DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

AWS DVA-C02 Exam Questions for Effective Preparation | AWS Certified Developer - Associate

Aspiring to attain the prestigious AWS Certified DevOps Engineer - Professional certification? Look no further than SPOTO's comprehensive exam questions and answers, test questions, and exam preparation materials for the DOP-C02 exam. Our expert-curated study resources cover the entire exam scope, equipping you with the knowledge and skills to confidently tackle any challenge. Elevate your preparation with our mock exams, meticulously designed to simulate the real testing environment, allowing you to identify strengths, weaknesses, and areas for improvement. With SPOTO's proven exam resources at your disposal, you'll be well-positioned to pass successfully on your first attempt. Don't leave your certification journey to chance – leverage our study materials and embark on your path to becoming an AWS DevOps expert today. Invest in SPOTO's solutions for a seamless and rewarding DOP-C02 exam experience.
Take other online exams

Question #1
A developer has written an AWS Lambda function. The function is CPU-bound. The developer wants to ensure that the function returns responses quickly.How can the developer improve the function's performance?
A. ncrease the function's CPU core count
B. ncrease the function's memory
C. ncrease the function's reserved concurrency
D. ncrease the function's timeout
View answer
Correct Answer: B
Question #2
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.Which solution will meet these requirements?
A. onfigure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account
B. se the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue
C. rite an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes
D. onfigure the permissions on the main account event bus to receive events from all accounts
View answer
Correct Answer: D
Question #3
A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.How should the developer configure the custom domain for the application?
A. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API
B. mport the SSL/TLS certificate into CloudFront
C. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API
D. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region
View answer
Correct Answer: D
Question #4
A company needs to harden its container images before the images are in a running state. The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that orchestrates a continuous integration and continuous delivery (CI/CD) workflow.Dynamic application security testing occurs in the final stage of the pipeline after a new image is deployed to a development namespace in the EKS
A. uild the container image and run the docker scan command locally
B. reate a new CodePipeline stage that occurs after the container image is built
C. reate a new CodePipeline stage that occurs after source code has been retrieved from its repository
D. dd an action to the deployment stage of the pipeline so that the action occurs before the deployment to the EKS cluster
View answer
Correct Answer: B
Question #5
A company is offering APIs as a service over the internet to provide unauthenticated read access to statistical information that is updated daily. The company uses Amazon API Gateway and AWS Lambda to develop the APIs. The service has become popular, and the company wants to enhance the responsiveness of the APIs.Which action can help the company achieve this goal?
A. nable API caching in API Gateway
B. onfigure API Gateway to use an interface VPC endpoint
C. nable cross-origin resource sharing (CORS) for the APIs
D. onfigure usage plans and API keys in API Gateway
View answer
Correct Answer: A
Question #6
A developer creates an AWS Lambda function that retrieves and groups data from several public API endpoints. The Lambda function has been updated and configured to connect to the private subnet of a VPC. An internet gateway is attached to the VPC. The VPC uses the default network ACL and security group configurations.The developer finds that the Lambda function can no longer access the public API. The developer has ensured that the public API is accessible, but the Lambda function cannot connect to the APIH
A. nsure that the network ACL allows outbound traffic to the public internet
B. nsure that the security group allows outbound traffic to the public internet
C. nsure that outbound traffic from the private subnet is routed to a public NAT gateway
D. nsure that outbound traffic from the private subnet is routed to a new internet gateway
View answer
Correct Answer: C
Question #7
A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)
A. WS CodeDeploy
B. WS CodeArtifact
C. WS CodeCommit
D. mazon CodeGuru
View answer
Correct Answer: BD
Question #8
An online food company provides an Amazon API Gateway HTTP API to receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table.The company expects to onboard additional partners. Some of the partners require additional Lambda functions to receive orders. The company has created an Amazon S3 bucket. The company needs to store all orders and updates in the S3 bucket for future analysis.How can the developer ensure that all or
A. reate a new Lambda function and a new API Gateway API endpoint
B. se Amazon Kinesis Data Streams to create a new data stream
C. nable DynamoDB Streams on the DynamoDB table
D. odify the Lambda function to publish to a new Amazon Simple Notification Service (Amazon SNS) topic as the Lambda function receives orders
View answer
Correct Answer: C
Question #9
A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket, the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).Which solution will meet this requirement?
A. reate and deploy an AWS Lambda function in each desired Region
B. reate an AWS CloudFormation template that defines the load test resources
C. reate an AWS Systems Manager document that defines the resources
D. reate an AWS CloudFormation template that defines the load test resources
View answer
Correct Answer: B
Question #10
A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously u
A. se Amazon Cognito user pools to manage user accounts
B. se Amazon Cognito user pools to manage user accounts
C. reate an IAM user for each user of the application during the sign-up process
D. reate a users table in DynamoDB
View answer
Correct Answer: B
Question #11
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached AmazonElastic Block Store (Amazon EBS) volumes for storing data. The Amazon EBS volumes will be created at time of initial deployment. Theapplication will process sensitive information. All of the data must be encrypted. The solution should not impact the application's performance.Which solution will meet these requirements?
A. onfigure the fleet of EC2 instances to use encrypted EBS volumes to store data
B. onfigure the application to write all data to an encrypted Amazon S3 bucket
C. onfigure a custom encryption algorithm for the application that will encrypt and decrypt all data
D. onfigure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks
View answer
Correct Answer: A
Question #12
A company runs an application on AWS. The company deployed the application on Amazon EC2 instances. The application stores data on Amazon Aurora.The application recently logged multiple application-specific custom DECRYP_ERROR errors to Amazon CloudWatch logs. The company did not detect the issue until the automated tests that run every 30 minutes failed. A developer must implement a solution that will monitor for the custom errors and alert a development team in real time when these errors occur in the pro
A. onfigure the application to create a custom metric and to push the metric to CloudWatch
B. reate an AWS Lambda function to run every 5 minutes to scan the CloudWatch logs for the keyword DECRYP_ERROR
C. se Amazon CloudWatch Logs to create a metric filter that has a filter pattern for DECRYP_ERROR
D. nstall the CloudWatch unified agent on the EC2 instance
View answer
Correct Answer: C
Question #13
A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function.How should the developer encrypt this data?
A. nable Amazon EBS volume encryption with an AWS KMS key in the Lambda function configuration so that all storage attached to the Lambda function is encrypted
B. et up the Lambda function with a role and key policy to access an AWS KMS key
C. se OpenSSL to generate a symmetric encryption key on Lambda startup
D. se an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function
View answer
Correct Answer: B
Question #14
A developer is working on an ecommerce website. The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available.How can the developer update the application to meet these requirements with MINIMUM changes?
A. ewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch
B. et up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch Dashboards
C. cale down the application to one larger EC2 instance where only one instance is recording logs
D. nstall the unified Amazon CloudWatch agent on the EC2 instances
View answer
Correct Answer: D
Question #15
A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will invoke the Lambda function when an object is uploaded into an S3 bucket. The Lambda function will process the object and produce some analytic results that will be recorded into a file. Each processed object will also generate a log entry that will be recorded into a file.Other Lambda functions, AWS services, and on-premises resources must have access to the result files and log file. Each log entry must also be appended to
A. reate an Amazon Elastic File System (Amazon EFS) file system
B. reate an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled volume
C. reate a reference to the /tmp local directory
D. reate a reference to the /opt storage directory
View answer
Correct Answer: A
Question #16
A company has a web application that is deployed on AWS. The application uses an Amazon API Gateway API and an AWS Lambda function as its backend.The application recently demonstrated unexpected behavior. A developer examines the Lambda function code, finds an error, and modifies the code to resolve the problem. Before deploying the change to production, the developer needs to run tests to validate that the application operates properly.The application has only a production environment available. The develo
A. un the sam package and sam deploy commands
B. un the cdk synth and cdk deploy commands
C. un the cdk synth and sam local invoke commands with the function construct identifier and the path to the synthesized CloudFormation template
D. un the cdk synth and sam local start-lambda commands with the function construct identifier and the path to the synthesized CloudFormation template
View answer
Correct Answer: BD
Question #17
A company must deploy all its Amazon RDS DB instances by using AWS CloudFormation templates as part of AWS CodePipeline continuous integration and continuous delivery (CI/CD) automation. The primary password for the DB instance must be automatically generated as part of the deployment process.Which solution will meet these requirements with the LEAST development effort?
