compressing them before sending. Retrieve the messages from the queue using short polling every 10 seconds. Reduce the size of each message payload by sending it in two parts.
A firm is introducing the option to save currency (or gift cards) to its very successful casual gaming website. Users must be able to exchange this value for the goods of other users on the site. This would involve either updating both users' information in a single transaction or totally rolling back both users' records. Which AWS database choices provide the needed transactional capabilities for this new feature? (Select two.) Amazon DynamoDB with operations made with the ConsistentRead parameter set to true Amazon ElastiCache for Memcached with operations made within a transaction block Amazon Aurora MySQL with operations made within a transaction block Amazon DynamoDB with reads and writes made using Transact* operations Amazon Redshift with operations made within a transaction block.
On Amazon ECS, a corporation is running a Docker application. The application's load must be scaled depending on the past 15 seconds' user activity. How should a developer instrument code to ensure it satisfies the requirement? Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds.
A developer must construct an AWS application that will consume Amazon SQS messages ranging in size from 1KB to 1GB. How should Amazon Simple Queue Service (SQS) messages be managed? Use Amazon S3 and the Amazon SQS CLI. Use Amazon S3 and the Amazon SQS Extended Client Library for Java. Use Amazon EBS and the Amazon SQS CLI. Use Amazon EFS and the Amazon SQS CLI.
veloper is using AWS CLI, however it is stalling out when performing list commands on a large number of resources. How can this time-out be avoided? Use pagination Use shorthand syntax Use parameter values Use quoting strings.
A developer has developed a Lambda function and is discovering that it is taking longer than planned to execute. The Developer determined that increasing computing capacity might enhance performance after some debugging. What is the best way for the developer to boost Lambda computing resources? Run on a larger instance size with more compute capacity. Increase the maximum execution time. Specify a larger compute capacity when calling the Lambda function. Increase the allocated memory for the Lambda function.
A business builds, bundles, and packages its apps on-premises and stores them locally using a third-party technology. The firm runs its front-end apps on Amazon EC2 instances. How does one deploy an application from the source control system to the EC2 instances? Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle in a .zip, .tar, or .tar.gz format. Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy. Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances. Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances.
A developer is using Amazon API Gateway to create a WebSocket API. The payload submitted to this API is JSON with an action key included. This key may take on one of three values: create, update, or delete. The developer must interact with several routes dependent on the value of the incoming JSON payload's action key. How can the developer execute this operation using the LESS settings possible? Deploy the WebSocket API to three stages for the respective routes: create, update, and remove Create a new route key and set the name as action Set the value of the route selection expression to action Set the value of the route selection expression to $request.body.action.
Amazon Kinesis Data Streams enables an application to ingest and handle huge streams of data records in real time. Utilizing the Amazon Kinesis Client Library, Amazon EC2 instances ingest and process data from the shards of the Kinesis data stream (KCL). The program manages failure situations and eliminates the need for backup personnel. The program indicates that a particular shard is getting much more data than anticipated. The €hot€ shard is resharded to react to variations in the pace of data flow. If the initial number of shards in the Kinesis data stream is four, and the number of shards increases to six after resharding, what is the maximum number of EC2 instances that can be deployed to process data from all the shards? 12 6 4 1.
A developer is constructing a template for the AWS Serverless Application Model (AWS SAM). Multiple AWS Lambda functions, an Amazon S3 bucket, and an Amazon CloudFront distribution are defined in the AWS SAM template. One of the Lambda functions is executed on the CloudFront distribution's Lambda@Edge. The S3 bucket is specified as the CloudFront distribution's origin. While the developer installs the AWS SAM template in the eu-west-1 Region, the developer encounters an error when attempting to create the stack. What may have precipitated this problem? CloudFront distributions can be created only in the us-east-1 Region. Lambda@Edge functions can be created only in the us-east-1 Region. A single AWS SAM template cannot contain multiple Lambda functions. The CloudFront distribution and the S3 bucket cannot be created in the same Region.
A business provides services to a large number of downstream customers. Each customer has the option of connecting to one or more services. As a result, a complicated architecture that is difficult to manage and scales poorly has emerged. To administer various customer services, the organization requires a single interface. Which AWS service should this architecture be refactored with? AWS Lambda AWS X-Ray Amazon SQS Amazon API Gateway.
A corporation has automated their release pipelines using AWS CodePipeline. The development team is currently developing an AWS Lambda function that will deliver alerts when the status of each stage's action changes. How do I correlate the Lambda function with the event source? Create a trigger that invokes the Lambda function from the Lambda console by selecting CodePipeline as the event source. Create an event trigger and specify the Lambda function from the CodePipeline console. Create an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.
On the website of a worldwide ecommerce corporation, users are encouraged to post evaluations for things they have bought. Seasonal products are available. Products are popular for a brief period of time and then go out of favor the following season. Customers provide feedback in their native tongue. A developer is using Amazon Translate to construct a new function that will translate customer feedback into more languages. The website now features hundreds of thousands of goods and millions of reviews. The majority of reviews will be seen in one or two languages. How can this new feature be implemented in the MOST cost-effective manner possible? Update the application code that writes the review to the database to translate the review into all supported languages. Persist a copy of each translation in the database for future visitors. Update the application code that reads the review from the database to check an Amazon ElastiCache cluster for translated reviews. If a visitor is requesting a review and language combination that is not in the cache, configure the application to translate it and store it in the cache with a TTL of 1 month. Update the application code that reads the review from the database to translate the review in real time and return the translated version without persisting it. Set up a database change stream to write events to a stream each time a customer writes a review. Configure an AWS Lambda function to read the events from the stream, translate the review into all supported languages, and update the review database to include all translations for future visitors.
A custom library is used by an application to perform HTTP calls directly to AWS service endpoints. The program is suffering transitory problems, which cause processes to halt when they are encountered for the first time. The application has been requested to be more robust by adding error retries and exponential backoff. How should a developer apply the modifications with the LITTLEEST amount of custom code possible? Add a Retry-After HTTP header to API requests Use the AWS CLI to configure the retry settings in a named profile Change the custom library to retry on 5xx errors only Use an AWS SDK and set retry-specific configurations.
A business demands that AWS Lambda functions built by developers record problems in order for System Administrators to resolve issues more efficiently. What should developers do to address this need? Publish errors to a dedicated Amazon SQS queue. Create an Amazon CloudWatch Events event trigger based on certain Lambda events. Report errors through logging statements in Lambda function code. Set up an Amazon SNS topic that sends logging statements upon failure.
In the console, a developer transformed an existing application to an AWS Lambda function. While the application works OK on a local laptop, it fails to import a module when evaluated in the Lambda interface. Which of the following may be used to correct the error? Install the missing module and specify the current directory as the target. Create a ZIP file to include all files under the current directory, and upload the ZIP file. Install the missing module in a lib directory. Create a ZIP file to include all files under the lib directory, and upload the ZIP file as dependency file. In the Lambda code, invoke a Linux command to install the missing modules under the /usr/lib directory. In the Lambda console, create a LB_LIBRARY_PATH environment and specify the value for the system library path.
A gaming business is in the process of creating a mobile game application for the iOS and Android operating systems. This mobile game encrypts user data and keeps it locally on the device. The business wants consumers to be able to play the game on numerous devices. Without developing a backend application, the organization needs to synchronize user data across devices. Which Amazon Web Services (AWS) offering or functionality should the business use to achieve these requirements? AWS Lambda@Edge Amazon S3 Transfer Acceleration Amazon DynamoDB Accelerator (DAX) AWS Amplify with AWS AppSync.
There are three separate environments in a company: development, quality assurance, and production. The company wishes to deploy its code in three stages: development, QA, and finally production. What AWS service may be used to fulfill this need? Use AWS CodeCommit to create multiple repositories to deploy the application. Use AWS CodeBuild to create, configure, and deploy multiple build application projects. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application. Use AWS CodeDeploy to create multiple deployment groups.
An application is composed of two components: one for handling HTTP requests and another for doing background processing operations. Each component must be self-scaling. The developer want to use AWS Elastic Beanstalk to deploy this application. How, in light of these criteria, should this application be deployed? Deploy the application in a single Elastic Beanstalk environment. Deploy each component in a separate Elastic Beanstalk environment. Use multiple Elastic Beanstalk environments for the HTTP component, but one environment for the background task component. Use multiple Elastic Beanstalk environments for the background task component, but one environment for the HTTP component.
A business runs a bespoke application on a series of on-premises Linux servers that are connected to Amazon API Gateway through Amazon API Gateway. On the API test stage, AWS X-Ray tracing has been enabled. How can a developer implement X-Ray tracing with the LEAST amount of setup on on-premises servers? Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.
An organization is hosting huge files in Amazon S3 and developing a web application to provide end users with meta-data about the files. A user picks an item to download based on its information. The company requires a technique for indexing files and retrieving metadata with a single-digit millisecond delay. Which Amazon Web Services (AWS) service should be utilized to do this? Amazon DynamoDB Amazon EC2 AWS Lambda Amazon RDS.
A developer has created a web application and want to swiftly deploy it on an AWS Tomcat server. The developer want to be free of the responsibility of managing the underlying infrastructure. According to these criteria, what is the simplest approach to deploy the application? AWS CloudFormation AWS Elastic Beanstalk Amazon S3 AWS CodePipeline.
A developer uses Amazon ECS to host an e-commerce API. The application's fluctuating and spiking demand is causing order processing to take an excessive amount of time. The program manages Amazon Simple Queue Service (SQS) queues. Throughout the day, the ApproximateNumberOfMessagesVisible metric jumps to very high levels, resulting in Amazon CloudWatch alert violations. Other ECS metrics for API containers are within acceptable ranges. What measures can the developer take to boost performance while keeping costs down? Target tracking scaling policy Docker Swarm Service scheduler Step scaling policy.
A developer is configuring the Amazon API Gateway to support their business's goods. Registered developers may use the API to query and change their environments. For financial and security concerns, the organization want to restrict the number of requests that end users may submit. Management want to provide registered developers with the option of purchasing bigger packages that support a greater number of requests. How can the developer do this with the LEAST amount of management overhead? Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If a registered user chooses a larger package, create a stage for them, adjust the values, and share the new URL with them. Set up Amazon CloudWatch API logging in API Gateway. Create a filter based on the user and requestTime fields and create an alarm on this filter. Write an AWS Lambda function to analyze the values and requester information, and respond accordingly. Set up the function as the target for the alarm. If a registered user chooses a larger package, update the Lambda code with the values. Enable Amazon CloudWatch metrics for the API Gateway stage. Set up CloudWatch alarms based off the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts when request rates pass the threshold. Set the alarm action to Deny. If a registered user chooses a larger package, create a user-specific alarm and adjust the values. Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage. If a registered user chooses a larger package, create a custom plan with the appropriate values and associate the plan with the user.
A developer must re-implement the order fulfillment system's business logic. To determine where to acquire an item, the business logic must make queries to several sellers. The whole procedure might take up to a week. What is the MOST EFFECTIVE and SIMPLICIT method of implementing a system that satisfies these requirements? Use AWS Step Functions to execute parallel Lambda functions, and join the results. Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results. Use Amazon CloudWatch Events to orchestrate the Lambda functions.
A business is moving from a monolithic architecture to one based on microservices. The developers must redesign the program in such a way that the many microservices may interact asynchronously without compromising performance. Which managed Amazon Web Services (AWS) services will offer asynchronous message passing? (Select two.) Amazon SQS Amazon Cognito Amazon Kinesis Amazon SNS Amazon ElastiCache.
A small internet business is gearing up for its yearly sales extravaganza. As traffic to the company's application grows, the development team wishes to be alerted when the CPU usage of the Amazon EC2 instance surpasses 80%. Which solution will satisfy this criterion? Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%. Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%. Create a cron job on the EC2 instance that executes the --describe-instance-information command on the host instance every 15 minutes and sends the results to an Amazon SNS topic. Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.
Amazon S3 is structured as follows: S3:/BUCKET/FOLDERNAME/FILENAME.zip Which S3 best practice would enhance speed when a single bucket receives thousands of PUT requests per second? Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip.
Amazon API Gateway is used in a company's new mobile application. As the development team completes a new version of its APIs, a developer must roll out the API modification securely and transparently. What is the SIMPLEST method for a developer to deploy a new API version to a restricted number of consumers using API Gateway? Create a new API in API Gateway. Direct a portion of the traffic to the new API using an Amazon Route 53 weighted routing policy. Validate the new API version and promote it to production during the window of lowest expected utilization. Implement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined threshold. Use the canary release deployment option in API Gateway. Direct a percentage of the API traffic using the canarySettings setting.
A programmer is developing a REST API that will allow users to add goods to a shopping list. The service is developed on Amazon API Gateway and integrates with AWS Lambda. The shopping list items are sent to the function as query string arguments. How should the developer transform query string parameters to Lambda function arguments? Enable request validation Include the Amazon Resource Name (ARN) of the Lambda function Change the integration type Create a mapping template.
A firm is compiling a website using AWS CodeBuild from source code saved in AWS CodeCommit. Due to a recent modification to the source code, the CodeBuild project is unable to assemble the website correctly. How is the developer to determine the root cause of the failures? Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch. Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration. Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history. Manually re-run the build process on a local machine so that the output can be visualized.
