BPE1
Your application is processing one Kinesis data stream which has four shards, and each instance has one KCL worker. To scale up processing in your application, you reshard your stream to increase the number of open shards to six. What is the MAXIMUM number of EC2 instances that you should launch to achieve optimum performance?
6
A serverless application, which is composed of Lambda functions integrated with API Gateway and DynamoDB, processes ad hoc requests that are sent by its users. Due to the recent spike in incoming traffic, some of your customers are complaining that they are getting HTTP 504 errors from time to time. Which of the following is the MOST likely cause of this issue?
API Gateway request has timed out because the underlying Lambda function has been running for more than 29 seconds.
A developer is instructed to set up a new serverless architecture composed of AWS Lambda, API Gateway, and DynamoDB in a single stack. The new architecture should allow the developer to locally build, test, and debug serverless applications. Which of the following should the developer use to satisfy the above requirement?
AWS Serverless Application Model (AWS SAM)
A Lambda-based application consists of several functions. Once triggered, these functions will call various downstream resources such as a DynamoDB table or an S3 bucket, or make other API calls. There is a requirement to allow the developers to trace the event source that invoked your Lambda functions and trace the downstream calls that your functions made. The number of requests and the execution duration per request should also be monitored. Which of the following services should you use to achieve this? (Select TWO.)
AWS X-Ray Amazon CloudWatch
A developer uses AWS SAM templates to deploy a serverless application. He needs to embed the application from the AWS Serverless Application Repository or from an S3 bucket as a nested application. Which of the following resource type is the most SUITABLE one that the developer should use?
AWS::Serverless::Application
A recently deployed Lambda function has an intermittent issue in processing customer data. You enabled the active tracing option in order to detect, analyze, and optimize performance issues of your function using the X-Ray service. Which of the following environment variables are used by AWS Lambda to facilitate communication with X-Ray? (Select TWO.)
AWS_XRAY_CONTEXT_MISSING _X_AMZN_TRACE_ID
An application hosted in an Auto Scaling group of On-Demand EC2 instances is used to process data polled from an SQS queue and the generated output is stored in an S3 bucket. To improve security, you were tasked to ensure that all objects in the S3 bucket are encrypted at rest using server-side encryption with AWS KMS-Managed Keys (SSE-KMS). Which of the following is required to properly implement this requirement?
Add a bucket policy which denies any s3:PutObject action unless the request includes the x-amz-server-side-encryption header.
A programmer is developing a shell script which uses AWS CLI to list all objects of a given bucket. However, the script is timing out if the bucket has tens of thousands of objects. What is the BEST solution that the programmer should implement to rectify this issue?
Add pagination parameters in the AWS CLI command
An application, which already uses X-Ray, generates thousands of trace data every hour. The developer wants to use a filter expression which will limit the results based on custom attributes or keys that he specifies. How should the developer refactor the application in order to filter the results in the X-Ray console?
Add the custom attributes as annotations in your segment document.
An augmented reality mobile game has a serverless backend composed of Lambda, DynamoDB, and API Gateway. Due to the surge of new players globally, there were a lot of delays in retrieving the player data. You are instructed by your manager to improve the game's performance by reducing the database response times down to microseconds. Which of the following is the BEST service to use that can satisfy this scenario?
Amazon DynamoDB Accelerator (DAX)
A developer is building a web application which requires a multithreaded event-based key/value cache store that will cache result sets from database calls. You need to run large nodes with multiple cores for your cache layer and it should scale up or down as the demand on your system increases and decreases. Which of the following is the MOST suitable service that you should use?
Amazon ElastiCache for Memcached
Your company uses Elastic Beanstalk to manage a web application. You were instructed to configure the Elastic Beanstalk environment's deployment policy to launch new EC2 instances, and then deploy the new version of your application only to these new resources. Which of the following deployment methods can you use to meet this required configuration? (Select TWO.)
Blue/Green deployment Immutable
A Lambda function has been integrated with DynamoDB Streams as its event source. There has been a new version of the function that needs to be deployed using CodeDeploy where the traffic must be shifted in two increments. It should shift 10 percent of the incoming traffic to the new version in the first increment and then the remaining 90 percent should be deployed five minutes later. Which of the following deployment configurations is the MOST suitable to satisfy this requirement?