A. mazon DynamoDB
B. mazon EC2
C. WS Lambda
D. mazon RDS
View answer
Correct Answer: D
Question #18
A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.How should the developer retrieve the variables wi
A. pdate the application to retrieve the variables from AWS Systems Manager Parameter Store
B. pdate the application to retrieve the variables from AWS Key Management Service (AWS KMS)
C. pdate the application to retrieve the variables from an encrypted file that is stored with the application
D. pdate the application to retrieve the variables from each of the deployed environments
View answer
Correct Answer: A
Question #19
A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.How should the developer configure the custom domain for the application?
A. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API
B. mport the SSL/TLS certificate into CloudFront
C. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API
D. mport the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region
View answer
Correct Answer: D
Question #20
An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience.What is the best option to store the session state?
A. tore the session state in Amazon ElastiCache
B. tore the session state in Amazon CloudFront
C. tore the session state in Amazon S3
D. nable session stickiness using elastic load balancers
View answer
Correct Answer: A
Question #21
A company is building a web application on AWS. When a customer sends a request, the application will generate reports and then make the reports available to the customer within one hour. Reports should be accessible to the customer for 8 hours. Some reports are larger than 1 MB. Each report is unique to the customer. The application should delete all reports that are older than 2 days.Which solution will meet these requirements with the LEAST operational overhead?
A. enerate the reports and then store the reports as Amazon DynamoDB items that have a specified TTL
B. enerate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryption
C. enerate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryption
D. enerate the reports and then store the reports in an Amazon RDS database with a date stamp
View answer
Correct Answer: C
Question #22
A developer needs to build an AWS CloudFormation template that self-populates the AWS Region variable that deploys the CloudFormation template.What is the MOST operationally efficient way to determine the Region in which the template is being deployed?
A. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type
B. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type
C. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type
D. reate a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type
View answer
Correct Answer: A
Question #23
A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards.Which caching strategy will meet these requirements?
A. read-through cache
B. write-behind cache
C. lazy-loading cache
D. write-through cache
View answer
Correct Answer: D
Question #24
A developer is creating an application for a company. The application needs to read the file doc.txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company’s security team requires the principle of least privilege to be applied to the application’s IAM policy.Which IAM policy statement will meet these security requirements?
A. lone the repository
B. reate a new branch
C. se the Commit Visualizer view to compare the commits when a feature was added
D. top the pull from the main branch to the feature branch
View answer
Correct Answer: A
Question #25
An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application tier. To process orders during checkout, the application calls a POST API from the frontend. The POST API invokes the Lambda function asynchronously. In rare situations, the application has not processed orders. The Lambda application logs show no errors or failures.What should a developer do to solve this problem?
A. nspect the frontend logs for API failures
B. reate and inspect the Lambda dead-letter queue
C. nspect the Lambda logs in Amazon CloudWatch for possible errors
D. ake sure that caching is disabled for the POST API in API Gateway
View answer
Correct Answer: B
Question #26
A developer is writing an application for a company. The application will be deployed on Amazon EC2 and will use an Amazon RDS for Microsoft SQL Server database. The company's security team requires that database credentials are rotated at least weekly.How should the developer configure the database credentials for this application?
A. reate a database user
B. nable IAM authentication for the database
C. reate a database user
D. se the EC2 user data to create a database user
View answer
Correct Answer: C
Question #27
A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning. In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.How can the developer accomplish this?
A. nstall an AWS SDK on the on-premises server to automatically send logs to CloudWatch
B. ownload the CloudWatch agent to the on-premises server
C. pload log files from the on-premises server to Amazon S3 and have CloudWatch read the files
D. pload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch
View answer
Correct Answer: B
Question #28
A real-time messaging application uses Amazon API Gateway WebSocket APIs with backend HTTP service. A developer needs to build a feature in the application to identify a client that keeps connecting to and disconnecting from the WebSocket connection. The developer also needs the ability to remove the client.Which combination of changes should the developer make to the application to meet these requirements? (Choose two.)
A. WS CodeBuild
B. mazon S3
C. WS CodeCommit
D. WS Cloud9
View answer
Correct Answer: CD
Question #29
A developer is working on an existing application that uses Amazon DynamoDB as its data store. The DynamoDB table has the following attributes: partNumber (partition key), vendor (sort key), description, productFamily, and productType. When the developer analyzes the usage patterns, the developer notices that there are application modules that frequently look for a list of products based on the productFamily and productType attributes.The developer wants to make changes to the application to improve perform
A. odify the RDS security group
B. edeploy the Lambda function in the same subnet as the RDS instance
C. reate a security group for the Lambda function
D. reate an IAM role
View answer
Correct Answer: A
Question #30
A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function.How should the developer encrypt this data?
A. nable Amazon EBS volume encryption with an AWS KMS key in the Lambda function configuration so that all storage attached to the Lambda function is encrypted
B. et up the Lambda function with a role and key policy to access an AWS KMS key
C. se OpenSSL to generate a symmetric encryption key on Lambda startup
D. se an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function
View answer
Correct Answer: B
Question #31
A company needs to develop a proof of concept for a web service application. The application will show the weather forecast for one of the company's office locations. The application will provide a REST endpoint that clients can call. Where possible, the application should use caching features provided by AWS to limit the number of requests to the backend service. The application backend will receive a small amount of traffic only during testing.Which approach should the developer take to provide the REST e
A. reate a container image
B. reate an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM)
C. reate a container image
D. reate a microservices application
View answer
Correct Answer: B
Question #32
A development team wants to build a continuous integration/continuous delivery (CI/CD) pipeline. The team is using AWS CodePipeline to automate the code build and deployment. The team wants to store the program code to prepare for the CI/CD pipeline.Which AWS service should the team use to store the program code?
A. he /tmp directory
B. mazon Elastic File System (Amazon EFS)
C. mazon Elastic Block Store (Amazon EBS)
D. mazon S3
View answer
Correct Answer: C
Question #33
An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the developer wants to examine the logs of the Lambda function code for errors.Based on this system configuration, where would the developer find the logs?
A. mazon S3
B. WS CloudTrail
C. mazon CloudWatch
D. mazon DynamoDB
View answer
Correct Answer: C
Question #34
A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning. In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.How can the developer accomplish this?
A. nstall an AWS SDK on the on-premises server to automatically send logs to CloudWatch
B. ownload the CloudWatch agent to the on-premises server
C. pload log files from the on-premises server to Amazon S3 and have CloudWatch read the files
D. pload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch
View answer
Correct Answer: B
Question #35
A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously u
A. se Amazon Cognito user pools to manage user accounts
B. se Amazon Cognito user pools to manage user accounts
C. reate an IAM user for each user of the application during the sign-up process
D. reate a users table in DynamoDB
View answer
Correct Answer: B
Question #36
An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.What is the MOST secure way to resolve this issue?