Over SSH, a developer connects to AWS CodeCommit. The SSH keys used to connect to AWS CodeCommit are associated with the following user: { "Vserion": "2012-10-17", "Statement.. } The developer is responsible for creating and deleting branches. Which particular IAM permissions, based on the concept of least privilege, should be added? ג€codecommit:CreateBranchג€ ג€codecommit:DeleteBranchג€ ג€codecommit:Put*ג€ ג€codecommit:Update*ג€ ג€codecommit:*ג€.
developer is attempting to monitor the status of an application by running a cron job that returns 1 when the service is up and 0 when it is down. The developer wrote code to publish the custom metrics to Amazon CloudWatch and set an alert using the AWS CLI put-metric-alarm function. The Developer, on the other hand, is unable to issue an alert since the custom metrics are not visible in the CloudWatch interface. What is the source of this problem? Sending custom metrics using the CLI is not supported. The Developer needs to use the put-metric-data command. The Developer must use a unified CloudWatch agent to publish custom metrics. The code is not running on an Amazon EC2 instance.
Amazon Kinesis Streams is being used by a web application to store clickstream data that may not be utilized for up to 12 hours. How can the developer encrypt data in the Kinesis Streams at rest? Enable SSL connections to Kinesis Use Amazon Kinesis Consumer Library Encrypt the data once it is at rest with a Lambda function Enable server-side encryption in Kinesis Streams.
A business is building a web application that will enable workers to submit their profile pictures to a private Amazon S3 bucket. There is no restriction on the size of the profile images that should be shown each time an employee checks in. The images cannot be made publicly available for security reasons. What is a long-term feasible solution to this situation? Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in. Save the picture's S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture. Save the picture's S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.
A company's ecommerce website is experiencing large traffic surges, resulting in database performance issues. Users remark that viewing the website takes an excessive amount of time. A developer want to use Amazon ElastiCache to construct a caching layer. The website must be responsive regardless of whatever product a user visits, and product information and pricing must be updated consistently. Which policy for writing to the cache will meet these requirements? Write to the cache directly and sync the backend at a later time Write to the backend first and wait for the cache to expire Write to the cache and the backend at the same time Write to the backend first and invalidate the cache.
business is developing a stock trading application. The program requires a latency of less than one millisecond to handle trading requests. The firm stores all trade data in Amazon DynamoDB, which is utilized to perform each trading request. A development team conducts load testing on the application and discovers that the time required to get data is longer than intended. The development team need a solution that significantly improves data retrieval time with the least amount of work feasible. Which solution satisfies these criteria? Add local secondary indexes (LSIs) for trading data. Store trading data in Amazon S3 and use Transfer Acceleration. Add retries with exponential back-off for DynamoDB queries Use DynamoDB Accelerator to cache trading data.
A business runs an application that makes use of an Amazon RDS DB instance as the database. A developer must implement database encryption at rest. Which measures should the developer perform in combination to satisfy this requirement? (Select two.) Enable encryption on the DB instance in the AWS Management Console. Stop the DB instance. Restore the DB instance from the encrypted snapshot. Take a snapshot of the DB instance, and create an encrypted copy of the snapshot. Create a customer managed key in AWS Key Management Service (AWS KMS).
Amazon CloudFront is being used by an organization to guarantee that its users have low-latency access to their online application. The business determined that all communication between users and CloudFront, as well as all traffic between CloudFront and the web application, should be encrypted. How are these stipulations to be met? (Select two.) Use AWS KMS to encrypt traffic between CloudFront and the web application. Set the Origin Protocol Policy to ג€HTTPS Onlyג€. Set the Origin's HTTP Port to 443. Set the Viewer Protocol Policy to ג€HTTPS Onlyג€ or ג€Redirect HTTP to HTTPSג€. Enable the CloudFront option Restrict Viewer Access.
A developer is transferring an application from on-premises to AWS. Currently, the program accepts user uploads and stores them to a server-side local directory. All uploads must be preserved and instantly accessible to all instances within an Auto Scaling group. Which strategy will satisfy these criteria? Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot. Use Amazon S3 and rearchitect the application so all uploads are placed in S3. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI). Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.
The Amazon API Gateway exposes a collection of APIs to clients. The API Gateway has enabled caching for these APIs. Customers have requested an option to clear this cache for each API. What may be done to enable API clients to invalidate the API Cache? Ask customers to use AWS credentials to call the InvalidateCache API. Ask customers to invoke an AWS API endpoint which invalidates the cache. Ask customers to pass an HTTP header called Cache-Control:max-age=0. Ask customers to add a query string parameter called ג€INVALIDATE_CACHEג€ when making an API call.
A programmer is now working on an ecommerce website. The developer want to inspect server logs without having to log in to each application server separately. The website is built in Python and operates on numerous Amazon EC2 instances. It must be extremely available. How can the developer upgrade the program with the fewest possible modifications to fulfill these requirements? Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch. Set up centralized logging by using Amazon Elasticsearch Service (Amazon ES), Logstash, and Kibana. Scale down the application to one larger EC2 instance where only one instance is recording logs. Install the unified Amazon CloudWatch agent on the EC2 instances. Configure the agent to push the application logs to CloudWatch.
A developer is updating a bespoke application that is currently running on AWS Elastic Beanstalk. What solutions will update the Elastic Beanstalk environment with the new application version after the Developer completes the changes? (Select two.) Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console Package the application code into a .tar file, create a new application version from the AWS Management Console, then update the environment by using AWS CLI Package the application code into a .tar file, and upload and deploy the packaged application from the AWS Management Console Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI Package the application code into a .zip file, create a new application version from the AWS Management Console, then rebuild the environment by using AWS CLI.
A developer has been requested to write an AWS Lambda function that is called whenever objects in an Amazon DynamoDB database are updated. The function has been built, and the Lambda execution role has been granted the necessary permissions. Although Amazon DynamoDB streams have been enabled for the table, the function continues to fail to execute. Which option would allow the Lambda function to be triggered by DynamoDB database updates? Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table Configure event source mapping for the Lambda function Map an Amazon SNS topic to the DynamoDB streams Increase the maximum execution time (timeout) setting of the Lambda function.
A developer is debugging connection difficulties between an Amazon Web Services Lambda function and an Amazon EC2 machine running Amazon Linux 2. Even if the Lambda function is enabled to access resources on the EC2 instance's network, the Lambda function and the EC2 instance are unable to interact. How can the developer see the network traffic between the Lambda function and the Amazon Elastic Compute Cloud instance? Inspect the VPC flow logs for network activity. Use the traceroute command on the EC2 instance to check connectivity. Analyze the Amazon CloudWatch metrics for network traffic. Use the telnet command on the EC2 instance to check connectivity.
Amazon API Gateway is used by a business to manage access to a collection of microservices built as AWS Lambda functions. The corporation makes a small breaking update to one of the APIs in response to a bug report. To minimize the effect of the new API's deployment on current customers, the business intends to provide clients six months to transition from v1 to v2. Which strategy should the developer use to deal with this change? Update the underlying Lambda function and provide clients with the new Lambda invocation URL. Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL. Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.
A program may have hundreds of users. Each user may access the application through various devices. The Developer want to give these users unique IDs regardless of the device they are using. Which mechanism should be utilized to generate unique identifiers? Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys. Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.
A business wishes to transition an imaging service to Amazon EC2 while adhering to industry best practices for security. The photos are obtained and read from an Amazon S3 bucket that is not publicly accessible. What actions should a developer take to ensure compliance with these requirements? Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the Amazon EBS volume of the EC2 instance. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2 instance. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance. Create an S3 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
A business makes use of continuous integration and delivery platforms. A developer now wants to automate the distribution of software packages to both Amazon EC2 instances and on-premises virtual machines. Which AWS service should be utilized for this purpose? AWS CodePipeline AWS CodeBuild AWS Elastic Beanstalk AWS CodeDeploy.
How does AWS KMS's Envelope Encryption work? The Customer Master Key is used to encrypt/decrypt a data key. The Plaintext Data Key is used to encrypt customer data. Two encryption keys are used. The Customer Master Key encrypts customer data. The Data Key is used to re-encrypt the encrypted data. Two encryption keys are used. The Data Key encrypts customer data. The ׀¡ustomer Master Key is used to re-encrypt the encrypted data. The Customer Master Key is used to encrypt/decrypt a data key. The Encrypted Data Key is used to encrypt customer data.
A developer must construct an application that supports SAML and Facebook authentication. Additionally, it must provide access to AWS services such as Amazon DynamoDB. Which AWS service or feature will allow for the LEAST amount of extra code to achieve these requirements? AWS AppSync Amazon Cognito identity pools Amazon Cognito user pools Amazon Lambda@Edge.
A developer is troubleshooting an AWS Lambda function that is being used in conjunction with an Amazon API Gateway. HTTP status code 200 is returned whenever the API Gateway endpoint is contacted, despite the fact that AWS Lambda is logging a 4xx error. What modification is required to deliver an appropriate error code through the API Gateway? Enable CORS in the API Gateway method settings Use a Lambda proxy integration to return HTTP codes and headers Enable API Gateway error pass-through. Return the value in the header x-Amzn-ErrorType.
A developer is developing a three-tier web application that must support at least 5000 requests per minute. According to the requirements, the web layer should be fully stateless, whereas the application should keep user session data. How may session data be externalized while minimizing latency? Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage.
A development team is now working on a case management system that will enable the processing and evaluation of medical claims. Users log in to share medical and financial information. Sensitive data such as medical records, medical imaging, bank statements, and invoices are uploaded to Amazon S3 as part of the program. All papers must be sent and kept securely. All access to documents must be documented for auditing purposes. Which technique is the MOST SECURE? Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket. Use client-side encryption/decryption with Amazon S3 and AWS KMS.
A developer is developing a web application that will allow end users to exchange encrypted documents. The papers are saved on Amazon S3 in a private bucket. Only verified users should be able to download certain documents when requested, and only for a period of 15 minutes. How is the developer to adhere to these specifications? Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.
A front-end web application handles user authentication with Amazon Cognito user pools. Using the AWS SDK for JavaScript, a developer integrates Amazon DynamoDB into the application. How might a developer contact the API safely without disclosing the access or secret keys? Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials. Run the web application in an Amazon EC2 instance with the instance profile configured. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.
A business administers a website that is hosted on Amazon EC2 instances that are routed via an Elastic Load Balancer. CPU use is limited on EC2 Instances. The technical staff at the organization is responsible for securing incoming internet traffic. Which combination of actions will satisfy these criteria? (Select two.) Configure the Elastic Load Balancer with SSL passthrough. Configure SSL certificates on the Elastic Load Balancer. Configure the Elastic Load Balancer with a Loadable Storage System. Install SSL certificates on the EC2 instances. Configure the Elastic Load Balancer with SSL termination.
In AWS Lambda, a developer is developing an application. To facilitate testing and deployments, the Developer need the ability to change the database connection string without affecting the Lambda code. How is this criterion to be met? Store the connection string as a secret in AWS Secrets Manager. Store the connection string in an IAM user account. Store the connection string in AWS KMS. Store the connection string as a Lambda layer.
A developer wants to monitor an application that is deployed on Amazon EC2 instances using AWS X-Ray. What procedures must be taken to do the monitoring? Deploy the X-Ray SDK with the application and use X-Ray annotation. Install the X-Ray daemon and instrument the application code. Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events. Deploy the X-Ray SDK with the application and instrument the application code.
When deploying new application versions on AWS Elastic Beanstalk, an application's error rate increases, resulting in service deterioration for customers. This, the Development team thinks, is due to the capacity loss throughout the deployment processes. The team want to update the environment's deployment policy configuration to one that maintains full capacity during deployment while using current instances. Which deployment strategy will satisfy these criteria while using current instances? All at once Rolling Rolling with additional batch Immutable.
A business has a web application that is authenticated by an Amazon Cognito user pool. The business want to construct a login page including the business's logo. What actions should a developer take to ensure compliance with these requirements? Create a hosted user interface in Amazon Cognito and customize it with the company logo. Create a login page with the company logo and upload it to Amazon Cognito. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.
A programmer is developing a serverless ecommerce application using AWS Lambda. An asynchronous workflow is responsible for managing the checkout process and must arrange the execution of many Lambda functions. Each item in the shopping cart triggers a separate function in the process. The developer orchestrates the process using AWS Step Functions. The checkout process is currently executing the Lambda functions serially, and the developer want to optimize the procedure's speed. What actions should the developer take to ensure compliance with these requirements? Use a Choice state to identify the size of the cart and invoke a specific Lambda function with the entire cart content. Use a Retry field for a second run to process all the items that failed. Use a Parallel state to iterate over all the items in parallel. Use a Map state to iterate over all the items in the cart.
To increase read speed, an application makes use of a single-node Amazon ElastiCache for Redis instance. Demand for the application has grown significantly over time, putting an increasing strain on the ElastiCache instance. It is vital that this cache layer is capable of handling the load and being robust in the event of a node failure. What can be done by the developer to meet load and resilience requirements? Add a read replica instance. Migrate to a Memcached cluster. Migrate to an Amazon Elasticsearch Service cluster. Vertically scale the ElastiCache instance.
A developer intends to create a REST API via the usage of an Amazon API Gateway and AWS Lambda. The developer will be responsible for managing three unique environments: development, test, and production. How should the application be delivered with the least amount of resources possible? Create a separate API Gateway and separate Lambda function for each environment in the same Region. Assign a Region for each environment and deploy API Gateway and Lambda to each Region. Create one API Gateway with multiple stages with one Lambda function with multiple aliases. Create one API Gateway and one Lambda function, and use a REST parameter to identify the environment.
orporation is transferring its on-premises web application from a single server to AWS. To balance the demand, the firm wants to deploy numerous servers behind an Elastic Load Balancer (ELB) and to keep session data in memory on the web server. The organization does not want to lose session data in the event of a server failure or outage, and it also wants to minimize user downtime. Where should the organization relocate session data to most effectively decrease downtime and increase the fault tolerance of customers' session data? An Amazon ElastiCache for Redis cluster A second Amazon EBS volume The web server's primary disk An Amazon EC2 instance dedicated to session data.