Canary
A developer has recently completed a new version of a serverless application that is ready to be deployed using AWS SAM. There is a requirement that the traffic should shift from the previous Lambda function to the new version in the shortest time possible, but you still don't want to shift traffic all-at-once immediately. Which deployment configuration is the MOST suitable one to use in this scenario?
CodeDeployDefault.LambdaCanary10Percent5Minutes
You are managing a distributed system which is composed of an Application Load Balancer, SQS queue, and an Auto Scaling group of EC2 instances. The system has been integrated with CloudFront to better serve their clients around the globe. To improve the security of your in-flight data, you were instructed to establish an end-to-end SSL connection between your origin and your end users. How can you meet this requirement using CloudFront? (Select TWO.)
Configure the Origin Protocol Policy. Configure the Viewer Protocol Policy.
A Software Engineer is developing an application which will be hosted on an EC2 instance and will read messages from a standard SQS queue. The average time that it takes for the producers to send a new message to the queue is 40 seconds. Which of the following is the MOST efficient way for the application to query the new messages from the queue?
Configure the SQS queue to use Long Polling.
A developer is working on a photo-sharing application which can automatically add filters to the high-resolution images uploaded by its users. For every new image that the user uploads, it would be sent to Amazon SQS and will be handled by an image processing application hosted in Lambda. The processed image would then be stored in an S3 bucket. If the upload was successful, the application will return a prompt telling the user that the upload is successful. However, the entire processing typically takes an average of 5 minutes to complete, which causes the application to become unresponsive. Which of the following is the MOST suitable and cost-effective option which will prevent your application from being unresponsive?
Configure the application to asynchronously process the requests and change the invocation type of the Lambda function to Event.
A serverless application is composed of several Lambda functions which reads data from RDS. These functions must share the same connection string that should be encrypted to improve data security. Which of the following is the MOST secure way to meet the above requirement?
Create a Secure String Parameter using the AWS Systems Manager Parameter Store.
An internal web application is hosted in a custom VPC with multiple private subnets only. Every EC2 instance that will be provisioned on this VPC will require access to an S3 bucket to pull configuration files as well as to push application logs. Which of the following options is the most suitable solution to use in this scenario?
Create a VPC endpoint for S3.
An online stock trading platform is hosted in an Auto Scaling group of EC2 instances with an Application Load Balancer in front to evenly distribute the incoming traffic. The developer must capture information about the IP traffic going to and from network interfaces in your VPC to comply with financial regulatory requirements. Which of the following options should the developer do to meet the requirement?
Create a flow log in your VPC.
A mobile game is using a DynamoDB table named GameScore that keeps track of users and scores. Each item in the table is identified by a partition key (UserId) and a sort key (GameTitle). The diagram below shows how the items in the table are organized: (image shows a table with columns UserId, GameTitle, TopScore, TopScoreDateTime, Wins, Losses) A developer want to write a leaderboard application to display top scores for each game, by querying over the entire table and across all its partitions. What should the developer do to meet this requirement?
Create a global secondary index.
To improve their information security management system (ISMS), a company recently released a new policy which requires all database credentials to be encrypted and be automatically rotated to avoid unauthorized access. Which of the following is the MOST appropriate solution to secure the credentials?
Create a secret in AWS Secrets Manager and enable automatic rotation of the database credentials.
The users of a social media website must be authenticated using social identity providers such as Twitter, Facebook, and Google. Users can login to the site which will allow them to upload their selfies, memes, and other media files in an S3 bucket. As an additional feature, you should also enable guest user access to certain sections of the website. Which of the following should you do to accomplish this task?
Create an Identity Pool in Amazon Cognito and enable access to unauthenticated identities.
A developer is planning to deploy a high-performance online trading application which requires a database that can scale globally and can handle frequent schema changes. The database should also support flexible schemas that enable faster and more iterative development. Which is the MOST suitable database service that you should use to achieve this requirement?
DynamoDB
A developer is working on a Lambda function which has an event source mapping to process requests from API Gateway. The function will consistently have 10 requests per second and it will take a maximum of 50 seconds to complete each request. What should the developer do to prevent the function from throttling?
Do nothing since Lambda will automatically scale to handle the load.
An application hosted in an Amazon ECS Cluster processes a large stream of data and stores the result to a DynamoDB table. There is an urgent requirement to detect new entries in the table then automatically trigger a Lambda function to run some tests to verify the processed data. Which of the following options can satisfy the requirement with minimal configuration?
Enable DynamoDB Streams to detect the new entries and automatically trigger the Lambda function.