A. pdate the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket
B. pdate the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket
C. pdate the developer's user permissions to include the S3:ListBucket permission for the S3 bucket
D. pdate the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance
View answer
Correct Answer: B
Question #37
A real-time messaging application uses Amazon API Gateway WebSocket APIs with backend HTTP service. A developer needs to build a feature in the application to identify a client that keeps connecting to and disconnecting from the WebSocket connection. The developer also needs the ability to remove the client.Which combination of changes should the developer make to the application to meet these requirements? (Choose two.)
A. WS CodeBuild
B. mazon S3
C. WS CodeCommit
D. WS Cloud9
View answer
Correct Answer: CD
Question #38
A company is developing an ecommerce application that uses Amazon API Gateway APIs. The application uses AWS Lambda as a backend. The company needs to test the code in a dedicated, monitored test environment before the company releases the code to the production environment.Which solution will meet these requirements?
A. se a single stage in API Gateway
B. se multiple stages in API Gateway
C. se multiple stages in API Gateway
D. se a single stage in API Gateway
View answer
Correct Answer: C
Question #39
A company is offering APIs as a service over the internet to provide unauthenticated read access to statistical information that is updated daily. The company uses Amazon API Gateway and AWS Lambda to develop the APIs. The service has become popular, and the company wants to enhance the responsiveness of the APIs.Which action can help the company achieve this goal?
A. nable API caching in API Gateway
B. onfigure API Gateway to use an interface VPC endpoint
C. nable cross-origin resource sharing (CORS) for the APIs
D. onfigure usage plans and API keys in API Gateway
View answer
Correct Answer: A
Question #40
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets.To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the develo
A. reate four access points that allow access to the central S3 bucket
B. reate a bucket policy that allows access to the central S3 bucket
C. reate a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket
D. reate a Content-MD5 header that provides a message integrity check for the central S3 bucket
View answer
Correct Answer: C
Question #41
A developer created an AWS Lambda function that accesses resources in a VPC. The Lambda function polls an Amazon Simple Queue Service (Amazon SQS) queue for new messages through a VPC endpoint. Then the function calculates a rolling average of the numeric values that are contained in the messages. After initial tests of the Lambda function, the developer found that the value of the rolling average that the function returned was not accurate.How can the developer ensure that the function calculates an accura
A. et the function's reserved concurrency to 1
B. odify the function to store the values in Amazon ElastiCache
C. et the function's provisioned concurrency to 1
D. odify the function to store the values in the function's layers
View answer
Correct Answer: A
Question #42
A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?
A. ncode each employee's contact information and photos using Base64
B. tore each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3
C. se Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method
D. tore employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: B
Question #43
A company is updating an application to move the backend of the application from Amazon EC2 instances to a serverless model. The application uses an Amazon RDS for MySQL DB instance and runs in a single VPC on AWS. The application and the DB instance are deployed in a private subnet in the VPC.The company needs to connect AWS Lambda functions to the DB instance.Which solution will meet these requirements?
A. hange the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AMI
B. opy the custom AMI from us-east-1 to us-west-1
C. uild the custom AMI in us-west-1
D. anually deploy the application outside AWS CloudFormation in us-west-1
View answer
Correct Answer: B
Question #44
A company's new mobile app uses Amazon API Gateway. As the development team completes a new release of its APIs, a developer must safely and transparently roll out the API change.What is the SIMPLEST solution for the developer to use for rolling out the new API version to a limited number of users through API Gateway?
A. rite a script that deletes old records; schedule the script as a cron job on an Amazon EC2 instance
B. dd an attribute with the expiration time; enable the Time To Live feature based on that attribute
C. ach day, create a new table to hold session data; delete the previous day's table
D. dd an attribute with the expiration time; name the attribute ItemExpiration
View answer
Correct Answer: D
Question #45
A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI). The company uses AWS CloudFormation to provision the application. The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region.An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational
A. reate an AWS CodeArtifact repository that contains all the custom libraries
B. reate a custom container image for the Lambda functions to save all the custom libraries
C. reate a Lambda layer that contains all the custom libraries
D. reate an Amazon Elastic File System (Amazon EFS) file system to store all the custom libraries
View answer
Correct Answer: B
Question #46
A developer is implementing an AWS Cloud Development Kit (AWS CDK) serverless application. The developer will provision several AWS Lambda functions and Amazon API Gateway APIs during AWS CloudFormation stack creation. The developer's workstation has the AWS Serverless Application Model (AWS SAM) and the AWS CDK installed locally.How can the developer test a specific Lambda function locally?
A. reate a new API in API Gateway
B. alidate the new API version and promote it to production during the window of lowest expected utilization
C. mplement an Amazon CloudWatch alarm to trigger a rollback if the observed HTTP 500 status code rate exceeds a predetermined threshold
D. se the canary release deployment option in API Gateway
View answer
Correct Answer: C
Question #47
An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.Which option will meet these requirements with the HIGHEST level of security?
A. se S3 Event Notifications to validate the file upload and download requests and update the user interface (UI)
B. ave the details of the uploaded files in a separate Amazon DynamoDB table
C. se Amazon API Gateway and an AWS Lambda function to upload and download files
D. se an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3
View answer
Correct Answer: D
Question #48
A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.The developer needs to implement a solution to support the following use cases:-For a given title and release year, get all details about the movie th
A. reate an Amazon DynamoDB table
B. reate an Amazon DynamoDB table
C. n an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre
D. n an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column
View answer
Correct Answer: A
Question #49
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials.Which solution will handle the database credentials MOST securely?
A. etrieve the credentials from variables that are hardcoded in the buildspec
B. etrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store
C. etrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret
D. etrieve the credentials from an environment variable that contains the connection string in plaintext
View answer
Correct Answer: C
Question #50
A social media application uses the AWS SDK for JavaScript on the frontend to get user credentials from AWS Security Token Service (AWS STS). The application stores its assets in an Amazon S3 bucket. The application serves its content by using an Amazon CloudFront distribution with the origin set to the S3 bucket.The credentials for the role that the application assumes to make the SDK calls are stored in plaintext in a JSON file within the application code. The developer needs to implement a solution that
A. dd a Lambda@Edge function to the distribution
B. dd a CloudFront function to the distribution
C. dd a Lambda@Edge function to the distribution
D. dd a CloudFront function to the distribution
View answer
Correct Answer: A
Question #51
A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.How can the developer enforce that all requests to retrieve the data provide encryption in transit?
A. efine a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”
B. efine a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”
C. efine a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”
D. efine a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”
View answer
Correct Answer: A
Question #52
A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs reach production.Which solution should the developer implement to meet these requirements?
A. un the amplify add test command in the Amplify CLI
B. reate unit tests in the application
C. dd a test phase to the amplify
D. dd a test phase to the aws-exports
View answer
Correct Answer: C
Question #53
A developer is writing an AWS Lambda function. The developer wants to log key events that occur while the Lambda function runs. The developer wants to include a unique identifier to associate the events with a specific function invocation. The developer adds the following code to the Lambda function:Which solution will meet this requirement?