A development team is deploying a two-tier application in production using AWS Elastic Beanstalk. The application comprises of a load-balanced web tier and an Amazon RDS database layer. The team want to partition the RDS instance from the Elastic Beanstalk instance. How is this possible? Use the Elastic Beanstalk CLI to disassociate the database. Use the AWS CLI to disassociate the database. Change the deployment policy to disassociate the database. Recreate a new Elastic Beanstalk environment without Amazon RDS.
A developer is attempting to get data from the demoman-table database in Amazon DynamoDB. The developer set the AWS CLI to utilize the credentials of a particular IAM user and ran the following command: aws synamodb get-item -- table-name demoman-table --key ' {"id": { "N": "... The command produced errors and returned no rows. Which of the following is the MOST LIKELY CAUSE of these problems? The command is incorrect; it should be rewritten to use put-item with a string argument. The developer needs to log a ticket with AWS Support to enable access to the demoman-table. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API. The IAM user needs an associated policy with read access to demoman-table.
A developer has established a new AWS IAM user with the s3:putObject permission, which enables him to write to a particular Amazon S3 bucket. As a default, this S3 bucket employs server-side encryption with AWS KMS controlled keys (SSE-KMS). When contacting the PutObject API with the IAM user's access key and secret key, the application encountered an access denied error. How is this problem to be resolved? Update the policy of the IAM user to allow the s3:Encrypt action. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects. Update the policy of the IAM user to allow the kms:GenerateDataKey action. Update the ACL of the S3 bucket to allow the IAM user to upload objects.
On Amazon EC2 instances, a developer has code that requires read-only access to an Amazon DynamoDB database. What is the MOST secure method for the Developer to do this task? Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys rotate. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances. Run all code with only AWS account root user access keys to ensure maximum access to services. Use an IAM role with Administrator access applied to the EC2 instance.
A developer is developing an AWS Lambda function that makes Amazon DynamoDB available. The Lambda function must obtain and change certain properties of an object, or construct the item if it does not exist. Access to the main key is granted to the Lambda function. Which IAM permissions should the developer obtain to enable this capability in the Lambda function? dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem.
A developer is working on a financial transaction management program. Multi-factor authentication (MFA) will be needed as part of the login procedure to increase security. Which services are available to the developer in order to achieve these requirements? Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes Amazon Cognito with MFA AWS Directory Service AWS IAM with MFA enabled.
A programmer is developing an application that will handle a stream of data given by the user. The data stream must be received concurrently and in real time by various Amazon EC2-based processing apps. Each processor must be capable of restarting without losing data if service is interrupted. The Application Architect intends to expand the number of processors in the near future and wants to reduce data duplication. Which solution will meet these criteria? Publish the data to Amazon SQS. Publish the data to Amazon Kinesis Data Firehose. Publish the data to Amazon CloudWatch Events. Publish the data to Amazon Kinesis Data Streams.
A developer is developing a Lambda function to create and export a file. While the program is running, it needs 100 MB of temporary storage for transient files. These files are no longer required after the function has been completed. How can the developer manage temporary files most efficiently? Store the files in EBS and delete the files at the end of the Lambda function. Copy the files to EFS and delete the files at the end of the Lambda function. Store the files in the /tmp directory and delete the files at the end of the Lambda function. Copy the files to an S3 bucket with a lifecycle policy to delete the files.
A business is in the process of building a serverless ecommerce web application. The application must perform synchronized, all-or-nothing updates to various products in the company's Amazon DynamoDB inventory database. Which solution will satisfy these criteria? Enable transactions for the DynamoDB table. Use the BatchWriteItem operation to update the items. Use the TransactWriteItems operation to group the changes. Update the items in the table. Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update the table based on the grouped changes. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions. Write a backend process to sync the Aurora DB table and the DynamoDB table.
A business developed a serverless application that incorporates the customers' preferred actors. The business's data was stored in an Amazon DynamoDB database. The table is divided into three sections: actor, film, and year. Each actor appears in a number of films and may feature in numerous films in a single calendar year. The firm is interested in discovering which of the customers' favorite actors were in the same film and which films were released in the same year. A developer must create the DynamoDB database in such a way that the response time for such queries is as short as possible. Which solution satisfies these criteria? Create a composite primary key with Actor as the partition key and Movie as the sort key Use Year as the sort key for a global secondary index (GSI). Create a composite primary key with Actor as the partition key and Year as the sort key Use Movie as the sort key for a global secondary index (GSI). Create a composite primary key with Movie as the partition key and Actor as the sort key Use Year as the sort key for a global secondary index (GSI). Create a simple primary key with Actor as the partition key. Use Year as the sort key for a local secondary index (LSI).
A developer is working on a mobile app and requires any changes to user profile data to be distributed to all devices that access the same identity. The developer does not wish to maintain the user profile data on a back end. What is the most efficient approach for the Developer to use Amazon Cognito to meet these requirements? Use Cognito federated identities. Use a Cognito user pool. Use Cognito Sync. Use Cognito events.
A developer wishes to revert to a prior version of an AWS Lambda function in the case of deployment issues. How can the developer do this with the FEWEST possible effect on users? Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version. Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN). Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.
A legacy program running on-premises caches data files locally and writes shared pictures to local drives. What is required to enable horizontal scalability during the application's migration to AWS? Modify the application to have both shared images and caching data written to Amazon EBS. Modify the application to read and write cache data on Amazon S3, and also store shared images on S3. Modify the application to use Amazon S3 for serving shared images; cache data can then be written to local disks. Modify the application to read and write cache data on Amazon S3, while continuing to write shared images to local disks.
A developer chooses to use Amazon S3 to store highly secure data and want to build server-side encryption (SSE) with granular control over who may access the master key. For security reasons, company policy demands that the master key be established, cycled, and deactivated easily as necessary. Which option is most appropriate for meeting these requirements? SSE with Amazon S3 managed keys (SSE-S3) SSE with AWS KMS managed keys (SSE-KMS) SSE with AWS Secrets Manager SSE with customer-provided encryption keys.
A server-side application running on Amazon EC2 instances needs access assets contained in an Amazon S3 bucket that have been secured using AWS KMS encryption keys (SSE-KMS). To decrypt the items, the program must have access to the customer master key (CMK). Which sequence of actions will provide access to the application? (Select two.) Write an S3 bucket policy that grants the bucket access to the key. Grant access to the key in the IAM EC2 role attached to the application's EC2 instances. Write a key policy that enables IAM policies to grant access to the key. Grant access to the key in the S3 bucket's ACL Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.
Amazon Cognito is being used by a social networking firm to synchronize profiles across many mobile devices, enabling end users to enjoy a consistent experience. Which of the following setups enables customers to be notified quietly whenever an update is ready for their other devices? Modify the user pool to include all the devices which keep them in sync. Use the SyncCallback interface to receive notifications on the application. Use an Amazon Cognito stream to analyze the data and push the notifications. Use the push synchronization feature with the appropriate IAM role.
The Lambda function below is invoked through an API request made using Amazon API Gateway. The Lambda function typically executes in less than a second. The Lambda function's pseudocode is displayed in the exhibit. include "3rd party... .. #code block Which two measures may be performed to increase this Lambda function's performance without raising the cost of the solution? (Select two.) Package only the modules the Lambda function requires Use Amazon DynamoDB instead of Amazon RDS Move the initialization of the variable Amazon RDS connection outside of the handler function Implement custom database connection pooling with the Lambda function Implement local caching of Amazon RDS data so Lambda can re-use the cache.
A developer has constructed a huge Lambda function, but deployment encounters the following error: ClientError: When invoking the CreateFunction action, an error occurred (InvalidParameterValueException): The unzipped file size must not exceed XXXXXXX bytes€TM, where XXXXXXXX is the current Lambda limit. What is the Developer's role in resolving this issue? Submit a limit increase request to AWS Support to increase the function to the size needed. Use a compression algorithm that is more efficient than ZIP. Break the function into multiple smaller Lambda functions. ZIP the ZIP file twice to compress it further.
A developer is using Amazon S3 to store sensitive data created by an application. The developer want to encrypt the data while it is in transit. A corporate policy demands an audit trail detailing when and by whom the master key was used. Which encryption method will satisfy these criteria? Server-side encryption with Amazon S3 managed keys (SSE-S3) Server-side encryption with AWS KMS managed keys (SSE-KMS) Server-side encryption with customer-provided keys (SSE-C) Server-side encryption with self-managed keys.
An Amazon EC2 instance is configured with an IAM role that expressly forbids access to all Amazon S3 API activities. The EC2 instance credentials file contains the IAM access key and secret access key, both of which provide full administrative access. Which of the following statements is accurate in light of the fact that this EC2 instance supports several types of IAM access? The EC2 instance will only be able to list the S3 buckets. The EC2 instance will only be able to list the contents of one S3 bucket at a time. The EC2 instance will be able to perform all actions on any S3 bucket. The EC2 instance will not be able to perform any S3 action on any S3 bucket.
A developer is storing application data in Amazon DynamoDB. The developer want to further optimize the application's performance by minimizing the time required to conduct read and write operations. Which DynamoDB functionality should be utilized to accomplish these goals? Amazon DynamoDB Streams Amazon DynamoDB Accelerator Amazon DynamoDB global tables Amazon DynamoDB transactions.
A developer wrote configuration requirements for an AWS Elastic Beanstalk application in a file entitled healthcheckurl.yaml in their application source bundle's.ebextensions/directory. The following information is included in the file: option_setting: - namespace: aws: elasticbeanstalk:application .. Following the application's start, the health check is not executed on the right route, despite the fact that it is legitimate. How can this configuration file be corrected? Convert the file to JSON format. Rename the file to a .config extension. Change the configuration section from options_settings to resources. Change the namespace of the option settings to a custom namespace.
A developer is developing an AWS Lambda function to produce and publish a weekly newsletter to 100,000 subscribers dynamically. This mail includes both static and dynamic content. The developer need a highly scalable and quick storage location for the photographs that will be hyperlinked throughout the newsletter. Where is the developer supposed to save these images? Use an Amazon DynamoDB table with DynamoDB Streams and read capacity auto scaling enabled. Use an Amazon S3 bucket and S3 Transfer Acceleration to speed up the image download. Use an Amazon Aurora database with a public DNS endpoint and auto scaling enabled. Use an Amazon S3 backed Amazon CloudFront distribution with a high Time-to-Live (TTL) to maximize caching.
An application is being developed that will use Amazon SQS to handle messages from a large number of independent senders. Messages from each sender must be handled in the order in which they are received. Which SQS functionality should the developer implement? Configure each sender with a unique MessageGroupId Enable MessageDeduplicationIds on the SQS queue Configure each message with unique MessageGroupIds. Enable ContentBasedDeduplication on the SQS queue.
A developer is writing transactions to the €SystemUpdates€ DynamoDB database, which has five write capacity units. Which of the following options provides the maximum read throughput? Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size.
A developer works in an environment that includes various Amazon Web Services accounts and AWS Lambda functions that handle identical 100 KB payloads. The developer wishes to centralize the payloads' origin in a single account and have all Lambda functions triggered whenever the parent account's starting event happens. How can the developer build the process in the most efficient manner possible, ensuring that all Lambda functions with multiple accounts are run when an event occurs? Create a Lambda function in the parent account and use cross-account IAM roles with the AWS Security Token Service (AWS STS) AssumeRole API call to make AWS Lambda invoke the API call to invoke all the cross-account Lambda functions. Subscribe all the multi-account Lambda functions to an Amazon SNS topic and make a SNS Publish API call with the payload to the SNS topic. Set up an Amazon SQS queue with the queue policy permitting the ReceiveMessage action for multi-account Lambda functions. Then send the payload to the SQS queue using the sqs:SendMessage permission and poll the queue using multi-account Lambda functions. Use a worker on an Amazon EC2 instance to poll for the payload event. Invoke all Lambda functions using the Lambda Invoke API after using cross-account IAM roles with the AWS Security Token Service (AWS STS) AssumeRole API call.
A developer wishes to improve the performance of reads from an unencrypted Amazon S3 bucket. Each second, the program needs 100,000 read requests. Priority is given to cost-effectiveness. What is the MOST SIMPLE method for implementing these requirements? Create 20 or more prefixes in Amazon S3. Place files by prefixes. Read in parallel by prefixes. Create 20 or more AWS accounts. Create a bucket in each account. Read in parallel by bucket. Deploy Memcached on Amazon EC2. Cache the files in memory. Retrieve from the Memcached cache. Copy all files to Amazon DynamoDB. Index the files with S3 metadata. Retrieve from DynamoDB.
A developer used Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS to construct a dashboard for an application. The developer need an authentication system that enables users to log in and access their dashboard. It must be available through mobile apps, desktop applications, and tablets, and it must maintain user preferences across platforms. Which AWS service should the developer use to accommodate this situation of authentication? AWS KMS Amazon Cognito AWS Directory Service Amazon IAM.
A developer is deploying an application to Amazon EC2 using AWS CodeDeploy. The developer wishes to modify the permissions on a particular deployment file. Which lifecycle event should a developer utilize to do this task? AfterInstall DownloadBundle BeforeInstall ValidateService.