An application hosted in a multicontainer Docker platform in Elastic Beanstalk uses DynamoDB to handle the session data of its users. These data are only used in a particular timeframe and the stale data can be deleted after the user logged out of the system. Which of the following is the most suitable way to delete the session data?
Enable TTL for the session data in the DynamoDB table.
There has been reports that your application, which has a MySQL RDS database, becomes unresponsive from time to time. You were instructed to collect all SQL statements that took longer to execute for troubleshooting. What should you do to properly troubleshoot this issue with the LEAST amount of effort?
Enable slow query log in RDS.
A new IT policy requires you to trace all calls that your Node.js application sends to external HTTP web APIs as well as SQL database queries. You have to instrument your application, which is hosted in Elastic Beanstalk, in order to properly trace the calls via the X-Ray console. What should you do to comply with the given requirement?
Enable the X-Ray daemon by including the xray-daemon.config configuration file in the .ebextensions directory of your source code.
A developer has deployed a Lambda function which will run in various environments such as DEV, TEST, UAT, and PROD. As part of its processing, the function also calls a set of external API services which varies based on the environment. The function must use different endpoints for these external services to properly complete the processing. Which of the following features in Lambda should the developer use to reference the appropriate external endpoint for each environment?
Environment Variables
A programmer is developing a Node.js application which will be run in a Linux server on their on-premises data center. The application will access various AWS services such as S3, DynamoDB, and ElastiCache using the AWS SDK. Which of the following is the MOST suitable way to provide access to the developer in order to accomplish the specified task?
Go to the AWS Console and create a new IAM user with programmatic access. In the application server, create the credentials file at ~/.aws/credentials with the access keys of the IAM user.
Your customers require access to the REST APIs of your web application which is hosted on EC2 instances behind a load balancer in your VPC. To accommodate this request, your web services should be integrated with API Gateway that has a custom data mapping. You need to specify how the incoming request data is mapped to the integration request and how the resulting integration response data is mapped to the method response. Which of the following integration types is the MOST suitable one to use in API Gateway to meet this requirement?
HTTP
Your serverless AWS Lambda functions are integrated with Amazon API gateway using Lambda proxy integration. The API caching feature is enabled in the API Gateway with a TTL value of 300 seconds. A client would like to fetch the latest data from your endpoints every time a request is sent and invalidate the existing cache. What should the client do in order to get the latest data?
Have the client send a request with the Cache-Control: max-age=0 header.
An API gateway with a Lambda proxy integration takes a long time to complete its processing. There were also occurrences where some requests timed out. You want to monitor the responsiveness of your API calls as well as the underlying Lambda function. Which of the following CloudWatch metrics should you use to troubleshoot this issue? (Select TWO.)
Latency IntegrationLatency
You have a private S3 bucket that stores application logs and the bucket contents are accessible to all members of the Developer IAM group. However, you want to make an object inside the bucket which should only be accessible to the members of Admin IAM group. How can you apply an S3 bucket policy to this object using AWS CLI?
None of the above.
A developer is working on an application which stores data to an Amazon DynamoDB table with the DynamoDB Streams feature enabled. He set up an event source mapping with DynamoDB Streams and AWS Lambda function to monitor any table changes then store the original data of the overwritten item in S3. When an item is updated, it should only send a copy of the item's previous value to an S3 bucket and maintain the new value in the DynamoDB table. Which StreamViewType is the MOST suitable one to use in the DynamoDB configuration to fulfill this scenario?
OLD_IMAGE
A mission-critical application is required to have a monitoring system which can provide immediate insight into its sub-minute activity. You are required to collect the data of all of the users who are currently logged in to the system every 10 seconds. Which of the following options is the MOST suitable solution that you should do to meet the above requirements?
Publish a high-resolution custom metric to CloudWatch.
You are developing a Lambda function which processes event notifications from Amazon S3. It is expected that the function will have: - 50 requests per second - 100 seconds to complete each request What should you do to prevent any issues when the function has been deployed and becomes operational?
Request for AWS to increase the limit of your concurrent executions.
A mobile app is using a backend API hosted in AWS. You want to develop a push notification feature that can send messages directly to mobile apps whenever there is a new version of the app available. The notification message can include a link to download and install the update. Which of the following is the BEST service to use to develop this feature?