A. btain the request identifier from the AWS request ID field in the context object
B. btain the request identifier from the AWS request ID field in the event object
C. btain the request identifier from the AWS request ID field in the event object
D. btain the request identifier from the AWS request ID field in the context object
View answer
Correct Answer: A
Question #54
A company is developing a serverless application that consists of various AWS Lambda functions behind Amazon API Gateway APIs. A developer needs to automate the deployment of Lambda function code. The developer will deploy updated Lambda functions with AWS CodeDeploy. The deployment must minimize the exposure of potential errors to end users. When the application is in production, the application cannot experience downtime outside the specified maintenance window.Which deployment configuration will meet the
A. se the AWS CodeDeploy in-place deployment configuration for the Lambda functions
B. se the AWS CodeDeploy linear deployment configuration to shift 10% of the traffic every minute
C. se the AWS CodeDeploy all-at-once deployment configuration to shift all traffic to the updated versions immediately
D. se the AWS CodeDeploy predefined canary deployment configuration to shift 10% of the traffic immediately and shift the remaining traffic after 5 minutes
View answer
Correct Answer: D
Question #55
A developer is creating an application. New users of the application must be able to create an account and register by using their own social media accounts.Which AWS service or resource should the developer use to meet these requirements?
A. AM role
B. mazon Cognito identity pools
C. mazon Cognito user pools
D. WS Directory Service
View answer
Correct Answer: C
Question #56
A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.Which set of steps would be necessary to achieve this?
A. reate an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB
B. onfigure an S3 event to invoke an AWS Lambda function that inserts records into DynamoD
C. reate an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB
D. reate a cron job that will run at a scheduled time and insert the records into DynamoDB
View answer
Correct Answer: B
Question #57
An Amazon Kinesis Data Firehose delivery stream is receiving customer data that contains personally identifiable information. A developer needs to remove pattern-based customer identifiers from the data and store the modified data in an Amazon S3 bucket.What should the developer do to meet these requirements?
A. mplement Kinesis Data Firehose data transformation as an AWS Lambda function
B. aunch an Amazon EC2 instance
C. reate an Amazon OpenSearch Service instance
D. reate an AWS Step Functions workflow to remove the customer identifiers
View answer
Correct Answer: A
Question #58
A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.Which solution will meet these requirements MOST securely?
A. tore the API credentials in AWS Secrets Manager
B. tore the API credentials in a local code variable
C. tore the API credentials as an object in a private Amazon S3 bucket
D. tore the API credentials in an Amazon DynamoDB table
View answer
Correct Answer: A
Question #59
A company hosts a batch processing application on AWS Elastic Beanstalk with instances that run the most recent version of Amazon Linux. The application sorts and processes large datasets.In recent weeks, the application's performance has decreased significantly during a peak period for traffic. A developer suspects that the application issues are related to the memory usage. The developer checks the Elastic Beanstalk console and notices that memory usage is not being tracked.How should the developer gather
A. onfigure the Amazon CloudWatch agent to push logs to Amazon CloudWatch Logs by using port 443
B. onfigure the Elastic Beanstalk
C. onfigure the Amazon CloudWatch agent to track the memory usage of the instances
D. onfigure an Amazon CloudWatch dashboard to track the memory usage of the instances
View answer
Correct Answer: B
Question #60
A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.Which solution will meet these requirements?
A. reate an Amazon ElastiCache for Redis instance
B. reate an Amazon ElastiCache for Memcached instance
C. reate an Amazon RDS for MySQL read replica
D. reate an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table
View answer
Correct Answer: A
Question #61
A developer creates an AWS Lambda function that retrieves and groups data from several public API endpoints. The Lambda function has been updated and configured to connect to the private subnet of a VPC. An internet gateway is attached to the VPC. The VPC uses the default network ACL and security group configurations.The developer finds that the Lambda function can no longer access the public API. The developer has ensured that the public API is accessible, but the Lambda function cannot connect to the APIH
A. nsure that the network ACL allows outbound traffic to the public internet
B. nsure that the security group allows outbound traffic to the public internet
C. nsure that outbound traffic from the private subnet is routed to a public NAT gateway
D. nsure that outbound traffic from the private subnet is routed to a new internet gateway
View answer
Correct Answer: C
Question #62
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.How can the developer incorporate the list of approved instance types in the CloudFormation template?
A. reate a separate CloudFormation template for each EC2 instance type in the list
B. n the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list
C. n the CloudFormation template, create a separate parameter for each EC2 instance type in the list
D. n the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues
View answer
Correct Answer: D
Question #63
A company must deploy all its Amazon RDS DB instances by using AWS CloudFormation templates as part of AWS CodePipeline continuous integration and continuous delivery (CI/CD) automation. The primary password for the DB instance must be automatically generated as part of the deployment process.Which solution will meet these requirements with the LEAST development effort?
A. mazon DynamoDB
B. mazon EC2
C. WS Lambda
D. mazon RDS
View answer
Correct Answer: D
Question #64
An ecommerce website uses an AWS Lambda function and an Amazon RDS for MySQL database for an order fulfillment service. The service needs to return order confirmation immediately.During a marketing campaign that caused an increase in the number of orders, the website's operations team noticed errors for “too many connections” from Amazon RDS. However, the RDS DB cluster metrics are healthy. CPU and memory capacity are still available.What should a developer do to resolve the errors?
A. nitialize the database connection outside the handler function
B. nitialize the database connection outside the handler function
C. se Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the orders
D. se Amazon Simple Queue Service (Amazon SQS) FIFO queues to queue the orders
View answer
Correct Answer: B
Question #65
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials.Which solution will handle the database credentials MOST securely?
A. etrieve the credentials from variables that are hardcoded in the buildspec
B. etrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store
C. etrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret
D. etrieve the credentials from an environment variable that contains the connection string in plaintext
View answer
Correct Answer: C
Question #66
A company is developing a serverless application that consists of various AWS Lambda functions behind Amazon API Gateway APIs. A developer needs to automate the deployment of Lambda function code. The developer will deploy updated Lambda functions with AWS CodeDeploy. The deployment must minimize the exposure of potential errors to end users. When the application is in production, the application cannot experience downtime outside the specified maintenance window.Which deployment configuration will meet the
A. se the AWS CodeDeploy in-place deployment configuration for the Lambda functions
B. se the AWS CodeDeploy linear deployment configuration to shift 10% of the traffic every minute
C. se the AWS CodeDeploy all-at-once deployment configuration to shift all traffic to the updated versions immediately
D. se the AWS CodeDeploy predefined canary deployment configuration to shift 10% of the traffic immediately and shift the remaining traffic after 5 minutes
View answer
Correct Answer: D
Question #67
A company is planning to deploy an application on AWS behind an Elastic Load Balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses.Which load-balancing solution meets these requirements?
A. se an Application Load Balancer and the X-Forwarded-For headers
B. se a Network Load Balancer (NLB)
C. se an Application Load Balancer
D. se a Network Load Balancer and the X-Forwarded-For headers
View answer
Correct Answer: A
Question #68
A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account. The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.Which logs can the developer use to verify whether the traffic is reaching subnet B?
A. PN logs
B. GP logs
C. PC Flow Logs
D. WS CloudTrail logs
View answer
Correct Answer: C
Question #69
A developer is working on a serverless application that needs to process any changes to an Amazon DynamoDB table with an AWS Lambda function.How should the developer configure the Lambda function to detect changes to the DynamoDB table?
A. reate an Amazon Kinesis data stream, and attach it to the DynamoDB table
B. reate an Amazon EventBridge rule to invoke the Lambda function on a regular schedule
C. nable DynamoDB Streams on the table
D. reate an Amazon Kinesis Data Firehose delivery stream, and attach it to the DynamoDB table
View answer
Correct Answer: C
Question #70
A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.How can the developer enforce that all requests to retrieve the data provide encryption in transit?
A. efine a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”
B. efine a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”
C. efine a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”
D. efine a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”
View answer
Correct Answer: A
Question #71
A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container Service (Amazon ECS). During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, after 15 minutes elapse, the company must route all the remaining live traffic to the new version of the deployed application.Which CodeDeploy predefined configuration will meet these requirements?