A multinational corporation runs an application on Amazon EC2 instances that provides image files stored in Amazon S3. User queries from the browser generate a lot of traffic, which leads in performance degradation. Which optimization technique should a developer use to boost the speed of an application? Create multiple prefixes in the S3 bucket to increase the request rate. Create an Amazon ElastiCache cluster to cache and serve frequently accessed items. Use Amazon CloudFront to serve the content of images stored in Amazon S3. Submit a ticket to AWS Support to request a rate limit increase for the S3 bucket.
A business operates a two-tier application that runs on an Amazon EC2 server and manages all of its AWS-based e-commerce operations. During peak periods, the backend servers responsible for processing orders become overburdened with requests. As a consequence, certain orders are unable to be processed. A developer must provide a way for refactoring the program. Which initiatives will provide more flexibility during peak periods while staying economically viable? (Select two.) Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year. Implement an Amazon SQS queue to decouple the front-end and backend servers. Use an Amazon SNS queue to decouple the front-end and backend servers. Migrate the backend servers to on-premises and pull from an Amazon SNS queue. Modify the backend servers to pull from an Amazon SQS queue.
A developer wishes to protect sensitive configuration data, including passwords, database strings, and application licensing numbers. Access to this sensitive data must be monitored for audit reasons in the future. Where, in accordance with security best practices and operational needs, should sensitive information be stored? In an encrypted file on the source code bundle; grant the application access with Amazon IAM In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role.
A developer has been requested to modify the source code for an AWS Lambda function. AWS CloudFormation templates are used to administer the function. The template is designed to load the source code from a bucket on Amazon S3. The Developer prepared a.ZIP file deployment package containing the modifications manually and placed it in the appropriate location on Amazon S3. When the function is executed, the modifications to the code are not implemented. What procedure must be followed to ensure that the function is updated to reflect the changes? Delete the .ZIP file on S3, and re-upload by using a different object key name. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion. Ensure that the function source code is base64-encoded before uploading the deployment package to S3. Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.
A developer is using AWS CloudFormation to create a deployment package. Two distinct templates are included in the package: one for the infrastructure and another for the application. The application must be contained inside the VPC built using the infrastructure template's infrastructure template. How can the application stack make reference to the VPC established using the infrastructure template's infrastructure template? Use the Ref function to import the VPC into the application stack from the infrastructure template. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template. Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template. Use the Fn::GetAtt function to include the attribute of the VPC in the application template.
A developer is developing an application that will handle a high volume of queries. Requests must be handled in the order they are received, and each request should only be processed once. To do this, how should Amazon SQS be deployed? Configure First in First out (FIFO) delivery in a standard Amazon SQS queue to process requests. Use an SQS FIFO queue to process requests. Use the SetOrder attribute to ensure sequential request processing. Convert the standard queue to a FIFO queue by renaming the queue to use the .fifo suffix.
A development team deploys applications using AWS Elastic Beanstalk. The team has limited the number of application versions to 25 by configuring the application version lifecycle policy. Despite this, the source bundle gets destroyed from the Amazon S3 source bucket regardless of the lifespan policy. What should a developer do in the Elastic Beanstalk application's version lifecycle settings to ensure that the source code is retained in the S3 bucket? Change the Set the application versions limit by total count setting to zero. Disable the Lifecycle policy setting. Change the Set the application version limit by age setting to zero. Set Retention to Retain source bundle in S3.
A business requires data encryption at rest but wishes to utilize an AWS managed service while maintaining control over its own master key. Which of the following Amazon Web Services (AWS) services is appropriate for meeting these requirements? SSE with Amazon S3 SSE with AWS KMS Client-side encryption AWS IAM roles and policies.
A developer is creating a distributed application that will be constructed utilizing a microservices architecture and will span numerous Amazon Web Services accounts. The operations team of the business need the ability to examine and troubleshoot application problems from a centralized account. How is the developer to adhere to these specifications? Use an Amazon X-Ray agent with role assumption to publish data into the centralized account. Use Amazon X-Ray and create a new IAM user to publish the access keys into the centralized account. Use VPC Flow Logs to collect applications logs across different accounts. Enable AWS CloudTrail to publish the trails in an Amazon S3 bucket in the centralized account.
The website of a business is hosted on an Amazon EC2 instance, which utilizes Auto Scaling to automatically scale the environment during peak periods. Worldwide, website visitors are experiencing increased latency as a result of static material on the EC2 instance, even during off-peak hours. Which sequence of actions will overcome the problem of latency? (Select two.) Double the Auto Scaling group's maximum number of servers. Host the application code on AWS Lambda. Scale vertically by resizing the EC2 instances. Create an Amazon CloudFront distribution to cache the static content. Store the application's static content in Amazon S3.
A developer is developing a website that will be housed in an Amazon S3 bucket that has support for static website hosting. The developer will utilize Amazon Route 53 to provide DNS services and will redirect the company's domain to the bucket through an alias record. One S3 item must be redirected to a different URL by the developer. What should the developer employ to ensure that the redirect from a website page works properly? A Route 53 CNAME alias record that points to the new location An S3 object-level redirect through system-defined metadata A Route 53 A record that points to the new location A redirect that is configured within the S3 bucket's policy.
A developer is looking at performance concerns with an application. The program is composed of hundreds of microservices, and each API request may have a lengthy call stack. The developer must isolate the problematic component. Which AWS service or functionality should the developer utilize to collect data about what is occurring and isolate the fault? AWS X-Ray VPC Flow Logs Amazon GuardDuty Amazon Macie.
A developer is developing a Linux application that will be hosted on AWS Elastic Beanstalk. The application's requirements indicate that it must retain full capacity throughout upgrades while keeping costs to a minimum. Which deployment policy for Elastic Beanstalk should the developer select for the environment? Immutable Rolling All at Once Rolling with additional batch.
A recent migration of a company's web, application, and NoSQL database layers to AWS. Auto Scaling is being used by the organization to scale the web and application layers. Over 95% of Amazon DynamoDB queries are for repeated reads. How can the NoSQL layer of DynamoDB be scaled up to handle these repetitive requests? Amazon EMR Amazon DynamoDB Accelerator Amazon SQS Amazon CloudFront.
A developer wishes to encrypt new objects that an application uploads to an Amazon S3 bucket. There must be a record of who used the key throughout this procedure. There should be no difference in the application's performance. Which form of encryption satisfies these criteria? Server-side encryption using S3-managed keys Server-side encryption with AWS KMS-managed keys Client-side encryption with a client-side symmetric master key Client-side encryption with AWS KMS-managed keys.
Three microservice projects are created by a developer and are stored in distinct folders under the same AWS CodeCommit repository. Each project is served by a distinct AWS CodePipeline pipeline. When a developer pushes modifications to a single microservice, all three pipelines begin to execute. The developer must ensure that only necessary pipelines are executed. The developer is not permitted to alter the organization of the repository. Which solution will satisfy these criteria? For each of the three microservice projects, create a separate CodeCommit repository. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function to evaluate changes to the repository and run the appropriate pipeline. Create an Amazon API Gateway API that is backed by an AWS Lambda function to determine the appropriate pipeline to run. Add the API endpoint to a webhook in CodeCommit. Migrate all three pipelines to a single pipeline. Add conditional stages to build a certain microservice project.
A developer is currently building code for an Amazon Web Services Lambda function. The function will act as a Lambda authorizer, allowing Amazon API Gateway to manage access to a certain API. Along with the primary identity, what should this code return following successful authentication? An HTTP response status code of 200 that indicates successful completion An integer 0 that indicates successful completion The Amazon Resource Name (ARN) of an IAM role that will be assumed for authentication A policy document with desired permissions.
Continuous integration/continuous delivery (CI/CD) systems are being used by a business. A developer needs automate the distribution of a software application bundle to Amazon EC2 instances and on-premises virtual servers. Which Amazon Web Services (AWS) service should the developer utilize to satisfy these requirements? AWS Cloud9 AWS CodeBuild AWS Elastic Beanstalk AWS CodeDeploy.
A smartphone application that allows users to see photographs from an S3 bucket is being developed by a developer. Users must be able to log in using their Amazon credentials as well as their Facebook® and/or Google® accounts. How will the Developer be able to implement this authentication feature? Use Amazon Cognito with web identity federation. Use Amazon Cognito with SAML-based identity federation. Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.
A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The application's data is kept in an Amazon DynamoDB database, and all instances maintain records in real time. At times, an instance retrieves outdated data. The Developer want to rectify issue by ensuring that readings are very consistent. How is this accomplished by the Developer? Set ConsistentRead to true when calling GetItem. Create a new DynamoDB Accelerator (DAX) table. Set Consistency to strong when calling UpdateTable. Use the GetShardIterator command.
A developer is developing a web application for AWS Lambda. Users will be able to log in and see private documents using the application. All pages in the application must adhere to the company's branding guidelines. How can the developer host the sign-in pages with the LESS custom code possible? Upload files for the sign-in pages with the required branding to an Amazon S3 bucket. Configure static website hosting for the S3 bucket. Create a Lambda function to serve the sign-in pages with the required branding. Configure Amazon API Gateway to route traffic to the function. Create a Lambda@Edge function to serve the sign-in pages with the required branding. Configure Amazon CloudFront to invoke the function in response to user requests. Configure an Amazon Cognito user pool with an Amazon Cognito hosted UI for the sign-in pages. Customize the pages with the required branding.
An AWS Lambda function is being written by a developer. The developer want to record critical events that occur during the Lambda function's execution and to provide a unique identifier that will allow the events to be associated with a single function invocation. Which of the following will assist the developer in achieving this goal? Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console. Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file. Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console. Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file.
A business has an Amazon S3 bucket holding premium material that it wants to make accessible exclusively to paying website subscribers. Currently, the S3 bucket's default permissions set all objects to private to avoid inadvertently exposing premier material to non-paying website users. How is the corporation able to restrict access to a premium content file in the S3 bucket to just paying subscribers? Apply a bucket policy that allows anonymous users to download the content from the S3 bucket. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download. Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects. Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.
A developer hosts static websites using Amazon S3 buckets. The developer builds two S3 buckets: one for the code and another for the assets, which include picture and video files. When a user tries to access the assets bucket from the code bucket, access is forbidden, and the website application displays a 403 error. How should the Developer approach this situation? Create an IAM role and apply it to the assets bucket for the code bucket to be granted access. Edit the bucket policy of the assets bucket to open access to all principals. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any origin to access the assets. Change the code bucket to use AWS Lambda functions instead of static website hosting.
A business created a set of APIs that are provided through the Amazon API Gateway. The API requests must be authenticated using a supplier of OpenID-based identification, such as Amazon or Facebook. Access to the APIs should be based on a specific authorisation mechanism. Which approach is the most straightforward and secure to employ when developing an authentication and authorisation strategy for APIs? Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call. Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization. Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
When a Developer attempts to execute an AWS CodeBuild project, an error occurs because the cumulative length of all environment variables exceeds the maximum character limit. What is the suggested course of action? Add the export LC_ALL=ג€en_US.utf8ג€ command to the pre_build section to ensure POSIX localization. Use Amazon Cognito to store key-value pairs for large numbers of environment variables. Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables. Use AWS Systems Manager Parameter Store to store large numbers of environment variables.
A developer is now working on an application that manages papers that are ten megabytes in size and include very sensitive data. The application will encrypt data on the client side using AWS KMS. Which procedures must be followed? Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data.
A software business must ensure that documents provided by users are maintained securely in Amazon S3. At rest, the documents must be encrypted in Amazon S3. The firm does not want to operate its security infrastructure in-house, but it need additional protection to maintain control over its encryption keys in order to comply with industry laws. Which encryption technique should a developer use in order to satisfy these requirements? Server-side encryption with Amazon S3 managed keys (SSE-S3) Server-side encryption with customer-provided encryption keys (SSE-C) Server-side encryption with AWS KMS managed keys (SSE-KMS) Client-side encryption.
A developer has developed an application that can concurrently upload tens of thousands of items to Amazon S3 under a single AWS account. As part of the new criteria, data stored in S3 must be encrypted on the server using AWS KMS (SSE-KMS). After making this update, the application's performance degrades. Which of the following is the MOST LIKELY source of application latency? Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys. The AWS KMS API calls limit is less than needed to achieve the desired performance. The client encryption of the objects is using a poor algorithm. KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.
A developer has created an application for Amazon Kinesis Data Streams. With increased use and traffic, the application often receives ProvisionedThroughputExceededException error messages. How should the developer proceed in order to address the error? (Select two.) Use Auto Scaling to scale the stream for better performance Increase the delay between the GetRecords call and the PutRecords call Increase the number of shards in the data stream Specify a shard iterator using the ShardIterator parameter Implement exponential backoff on the GetRecords call and the PutRecords call.
A business has a website built in PHP and WordPress and is hosted on AWS Elastic Beanstalk. The website requires a new version to be deployed in the Elastic Beanstalk environment. The firm cannot afford to have the website unavailable in the event of an update failure. Deployments must have a negligible effect and be reversible as quickly as feasible. Which type of deployment should be used? All at once Rolling Snapshots Immutable.
A development team is in the process of developing a new application that will operate on AWS. While the test and production environments will be hosted on Amazon EC2 instances, developers will use their own computers to execute their environments. Which of the following is the EASIEST and MOST SECURE method for local development computers to access AWS services? Use an IAM role to assume a role and execute API calls using the role. Create an IAM user to be shared with the entire development team; provide the development team with the access key. Create an IAM user for each developer on the team; provide each developer with a unique access key. Set up a federation through an Amazon Cognito user pool.