SNS
A website hosted in AWS has a custom CloudWatch metric to track all HTTP server errors in the site every minute, which occurs intermittently. An existing CloudWatch Alarm has already been configured for this metric but you would like to re-configure this to properly monitor the application. The alarm should only be triggered when all three data points in the most recent three consecutive periods are above the threshold. Which of the following options is the MOST appropriate way to monitor the website based on the given threshold?
Set both the Evaluation Period and Datapoints to Alarm to 3.
A website is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer. It also uses CloudFront with a default domain name to distribute its static assets and dynamic contents. However, the website has a poor search ranking as it doesn't use a secure HTTPS/SSL on its site. Which are the possible solutions that the developer can implement in order to set up HTTPS communication between the viewers and CloudFront? (Select TWO.)
Set the Viewer Protocol Policy to use Redirect HTTP to HTTPS. Set the Viewer Protocol Policy to use HTTPS Only.
You have several API Gateway APIs with Lambda Integration for each release life cycle of your application. There is a requirement to consolidate multiple releases into a single API Gateway for the ALPHA, BETA, RC (Release Candidate), and PROD releases. For example, their clients can connect to their ALPHA release by using the alpha.tutorialsdojo.com endpoint and beta release through the beta.tutorialsdojo.com endpoint. As the AWS developer, how can you satisfy this requirement?
Set up Stage Variables for each release.
A Lambda function downloads a file, with a size of 55 MB, from an external repository every time it is invoked. This causes the function to time out intermittently which greatly affects your serverless application. How should you refactor the function to solve this issue?
Store the file in the /tmp directory of the execution context and reuse it on succeeding invocations.
A developer is building a new Docker application using ECS. She needs to allow containers to access ports on the host container instance to send or receive traffic using port mapping. Which component of ECS should the developer configure to properly implement this task?
Task definition
A developer configured an Amazon API Gateway proxy integration named MyAPI to work with a Lambda function. However, when the API is being called, the developer receives a 502 Bad Gateway error. She tried invoking the underlying function but it properly returns the result in XML format. What is the MOST likely root cause of this issue?
There is an incompatible output returned from a Lambda proxy integration backend.
A web application is running in an ECS Cluster and updates data in DynamoDB several times a day. The clients retrieve data directly from the DynamoDB through APIs exposed by Amazon API Gateway. Although API caching is enabled, there are specific clients that want to retrieve the latest data from DynamoDB for every API request sent. What should be done to only allow authorized clients to invalidate an API Gateway cache entry when submitting API requests? (Select TWO.)
Tick the Require Authorization checkbox in the Cache Settings of your API via the console. The client must send a request which contains the Cache-Control: max-age=0 header.
You are deploying a serverless application composed of Lambda, API Gateway, CloudFront, and DynamoDB using CloudFormation. The AWS SAM syntax should be used to declare resources in your template which requires you to specify the version of the AWS Serverless Application Model (AWS SAM). Which of the following sections is required, aside from the Resources section, that should be in your CloudFormation template?
Transform
You have created a Node.js Lambda function that updates a DynamoDB table and sends an email notification via Amazon SNS. However, upon testing, the function is not working as expected. Which of the following is the BEST way to troubleshoot this issue?
Use AWS X-Ray
A serverless application composed of Lambda, API Gateway, and DynamoDB has been running without any issues for quite some time. As part of the IT compliance of the company, a developer was instructed to ensure that all of the new changes made to the items in DynamoDB are recorded and stored to another DynamoDB table in another region. In this scenario, which of the following is the MOST ideal way to comply with the given requirements?
Use DynamoDB Streams
A company that sells smart security cameras uses an S3 bucket behind a CloudFront web distribution to store its static content, which they share to their customers around the world. They recently released a new firmware update that is intended to be used only by its premium customers. Any unauthorized access should be denied and the user authentication process must have a minimal latency. How can a developer refactor the current set up to achieve this requirement with the MOST efficient solution?
Use Lambda@Edge and Amazon Cognito to authenticate and authorize premium customers to download the firmware update.
A reporting application is hosted in Elastic Beanstalk and uses DynamoDB as its database. If a user requests for data, it scans the entire table and returns the requested data. In the coming weeks, it is expected that the table will grow due to the surge of new users and requested reports. Which of the following should be done as a preparation to improve the performance of the application with minimal cost? (Select TWO.)