A. odeDeployDefault
B. odeDeployDefault
C. odeDeployDefault
D. odeDeployDefault
View answer
Correct Answer: A
Question #72
A company has deployed an application on AWS Elastic Beanstalk. The company has configured the Auto Scaling group that is associated with the Elastic Beanstalk environment to have five Amazon EC2 instances. If the capacity is fewer than four EC2 instances during the deployment, application performance degrades. The company is using the all-at-once deployment policy.What is the MOST cost-effective way to solve the deployment issue?
A. hange the Auto Scaling group to six desired instances
B. hange the deployment policy to traffic splitting
C. hange the deployment policy to rolling with additional batch
D. hange the deployment policy to rolling
View answer
Correct Answer: C
Question #73
A developer is configuring an application's deployment environment in AWS CodePipeline. The application code is stored in a GitHub repository. The developer wants to ensure that the repository package's unit tests run in the new deployment environment. The developer has already set the pipeline's source provider to GitHub and has specified the repository and branch to use in the deployment.Which combination of steps should the developer take next to meet these requirements with the LEAST overhead? (Choose t
A. dd an override to the feature
B. dd an override to the feature
C. dd an experiment to the project
D. dd an experiment to the project
View answer
Correct Answer: BE
Question #74
A company is developing a serverless multi-tier application on AWS. The company will build the serverless logic tier by using Amazon API Gateway and AWS Lambda.While the company builds the logic tier, a developer who works on the frontend of the application must develop integration tests. The tests must cover both positive and negative scenarios, depending on success and error HTTP status codes.Which solution will meet these requirements with the LEAST effort?
A. et up a mock integration for API methods in API Gateway
B. reate two mock integration resources for API methods in API Gateway
C. reate Lambda functions to perform tests
D. reate a Lambda function to perform tests
View answer
Correct Answer: A
Question #75
A developer is designing an AWS Lambda function that creates temporary files that are less than 10 MB during invocation. The temporary files will be accessed and modified multiple times during invocation. The developer has no need to save or retrieve these files in the future.Where should the temporary files be stored?
A. ackage each Python library in its own
B. reate a Lambda layer with the required Python library
C. ombine the two Lambda functions into one Lambda function
D. ownload the Python library to an S3 bucket
View answer
Correct Answer: A
Question #76
A developer maintains an Amazon API Gateway REST API. Customers use the API through a frontend UI and Amazon Cognito authentication.The developer has a new version of the API that contains new endpoints and backward-incompatible interface changes. The developer needs to provide beta access to other developers on the team without affecting customers.Which solution will meet these requirements with the LEAST operational overhead?
A. efine a development stage on the API Gateway API
B. efine a new API Gateway API that points to the new API application code
C. mplement a query parameter in the API application code that determines which code version to call
D. pecify new API Gateway endpoints for the API endpoints that the developer wants to add
View answer
Correct Answer: A
Question #77
A company has a front-end application that runs on four Amazon EC2 instances behind an Elastic Load Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. A developer needs to deploy and test new application code while updating the Elastic Beanstalk platform from the current version to a newer version of Node.js. The solution must result in zero downtime for the application.Which solution meets these requirements?
A. lone the production environment to a different platform version
B. eploy the new application code in an all-at-once deployment to the existing EC2 instances
C. erform an immutable update to deploy the new application code to new EC2 instances
D. se a rolling deployment for the new application code
View answer
Correct Answer: D
Question #78
A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs reach production.Which solution should the developer implement to meet these requirements?
A. un the amplify add test command in the Amplify CLI
B. reate unit tests in the application
C. dd a test phase to the amplify
D. dd a test phase to the aws-exports
View answer
Correct Answer: C
Question #79
An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.What is the MOST secure way to resolve this issue?
A. pdate the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket
B. pdate the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket
C. pdate the developer's user permissions to include the S3:ListBucket permission for the S3 bucket
D. pdate the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance
View answer
Correct Answer: B
Question #80
A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub.The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The company needs a solutio
A. ost each website by using AWS Amplify with a serverless backend
B. ost each website in AWS Elastic Beanstalk with multiple environments
C. ost each website in different Amazon S3 buckets for each environment
D. ost each website on its own Amazon EC2 instance
View answer
Correct Answer: A
Question #81
A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.Which AWS service or tool should the developer use to define serverless resources in YAML?
A. loudFormation serverless intrinsic functions
B. WS Elastic Beanstalk
C. WS Serverless Application Model (AWS SAM)
D. WS Cloud Development Kit (AWS CDK)
View answer
Correct Answer: C
Question #82
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.Which solution will meet these requirements?
A. onfigure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account
B. se the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue
C. rite an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes
D. onfigure the permissions on the main account event bus to receive events from all accounts
View answer
Correct Answer: D
Question #83
A company is building a serverless application on AWS. The application uses an AWS Lambda function to process customer orders 24 hours a day, 7 days a week. The Lambda function calls an external vendor's HTTP API to process payments.During load tests, a developer discovers that the external vendor payment processing API occasionally times out and returns errors. The company expects that some payment processing API calls will return errors.The company wants the support team to receive notifications in near r
A. rite the results of payment processing API calls to Amazon CloudWatch
B. ublish custom metrics to CloudWatch that record the failures of the external payment processing API calls
C. ublish the results of the external payment processing API calls to a new Amazon SNS topic
D. rite the results of the external payment processing API calls to Amazon S3
View answer
Correct Answer: B
Question #84
A developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.What is the reason that no filtered results are being returned?
A. setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC
B. loudWatch Logs only publishes metric data for events that happen after the filter is created
C. he log group for CloudWatch Logs should be first streamed to Amazon OpenSearch Service before metric filtering returns the results
D. etric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket
View answer
Correct Answer: B
Question #85
A developer needs to migrate an online retail application to AWS to handle an anticipated increase in traffic. The application currently runs on two servers: one server for the web application and another server for the database. The web server renders webpages and manages session state in memory. The database server hosts a MySQL database that contains order details. When traffic to the application is heavy, the memory usage for the web server approaches 100% and the application slows down considerably.The
A. se an EC2 instance to host the MySQL database
B. se Amazon ElastiCache for Memcached to store and manage the session data
C. se Amazon ElastiCache for Memcached to store and manage the session data and the application data
D. se the EC2 instance store to manage the session data
View answer
Correct Answer: B
Question #86
A developer wants to use AWS Elastic Beanstalk to test a new version of an application in a test environment.Which deployment method offers the FASTEST deployment?
A. mmutable
B. olling
C. olling with additional batch
D. ll at once
View answer
Correct Answer: D
Question #87
An Amazon Kinesis Data Firehose delivery stream is receiving customer data that contains personally identifiable information. A developer needs to remove pattern-based customer identifiers from the data and store the modified data in an Amazon S3 bucket.What should the developer do to meet these requirements?