A developer is developing an AWS Lambda function to handle data coming from an Amazon Kinesis Data Stream. When the Lambda function parses the data and comes across an empty field, it returns an error. The function duplicates the records in the Kinesis stream. There are no duplicate entries when the Developer examines the stream output without using the Lambda function. What accounts for the duplicates? The Lambda function did not advance the Kinesis stream pointer to the next record after the error. The Lambda event source used asynchronous invocation, resulting in duplicate records. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data. The Lambda function is not keeping up with the amount of data coming from the stream.
The code of a developer is saved in an Amazon S3 bucket. The code must be distributed across many AWS Lambda accounts in the same Region as the S3 bucket as an AWS Lambda function. The Lambda function will be launched using a custom AWS CloudFormation template for each account. What is the MOST SECURE method for granting access to Lambda code stored in an S3 bucket? Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of ג€AWSג€: [account numbers]. Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of ג€*ג€. Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in the resource. Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of ג€*ג€ to allow access to the S3 bucket.
A developer is developing a web application that will be deployed on Amazon EC2 instances behind an application load balancer that will be visible to the public (ALB). In front of the ALB, the developer must install an Amazon CloudFront distribution. Additionally, the developer must verify that client data that originates outside the VPC is secured during transit. Which configuration options in CloudFront should the developer use to achieve these requirements? (Select two.) Restrict viewer access by using signed URLs. Set the Origin Protocol Policy setting to Match Viewer. Enable field-level encryption. Enable automatic object compression. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
A developer transferred a web application to Amazon Web Services (AWS). As part of the move, the developer used a blue/green deployment to automate the continuous integration/continuous improvement (CI/CD) process. The deployment creates new Amazon EC2 instances in an Auto Scaling group, which is configured to run behind a new Application Load Balancer. Following the move, the Developer started receiving complaints from users who had been booted off the system. Additionally, the system needs users to log in upon each new deployment. How are these problems to be resolved? Use rolling updates instead of a blue/green deployment Externalize the user sessions to Amazon ElastiCache Turn on sticky sessions in the Application Load Balancer Use multicast to replicate session information.
A development team want to instrument their code in order to offer AWS X-Ray with more specific information than simply outgoing and incoming requests provide. This will result in Because the Development team generates a vast quantity of data, they want to create indexing so they can filter it. What actions should the development team take to accomplish this? Add annotations to the segment document and the code Add metadata to the segment document and the code Configure the necessary X-Ray environment variables Install required plugins for the appropriate AWS SDK.
A developer creates an AWS Lambda function and uploads it to Amazon S3 in the form of a.ZIP file. The developer modifies the code and sends an updated.ZIP file to Amazon S3. Lambda, on the other hand, runs the preceding code. How can the Developer resolve this in the LEAST obtrusive manner possible? Create another Lambda function and specify the new .ZIP file. Call the update-function-code API. Remove the earlier .ZIP file first, then add the new .ZIP file. Call the create-alias API.
A programmer is developing an application that will process data that has been uploaded to an Amazon S3 bucket. The developer anticipates that the data will be processed in less than one minute on average. How can the developer deploy and activate the program efficiently and with the least amount of latency? Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload. Deploy the application as an AWS Lambda function and invoke it with an S3 event notification. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects.
A supplier is now developing a new RESTful API that will allow consumers to inquire the status of their orders. The following API endpoint was requested by the consumers. http://www.supplierdomain.com/status/customerID Which of the following application architectures satisfies the specification? (Select two.) Amazon SQS; Amazon SNS Elastic Load Balancing; Amazon EC2 Amazon ElastiCache; Amazon Elacticsearch Service Amazon API Gateway; AWS Lambda Amazon S3; Amazon CloudFront.
A developer wishes to activate AWS X-Ray for a secure application hosted on Amazon ECS. Which sequence of actions enables X-Ray? (Select three.) Create a Docker image that runs the X-Ray daemon. Add instrumentation to the application code for X-Ray. Install the X-Ray daemon on the underlying EC2 instance. Configure and use an IAM EC2 instance role. Register the application with X-Ray. Configure and use an IAM role for tasks.
A development team wishes to build and deploy an application instantly after a modification to the source code is made. Which methods could be utilized to initiate the deployment? (Select two.) Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start whenever a file in the bucket changes. Store the source code in an encrypted Amazon EBS volume. Configure AWS CodePipeline to start whenever a file in the volume changes. Store the source code in an AWS CodeCommit repository. Configure AWS CodePipeline to start whenever a change is committed to the repository. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start every 15 minutes. Store the source code in an Amazon EC2 instance's ephemeral storage. Configure the instance to start AWS CodePipeline whenever there are changes to the source code.
For collaborative software development, a business need a version control system. The system's features must contain the following: ✑ Support for batches of changes across multiple files ✑ Parallel branching ✑ Version tracking Which AWS service will satisfy these criteria? AWS CodePipeline Amazon S3 AWS CodeBuild AWS CodeCommit.
A corporation has integrated AWS CodeDeploy into their cloud native continuous integration and delivery (CI/CD) stack. Automatic rollbacks are enabled during the deployment of a new version of a popular web application from on-premises to Amazon EC2. What happens if the new version's deployment fails due to code regression? The last known good deployment is automatically restored using the snapshot stored in Amazon S3. CodeDeploy switches the Amazon Route 53 alias records back to the known good green deployment and terminates the failed blue deployment. A new deployment of the last known version of the application is deployed with a new deployment ID. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production.
A business has developed a serverless application that makes use of Amazon Simple Queue Service (Amazon SQS) and an Amazon Web Services Lambda function. On the final day of each month, the application gets data in a SQS queue. Within one day, the function successfully processes all of the data in the queue. A comprehensive AWS bill reveals a high volume of SQS API queries throughout the month, despite the fact that the queue gets data only on the month's last day. What is causing the increased API requests? Lambda is using long polling to check for messages in the SQS queue. The SQS queue is sending ping messages to Lambda. The function is not automatically deleting the messages from the SQS queue. Visibility timeout is not set to 0 to remove the extra API requests.
A developer is hard at work on a project that would store hundreds of millions of product reviews in an Amazon DynamoDB database. The records include the following data elements: chart Which field would provide the MOST consistent performance when used as the partition key in DynamoDB? starRating reviewID comment productID.
To facilitate the adoption of microservices, a company's management team has directed all development teams to design their services in such a way that API queries are limited to the data store for that service. One team is developing its own Payments service with its own database; the service requires data from the Accounts database. Both instances make use of Amazon DynamoDB. Which technique will result in the simplest, most decoupled, and most reliable mechanism for obtaining near-real-time Accounts database updates? Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database. Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.
A developer has created a Lambda function that will be responsible for adding new customers to an RDS database hundreds of times per hour. Lambda is set to use 512MB of RAM and is based on the following pseudocode: def lambda_handler(event, context): .. The developer observes that the Lambda execution time is much longer than intended after testing the Lambda function. What actions should the developer take to boost performance? Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use. Increase the size of the RDS database to allow for an increased number of database connections each hour. Move the database connection and close statement out of the handler. Place the connection in the global space. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.
An on-premises application makes regular requests to Amazon S3 for file storage. As the application's use grows, €LimitExceeded€ faults are reported. What has to be done to resolve this error? Implement exponential backoffs in the application. Load balance the application to multiple servers. Move the application to Amazon EC2. Add a one second delay to each API call.
A development team chooses to utilize AWS X-Ray to monitor application code in order to undertake performance analysis and root cause investigation. What steps must the team take to begin using X-Ray? (Select two.) Log instrumentation output into an Amazon SQS queue. Use a visualization tool to view application traces. Instrument application code using the AWS SDK. Install the X-Ray agent on the application servers. Create an Amazon DynamoDB table to store the trace logs.
A developer is extending a client-side application with a feature that enables users to submit films to an Amazon S3 bucket. What is the MOST SECURE method for authorizing the application to write files to the S3 bucket? Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user authentication within the client- side application. Create a new IAM policy and a corresponding IAM user with permissions to write to the S3 bucket. Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket. Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL. Generate a new IAM key and a corresponding secret by using the AWS account root user credentials. Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads.
A firm has created a new serverless application using AWS Lambda functions and will deploy it using the AWS Serverless Application Model (AWS SAM) command-line interface. Prior to deploying the application, which step should the developer complete? Compress the application to a .zip file and upload it into AWS Lambda Test the new AWS Lambda function by first tracing it in AWS X-Ray Bundle the serverless application using a SAM package D. Create the application environment using the eb create my-env command.
Lambda functions are packaged for deployment in a variety of settings, such as development, test, and production. Each ecosystem is endowed with its own collection of resources, such as databases. How can the Lambda function make use of the current environment's resources? Apply tags to the Lambda functions. Hardcore resources in the source code. Use environment variables for the Lambda functions. Use separate function for development and production.
A business is organizing a session for external users and want to share reference materials with them for seven days. The reference papers are stored in an Amazon S3 bucket that the firm controls. What is the SECUREST method of sharing documents with external users? Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users. Create temporary IAM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the credentials after 7 days. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users.
A development team want to use Amazon ECS to host its container workloads. Each container in an application must exchange data with another container in order to gather logs and metrics. What actions should the development team take to ensure that these criteria are met? Create two pod specifications. Make one to include the application container and the other to include the other container. Link the two pods together. Create two task definitions. Make one to include the application container and the other to include the other container. Mount a shared volume between the two tasks. Create one task definition. Specify both containers in the definition. Mount a shared volume between those two containers. Create a single pod specification. Include both containers in the specification. Mount a persistent volume to both containers.
A business wishes to relocate its web application to AWS and use Auto Scaling to manage peak demands. According to the Solutions Architect, the optimum measure for an Auto Scaling event is the concurrent user count. What information should the developer utilize to determine how to autoscale depending on concurrent users? An Amazon SNS topic to be triggered when a concurrent user threshold is met An Amazon Cloudwatch Networkin metric Amazon CloudFront to leverage AWS Edge Locations A Custom Amazon CloudWatch metric for concurrent users.
A business wishes to ensure that no more than one person in its Admin group has the permanent permission to remove an Amazon EC2 resource. There should be no modifications to the current Admin group policy. What tools should a developer use to ensure that these criteria are met? AWS managed policy Inline policy IAM trust relationship AWS Security Token Service (AWS STS).
A business needs that all data saved in Amazon DynamoDB tables be encrypted at rest using keys owned by the business. How can a developer satisfy these needs WITHOUT making changes to the application? Use the AWS Encryption SDK to encrypt items before insertion. Enable table-level encryption with an AWS managed customer master key (CMK). Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table. Import key material in DynamoDB, and enable table-level encryption.
A developer has created a market application that utilizes Amazon DynamoDB and Amazon ElastiCache to store price data. The market's prices fluctuate often. Sellers have began to complain that when they alter the price of an item, the price in the product listing does not really change. What may be causing this problem? The cache is not being invalidated when the price of the item is changed The price of the item is being retrieved using a write-through ElastiCache cluster The DynamoDB table was provisioned with insufficient read capacity The DynamoDB table was provisioned with insufficient write capacity.
A business uses an Amazon SQS standard queue to hold messages delivered from the application's front-end to back-end tiers. The backend tier parses the message and inserts it into a database in Amazon DynamoDB. A developer notices that multiple entries are being saved in the DynamoDB database, despite the fact that AWS CloudTrail only captures one Amazon SQS message per item. What modification is required to remedy this issue? Enable queue de-duplication to prevent duplicate messages. Modify the front-end tier to use the MessageGroupID argument. Modify the application logic to use Amazon SNS between Amazon SQS and the front-end tier. Change the Amazon SQS queue type to first-in, first-out (FIFO).
A developer is debugging an application's permissions for making modifications to an Amazon RDS database. The developer has access to the application's IAM role. Which command structure should be used by the developer to verify role permissions? aws sts assume-role aws iam attach-role-policy aws ssm resume-session aws rds add-role-to-db-cluster.
A developer is responsible for the administration of an application that communicates with Amazon RDS. Following observations of sluggish performance with read queries, the developer uses Amazon ElastiCache to automatically update the cache following the main database update. What will be the outcome of this caching strategy? Caching will increase the load on the database instance because the cache is updated for every database update. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data. The cache will become large and expensive because the infrequently requested data is also written to the cache. Overhead will be added to the initial response time because the cache is updated only after a cache miss.
During the most recent deployment of a new application, a corporation suffered some downtime. AWS Elastic Beanstalk partitioned the environment's Amazon EC2 instances into batches and delivered the new version one batch at a time after deactivating them. As a result, full capacity was not maintained during the deployment process. The developer intends to deliver a new version of the program and is seeking a policy that will ensure maximum capacity and mitigate the consequences of a failure deployment. Which deployment strategy is appropriate for the developer? Immutable All at Once Rolling Rolling with an Additional Batch.
A corporation employs 25,000 people and is expanding. The business is developing an application that will be exclusive to its workers. A developer is storing photos in Amazon S3 and application data in Amazon RDS. The organization demands that all employee data remain in the old Security Assertion Markup Language (SAML) employee directory and is not interested in replicating employee data on AWS. How can the developer ensure that the workers who will be utilizing this program have allowed access to their own application data? Use Amazon VPC and keep all resources inside the VPC, and use a VPC link for the S3 bucket with the bucket policy. Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy. Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the cognito-identity.amazonaws.com:sub variable to grant access to the employees. Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only.
A nightly batch process populates a DynamoDB database with 1 million new entries. The records are required for one hour, and the table must be completely emptied by the next night's batch operation. Which strategy is the MOST efficient and cost-effective for supplying an empty table? Use DeleteItem using a ConditionExpression. Use BatchWriteItem to empty all of the rows. Write a recursive function that scans and calls out DeleteItem. Create and then delete the table after the task has completed.
A developer ran an AWS CLI command and encountered the following error: a client..... uqSIvWYP... What step should the developer take to make this mistake understandable to humans? Make a call to AWS KMS to decode the message. Use the AWS STS decode-authorization-message API to decode the message. Use an open source decoding library to decode the message. Use the AWS IAM decode-authorization-message API to decode this message.
A business is developing a compute-intensive application that will operate on an Amazon EC2 fleet. The program stores data on associated Amazon EBS drives. Because the program will be processing sensitive data, all data must be encrypted. What steps should a developer take to guarantee data is encrypted on disk without sacrificing performance? Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data. Add logic to write all data to an encrypted Amazon S3 bucket. Add a custom encryption algorithm to the application that will encrypt and decrypt all data. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.
A developer is writing a script to automate the serverless application deployment process. The developer want to build the application using an existing AWS Serverless Application Model (AWS SAM) template. What tools should the developer use in order to complete the project? (Select two.) Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward. Call aws s3 cp to upload the AWS SAM template to Amazon S3. Call aws lambda update-function-code to create the application. Create a ZIP package locally and call aws serverlessrepo create-application to create the application. Create a ZIP package and upload it to Amazon S3. Call aws cloudformation create-stack to create the application.
A gaming application saves player scores in an Amazon DynamoDB database with the following four columns: user id, user name, user score, and user rank. Users are only permitted to edit their names. Web identity federation authenticates a user. Which set of criteria should be put to the dynamodb: PutItem API call's policy associated with the role? Condition ... "${www.amozon/com:user_id}" ], dynamodb:Attributes":[ "user_name" ] Condition ... "${www.amozon/com:user_name}" ], dynamodb:Attributes":[ "user_id" ] Condition ... "${www.amozon/com:user_id}" ], dynamodb:Attributes":[ "user_name", "user_id" ] Condition ... "${www.amozon/com:user_name}" ], dynamodb:Attributes":[ "user_name", "user_id" ].
A developer is monitoring an Amazon EC2 instance that is executing an application. The developer has created a custom Amazon CloudWatch measure with a 1 second data granularity. The developer want to be alerted within 30 seconds of any concerns using Amazon Simple Notification Service (Amazon SNS). Which CloudWatch method meets this criterion? Configure a high-resolution CloudWatch alarm. Set up a custom CloudWatch dashboard. Use Amazon CloudWatch Logs Insights. Change to a default CloudWatch metric.
A developer has created an application that makes use of Amazon Cognito's authentication and authorisation capabilities. When a user logs in successfully, the application produces a user record in an Amazon DynamoDB database. How should the user be authenticated and a record created in the DynamoDB table? Authenticate and get a token from an Amazon Cognito user pool. Use the token to access DynamoDB. Authenticate and get a token from an Amazon Cognito identity pool. Use the token to access DynamoDB. Authenticate and get a token from an Amazon Cognito user pool. Exchange the token for AWS credentials with an Amazon Cognito identity pool. Use the credentials to access DynamoDB. D. Authenticate and get a token from an Amazon Cognito identity pool. Exchange the token for AWS credentials with an Amazon Cognito user pool. Use the credentials to access DynamoDB.
A developer must adapt the architecture of an application to accommodate new functional requirements. Amazon DynamoDB is used to store application data, which is processed for analysis in a nightly batch. System analysts do not like to wait until the next day to examine processed data and have requested that it be made accessible in near-real time. Which application architectural pattern would allow real-time data processing? Event driven Client-server driven Fan-out driven Schedule driven.
eveloper must alter an Alexa skill that is powered by an AWS Lambda function in order to provide access to an Amazon DynamoDB database in a second account. A role has been established in the second account with rights to access the table. What method should be used to access the table? Modify the Lambda function execution role's permissions to include the new role. Change the Lambda function execution role to be the new role. Assume the new role in the Lambda function when accessing the table. Store the access key and the secret key for the new role and use then when accessing the table.
A business has developed a Java AWS Lambda function that will be invoked whenever a user uploads an image to an Amazon S3 bucket. The code changes the original picture to a variety of various formats before copying the generated photos to another Amazon S3 bucket. No photos are being transferred to the second Amazon S3 bucket, as discovered by the developers. They evaluated the code on an Amazon EC2 instance with 1GB of RAM and discovered that it runs in an average of 500 seconds. Which of the following is the MOST LIKELY source of the problem? The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is not completing. There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js.
A development team is tasked with the task of creating a mobile application that will need multi-factor authentication. Which measures should be made in order to accomplish this? (Select two.) Use Amazon Cognito to create a user pool and create users in the user pool. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code. Enable multi-factor authentication for the Amazon Cognito user pool. Use AWS IAM to create IAM users. Enable multi-factor authentication for the users created in AWS IAM.
A developer is combining an Amazon API Gateway with an AWS Lambda function in order to create an application. When the developer attempts to use the API, he or she gets the following error: Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502 What is the developer's responsibility in resolving the error? Change the HTTP endpoint of the API to an HTTPS endpoint Change the format of the payload sent to the API Gateway Change the format of the Lambda function response to the API call Change the authorization header in the API call to access the Lambda function.
A developer is establishing a position that will provide access to Amazon S3 buckets. The developer creates the role using the AWS CLI create-role command. Which policy should be implemented to enable Amazon EC2 to take over the role? Managed policy Trust policy Inline policy Service control policy (SCP).
A developer observed that an application responsible for processing messages in an Amazon SQS queue was falling behind on a regular basis. Although the program is capable of processing several messages concurrently, it receives only one message at a time. What can the developer do to boost the amount of messages received by the application? Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
A business intends to install an application on Amazon Web Services (AWS) behind an Elastic Load Balancer. The program makes use of an HTTP/HTTPS listener and hence requires access to the client's IP addresses. Which load-balancing system satisfies these criteria? Use an Application Load Balancer and the X-Forwarded-For headers. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application. Use an Application Load Balancer. Register the targets by the instance ID. D. Forwarded-For headers. Use a Network Load Balancer and the X-.
A developer wants to create an application that enables new users to register and establish new accounts. Additionally, people with social media profiles must be able to log in using their social media credentials. Which Amazon Web Services (AWS) service or functionality may be leveraged to fulfill these requirements? AWS IAM Amazon Cognito identity pools Amazon Cognito user pools AWS Directory Service.
A business has transferred a classic application to a fleet of Amazon EC2 instances. The application is now storing data in a MySQL database that is deployed on a single EC2 instance. The organization has chosen to move the database from the EC2 instance to Amazon RDS MySQL. What steps should the developer take to adapt the application to enable Amazon RDS data storage? Update the database connection parameters in the application to point to the new RDS instance. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials. Create a new EC2 instance with an IAM role that allows access to the new RDS database. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.
A program at a company logs all information to Amazon S3. Every time a new log file is created, an AWS Lambda function is called to process it. The code works and collects all of the essential data. When looking through the Lambda function logs, however, duplicate entries with the same request ID are discovered. What's the source of the duplicate entries? The S3 bucket name was specified incorrectly. The Lambda function failed, and the Lambda service retried the invocation with a delay. There was an S3 outage, which caused duplicate entries of the same log file. The application stopped intermittently and then resumed.
A developer has been tasked with the responsibility of developing a real-time dashboard web application that visualizes the key prefixes and storage capacity of items stored in Amazon S3 buckets. The Amazon S3 metadata will be stored in Amazon DynamoDB. What is the most cost-effective and best solution for keeping the real-time dashboard current with the condition of the objects in the Amazon S3 buckets? Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change. Use Amazon S3 Event Notification backed by a Lambda function to persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change. Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change. Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.
A developer created an application that runs on AWS Lambda and makes use of the AWS Serverless Application Model (AWS SAM). What is the proper sequence of action for a successful application deployment? 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use. 1. Build the SAM template locally. 2. Package the SAM template from AWS CodeCommit. 3. Deploy the SAM template to CodeCommit.
A developer is developing a serverless application using AWS Lambda and is required to establish a REST API that utilizes the HTTP GET technique. What has to be specified to satisfy this criterion? (Select two.) A Lambda@Edge function An Amazon API Gateway with a Lambda function An exposed GET method in an Amazon API Gateway An exposed GET method in the Lambda function E. An exposed GET method in Amazon Route 53.
On AWS Lambda, a developer is developing an image microservice. The service relies on a number of libraries that are not included in the Lambda runtime environment. Which approach should the developer choose while developing the Lambda deployment package? Create a ZIP file with the source code and all dependent libraries. Create a ZIP file with the source code and a script that installs the dependent libraries at runtime. Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment variable LD_LIBRARY_PATH Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.
A business want to containerize and deploy an existing three-tier web application on Amazon ECS Fargate. Session data is used by the program to keep track of user activity. Which strategy would result in the BEST customer experience? Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster. Create a session table in Amazon Redshift and save the session data in the database table. Enable session stickiness in the existing Network Load Balancer and manage the session data in the container. Use an Amazon S3 bucket as data store and save the session data in the bucket.
An Amazon EC2 application establishes connections to an Amazon RDS SQL Server database. The developer does not want to keep the database's user name and password in the code. Additionally, the developer would want to have the credentials rotated automatically. What is the SAFEST method for storing and accessing database credentials? Create an IAM role that has permissions to access the database. Attach the role to the EC2 instance. Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed. Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance's user data to download the credentials from Amazon S3 as the instance boots. Store the user name and password credentials directly in the source code. No further action is needed because the source code is stored in a private repository.
Which of the following are effective use cases for Amazon ElastiCache? (Select two.) Improve the performance of S3 PUT operations. Improve the latency of deployments performed by AWS CodeDeploy. Improve latency and throughput for read-heavy application workloads. Reduce the time required to merge AWS CodeCommit branches. Improve performance of compute-intensive applications.
A developer is developing a web application that requires authentication but also requires guest access in order to allow restricted access to users who do not want to login. Which service can assist the application in allowing guest access? IAM temporary credentials using AWS STS. Amazon Directory Service Amazon Cognito with unauthenticated access enabled IAM with SAML integration.
A web application is developed to enable new users to register using their email addresses. The program will store user characteristics and anticipates millions of users signing up. What should the developer do to accomplish the design objectives? Amazon Cognito user pools AWS Mobile Hub user data storage Amazon Cognito Sync AWS Mobile Hub cloud logic.
A development team is constructing a new application that will operate on Amazon EC2 and make use of Amazon DynamoDB for storage. All developers have IAM user accounts allocated to the same IAM group. Currently, developers may create EC2 instances, but they must also be allowed to launch EC2 instances with an instance role that grants access to Amazon DynamoDB. Which AWS IAM modifications are required to enable this feature when establishing an instance role? Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and iam:PassRole permissions for the role. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole permission for the role.
A business is transferring its on-premises MySQL database to Amazon RDS for MySQL. The firm has read-intensive workloads and wants to ensure that its code is refactored to obtain the best possible read performance for its queries. How is this aim to be accomplished? Add database retries to effectively use RDS with vertical scaling Use RDS with multi-AZ deployment Add a connection string to use an RDS read replica for read queries Add a connection string to use a read replica on an EC2 instance.
Each day, a business runs an application that is responsible for processing several thousand external callbacks. The company's system administrators want to know the total number of calls received on a rolling basis, and they want this data to be accessible for a period of ten days. Additionally, the organization want to be able to send automatic notifications when the number of callbacks surpasses predefined criteria. What is the MOST cost-effective method for tracking and alerting on these statistics? Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds. Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds. Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends the required alerts. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System Administrators.
A developer has created an AWS Lambda function in Java. The developer want to determine the location of a performance bottleneck in the code. Which actions should be done to ascertain the existence of the bottleneck? Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the CloudWatch console to analyze the resulting data. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the Amazon CloudWatch console to analyze the resulting data. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the X-Ray console to analyze the resulting data. D. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the AWS X-Ray console to analyze the resulting data.
A developer is configuring a CPU-intensive AWS Lambda function that runs once per hour. The function typically runs in 45 seconds, but may take up to one minute at times. The timeout parameter is set to three minutes, and the other settings are left alone. The developer must optimize this function's execution time. Which solution will satisfy this criterion? Redeploy the function within the default VPC. Increase the function's memory. Redeploy the function by using Lambda layers. Increase the function's reserved concurrency.
A Developer is using an AWS VPN connection based on the Border Gateway Protocol (BGP) to connect from on-premises to Amazon EC2 instances in the Developer's account. The Developer may access an EC2 instance in subnet A but not in subnet B of the same VPC. Which log files may the developer examine to determine if traffic reaches subnet B? VPN logs BGP logs VPC Flow Logs AWS CloudTrail logs.
A developer needs to use Amazon ECS to deploy an application running on AWS Fargate. The application has environment variables that must be given to a container during initialization. How should the container's environment variables be passed? Define an array that includes the environment variables under the environment parameter within the service definition. Define an array that includes the environment variables under the environment parameter within the task definition. Define an array that includes the environment variables under the entryPoint parameter within the task definition. Define an array that includes the environment variables under the entryPoint parameter within the service definition.
A business has an internet-facing application that makes use of Web Identity Federation to receive a temporary credential from Amazon Web Services Security Token Service (AWS STS). The application then makes use of the token to get access to AWS services. Take a look at the following response: <Assum... Response> Which rights are connected with the application's call, based on the answer displayed? Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1 Permissions associated with the default role used when the AWS service was built Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE Permissions associated with the account that owns the AWS service.
S Elastic Beanstalk applications must be deployed in several regions and each region requires a unique Amazon Machine Image (AMI). Which AWS CloudFormation template key should be used to define the region-specific AMI? Parameters Outputs Mappings Resources.
A development team want to move code from a GitHub repository to AWS CodeCommit. What is required to transfer a cloned repository to CodeCommit via HTTPS? A GitHub secure authentication token A public and private SSH key file A set of Git credentials generated from IAM An Amazon EC2 IAM role with CodeCommit permissions.
Amazon API Gateway is being used by a business to handle its public-facing API. The CISO stipulates that the APIs may be utilized just by test account users. What is the SAFEST method for restricting API access to users of this specific AWS account? Client-side SSL certificates for authentication API Gateway resource policies Cross-origin resource sharing (CORS) Usage plans.
On AWS, an application makes use of third-party APIs. The developer needs to monitor API faults in the code and wants to be notified when the number of failures exceeds a predefined threshold. How is the Developer going to fulfill these requirements? Publish a custom metric on Amazon CloudWatch and use Amazon SES for notification. Use an Amazon CloudWatch API-error metric and use Amazon SNS for notification. Use an Amazon CloudWatch API-error metric and use Amazon SES for notification. Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification.
Amazon API Gateway is being used by an organization to give a public API named €Survey€ for gathering user feedback on its goods. The survey API is divided into phases called €DEV€ and €PROD€ and consists of a single resource called €/feedback€ that enables users to retrieve/create/update individual feedback postings. A Swagger file with version control is used to describe a new API for retrieving numerous feedback postings. To add the new API resource €/ listFeedbackForProduct€, the developer modifies the Swagger file that defines the API, uploads the file to the organization's version control system, and uses the API Gateway's Import API function to update the Survey API. Following successful import, the developer performs tests against the DEV stage and discovers that the resource €/listFeedbackForProduct€ is missing. What is the MOST LIKELY explanation for the resource's non-availability? Even though the Swagger import was successful, resource creation failed afterwards. There is a propagation delay of several minutes in creating API Gateway resources after import. C. The developer needs to restart the API Gateway stage after import in order to apply the changes. The developer needs to create a new deployment after import in order to deploy the changes.
A developer is doing maintenance on an application hosted on AWS Elastic Beanstalk. The new version of the software is incompatible with the previous version. To properly deploy the update, a complete cutover to the new, updated version must be conducted on all instances simultaneously, with the option to roll back modifications in the event of a new version deployment failure. How can this be accomplished with the MINIMUM amount of downtime possible? Use the Elastic Beanstalk All at once deployment policy to update all instances simultaneously. Perform an Elastic Beanstalk Rolling with additional batch deployment. Deploy the new version in a new Elastic Beanstalk environment and swap environment URLs. Perform an Elastic Beanstalk Rolling deployment.
It takes 40 seconds for an application to process instructions received through Amazon SQS message. Assuming the SQS queue is set with the default VisibilityTimeout value, what is the BEST approach to guarantee that no other instances may obtain a message that has already been handled or is still being processed after it is received? Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use the DeleteMessage API to delete the message. Use the DeleteMessage API call to delete the message from the queue, then call DeleteQueue API to remove the queue. Use the ChangeMessageVisibility API to decrease the timeout value, then use the DeleteMessage API to delete the message. Use the DeleteMessageVisibility API to cancel the VisibilityTimeout, then use the DeleteMessage API to delete the message.
A developer constructed a Lambda function for the backend of a web application. When the Lambda function is tested using the AWS Lambda interface, the developer can see that it is being performed, but no log data is created in Amazon CloudWatch Logs, even after several minutes. What may have resulted in this situation? The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs. The Lambda function is missing CloudWatch Logs as a source trigger to send log data. The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs. The Lambda function is missing a target CloudWatch Log group.
An application will consume data at a rapid rate from a variety of sources and must store it in an Amazon S3 bucket. Which service would be the most effective in accomplishing this task? Amazon Kinesis Firehose Amazon S3 Acceleration Transfer Amazon SQS Amazon SNS.
A business is building an application that will be accessible through the Amazon API Gateway's REST API. Only registered users should be able to access specific API resources. The token in use should expire automatically and should be updated on a regular basis. How can a developer adhere to these specifications? Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token. Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.
A developer uses the AWS CLI to create a role in order to get a set of temporary security credentials. Which of the following environment variables or AWS configuration file must be specified in order to authenticate with AWS? AccessKeyId SecretAccessKey, and AssumedRoleId UserId, SessionToken, and AssumedRoleId AccessKeyId, SecretAccessKey, and SessionToken UserId, SessionToken and Credentials.
{ "FailedRecordCount" : 1, ..... "212693199899996379..." } Which approaches will aid in mitigating this circumstance? (Select two.) Implement retries with exponential backoff Use a PutRecord API instead of PutRecords Reduce the frequency and/or size of the requests Use Amazon SNS instead of Kinesis Reduce the number of KCL consumers.
A developer is developing a web application that makes use of Amazon API Gateway to expose an AWS Lambda function for the purpose of processing client requests. The developer detects that the API Gateway times out during testing, despite the fact that the Lambda function completes inside the specified time limit. Which of the following Amazon CloudWatch API Gateway metrics may assist the developer in troubleshooting the issue? (Select two.) CacheHitCount IntegrationLatency CacheMissCount Latency Count.
An on-premises e-commerce web application with shared session information is being transferred to AWS. The program must be fault resilient and inherently highly scalable, with any service interruptions having little impact on the user experience. What is the optimal method for storing session state? Store the session state in Amazon ElastiCache Store the session state in Amazon CloudFront Store the session state in Amazon S3 Enable session stickiness using elastic load balancers.
A business is maintaining an on-premises NoSQL database to host a vital component of an application that is experiencing scalability challenges. The organization wishes to move the application to Amazon DynamoDB, taking into account the following factors: ✑ Optimize frequent queries ✑ Reduce read latencies ✑ Plan for frequent queries on certain key attributes of the table Which method would assist in accomplishing these goals? Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes. Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table. Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table. Create an AWS Auto Scaling policy for the DynamoDB table.
A developer is creating a fault-tolerant environment that will store client sessions. How can the developer assure that no sessions are lost in the event of a failure of an Amazon EC2 instance? Use sticky sessions with an Elastic Load Balancer target group. Use Amazon SQS to save session data. Use Amazon DynamoDB to perform scalable session handling. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.
Locally, a developer tested an application before deploying it to AWS Lambda. While remote testing the application, the Lambda function returns an access denied error. How can this problem be resolved? Update the Lambda function's execution role to include the missing permissions. Update the Lambda function's resource policy to include the missing permissions. Include an IAM policy document at the root of the deployment package and redeploy the Lambda function. Redeploy the Lambda function using an account with access to the AdministratorAccess policy.
A developer is developing an application's authentication and authorisation mechanisms. The developer must take care that user credentials are never made public. How should the developer tackle this requirement? Store the user credentials in Amazon DynamoDB. Build an AWS Lambda function to validate the credentials and authorize users. Deploy a custom authentication and authorization API on an Amazon EC2 instance. Store the user credentials in Amazon S3 and encrypt the credentials using Amazon S3 server-side encryption. Use Amazon Cognito to configure a user pool, and user the Cognito API to authenticate and authorize the user. Store the user credentials in Amazon RDS. Enable the encryption option for the Amazon RDS DB instances. Build an API using AWS Lambda to validate the credentials and authorize users.
A developer wishes to operate a PHP website in conjunction with an NGINX proxy and bundle them together as Docker containers in a single environment. The developer need a managed environment that is fully automated in terms of provisioning and load balancing. The developer has little control over the setup and must keep operating overhead to a minimum. How should the developer structure the website to adhere to these specifications? Create a new application in AWS Elastic Beanstalk that is preconfigured for a multicontainer Docker environment. Upload the code, and deploy it to a web server environment. Deploy the code on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. Construct an AWS Cloud Formation template that launches Amazon EC2 instances. Install and configure the PHP code by using cfn helper scripts. Upload the code for the PHP website into an Amazon S3 bucket. Host the website from the S3 bucket.
A developer is constructing a template that will be used to deploy an application through AWS CloudFormation. This is a serverless application that makes use of Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which tool should the developer use to create simpler syntax for serverless resource expressions? CloudFormation serverless intrinsic functions AWS serverless express An AWS serverless application model A CloudFormation serverless plugin.
A business maintains an AWS CloudFormation template in the form of a single file. The template is capable of launching and establishing a whole infrastructure stack. Which best practice would improve the template's maintainability? Use nested stacks for common template patterns. Embed credentials to prevent typos. Remove mappings to decrease the number of variables. Use AWS::Include to reference publicly-hosted template files.
A developer must provide non-logged-in guest users access to an Amazon Cognito-enabled site in order to read files stored in an Amazon S3 bucket. How is the Developer to comply with these requirements? Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources. Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources. Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources. Create a new user pool, disable authentication access, and grant access to AWS resources.
A developer want to use Amazon EC2 Auto Scaling in order to scale a web application. The developer want to avoid session loss during scale-in events. How can the developer preserve and share the session state across several EC2 instances? Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume to each EC2 instance in the group. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each EC2 instance in the group to the topic. Write the sessions to an Amazon Redshift cluster. Configure the application to use the Amazon Redshift API.
On AWS, a developer is developing a new sophisticated application. The application is composed of a number of microservices that are hosted on Amazon EC2. The developer want to ascertain which microservice incurs the most amount of delay while processing a request. Which technique should the developer use to determine this? Instrument each microservice request using the AWS X-Ray SDK. Examine the annotations associated with the requests. Instrument each microservice request using the AWS X-Ray SDK. Examine the subsegments associated with the requests. Instrument each microservice request using the AWS X-Ray SDK. Examine the Amazon CloudWatch EC2 instance metrics associated with the requests. Instrument each microservice request using the Amazon CloudWatch SDK. Examine the CloudWatch EC2 instance metrics associated with the requests.
An application must encrypt data that is written to Amazon S3, where the keys are controlled in-house and S3 handles the encryption. Which encryption method should be used? Use server-side encryption with Amazon S3-managed keys Use server-side encryption with AWS KMS-managed keys Use client-side encryption with customer master keys Use server-side encryption with customer-provided keys.
A developer must handle AWS infrastructure as code and be able to deploy multiple identical copies, stage changes, and roll back to prior versions. Which technique satisfies these criteria? Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.
A developer has created a multi-threaded application that runs on an Amazon EC2 instance fleet. The operations team has requested a graphical tool for tracking the number of threads that are currently operating over time. What is the MOST EFFECTIVE method of completing this request? Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call with the current thread count. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph Periodically write the current thread count to a table using Amazon DynamoDB and use Amazon CloudFront to create a graph.
A deployment package utilizes the AWS CLI to put files into any S3 bucket in the account, using environment variables to keep access keys. The package is operating on Amazon EC2 instances that have been updated to run with an assumed IAM role and a more restricted policy that restricts access to a single bucket. Following the update, the Developer login into the host and retains the ability to write to all of the account's S3 buckets. What is the MOST LIKELY REASON for this occurrence? An IAM inline policy is being used on the IAM role An IAM managed policy is being used on the IAM role The AWS CLI is corrupt and needs to be reinstalled The AWS credential provider looks for instance profile credentials last.
A developer is tasked with the task of developing a mobile application on a shoestring budget. The solution needs a scalable service that enables clients to register and authenticate for the mobile application utilizing the organization's existing SAML 2.0 identity provider. Which Amazon Web Services (AWS) offering should be utilized to fulfill these requirements? AWS Lambda Amazon Cognito AWS IAM Amazon EC2.
A developer is developing an AWS Lambda function that generates temporary files smaller than 10 MB in size during operation. Throughout execution, the temporary files will be viewed and updated several times. There is no need for the Developer to store or retrieve these files in the future. What directory should the temporary file be saved to? the /tmp directory Amazon EFS Amazon EBS Amazon S3.
business requires a new REST API that can deliver data on the contents of an Amazon S3 bucket, such as the number of items stored inside. The organization has opted to build the new API as a microservice and to use AWS Lambda and Amazon API Gateway. How could the developer verify that the microservice gets access to the required Amazon S3 bucket while keeping to security best practices? Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function source code. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role. Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket. Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.
A developer is developing a mobile application that will operate without requiring users to log in. Which approach is the MOST EFFECTIVE for granting people access to AWS resources? Use an identity provider to securely authenticate with the application. Create an AWS Lambda function to create an IAM user when a user accesses the application. Create credentials using AWS KMS and apply these credentials to users when using the application. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.
A developer has built an S3 bucket called s3:/mycoolapp and configured server-wide logging with a path of s3:/mycoolapp/logs. The developer copied 100 KB of Cascading Style Sheets (CSS) files to the subdirectory s3:/mycoolapp/css and then ceased work. When the developer returned a few days later, the bucket had grown to 50 GB in size. What is the MOST LIKELY REASON for this occurrence? The CSS files were not compressed and S3 versioning was enabled. S3 replication was enabled on the bucket. Logging into the same bucket caused exponential log growth. An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access.
A developer is developing a new application that will be accessible to users through an Amazon API Gateway-created API. The users must be validated using the Security Assertion Markup Language (SAML) by a third-party identity provider. After users have been validated, they will need access to further AWS services, such as Amazon S3 and Amazon DynamoDB. How are these stipulations to be met? Use an Amazon Cognito user pool with SAML as the resource server. Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers. Use the AWS IAM service to provide the sign-up and sign-in functionality. Use Amazon CloudFront signed URLs to connect with the SAML identity provider.
A business is in the process of building a new web application in Python. The application must be deployed using AWS Elastic Beanstalk via the AWS Management Console. The developer produces an Elastic Beanstalk source bundle, which he or she then uploads through the console. Which of the following are prerequisites for developing the source bundle? (Select two.) The source bundle must include the ebextensions.yaml file The source bundle must not include a top-level directory The source bundle must be compressed with any required dependencies in a top-level parent folder The source bundle must be created as a single .zip or .war file The source bundle must be uploaded into Amazon EFS.
A developer is conducting an investigation on behalf of a business. Certain queries transit via an Amazon API Gateway endpoint but never reach the AWS Lambda function that supports the endpoint. The developer discovers that a second Lambda function sometimes exceeds the maximum concurrency limit for the AWS account. How can the developer resolve this situation? Manually reduce the concurrent quota at the account level. Add another API Gateway stage for the endpoint. Shard the requests. Request to increase the Lambda concurrency quota through the Service Quotas dashboard. Reduce the throttling quota in the API Gateway endpoint.
A developer is building a serverless website containing HTML files, photos, videos, and JavaScript content (client-side scripts). Which service combination should the Developer utilize to build the website? Amazon S3 and Amazon CloudFront Amazon EC2 and Amazon ElastiCache Amazon ECS and Redis AWS Lambda and Amazon API Gateway.
The upload to Amazon S3 of a 15 GB item fails. The error message reads as follows: "Your proposed upload exceeds the maximum allowed object size" How will the Developer submit this object? Upload the object using the multi-part upload API. Upload the object over an AWS Direct Connect connection. Contact AWS Support to increase the object size limit. Upload the object to another AWS region.
A developer is developing AWS CloudFormation templates to handle the deployment of an application in Amazon Elastic Container Service (Amazon ECS) using AWS CodeDeploy. The developer want to automatically deploy updated versions of the program to a subset of users prior to making the new version generally accessible. How should the developer handle the new version's deployment? Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application's DNS records for the new stack. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.
A developer wants to upload data to Amazon S3 and wishes to encrypt the data during the upload process. Which of the following solutions is the most appropriate for our task? (Select two.) Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key Set up Server-Side Encryption with AWS KMS-Managed Keys Transfer the data over an SSL connection E. Set up Server-Side Encryption with S3-Managed Keys.
Where should the appspec.yml file be stored for AWS CodeDeploy to function properly? In the root of the application source code directory structure In the bin folder along with all the complied code In an S3 bucket In the same folder as the application configuration files.
A developer is developing a serverless web application and managing many development branches. The developer want to avoid having to update the Amazon API Gateway target endpoint with each new code push. Which solution would enable the developer to efficiently submit code without having to update the API Gateway? Associate different AWS Lambda functions to an API Gateway target endpoint. Create different stages in API Gateway, then associate API Gateway with AWS Lambda. Create aliases and versions in AWS Lambda. Tag the AWS Lambda functions with different names.
AWS Lambda produces a 3MB JSON file on a daily basis and then uploads it to an Amazon S3 bucket. Because the file includes sensitive information, the Developer must encrypt it before to uploading it to the bucket. Which of the following should the Developer change to guarantee that the data is encrypted before being uploaded to the bucket? Use the default AWS KMS customer master key for S3 in the Lambda function code. Use the S3 managed key and call the GenerateDataKey API to encrypt the file. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code. Use a custom KMS customer master key created for S3 in the Lambda function code.
A developer is developing an application that requires identifying the public IPv4 address of the Amazon EC2 instance on which it is running. How is the program going to find this data? Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/. Get the application to run IFCONFIG to get the public IP address. Get the application to run IPCONFIG to get the public IP address.
A developer want to automatically create a record in an Amazon DynamoDB table whenever a new file is uploaded to an Amazon S3 bucket. Which sequence of actions would be required to accomplish this? Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insert the records into DynamoDB. Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.
A developer has developed an application that runs on Amazon EC2 instances and produces a value on a minutely basis. The developer want to monitor and graph the data produced over time without periodically login into the instance. Which strategy should the developer use to accomplish this objective? Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console. Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.
A developer is developing an AWS Lambda function that creates a new file upon execution. Each new file must be checked into the same AWS CodeCommit repository. How should the developer go about doing this? When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change. After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository. Use an AWS SDK to instantiate a CodeCommit client. Invoke the put_file method to add the file to the repository. Upload the new to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the repository.
A developer is publishing vital log data to a log group formed two months ago in Amazon CloudWatch Logs. The developer must encrypt the log data using an AWS KMS customer master key (CMK) in order to ensure that future data is encrypted in accordance with the company's security policy. How is the Developer going to fulfill this requirement? Use the CloudWatch Logs console and enable the encrypt feature on the log group Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN) Use the KMS console and associate the CMK with the log group Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN).
A developer must create a mobile application that enables users to read and write data from an Amazon DynamoDB database used to store each user's status. The solution must restrict data access so that users may only access their own data. Which of the following solutions is the most secure? Embed AWS access credentials into the application and create DynamoDB queries that limit user access. Use Amazon Cognito identity pools to assign unique identifiers and provide user access. Modify the DynamoDB table to allow public read and writes, then add client-side filtering. Create a web portal for users to create an account on AWS Directory Service.
A developer has an application that must receive and handle a huge number of incoming data streams before distributing them to several downstream users. Which serverless solution should the developer use in order to achieve these requirements? Amazon RDS MySQL stored procedure with AWS Lambda AWS Direct Connect with AWS Lambda Amazon Kinesis Data Streams with AWS Lambda Amazon EC2 bash script with AWS Lambda.
A developer is developing an application that will operate on Amazon EC2 instances that are members of an Auto Scaling group. The developer want to externalize session state in order to facilitate the application's operation. Which services will address these requirements? (Select two.) Amazon DynamoDB Amazon Cognito Amazon ElastiCache Amazon EBS Amazon SQS.
A developer must invoke an AWS Lambda function depending on the lifecycle activity of an item in an Amazon DynamoDB database. How does the developer go about developing the solution? Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda function synchronously from the SNS message. Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda function asynchronously from the SNS message. Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream. Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream.
A developer need temporary access to resources located in a different account. What is the MOST SECURE method of doing this? Use the Amazon Cognito user pools to get short-lived credentials for the second account. Create a dedicated IAM access key for the second account, and send it by mail. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials. Establish trust, and add an SSH key for the second account to the IAM user.
A developer want to verify that the Amazon EC2 instances running in AWS Elastic Beanstalk execute a certain set of commands prior to the application being available for usage. Which feature of Elastic Beanstalk enables the developer to achieve this? Rolling update Immutable update User data ebextensions.
A team of developers is responsible for migrating an application running on AWS Elastic Beanstalk from a Classic Load Balancer to an Application Load Balancer. How should the job be completed using the AWS Management Console? 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action. 1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type.
AWS Lambda functions must read data from an Amazon RDS MySQL database contained inside a VPC and also connect to a public endpoint on the internet to get extra data. Which actions must be made to provide access to both the RDS resource and the public endpoint by the function? (Select two.) Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet. Modify the default network access control list to allow outbound traffic. Add a NAT Gateway to the VPC. Modify the default configuration of the Lambda function to associate it with a VPC public subnet. Add an environmental variable to the Lambda function to allow outbound internet access.
An application uses Amazon DynamoDB as its data storage and requires the ability to read 100 items per second in highly consistent reads. Each item is around 5 KB in size. What should the provisioned read throughput of the table be set to? 50 read capacity units 100 read capacity units 200 read capacity units 500 read capacity units.
A developer has registered a new AWS account and is required to design a scalable AWS Lambda function that satisfies the following concurrent execution requirements: ✑ Average execution time of 100 seconds ✑ 50 requests per second Which procedure must be followed prior to deployment in order to avoid errors? Implement dead-letter queues to capture invocation errors Add an event source from Amazon API Gateway to the Lambda function Implement error handling within the application code Contact AWS Support to increase the concurrent execution limits.
A Developer has created code for an application and want to share it with other team members in order to get feedback. The shared application code must be kept in a long-term, version-controlled environment with batch change tracking. Which Amazon Web Services (AWS) service should the developer use? AWS CodeBuild Amazon S3 AWS CodeCommit AWS Cloud9.
A developer is developing an application that makes use of an Amazon API Gateway REST API and an AWS Lambda function that communicates with an Amazon DynamoDB database. During testing, the developer notices excessive latency while performing API queries. How can the developer determine the total latency and pinpoint performance bottlenecks? Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests. Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs. D. Enable VPC Flow Logs to capture and analyze network traffic within the VPC.
A developer using AWS CodeDeploy to automate the deployment of an application that connects to a remote MySQL database. The developer wishes to access encrypted secrets such as API keys and database passwords safely. Which of the following alternatives would need the LEAST amount of administrative work? Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances. Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances. Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances. Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.
A developer is establishing an Auto Scaling group for instances that must submit a custom metric to Amazon CloudWatch. Which technique is the SECUREST approach for authenticating a CloudWatch PUT request? Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed. Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data. Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group. Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.
Given the AWS CloudFormation template below: Description: ... Which method is the MOST EFFECTIVE for referencing the newly created Amazon S3 bucket from another AWS CloudFormation template? Add an Export declaration to the Outputs section of the original template and use ImportValue in other templates. Add Exported: true to the ContentBucket in the original template and use ImportResource in other templates. Create a custom AWS CloudFormation resource that gets the bucket name from the ContentBucket resource of the first stack. Use Fn::Include to include the existing template in other templates and use the ContentBucket resource directly.
A developer is transferring code to an Amazon Lambda function that will interact with an Amazon Aurora MySQL database. What is the SECUREST method for authenticating the function against the database? Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.
A developer has an Amazon DynamoDB table that requires provisioning in order to meet user needs. The application must have the following features: ✑ Average item size: 10 KB ✑ Item reads each second: 10 strongly consistent ✑ Item writes each second: 2 transactional Which read and write capability satisfies these needs most economically? Read 10; write 2 Read 30; write 40 Use on-demand scaling Read 300; write 400.
A developer wishes to deliver multi-value headers to an AWS Lambda function that is registered with an Application Load Balancer as a target (ALB). What actions should the developer take to accomplish this? Place the Lambda function and target group in the same account. Send the request body to the Lambda function with a size less than 1 MB. Include the Base64 encoding status, status code, status description, and headers in the Lambda function. Enable the multi-value headers on the ALB.
A developer is developing a new AWS Serverless Application Model (AWS SAM) template that includes an AWS Lambda function. The Lambda function executes sophisticated code. The developer want to run the Lambda function on a larger CPU. What should the developer do to comply with this stipulation? Increase the runtime engine version. Increase the timeout. Increase the number of Lambda layers. Increase the memory.
A web application is being developed to audit several Amazon Web Services accounts. The application will be hosted in Account A and will need access to AWS services hosted in Accounts B and C. What is the SAFEST method for the application to access AWS services in each audited account? Configure cross-account roles in each audited account. Write code in Account A that assumes those roles Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions Deploy an application in each audited account with its own role. Have Account A authenticate with the application Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys.
Given the source code for an AWS Lambda function in the local file store.py, which includes the handler function get store, and the accompanying AWS CloudFormation template: transform: AWS::.. .. python3.6 What should be done to prepare the template for deployment through the AWS Command Line Interface command aws cloudformation deploy? Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.
How can a developer debug AWS Lambda code delivered using AWS Serverless Application Model (AWS SAM)? Download the Lambda code locally and use the AWS CLI to execute it Use the Lambda console to connect the debugger Use AWS SAM to invoke a function locally in debug mode Connect a third-party-compatible integrated development environment (IDE) to the Lambda debugger endpoint.
When designing an AWS Lambda function that processes Amazon Kinesis Data Streams, administrators must get a notification including the processed data. How should the developer create the function responsible for sending processed data to the Administrators? Separate the Lambda handler from the core logic Use Amazon CloudWatch Events to send the processed data Publish the processed data to an Amazon SNS topic Push the processed data to Amazon SQS.
WS CodeBuild generates the source code for an application, develops the Docker image, uploads it to Amazon Elastic Container Registry (Amazon ECR), and tags it with a unique identifier. If developers already have the AWS CLI setup on their workstations, how are the Docker images downloaded to the workstations? Run the following: docker pull REPOSITORY URI : TAG Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG Run the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG Run the output of the following: aws ecr get-download-url-for-layer and then run: docker pull REPOSITORY URI : TAG.
A developer is developing a Lambda function and want to use external libraries that are not included in the standard Lambda libraries. Which operation would result in the least amount of Lambda compute time being consumed? Install the dependencies and external libraries at the beginning of the Lambda function. Create a Lambda deployment package that includes the external libraries. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location. Install the external libraries in Lambda to be available to all Lambda functions.
The following conditions apply to an application: ✑ Performance efficiency of seconds with up to a minute of latency. ✑ The data storage size may grow up to thousands of terabytes. ✑ Per-message sizes may vary between 100 KB and 100 MB. ✑ Data can be stored as key/value stores supporting eventual consistency. Which AWS service would be the MOST cost-effective to accomplish these requirements? Amazon DynamoDB Amazon S3 Amazon RDS (with a MySQL engine) Amazon ElastiCache.
Report abuse Consent Terms of use