Use Query operations instead Reduce page size
You want to update a Lambda function on your production environment and ensure that when you publish the updated version, you still have a quick way to roll back to the older version in case you encountered a problem. To prevent any sudden user interruptions, you want to gradually increase the traffic going to the new version. Which of the following implementation is the BEST option to use?
Use Traffic Shifting with Lambda Aliases.
A developer is moving a legacy web application from their on-premises data center to AWS. The application is concurrently used by thousands of people and it stores the user session state in memory. Its on-premises server usually reaches 100% CPU Utilization every time there is a surge on the number of people accessing the application. Which of the following is the best way to re-factor the performance and availability of the application's session management once it is migrated to AWS?
Use an ElastiCache for Redis cluster to store the user session state of the application.
An application performs various workflows and processes long-running tasks that take a long time to complete. The users are complaining that the application is unresponsive since the workflow substantially increased the time it takes to complete a user request. Which of the following is the BEST way to improve the performance of the application?
Use an Elastic Beanstalk worker environment to process the tasks asynchronously.
A DynamoDB table has several top-level attributes such as id, course_id, course_title, price, rating and many others. The database queries of your application returns all of the item attributes by default but you only want to fetch specific attributes such as the course_id and price per request. As the developer, how can you refactor your application to accomplish this requirement?
Use projection expression
A web application is uploading large files, which are over 4 GB in size, in an S3 bucket called data.tutorialsdojo.com every 30 minutes. You want to minimize the time required to upload each file. Which of the following should you do to minimize upload time?
Use the Multipart upload API.
A Lambda function is sending data to an Aurora MySQL DB Instance in your VPC. However, you are getting a MySQL: ERROR 1040: Too many connections error whenever there is a surge in incoming traffic. Upon investigation, you found that your function is always creating a new database connection whenever it is invoked. Which of the following is the MOST suitable and scalable solution to overcome this problem?
Use the execution context in your function and add logic in your code to check if a connection exists before creating one.
You developed a shell script which uses AWS CLI to create a new Lambda function. However, you received an InvalidParameterValueException after running the script. What is the MOST likely cause of this issue?
You provided an IAM role in the CreateFunction API which AWS Lambda is unable to assume.
A developer is building an e-commerce application which will be hosted in an ECS Cluster. To minimize the number of instances in use, she must select a strategy which will place tasks based on the least available amount of CPU or memory. Which of the following task placement strategy should the developer implement?
binpack
A technical manager needs permission to create new repositories and delete them in CodeCommit. This will enable her to manage all of the code repositories of each development teams and remove duplicate or unused ones. Which of the following permissions should be given in order to comply with the standard security advice of granting least privilege?
codecommit:CreateRepository and codecommit:DeleteRepository
A developer is instructed to configure a worker daemon to queue messages based on a specific schedule using a worker environment hosted in Elastic Beanstalk. Periodic tasks should be defined to automatically add jobs to your worker environment's queue at a regular interval. Which configuration file should the developer add in the source bundle to meet the above requirement?
cron.yaml
A developer needs to encrypt all objects being uploaded by their application to the S3 bucket to comply with the company's security policy. The bucket will use server-side encryption with Amazon S3-Managed encryption keys (SSE-S3) to encrypt the data using 256-bit Advanced Encryption Standard (AES-256) block cipher. Which of the following request headers should the developer use?
x-amz-server-side-encryption
You are building a distributed system using KMS where you need to encrypt data at a later time. An API must be called that returns only the encrypted copy of the data key which you will use for encryption. After an hour, you will decrypt the data key by calling the Decrypt API then using the returned plaintext data key to finally encrypt the data. Which is the MOST suitable KMS API that the system should use to securely implement the requirements described above?
GenerateDataKeyWithoutPlaintext
A web application is using an ElastiCache cluster that is suffering from cache churn, which means that a lot of cache data in the cluster are never read. There is a requirement to reconfigure the application to retrieve the data from the database only in the event that there is a cache miss. Which of the following caching strategy is the MOST suitable that the developer should implement?
Lazy loading
A Software Engineer is refactoring a Lambda function, which currently uses a public GraphQL API from the Internet as part of its processing. The new requirement states that the function should process the data and store the results to a database hosted in your VPC. The additional VPC-specific information has already been configured in the function and the database connection has been successfully established. However, after testing, he found that the function can't connect to the Internet anymore. Which of the following should the Software Engineer do to fix this issue? (Select TWO.)
Add a NAT gateway to your VPC. Ensure that the associated security group of the Lambda function allows outbound connections.