A. mplement Kinesis Data Firehose data transformation as an AWS Lambda function
B. aunch an Amazon EC2 instance
C. reate an Amazon OpenSearch Service instance
D. reate an AWS Step Functions workflow to remove the customer identifiers
View answer
Correct Answer: A
Question #88
A company has a critical application on AWS. The application exposes an HTTP API by using Amazon API Gateway. The API is integrated with an AWS Lambda function. The application stores data in an Amazon RDS for MySQL DB instance with 2 virtual CPUs (vCPUs) and 64 GB of RAM.Customers have reported that some of the API calls return HTTP 500 Internal Server Error responses. Amazon CloudWatch Logs shows errors for “too many connections.” The errors occur during peak usage times that are unpredictable.The company
A. ecrease the number of vCPUs for the DB instance
B. se Amazon RDS Proxy to create a proxy that connects to the DB instance
C. dd a CloudWatch alarm that changes the DB instance class when the number of connections increases to more than 1,000
D. dd an Amazon EventBridge rule that increases the max_connections setting of the DB instance when CPU utilization is above 75%
View answer
Correct Answer: B
Question #89
A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.How should the developer retrieve the variables wi
A. pdate the application to retrieve the variables from AWS Systems Manager Parameter Store
B. pdate the application to retrieve the variables from AWS Key Management Service (AWS KMS)
C. pdate the application to retrieve the variables from an encrypted file that is stored with the application
D. pdate the application to retrieve the variables from each of the deployed environments
View answer
Correct Answer: A
Question #90
A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours.Which combination of steps will resolve the latency issue? (Choose two.)
A. pply a bucket policy that allows anonymous users to download the content from the S3 bucket
B. enerate a pre-signed object URL for the premier content file when a paid subscriber requests a download
C. dd a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects
D. nable server-side encryption on the S3 bucket for data protection against the non-paying website visitors
View answer
Correct Answer: DE
Question #91
A developer is creating an AWS Lambda function. The Lambda function will consume messages from an Amazon Simple Queue Service (Amazon SQS) queue. The developer wants to integrate unit testing as part of the function's continuous integration and continuous delivery (CI/CD) process.How can the developer unit test the function?
A. reate an AWS CloudFormation template that creates an SQS queue and deploys the Lambda function
B. reate an SQS event for tests
C. reate an SQS queue for tests
D. se the aws lambda invoke command with a test event during the CIICD process
View answer
Correct Answer: D
Question #92
A developer is creating a mobile app that calls a backend service by using an Amazon API Gateway REST API. For integration testing during the development phase, the developer wants to simulate different backend responses without invoking the backend service.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an AWS Lambda function
B. reate an Amazon EC2 instance that serves the backend REST API by using an AWS CloudFormation template
C. ustomize the API Gateway stage to select a response type based on the request
D. se a request mapping template to select the mock integration response
View answer
Correct Answer: D
Question #93
A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM) on multiple AWS Lambda functions.When the application is deployed, the developer wants to shift 10% of the traffic to the new deployment of the application for the first 10 minutes after deployment. If there are no issues, all traffic must switch over to the new version.Which change to the AWS SAM template will meet these requirements?
A. et the Deployment Preference Type to Canary10Percent10Minutes
B. et the Deployment Preference Type to LinearlOPercentEvery10Minutes
C. et the Deployment Preference Type to CanaryIOPercentIOMinutes
D. et the Deployment Preference Type to LinearlOPercentEveryIOMinutes
View answer
Correct Answer: A
Question #94
An application uses an Amazon EC2 Auto Scaling group. A developer notices that EC2 instances are taking a long time to become available during scale-out events. The UserData script is taking a long time to run.The developer must implement a solution to decrease the time that elapses before an EC2 instance becomes available. The solution must make the most recent version of the application available at all times and must apply all available security updates. The solution also must minimize the number of imag
A. tore the credentials in AWS Systems Manager Parameter Store
B. ncrypt the credentials with the default AWS Key Management Service (AWS KMS) key
C. tore the credentials in AWS Secrets Manager
D. ncrypt the credentials by using AWS Key Management Service (AWS KMS)
View answer
Correct Answer: AE
Question #95
A company is implementing an application on Amazon EC2 instances. The application needs to process incoming transactions. When the application detects a transaction that is not valid, the application must send a chat message to the company's support team. To send the message, the application needs to retrieve the access token to authenticate by using the chat API.A developer needs to implement a solution to store the access token. The access token must be encrypted at rest and in transit. The access token m
A. se an AWS Systems Manager Parameter Store SecureString parameter that uses an AWS Key Management Service (AWS KMS) AWS managed key to store the access token
B. ncrypt the access token by using an AWS Key Management Service (AWS KMS) customer managed key
C. se AWS Secrets Manager with an AWS Key Management Service (AWS KMS) customer managed key to store the access token
D. ncrypt the access token by using an AWS Key Management Service (AWS KMS) AWS managed key
View answer
Correct Answer: D
Question #96
A developer is creating an application that will be deployed on IoT devices. The application will send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign each API request a unique identifier. The volume of API requests from the application can randomly increase at any given time of day.During periods of request throttling, the application might need to retry requests. The API must be able to handle duplicate requests without inconsistencies or data loss.Which solut
A. reate an Amazon RDS for MySQL DB instance
B. reate an Amazon DynamoDB table
C. reate an Amazon DynamoDB table
D. reate an Amazon ElastiCache for Memcached instance
View answer
Correct Answer: B
Question #97
An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below: Which techniques will help mitigate this exception? (Choose two.)
A. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
B. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
C. reate an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification
D. onfigure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose
View answer
Correct Answer: AC
Question #98
A company receives food orders from multiple partners. The company has a microservices application that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function to process the orders.Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the
A. reate a different Amazon Simple Notification Service (Amazon SNS) topic for each partner
B. reate a different Lambda function for each partner
C. reate an Amazon Simple Notification Service (Amazon SNS) topic
D. reate one Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: C
Question #99
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.How can the developer incorporate the list of approved instance types in the CloudFormation template?
A. reate a separate CloudFormation template for each EC2 instance type in the list
B. n the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list
C. n the CloudFormation template, create a separate parameter for each EC2 instance type in the list
D. n the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues
View answer
Correct Answer: D
Question #100
A developer needs to migrate an online retail application to AWS to handle an anticipated increase in traffic. The application currently runs on two servers: one server for the web application and another server for the database. The web server renders webpages and manages session state in memory. The database server hosts a MySQL database that contains order details. When traffic to the application is heavy, the memory usage for the web server approaches 100% and the application slows down considerably.The
A. se an EC2 instance to host the MySQL database
B. se Amazon ElastiCache for Memcached to store and manage the session data
C. se Amazon ElastiCache for Memcached to store and manage the session data and the application data
D. se the EC2 instance store to manage the session data
View answer
Correct Answer: B
Question #101
An application uses an Amazon EC2 Auto Scaling group. A developer notices that EC2 instances are taking a long time to become available during scale-out events. The UserData script is taking a long time to run.The developer must implement a solution to decrease the time that elapses before an EC2 instance becomes available. The solution must make the most recent version of the application available at all times and must apply all available security updates. The solution also must minimize the number of imag
A. tore the credentials in AWS Systems Manager Parameter Store
B. ncrypt the credentials with the default AWS Key Management Service (AWS KMS) key
C. tore the credentials in AWS Secrets Manager
D. ncrypt the credentials by using AWS Key Management Service (AWS KMS)
View answer
Correct Answer: AE
Question #102
A developer is creating an AWS Serverless Application Model (AWS SAM) template. The AWS SAM template contains the definition of multiple AWS Lambda functions, an Amazon S3 bucket, and an Amazon CloudFront distribution. One of the Lambda functions runs on Lambda@Edge in the CloudFront distribution. The S3 bucket is configured as an origin for the CloudFront distribution.When the developer deploys the AWS SAM template in the eu-west-1 Region, the creation of the stack fails.Which of the following could be the
A. loudFront distributions can be created only in the us-east-1 Region
B. ambda@Edge functions can be created only in the us-east-1 Region
C. single AWS SAM template cannot contain multiple Lambda functions
D. he CloudFront distribution and the S3 bucket cannot be created in the same Region
View answer
Correct Answer: B
Question #103
A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted.How can the developer expand the application to run in the destination Region while meeting the encryption requirement?
A. reate new AMIs, and specify encryption parameters
B. se AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs
C. se AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs
D. opy the unencrypted AMIs to the destination Region
View answer
Correct Answer: A
Question #104
A company created four AWS Lambda functions that connect to a relational database server that runs on an Amazon RDS instance. A security team requires the company to automatically change the database password every 30 days.Which solution will meet these requirements MOST securely?
A. tore the database credentials in the environment variables of the Lambda function
B. tore the database credentials in AWS Secrets Manager
C. tore the database credentials in AWS Systems Manager Parameter Store secure strings
D. tore the database credentials in an Amazon S3 bucket that uses server-side encryption with customer-provided encryption keys (SSE-C)
View answer
Correct Answer: B
Question #105
An engineer created an A/B test of a new feature on an Amazon CloudWatch Evidently project. The engineer configured two variations of the feature (Variation A and Variation B) for the test. The engineer wants to work exclusively with Variation
A. The engineer needs to make updates so that Variation A is the only variation that appears when the engineer hits the application's endpoint
A. reate a global secondary index (GSI) with productFamily as the partition key and productType as the sort key
B. reate a local secondary index (LSI) with productFamily as the partition key and productType as the sort key
C. ecreate the table
D. pdate the queries to use Scan operations with productFamily as the partition key and productType as the sort key
View answer
Correct Answer: A
Question #106
A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment.The developer wants to make the REST API available for testing by using API Gateway locally.Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?
A. am local invoke
B. am local generate-event
C. am local start-lambda
D. am local start-api
View answer
Correct Answer: D
Question #107
A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.How should the developer retrieve the variables wi
A. pdate the application to retrieve the variables from AWS Systems Manager Parameter Store
B. pdate the application to retrieve the variables from AWS Key Management Service (AWS KMS)
C. pdate the application to retrieve the variables from an encrypted file that is stored with the application
D. pdate the application to retrieve the variables from each of the deployed environments
View answer
Correct Answer: B
Question #108
A social media application uses the AWS SDK for JavaScript on the frontend to get user credentials from AWS Security Token Service (AWS STS). The application stores its assets in an Amazon S3 bucket. The application serves its content by using an Amazon CloudFront distribution with the origin set to the S3 bucket.The credentials for the role that the application assumes to make the SDK calls are stored in plaintext in a JSON file within the application code. The developer needs to implement a solution that
A. dd a Lambda@Edge function to the distribution
B. dd a CloudFront function to the distribution
C. dd a Lambda@Edge function to the distribution
D. dd a CloudFront function to the distribution
View answer
Correct Answer: A
Question #109
A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node.js application.To minimize these bugs, the developer wants to implement automated testing of Lambda functions in an environment that closely simulates the Lambda environment.The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (CI/CD) pipeline befor
A. reate sample events based on the Lambda documentation
B. nstall a unit testing framework that reproduces the Lambda execution environment
C. nstall the AWS Serverless Application Model (AWS SAM) CLI tool
D. reate sample events based on the Lambda documentation
View answer
Correct Answer: C
Question #110
A developer is creating a service that uses an Amazon S3 bucket for image uploads. The service will use an AWS Lambda function to create a thumbnail of each image. Each time an image is uploaded, the service needs to send an email notification and create the thumbnail. The developer needs to configure the image processing and email notifications setup.Which solution will meet these requirements?
A. reate an Amazon Simple Notification Service (Amazon SNS) topic
B. reate an Amazon Simple Notification Service (Amazon SNS) topic
C. reate an Amazon Simple Queue Service (Amazon SQS) queue
D. reate an Amazon Simple Queue Service (Amazon SQS) queue
View answer
Correct Answer: A
Question #111
A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account. The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.Which logs can the developer use to verify whether the traffic is reaching subnet B?
A. PN logs
B. GP logs
C. PC Flow Logs
D. WS CloudTrail logs
View answer
Correct Answer: C
Question #112
A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution. The external library is a collection of files with a total size of 100 MB. The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a Lambda layer to store the external library
B. reate an Amazon S3 bucket
C. oad the external library to the Lambda function's /tmp directory during deployment of the Lambda package
D. reate an Amazon Elastic File System (Amazon EFS) volume
View answer
Correct Answer: A
Question #113
A company has a critical application on AWS. The application exposes an HTTP API by using Amazon API Gateway. The API is integrated with an AWS Lambda function. The application stores data in an Amazon RDS for MySQL DB instance with 2 virtual CPUs (vCPUs) and 64 GB of RAM.Customers have reported that some of the API calls return HTTP 500 Internal Server Error responses. Amazon CloudWatch Logs shows errors for “too many connections.” The errors occur during peak usage times that are unpredictable.The company
A. ecrease the number of vCPUs for the DB instance
B. se Amazon RDS Proxy to create a proxy that connects to the DB instance
C. dd a CloudWatch alarm that changes the DB instance class when the number of connections increases to more than 1,000
D. dd an Amazon EventBridge rule that increases the max_connections setting of the DB instance when CPU utilization is above 75%
View answer
Correct Answer: B
Question #114
A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.Which set of steps would be necessary to achieve this?
A. reate an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB
B. onfigure an S3 event to invoke an AWS Lambda function that inserts records into DynamoD
C. reate an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB
D. reate a cron job that will run at a scheduled time and insert the records into DynamoDB
View answer
Correct Answer: B
Question #115
A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution. The external library is a collection of files with a total size of 100 MB. The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a Lambda layer to store the external library
B. reate an Amazon S3 bucket
C. oad the external library to the Lambda function's /tmp directory during deployment of the Lambda package
D. reate an Amazon Elastic File System (Amazon EFS) volume
View answer
Correct Answer: A
Question #116
A development team wants to build a continuous integration/continuous delivery (CI/CD) pipeline. The team is using AWS CodePipeline to automate the code build and deployment. The team wants to store the program code to prepare for the CI/CD pipeline.Which AWS service should the team use to store the program code?
A. he /tmp directory
B. mazon Elastic File System (Amazon EFS)
C. mazon Elastic Block Store (Amazon EBS)
D. mazon S3
View answer
Correct Answer: C
Question #117
A developer is creating a Ruby application and needs to automate the deployment, scaling, and management of an environment without requiring knowledge of the underlying infrastructure.Which service would best accomplish this task?
A. WS CodeDeploy
B. WS CloudFormation
C. WS OpsWorks
D. WS Elastic Beanstalk
View answer
Correct Answer: D
Question #118
A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads. The company wants to refactor the code to achieve optimum read performance for queries.Which solution will meet this requirement with LEAST current and future effort?
A. se a multi-AZ Amazon RDS deployment
B. se a multi-AZ Amazon RDS deployment
C. eploy Amazon RDS with one or more read replicas
D. se open source replication software to create a copy of the MySQL database on an Amazon EC2 instance
View answer
Correct Answer: C
Question #119
A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.Which solution will meet these requirements MOST cost-effectively?
A. mazon S3 with encrypted files prefixed with “config”
B. WS Secrets Manager secrets with a tag that is named SecretString
C. WS Systems Manager Parameter Store SecureString parameters
D. loudFormation NoEcho parameters
View answer
Correct Answer: C
Question #120
A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance.How can the application find this information?
A. uery the instance metadata from http://169
B. uery the instance user data from http://169
C. uery the Amazon Machine Image (AMI) information from http://169
D. heck the hosts file of the operating system
View answer
Correct Answer: A
Question #121
A developer is using an AWS Lambda function to generate avatars for profile pictures that are uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for profile pictures that are saved under the /original/ S3 prefix. The developer notices that some pictures cause the Lambda function to time out. The developer wants to implement a fallback mechanism by using another Lambda function that resizes the profile picture.Which solution will meet these requirements with the LEAST development e
A. et the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. reate an AWS Step Functions state machine that invokes the avatar generator Lambda function and uses the image resize Lambda function as a fallback
D. reate an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: A
Question #122
A developer maintains a critical business application that uses Amazon DynamoDB as the primary data store. The DynamoDB table contains millions of documents and receives 30-60 requests each minute. The developer needs to perform processing in near-real time on the documents when they are added or updated in the DynamoDB table.How can the developer implement this feature with the LEAST amount of change to the existing application code?
A. et up a cron job on an Amazon EC2 instance
B. nable a DynamoDB stream on the table
C. pdate the application to send a PutEvents request to Amazon EventBridge
D. pdate the application to synchronously process the documents directly after the DynamoDB write
View answer
Correct Answer: B
Question #123
A developer is creating an AWS CloudFormation template to deploy Amazon EC2 instances across multiple AWS accounts. The developer must choose the EC2 instances from a list of approved instance types.How can the developer incorporate the list of approved instance types in the CloudFormation template?
A. reate a separate CloudFormation template for each EC2 instance type in the list
B. n the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list
C. n the CloudFormation template, create a separate parameter for each EC2 instance type in the list
D. n the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues
View answer
Correct Answer: D
Question #124
A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards.Which caching strategy will meet these requirements?
A. read-through cache
B. write-behind cache
C. lazy-loading cache
D. write-through cache
View answer
Correct Answer: D
Question #125
A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket, the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).Which solution will meet this requirement?
A. reate and deploy an AWS Lambda function in each desired Region
B. reate an AWS CloudFormation template that defines the load test resources
C. reate an AWS Systems Manager document that defines the resources
D. reate an AWS CloudFormation template that defines the load test resources
View answer
Correct Answer: B
Question #126
A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub.The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The company needs a solutio
A. ost each website by using AWS Amplify with a serverless backend
B. ost each website in AWS Elastic Beanstalk with multiple environments
C. ost each website in different Amazon S3 buckets for each environment
D. ost each website on its own Amazon EC2 instance
View answer
Correct Answer: A
Question #127
A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for the configuration. The developer wants to receive notifications before the configuration expires.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a standard parameter in AWS Systems Manager Parameter Store
B. reate a standard parameter in AWS Systems Manager Parameter Store
C. reate an advanced parameter in AWS Systems Manager Parameter Store
D. reate an advanced parameter in AWS Systems Manager Parameter Store
View answer
Correct Answer: C
Question #128
A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket.Which policy must the developer modify to allow the instances to write these objects?
A. he IAM policy that is attached to the EC2 instance profile role
B. he session policy that is applied to the EC2 instance role session
C. he AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instance profile role
D. he Amazon VPC endpoint policy
View answer
Correct Answer: A
Question #129
A developer is migrating some features from a legacy monolithic application to use AWS Lambda functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB cluster are deployed in the same AWS Region in the same AWS account.The developer needs to ensure that the Lambda functions can securely access the DB cluster without crossing the public internet.Which solution will meet
A. onfigure the DB cluster's public access setting to Yes
B. onfigure an Amazon RDS database proxy for he Lambda functions
C. onfigure a NAT gateway and a security group for the Lambda functions
D. onfigure the VPC, subnets, and a security group for the Lambda functions
View answer
Correct Answer: D
Question #130
A company has deployed an application on AWS Elastic Beanstalk. The company has configured the Auto Scaling group that is associated with the Elastic Beanstalk environment to have five Amazon EC2 instances. If the capacity is fewer than four EC2 instances during the deployment, application performance degrades. The company is using the all-at-once deployment policy.What is the MOST cost-effective way to solve the deployment issue?
A. hange the Auto Scaling group to six desired instances
B. hange the deployment policy to traffic splitting
C. hange the deployment policy to rolling with additional batch
D. hange the deployment policy to rolling
View answer
Correct Answer: C
Question #131
A developer is building an application that uses Amazon DynamoDB. The developer wants to retrieve multiple specific items from the database with a single API call.Which DynamoDB API call will meet these requirements with the MINIMUM impact on the database?
A. atchGetItem
B. etItem
C. can
D. uery
View answer
Correct Answer: A
Question #132
A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours.Which combination of steps will resolve the latency issue? (Choose two.)
A. pply a bucket policy that allows anonymous users to download the content from the S3 bucket
B. enerate a pre-signed object URL for the premier content file when a paid subscriber requests a download
C. dd a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects
D. nable server-side encryption on the S3 bucket for data protection against the non-paying website visitors
View answer
Correct Answer: DE
Question #133
A developer maintains a critical business application that uses Amazon DynamoDB as the primary data store. The DynamoDB table contains millions of documents and receives 30-60 requests each minute. The developer needs to perform processing in near-real time on the documents when they are added or updated in the DynamoDB table.How can the developer implement this feature with the LEAST amount of change to the existing application code?
A. et up a cron job on an Amazon EC2 instance
B. nable a DynamoDB stream on the table
C. pdate the application to send a PutEvents request to Amazon EventBridge
D. pdate the application to synchronously process the documents directly after the DynamoDB write
View answer
Correct Answer: B
Question #134
A company moved some of its secure files to a private Amazon S3 bucket that has no public access. The company wants to develop a serverless application that gives its employees the ability to log in and securely share the files with other users.Which AWS feature should the company use to share and access the files securely?
A. mazon Cognito user pool
B. 3 presigned URLs
C. 3 bucket policy
D. mazon Cognito identity pool
View answer
Correct Answer: A
Question #135
A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)
A. etry the batch operation immediately
B. etry the batch operation with exponential backoff and randomized delay
C. pdate the application to use an AWS software development kit (AWS SDK) to make the requests
D. ncrease the provisioned read capacity of the DynamoDB tables that the operation accesses
E. ncrease the provisioned write capacity of the DynamoDB tables that the operation accesses
View answer
Correct Answer: BD
Question #136
A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)
A. WS CodeDeploy
B. WS CodeArtifact
C. WS CodeCommit
D. mazon CodeGuru
View answer
Correct Answer: BD
Question #137
A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket.Which policy must the developer modify to allow the instances to write these objects?
A. he IAM policy that is attached to the EC2 instance profile role
B. he session policy that is applied to the EC2 instance role session
C. he AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instance profile role
D. he Amazon VPC endpoint policy
View answer
Correct Answer: A
Question #138
A software company is launching a multimedia application. The application will allow guest users to access sample content before the users decide if they want to create an account to gain full access. The company wants to implement an authentication process that can identify users who have already created an account. The company also needs to keep track of the number of guest users who eventually create an account.Which combination of steps will meet these requirements? (Choose two.)
A. reate Lambda functions inside the VPC with the AWSLambdaBasicExecutionRole policy attached to the Lambda execution role
B. reate Lambda functions inside the VPC with the AWSLambdaVPCAccessExecutionRole policy attached to the Lambda execution role
C. reate Lambda functions with the AWSLambdaBasicExecutionRole policy attached to the Lambda execution role
D. reate Lambda functions with the AWSLambdaVPCAccessExecutionRole policy attached to the Lambda execution role
View answer
Correct Answer: BD
Question #139
A developer wants to use AWS Elastic Beanstalk to test a new version of an application in a test environment.Which deployment method offers the FASTEST deployment?
A. mmutable
B. olling
C. olling with additional batch
D. ll at once
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: