AWS Developer Practice Questions

Ace your homework & exams now with Quizwiz!

A serverless application uses an AWS Lambda function, Amazon API Gateway API and an Amazon DynamoDB table. The Lambda function executes 10 times per second and takes 3 seconds to complete each execution. How many concurrent executions will the Lambda function require?

30

A company provides a large number of services on AWS to customers. The customers connect to one or more services directly and the architecture is becoming complex. How can the architecture be refactored to provide a single interface for the services?

Amazon API Gateway

A company has hired a team of remote Developers. The Developers need to work programmatically with AWS resources from their laptop computers. Which security components MUST the Developers use to authenticate?

Access key ID and Secret access key

A Developer needs to return a list of items in a global secondary index from an Amazon DynamoDB table. Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

Query operation using eventually-consistent reads

A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table. Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

Query operation using eventually-consistent reads

An application is running on a cluster of Amazon EC2 instances. The application has received an error when trying to read objects stored within an Amazon S3 bucket. The bucket is encrypted with server-side encryption and AWS KMS managed keys (SSE-KMS). The error is as follows: Service: AWSKMS; Status Code: 400, Error Code: ThrottlingException Which combination of steps should be taken to prevent this failure?

Perform error retries with exponential backoff in the application code and Contact AWS support to request an AWS KMS rate limit increase

A developer has created an Amazon API Gateway with caching enabled in front of AWS Lambda. For some requests, it is necessary to ensure the latest data is received from the endpoint. How can the developer ensure the data is not stale?

Send requests with the Cache-Control: max-age=0 header

A developer is completing the configuration for an Amazon ECS cluster. Which task placement strategy will MINIMIZE the number of instances in use?

binpack

A developer is creating a serverless application that will use a DynamoDB table. The average item size is 9KB. The application will make 4 strongly consistent reads/sec, and 2 standard write/sec. How many RCUs/WCUs are required?

12 RCU and 18 WCU

A Developer is creating an application that will utilize an Amazon DynamoDB table for storing session data. The data being stored is expected to be around 4.5KB in size and the application will make 20 eventually consistent reads/sec, and 12 standard writes/sec. How many RCUs/WCUs are required?

20 RCU and 60 WCU

A developer is creating a serverless application that will use a DynamoDB table. The average item size is 7KB. The application will make 3 strongly consistent reads/sec, and 1 standard write/sec. How many RCUs/WCUs are required?

6 RCU and 7 WCU

A team of Developers are working on a shared project and need to be able to collaborate on code. The shared application code must be encrypted at rest, stored on a highly available and durable architecture, and support multiple versions and batch change tracking. Which AWS service should the Developer use?

AWS CodeCommit

An IT automation architecture uses many AWS Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks easily. Which AWS Service can help refactor and manage the state machine?

AWS Step Functions

A company has deployed a new web application that uses Amazon Cognito for authentication. The company wants to allow sign-in from any source but wants to automatically block all sign-in attempts if the risk level is elevated. Which Amazon Cognito feature will meet these requirements?

Adaptive authentication.

A Developer must run a shell script on Amazon EC2 Linux instances each time they are launched by an Amazon EC2 Auto Scaling group. What is the SIMPLEST way to run the script?

Add the script to the user data when creating the launch configuration

A Developer has completed some code updates and needs to deploy the updates to an Amazon Elastic Beanstalk environment. The update must be deployed in the fastest possible time and application downtime is acceptable. Which deployment policy should the Developer choose?

All at once

A company has released a new application on AWS. The company are concerned about security and require a tool that can automatically assess applications for exposure, vulnerabilities, and deviations from best practices. Which AWS service should they use?

Amazon Inspector

A solution requires a serverless service for receiving streaming data and loading it directly into an Amazon Elasticsearch datastore. Which AWS service would be suitable for this requirement?

Amazon Kinesis Data Firehose

An application will ingest data at a very high throughput from several sources and stored in an Amazon S3 bucket for subsequent analysis. Which AWS service should a Developer choose for this requirement?

Amazon Kinesis Data Firehose

A Developer is designing a cloud native application. The application will use several AWS Lambda functions that will process items that the functions read from an event source. Which AWS services are supported for Lambda event source mappings?

Amazon Kinesis; Amazon DynamoDB; Amazon Simple Queue Service (SQS)

An application includes multiple Auto Scaling groups of Amazon EC2 instances. Each group corresponds to a different subdomain of example.com, including forum.example.com and myaccount.example.com. An Elastic Load Balancer will be used to distribute load from a single HTTPS listener. Which type of Elastic Load Balancer MUST a Developer use in this scenario?

Application Load Balancer

A set of APIs are exposed to customers using Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs. What action can be taken to allow API customers to invalidate the API Cache?

Ask customers to pass an HTTP header called Cache-Control:max-age=0

A Developer is creating a script to automate the deployment process for a serverless application. The Developer wants to use an existing AWS Serverless Application Model (SAM) template for the application. What should the Developer use for the project?

Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward

A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment. How can the Developer achieve this with MINIMAL impact on users?

Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version

A Developer is writing an AWS Lambda function that processes records from an Amazon Kinesis Data Stream. The Developer must write the function so that it sends a notice to Administrators if it fails to process a batch of records. How should the Developer write the function?

Configure an Amazon SNS topic as an on-failure destination

A Developer has created an AWS Lambda function in a new AWS account. The function is expected to be invoked 40 times per second and the execution duration will be around 100 seconds. What MUST the Developer do to ensure there are no errors?

Contact AWS Support to increase the concurrent execution limits

A Developer is creating an AWS Lambda function that will process data from an Amazon Kinesis data stream. The function is expected to be invoked 50 times per second and take 100 seconds to complete each request. What MUST the Developer do to ensure the functions runs without errors?

Contact AWS and request to increase the limit for concurrent executions

A Developer created an AWS Lambda function and then attempted to add an on failure destination but received the following error: The function's execution role does not have permissions to call SendMessage on arn:aws:sqs:us-east-1:515148212435:FailureDestination How can the Developer resolve this issue MOST securely?

Create a customer managed policy with all read/write permissions to SQS and attach the policy to the function's execution role

A team of Developers require read-only access to an Amazon DynamoDB table. The Developers have been added to a group. What should an administrator do to provide the team with access whilst following the principal of least privilege?

Create a customer managed policy with read only access to DynamoDB and specify the ARN of the table for the "Resource" element. Attach the policy to the group

A Developer needs to restrict all users and roles from using a list of API actions within a member account in AWS Organizations. The Developer needs to deny access to a few specific API actions. What is the MOST efficient way to do this?

Create a deny list and specify the API actions to deny

A mobile application is being developed that will use AWS Lambda, Amazon API Gateway and Amazon DynamoDB. A developer would like to securely authenticate the users of the mobile application and then grant them access to the API. What is the BEST way to achieve this?

Create a COGNITO_USER_POOLS authorizer in API Gateway

How can a Developer view a summary of proposed changes to an AWS CloudFormation stack without implementing the changes in production?

Create a Change Set

A company has several AWS accounts used by different departments. Developers use the same CloudFormation template to deploy an application across accounts. What can the developers use to deploy and manage the application with the LEAST operational effort?

Create a CloudFormation Stack in an administrator account and use StackSets to update the stacks across multiple accounts

A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates

A website consisting of HTML, images, and client-side JavaScript is being hosted on Amazon S3. The website will be used globally, what's the best way to MINIMIZE latency for global users?

Create a CloudFront distribution and configure the S3 website as an origin

A Developer needs to be notified by email for all new object creation events in a specific Amazon S3 bucket. Amazon SNS will be used for sending the messages. How can the Developer enable these notifications?

Create an event notification for all s3:ObjectCreated:* API calls

A Developer has created an Amazon Cognito user pool and configured a domain for it. The Developer wants to add sign-up and sign-in pages to an app with a company logo. What should the Developer do to meet these requirements?

Customize the Amazon Cognito hosted web UI and add the company logo.

A developer is preparing the resources for creating a multicontainer Docker environment on AWS Elastic Beanstalk. How can the developer define the Docker containers?

Define the containers in the Dockerrun.aws.json file in JSON format and save at the root of the source directory

A Developer has lost their access key ID and secret access key for programmatic access. What should the Developer do?

Disable and delete the user's access key and generate a new set

A company has deployed a REST API using Amazon API Gateway with a Lambda authorizer. The company needs to log who has accessed the API and how the caller accessed the API. They also require logs that include errors and execution traces for the Lambda authorizer. Which combination of actions should the Developer take to meet these requirements?

Enable API Gateway access logs and Enable API Gateway execution logging

An application running on Amazon EC2 generates a large number of small files (1KB each) containing personally identifiable information that must be converted to ciphertext. The data will be stored on a proprietary network-attached file system. What is the SAFEST way to encrypt the data using AWS KMS?

Encrypt the data directly with a customer managed customer master key

An AWS Lambda function requires several environment variables with secret values. The secret values should be obscured in the Lambda console and API output even for users who have permission to use the key. What is the best way to achieve this outcome and MINIMIZE complexity and latency?

Encrypt the secret values client-side using encryption helpers

A Developer is creating a DynamoDB table for storing transaction logs. The table has 10 write capacity units (WCUs). The Developer needs to configure the read capacity units (RCUs) for the table in order to MAXIMIZE the number of requests allowed per second. Which of the following configurations should the Developer use?

Eventually consistent reads of 15 RCUs reading items that are 1 KB in size

A Developer is creating a DynamoDB table for storing application logs. The table has 5 write capacity units (WCUs). The Developer needs to configure the read capacity units (RCUs) for the table. Which of the following configurations represents the most efficient use of throughput?

Eventually consistent reads of 5 RCUs reading items that are 4 KB in size

A Developer is trying to make API calls using AWS SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Which method should the Developer use to access the multi-factor authentication protected API?

GetSessionToken

A Developer needs to configure an Elastic Load Balancer that is deployed through AWS Elastic Beanstalk. Where should the Developer place the load-balancer.config file in the application source bundle?

In the .ebextensions folder

A company uses an Amazon Simple Queue Service (SQS) Standard queue for an application. An issue has been identified where applications are picking up messages from the queue that are still being processed causing duplication. What can a Developer do to resolve this issue?

Increase the VisibilityTimeout API action on the queue

A monitoring application that keeps track of a large eCommerce website uses Amazon Kinesis for data ingestion. During periods of peak data rates, the Kinesis stream cannot keep up with the incoming data. What step will allow Kinesis data streams to accommodate the traffic during peak hours?

Increase the shard count of the stream using UpdateShardCount

A Developer is looking for a way to use shorthand syntax to express functions, APIs, databases, and event source mappings. The Developer will test using AWS SAM to create a simple Lambda function using Nodejs.12x. What is the SIMPLEST way for the Developer to get started with a Hello World Lambda function?

Install the AWS SAM CLI, run sam init and use one of the AWS Quick Start Templates

An application runs on Amazon EC2 and generates log files. A Developer needs to centralize the log files so they can be queried and retained. What is the EASIEST way for the Developer to centralize the log files?

Install the Amazon CloudWatch Logs agent and collect the logs from the instances

A company use Amazon CloudFront to deliver application content to users around the world. A Developer has made an update to some files in the origin however users have reported that they are still getting the old files. How can the Developer ensure that the old files are replaced in the cache with the LEAST disruption?

Invalidate the files from the edge caches

Customers who use a REST API have reported performance issues. A Developer needs to measure the time between when API Gateway receives a request from a client and when it returns a response to the client. Which metric should the Developer monitor?

Latency

A company has sensitive data that must be encrypted. The data is made up of 1 GB objects and there is a total of 150 GB of data. What is the BEST approach for a Developer to encrypt the data using AWS KMS?

Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use the plaintext key to encrypt the data

An ecommerce company manages a storefront that uses an Amazon API Gateway API which exposes an AWS Lambda function. The Lambda functions processes orders and stores the orders in an Amazon RDS for MySQL database. The number of transactions increases sporadically during marketing campaigns, and then goes close to zero during quite times. How can a developer increase the elasticity of the system MOST cost-effectively?

Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale read replicas based on average connections of Aurora Replicas.

A small team of Developers require access to an Amazon S3 bucket. An admin has created a resource-based policy. Which element of the policy should be used to specify the ARNs of the user accounts that will be granted access?

Principal

An Amazon Kinesis Data Stream has recently been configured to receive data from sensors in a manufacturing facility. A consumer EC2 instance is configured to process the data every 48 hours and save processing results to an Amazon RedShift data warehouse. Testing has identified a large amount of data is missing. A review of monitoring logs has identified that the sensors are sending data correctly and the EC2 instance is healthy. What is the MOST likely explanation for this issue?

Records are retained for 24 hours in the Kinesis Data Stream by default

You run an ad-supported photo sharing website using Amazon S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business.What is an effective method to mitigate this?

Remove public read access and use signed URLs with expiry dates

A Developer is attempting to call the Amazon CloudWatch API and is receiving HTTP 400: ThrottlingException errors intermittently. When a call fails, no data is retrieved. What best practice should the Developer first attempt to resolve this issue?

Retry the call with exponential backoff

A Development team are deploying an AWS Lambda function that will be used by a production application. The function code will be updated regularly, and new versions will be published. The development team do not want to modify application code to point to each new version. How can the Development team setup a static ARN that will point to the latest published version?

Setup an Alias that will point to the latest version

A Developer is publishing custom metrics for Amazon EC2 using the Amazon CloudWatch CLI. The Developer needs to add further context to the metrics being published by organizing them by EC2 instance and Auto Scaling Group. What should the Developer add to the CLI command when publishing the metrics using put-metric-data?

The -dimensions parameter

An application running on a fleet of EC2 instances use the AWS SDK for Java to copy files into several AWS buckets using access keys stored in environment variables. A Developer has modified the instances to use an assumed IAM role with a more restrictive policy that allows access to only one bucket. However, after applying the change the Developer logs into one of the instances and is still able to write to all buckets. What is the MOST likely explanation for this situation?

The AWS credential provider looks for instance profile credentials last

An application will generate thumbnails from objects uploaded to an Amazon S3 bucket. The Developer has created the bucket configuration and the AWS Lambda function and has formulated the following AWS CLI command: aws lambda add-permission -function-name CreateThumbnail -principal s3.amazonaws.com -statement-id s3invoke -action "lambda:InvokeFunction" -source-arn arn:aws:s3:::digitalcloudbucket-source -source-account 523107438921 What will be achieved by running the AWS CLI command?

The Amazon S3 service principal (s3.amazonaws.com) will be granted permissions to perform the lambda:InvokeFunction action

A Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records. What is the reason for the duplicates?

The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data

An application is being instrumented to send trace data using AWS X-Ray. A Developer needs to upload segment documents using JSON-formatted strings to X-Ray using the API. Which API action should the developer use?

The PutTraceSegments API action

An eCommerce application uses an Amazon RDS database with Amazon ElastiCache in front. Stock volume data is updated dynamically in listings as sales are made. Customers have complained that occasionally the stock volume data is incorrect, and they end up purchasing items that are out of stock. A Developer has checked the front end and indeed some items display the incorrect stock count. What could be causing this issue?

The cache is not being invalidated when the stock volume data is changed

An application stores data in Amazon RDS and uses Amazon ElastiCache to improve read performance. The developer has configured ElastiCache to update the cache immediately after any writes to the primary database. What will be the result of this approach to caching?

The cache will become large and expensive because the infrequently requested data is also written to the cache.

A company is using AWS Lambda for processing small images that are uploaded to Amazon S3. This was working well until a large number of small files (several thousand) were recently uploaded and an error was generated by AWS Lambda (status code 429). What is the MOST likely cause?

The concurrency execution limit for the account has been exceeded

A Developer created an AWS Lambda function for a serverless application. The Lambda function has been executing for several minutes and the Developer cannot find any log data in CloudWatch Logs. What is the MOST likely explanation for this issue?

The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs

A company is deploying a new serverless application with an AWS Lambda function. A developer ran some test invocations using the AWS CLI. The function is invoking correctly and returning a success message, but not log data is being generated in Amazon CloudWatch Logs. The developer waited for 15 minutes but the log data is not showing up. What is the most likely explanation for this issue?

The function execution role does not have permission to write log data to CloudWatch Logs.

The following permissions policy is applied to an IAM user account: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sqs:*", "Resource": "arn:aws:sqs:*:513246782345:staging-queue*" }] } Due to this policy, what Amazon SQS actions will the user be able to perform?

The user will be able to use all Amazon SQS actions, but only for queues with names begin with the string "staging-queue"

A company has created a set of APIs using Amazon API Gateway and exposed them to partner companies. The APIs have caching enabled for all stages. The partners require a method of invalidating the cache that they can build into their applications. What can the partners use to invalidate the API cache?

They can pass the HTTP header Cache-Control: max-age=0

To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Transform

A Developer is creating a serverless application that uses an Amazon DynamoDB table. The application must make idempotent, all-or-nothing operations for multiple groups of write actions. Which solution will meet these requirements?

Update the items in the table using the TransactWriteltems operation to group the changes.

An application running on Amazon EC2 is experiencing intermittent technical difficulties. The developer needs to find a solution for tracking the errors that occur in the application logs and setting up a notification when the error rate exceeds a certain threshold. How can this be achieved with the LEAST complexity?

Use CloudWatch Logs to track the number of errors that occur in the application logs and send an SNS notification

An application is running on an Amazon EC2 Linux instance. The instance needs to make AWS API calls to several AWS services. What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

Use EC2 instance profiles

An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services. What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

Use EC2 instance profiles

A Developer needs to scan a full DynamoDB 50GB table within non-peak hours. About half of the strongly consistent RCUs are typically used during non-peak hours and the scan duration must be minimized. How can the Developer optimize the scan execution time without impacting production workloads?

Use parallel scans while limiting the rate

A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call?

"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_id}" ], "dynamodb:Attributes": [ "user_name" ] } }

A Developer needs to setup a new serverless application that includes AWS Lambda and Amazon API Gateway as part of a single stack. The Developer needs to be able to locally build and test the serverless applications before deployment on AWS. Which service should the Developer use?

AWS Serverless Application Model (SAM)

An application is using Amazon DynamoDB as its data store and needs to be able to read 200 items per second as eventually consistent reads. Each item is 12 KB in size. What value should be set for the table's provisioned throughput for reads?

300 Read Capacity Units

A Developer has noticed some suspicious activity in her AWS account and is concerned that the access keys associated with her IAM user account may have been compromised. What is the first thing the Developer do in should do in this situation?

Delete the compromised access keys

A Developer needs to access AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions: { "version": "2012-10-17" "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:BatchGetRepositories", "codecommit:Get*" "codecommit:List*", "codecommit:GitPull" ], "Resource": "*" } ] } The Developer needs to create/delete branches. Which specific IAM permissions need to be added based on the principle of least privilege?

"codecommit:CreateBranch" and "codecommit:DeleteBranch"

A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes or create the item if it does not exist. The Lambda function has access to the primary key. Which IAM permission should the Developer request for the Lambda function to achieve this functionality?

"dynamodb:UpdateItem", "dynamodb:GetItem", and "dynamodb:PutItem"

An application is using Amazon DynamoDB as its data store and needs to be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size. What value should be set for the table's provisioned throughput for reads?

200 Read Capacity Units

An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data using the Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the "hot" shard is resharded. Assuming that the initial number of shards in the Kinesis data stream is 6, and after resharding the number of shards increased to 8, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

8

A team of Developers require access to an AWS account that is a member account in AWS Organizations. The administrator of the master account needs to restrict the AWS services, resources, and API actions that can be accessed by the users in the account. What should the administrator create?

A Service Control Policy (SCP)

A company currently runs a number of legacy automated batch processes for system update management and operational activities. The company are looking to refactor these processes and require a service that can coordinate multiple AWS services into serverless workflows. What is the MOST suitable service for this requirement?

AWS Step Functions

A company will be hiring a large number of Developers for a series of projects. The Develops will bring their own devices to work and the company want to ensure consistency in tooling. The Developers must be able to write, run, and debug applications with just a browser, without needing to install or maintain a local Integrated Development Environment (IDE). Which AWS service should the Developers use?

AWS Cloud9

A company needs to encrypt a large quantity of data. The data encryption keys must be generated from a dedicated, tamper-resistant hardware device. To deliver these requirements, which AWS service should the company use?

AWS CloudHSM

A company is migrating several applications to the AWS cloud. The security team has strict security requirements and mandate that a log of all API calls to AWS resources must be maintained. Which AWS service should be used to record this information for the security team?

AWS CloudTrail

A Development team have moved their continuous integration and delivery (CI/CD) pipeline into the AWS Cloud. The team is leveraging AWS CodeCommit for management of source code. The team need to compile their source code, run tests, and produce software packages that are ready for deployment. Which AWS service can deliver these outcomes?

AWS CodeBuild

A team of Developers are building a continuous integration and delivery pipeline using AWS Developer Tools. Which services should they use for running tests against source code and installing compiled code on their AWS resources?

AWS CodeBuild for running tests against source code and AWS CodeDeploy for installing compiled code on their AWS resources

A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-to-peer. All users need to work productively even when not connected to a network. Which source control service should be used?

AWS CodeCommit

A company needs a version control system for collaborative software development. The solution must include support for batches of changes across multiple files and parallel branching. Which AWS service will meet these requirements?

AWS CodeCommit

A development team require a fully-managed source control service that is compatible with Git. Which service should they use?

AWS CodeCommit

A team of Developers have been assigned to a new project. The team will be collaborating on the development and delivery of a new application and need a centralized private repository for managing source code. The repository should support updates from multiple sources. Which AWS service should the development team use?

AWS CodeCommit

A company uses continuous integration and continuous delivery (CI/CD) systems. A Developer needs to automate the deployment of a software package to Amazon EC2 instances as well as to on-premises virtual servers. Which AWS service can be used for the software deployment?

AWS CodeDeploy

A team of developers need to be able to collaborate and synchronize multiple distributed code repositories and leverage a pre-configured continuous delivery toolchain for deploying their projects on AWS. The team also require a centralized project dashboard to monitor application activity. Which AWS service should they use?

AWS CodeStar

A developer needs to add sign-up and sign-in capabilities for a mobile app. The solution should integrate with social identity providers (IdPs) and SAML IdPs. Which service should the developer use?

AWS Cognito user pool

A Developer has written some code that will connect and pull information from several hundred websites. The code needs to run on a daily schedule and execution time will be less than 60 seconds. Which AWS service will be most suitable and cost-effective?

AWS Lambda

A developer is building a multi-tier web application that accesses an Amazon RDS MySQL database. The application must use a credentials to connect and these need to be stored securely. The application will take care of secret rotation. Which AWS service represents the LOWEST cost solution for storing credentials?

AWS Systems Manager Parameter Store

A web application has been deployed on AWS. A developer is concerned about exposure to common exploits that could affect application availability or compromise security. Which AWS service can protect from these threats?

AWS Web Application Firewall (WAF)

A serverless application uses Amazon API Gateway an AWS Lambda function and a Lambda authorizer function. There is a failure with the application and a developer needs to trace and analyze user requests that pass through API Gateway through to the back end services. Which AWS service is MOST suitable for this purpose?

AWS X-Ray

A Developer is using AWS SAM to create a template for deploying a serverless application. The Developer plans to leverage an application from the AWS Serverless Application Repository in the template as a nested application. Which resource type should the Developer specify?

AWS::Serverless::Application

A Developer is using AWS SAM to create a template for deploying a serverless application. The Developer plans deploy a Lambda function using the template. Which resource type should the Developer specify?

AWS::Serverless:Function

A Developer is using AWS SAM to create a template for deploying a serverless application. The Developer plans deploy an AWS Lambda function and an Amazon DynamoDB table using the template. Which resource types should the Developer specify?

AWS::Serverless:Function and AWS::Serverless::SimpleTable

An AWS Lambda function has been connected to a VPC to access an application running a private subnet. The Lambda function also pulls data from an Internet-based service and is no longer able to connect to the Internet. How can this be rectified?

Add a NAT Gateway to a public subnet and specify a route in the private subnet

A Developer is troubleshooting an issue with a DynamoDB table. The table is used to store order information for a busy online store and uses the order date as the partition key. During busy periods writes to the table are being throttled despite the consumed throughput being well below the provisioned throughput. According to AWS best practices, how can the Developer resolve the issue at the LOWEST cost?

Add a random number suffix to the partition key values

An application uses Amazon EC2, and Application Load Balancer and Amazon CloudFront to serve content. The security team have reported malicious activity from a specific range of IP addresses. How can a Developer prevent the application from being targeted by these addresses again?

Add a rule to a Web ACL using AWS WAF that denies the IP address ranges

A three tier web application has been deployed on Amazon EC2 instances using Amazon EC2 Auto Scaling. The EC2 instances in the web tier sometimes receive bursts of traffic and the application tier cannot scale fast enough to keep up with messages sometimes resulting in message loss. How can a Developer decouple the application to prevent loss of messages?

Add an Amazon SQS queue between the web tier and the application tier

A company runs an application on a fleet of web servers running on Amazon EC2 instances. The web servers are behind an Elastic Load Balancer (ELB) and use an Amazon DynamoDB table for storing session state. A Developer has been asked to implement a mechanism for automatically deleting session state data that is older than 24 hours. What is the SIMPLEST solution to this requirement?

Add an attribute with the expiration time; enable the Time To Live feature based on that attribute

An application is instrumented to generate traces using AWS X-Ray and generates a large amount of trace data. A Developer would like to use filter expressions to filter the results to specific key-value pairs added to custom subsegments. How should the Developer add the key-value pairs to the custom subsegments?

Add annotations to the custom subsegments

A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data. What should the Development team do to achieve this?

Add annotations to the segment document

An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is coded in a language incompatible with the AWS SDK. How should the error be handled?

Add exponential backoff to the application logic

An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is coded in a language that is incompatible with the AWS SDK. What can be done to prevent the errors from occurring?

Add exponential backoff to the application logic

A Lambda function is taking a long time to complete. The Developer has discovered that inadequate compute capacity is being allocated to the function. How can the Developer ensure that more compute capacity is allocated to the function?

Allocate more memory to the function

A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts). Which combination of services should the Developer use to create the website?

Amazon S3 and Amazon CloudFront

An application exports files which must be saved for future use but are not frequently accessed. Compliance requirements necessitate redundant retention of data across AWS regions. Which solution is the MOST cost-effective for these requirements?

Amazon S3 with Cross-Region Replication (CRR)

A manufacturing company is creating a new RESTful API that their customers can use to query the status of orders. The endpoint for customer queries will be https://www.manufacturerdomain.com/status/customerID Which of the following application designs will meet the requirements?

Amazon API Gateway; AWS Lambda; Elastic Load Balancing; Amazon EC2

A company is developing a game for the Android and iOS platforms. The mobile game will securely store user game history and other data locally on the device. The company would like users to be able to use multiple mobile devices and synchronize data between devices. Which service can be used to synchronize the data across mobile devices without the need to create a backend application?

Amazon Cognito

A Developer is creating a banking application that will be used to view financial transactions and statistics. The application requires multi-factor authentication to be added to the login protocol. Which service should be used to meet this requirement?

Amazon Cognito User Pool with MFA

A company is creating an application that must support Security Assertion Markup Language (SAML) and authentication with social identity providers. The application must also be authorized to access data in Amazon S3 buckets and Amazon DynamoDB tables. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

Amazon Cognito identity pools

A developer is designing a web application that will be used by thousands of users. The users will sign up using their email addresses and the application will store attributes for each user. Which service should the developer use to enable users to sign-up for the web application?

Amazon Cognito user pool

A company is creating an application that will require users to access AWS services and allow them to reset their own passwords. Which of the following would allow the company to manage users and authorization while allowing users to reset their own passwords?

Amazon Cognito user pools and identity pools

A company is designing a new application that will store thousands of terabytes of data. They need a fully managed NoSQL data store that provides low-latency and can store key-value pairs. Which type of database should they use?

Amazon DynamoDB

A customer requires a schema-less, key/value database that can be used for storing customer orders. Which type of AWS database is BEST suited to this requirement?

Amazon DynamoDB

A company runs a popular online game on premises. The application stores players' results in an in-memory database. The application is being migrated to AWS and the company needs to ensure there is no reduction in performance. Which database would be MOST suitable?

Amazon ElastiCache

An Amazon RDS database is experiencing a high volume of read requests that are slowing down the database. Which fully managed, in-memory AWS database service can assist with offloading reads from the RDS database?

Amazon ElastiCache Redis

An application that is being migrated to AWS and refactored requires a storage service. The storage service should provide a standards-based REST web service interface and store objects based on keys. Which AWS service would be MOST suitable?

Amazon S3

A company is in the process of migrating an application from a monolithic architecture to a microservices-based architecture. The developers need to refactor the application so that the many microservices can asynchronously communicate with each other in a decoupled manner. Which AWS services can be used for asynchronous message passing?

Amazon SQS and Amazon SNS

Based on the following AWS CLI command the resulting output, what has happened here? $ aws lambda invoke -function-name MyFunction -invocation-type Event -payload ewogICJrZXkxIjogInZhbHVlMSIsCiAgImtleTIiOiAidmFsdWUyIiwKICAia2V5MyI6ICJ2YWx1ZTMiCn0= response.json { "StatusCode": 202 }

An AWS Lambda function has been invoked asynchronously and has completed successfully

Based on the following AWS CLI command the resulting output, what has happened here? $ aws lambda invoke -function-name MyFunction -payload ewogICJrZXkxIjogInZhbHVlMSIsCiAgImtleTIiOiAidmFsdWUyIiwKICAia2V5MyI6ICJ2YWx1ZTMiCn0= response.json { "StatusCode": 200 }

An AWS Lambda function has been invoked synchronously and has completed successfully

A company is migrating an on-premises web application to AWS. The web application runs on a single server and stores session data in memory. On AWS the company plan to implement multiple Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company want to refactor the application so that data is resilient if an instance fails and user downtime is minimized. Where should the company move session data to MOST effectively reduce downtime and make users' session data more fault tolerant?

An Amazon ElastiCache for Redis cluster

A company is setting up a Lambda function that will process events from a DynamoDB stream. The Lambda function has been created and a stream has been enabled. What else needs to be done for this solution to work?

An event-source mapping must be created on the Lambda side to associate the DynamoDB stream with the Lambda function

A developer must deploy an update to Amazon ECS using AWS CodeDeploy. The deployment should expose 10% of live traffic to the new version. Then after a period of time, route all remaining traffic to the new version. Which ECS deployment should the company use to meet these requirements?

Blue/green with canary

An Amazon DynamoDB table will store authentication credentials for a mobile app. The table must be secured so only a small group of Developers are able to access it. How can table access be secured according to this requirement and following AWS best practice?

Attach a permissions policy to an IAM group containing the Developer's IAM user accounts that grants access to the table

A Developer is deploying an Amazon ECS update using AWS CodeDeploy. In the appspec.yaml file, which of the following is a valid structure for the order of hooks that should be specified?

BeforeInstall > AfterInstall > AfterAllowTestTraffic > BeforeAllowTraffic > AfterAllowTraffic

A Developer is deploying an Amazon EC2 update using AWS CodeDeploy. In the appspec.yml file, which of the following is a valid structure for the order of hooks that should be specified?

BeforeInstall > AfterInstall > ApplicationStart > ValidateService

An application has been instrumented to use the AWS X-Ray SDK to collect data about the requests the application serves. The Developer has set the user field on segments to a string that identifies the user who sent the request. How can the Developer search for segments associated with specific users?

By using the GetTraceSummaries API with a filter expression

A company is running an application built on AWS Lambda functions. One Lambda function has performance issues when it has to download a 50 MB file from the internet every execution. This function is called multiple times a second. What solution would give the BEST performance increase?

Cache the file in the /tmp directory

A company runs a decoupled application that uses an Amazon SQS queue. The messages are processed by an AWS Lambda function. The function is not keeping up with the number of messages in the queue. A developer noticed that though the application can process multiple messages per invocation, it is only processing one at a time. How can the developer configure the application to process messages more efficiently?

Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.

A Developer is managing an application that includes an Amazon SQS queue. The consumers that process the data from the queue are connecting in short cycles and the queue often does not return messages. The cost for API calls is increasing. How can the Developer optimize the retrieval of messages and reduce cost?

Call the ReceiveMessage API with the WaitTimeSeconds parameter set to 20

A company needs to provide additional security for their APIs deployed on Amazon API Gateway. They would like to be able to authenticate their customers with a token. What is the SAFEST way to do this?

Create an API Gateway Lambda authorizer

A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs. What is the reason that no filtered results are being returned?

CloudWatch Logs only publishes metric data for events that happen after the filter is created

A Developer is deploying an update to a serverless application that includes AWS Lambda using the AWS Serverless Application Model (SAM). The traffic needs to move from the old Lambda version to the new Lambda version gradually, within the shortest period of time. Which deployment configuration is MOST suitable for these requirements?

CodeDeployDefault.LambdaCanary10Percent5Minutes

A Developer is creating a serverless application that will process sensitive data. The AWS Lambda function must encrypt all data that is written to /tmp storage at rest. How should the Developer encrypt this data?

Configure Lambda to use an AWS KMS customer managed customer master key (CMK). Use the CMK to generate a data key and encrypt all data prior to writing to /tmp storage.

A Developer needs to run some code using Lambda in response to an event and forward the execution result to another application using a pub/sub notification. How can the Developer accomplish this?

Configure a Lambda "on success" destination and route the execution results to Amazon SNS

An AWS Lambda function must be connected to an Amazon VPC private subnet that does not have Internet access. The function also connects to an Amazon DynamoDB table. What MUST a Developer do to enable access to the DynamoDB table?

Configure a VPC endpoint

A developer plan to deploy an application on Amazon ECS that uses the AWS SDK to make API calls to Amazon DynamoDB. In the development environment the application was configured with access keys. The application is now ready for deployment to a production cluster. How should the developer configure the application to securely authenticate to AWS services?

Configure an ECS task IAM role for the application to use.

An organization needs to add encryption in-transit to an existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained and therefore load on their CPUs should not be increased. What should be done to secure the website?

Configure an Elastic Load Balancer with SSL termination and Configure SSL certificates on an Elastic Load Balancer

A security officer has requested that a Developer enable logging for API actions for all AWS regions to a single Amazon S3 bucket. What is the EASIEST way for the Developer to achieve this requirement?

Create an AWS CloudTrail trail and apply it to all regions, configure logging to a single S3 bucket

A company is running a web application on Amazon EC2 behind an Elastic Load Balancer (ELB). The company is concerned about the security of the web application and would like to secure the application with SSL certificates. The solution should not have any performance impact on the EC2 instances. What steps should be taken to secure the web application?

Configure the Elastic Load Balancer for SSL termination and Add an SSL certificate to the Elastic Load Balancer

An application uses an Auto Scaling group of Amazon EC2 instances, an Application Load Balancer (ALB), and an Amazon Simple Queue Service (SQS) queue. An Amazon CloudFront distribution caches content for global users. A Developer needs to add in-transit encryption to the data by configuring end-to-end SSL between the CloudFront Origin and the end users. How can the Developer meet this requirement?

Configure the Origin Protocol Policy and Configure the Viewer Protocol Policy

Every time an Amazon EC2 instance is launched, certain metadata about the instance should be recorded in an Amazon DynamoDB table. The data is gathered and written to the table by an AWS Lambda function. What is the MOST efficient method of invoking the Lambda function?

Create a CloudWatch Event with an event pattern looking for EC2 state changes and a target set to use the Lambda function

A new application will be hosted on the domain name dctlabs.com using an Amazon API Gateway REST API front end. The Developer needs to configure the API with a path to dctlabs.com/products that will be accessed using the HTTP GET verb. How MUST the Developer configure the API?

Create a GET method and Create a /products resource

An application uses Amazon EC2 instances, AWS Lambda functions and an Amazon SQS queue. The Developer must ensure all communications are within an Amazon VPC using private IP addresses. How can this be achieved?

Create a VPC endpoint for Amazon SQS and Add the AWS Lambda function to the VPC

A Developer is creating an AWS Lambda function that will process medical images. The function is dependent on several libraries that are not available in the Lambda runtime environment. Which strategy should be used to create the Lambda deployment package?

Create a ZIP file with the source code and all dependent libraries

A developer has a user account in the Development AWS account. He has been asked to modify resources in a Production AWS account. What is the MOST secure way to provide temporary access to the developer?

Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials

A developer is designing a web application that will run on Amazon EC2 Linux instances using an Auto Scaling Group. The application should scale based on a threshold for the number of users concurrently using the application. How should the Auto Scaling Group be configured to scale out?

Create a custom Amazon CloudWatch metric for concurrent users

A Development team has deployed several applications running on an Auto Scaling fleet of Amazon EC2 instances. The Operations team have asked for a display that shows a key performance metric for each application on a single screen for monitoring purposes. What steps should a Developer take to deliver this capability using Amazon CloudWatch?

Create a custom namespace with a unique metric name for each application

A financial application is hosted on an Auto Scaling group of EC2 instance with an Elastic Load Balancer. A Developer needs to capture information about the IP traffic going to and from network interfaces in the VPC. How can the Developer capture this information?

Create a flow log in the VPC and publish data to Amazon S3

A team of Developers need to deploy a website for a development environment. The team do not want to manage the infrastructure and just need to upload Node.js code to the instances. Which AWS service should Developers do?

Create an AWS Elastic Beanstalk environment

A gaming company is building an application to track the scores for their games using an Amazon DynamoDB table. Each item in the table is identified by a partition key(user_id) and a sort key (game_name). The table also includes the attribute "TopScore". A Developer has been asked to write a leaderboard application to display the highest achieved scores for each game (game_name), based on the score identified in the "TopScore" attribute. What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Create a global secondary index with a partition key of "game_name" and a sort key of "TopScore" and get the results based on the score attribute

A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below: -Partition key: user_id -Sort Key: sport_name -Attributes: score, score_datetime A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name. What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results

A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds. How should the Developer instrument the code so that the requirement can be met?

Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

An application is being migrated into the cloud. The application is stateless and will run on a fleet of Amazon EC2 instances. The application should scale elastically. How can a Developer ensure that the number of instances available is sufficient for current demand?

Create a launch configuration and use Amazon EC2 Auto Scaling

A Developer is creating multiple AWS Lambda functions that will be using an external library that is not included in the standard Lambda libraries. What is the BEST way to make these libraries available to the functions?

Create a layer in Lambda that includes the external library

An application that processes financial transactions receives thousands of transactions each second. The transactions require end-to-end encryption, and the application implements this by using the AWS KMS GenerateDataKey operation. During operation the application receives the following error message: "You have exceeded the rate at which you may call KMS. Reduce the frequency of your calls. (Service: AWSKMS; Status Code: 400; Error Code: ThrottlingException; Request ID: <ID>" Which actions are best practices to resolve this error?

Create a local cache using the AWS Encryption SDK and the LocalCryptoMaterialsCache feature, as well as Create a case in the AWS Support Center to increase the quota for the account.

A Developer is creating a REST service using Amazon API Gateway with AWS Lambda integration. The service adds data to a spreadsheet and the data is sent as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?

Create a mapping template

A website delivers images stored in an Amazon S3 bucket. The site uses Amazon Cognito-enabled and guest users without logins need to be able to view the images from the S3 bucket. How can a Developer enable access for guest users to the AWS resources?

Create a new identity pool, enable access to unauthenticated identities, and grant access to AWS resources

An organization has an account for each environment: Production, Testing, Development. A Developer with an IAM user in the Development account needs to launch resources in the Production and Testing accounts. What is the MOST efficient way to provide access?

Create a role with the required permissions in the Production and Testing accounts and have the Developer assume that role

An application uses multiple Lambda functions to write data to an Amazon RDS database. The Lambda functions must share the same connection string. What is the BEST solution to ensure security and operational efficiency?

Create a secure string parameter using AWS systems manager parameter store

The development team is working on an API that will be served from Amazon API Gateway. The API will serve three environments PROD, DEV, and TEST and requires a cache size of 250GB. What is the MOST cost-efficient deployment strategy?

Create a single API Gateway with three stages and enable the cache for the DEV and TEST environments only when required

A legacy application is being refactored into a microservices architecture running on AWS. The microservice will include several AWS Lambda functions. A Developer will use AWS Step Functions to coordinate function execution. How should the Developer proceed?

Create a state machine using the Amazon States Language

A Developer is creating an application that uses Amazon EC2 instances and must be highly available and fault tolerant. How should the Developer configure the VPC?

Create a subnet in each availability zone in the region

A developer is creating a serverless web application that includes AWS Lambda functions and a REST API deployed using Amazon API Gateway. The developer maintains multiple branches of code. The developer wants to avoid updating the API gateway target endpoint when a new code push is performed. What solution would allow the developer to update the Lambda code without needing to update the REST API configuration?

Create aliases and versions in AWS Lambda

A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template. Which procedures will deploy a Lambda function?

Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template and Upload a ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the template

A Developer has updated an AWS Lambda function and published a new version. To ensure the code is working as expected the Developer needs to initially direct a percentage of traffic to the new version and gradually increase this over time. It is important to be able to rollback if there are any issues reported. What is the BEST way the Developer can implement the migration to the new version SAFELY?

Create an Alias, assign the current and new versions and use traffic shifting to assign a percentage of traffic to the new version

A Developer has created a serverless function that processes log files. The function should be invoked once every 15 minutes. How can the Developer automatically invoke the function using serverless services?

Create an Amazon CloudWatch Events rule that is scheduled to run and invoke the function

A developer needs to create a serverless application that uses an event-driven architecture. How can the developer configure the application to automatically receive and process events?

Create an Amazon SNS topic and an AWS Lambda function. Subscribe the Lambda function to the SNS topic and submit events to the SNS topic.

A three-tier application is being migrated from an on-premises data center. The application includes an Apache Tomcat web tier, an application tier running on Linux, and a MySQL back end. A Developer must refactor the application to run on the AWS cloud. The cloud-based application must be fault tolerant and elastic. How can the Developer refactor the web tier and application tier?

Create an Auto Scaling group of EC2 instances for both the web tier and application tier, as well as Implement an Elastic Load Balancer for both the web tier and the application tier

A developer is building a web application that will be hosted on Amazon EC2 instances. The EC2 instances will store configuration data in an Amazon S3 bucket. What is the SAFEST way to allow the EC2 instances to access the S3 bucket?

Create an IAM Role with a customer-managed policy attached that has the necessary permissions and attach the role to the EC2 instances

A developer is creating an Auto Scaling group of Amazon EC2 instances. The developer needs to publish a custom metric to Amazon CloudWatch. Which method would be the MOST secure way to authenticate a CloudWatch PUT request?

Create an IAM role with the PutMetricData permission and create a new Auto Scaling launch configuration to launch instances using that role

A company uses an Amazon S3 bucket to store a large number of sensitive files relating to eCommerce transactions. The company has a policy that states that all data written to the S3 bucket must be encrypted. How can a Developer ensure compliance with this policy?

Create an S3 bucket policy that denies any S3 Put request that does not include the x-amz-server-side-encryption

An application is running on a fleet of EC2 instances running behind an Elastic Load Balancer (ELB). The EC2 instances session data in a shared Amazon S3 bucket. Security policy mandates that data must be encrypted in transit. How can the Developer ensure that all data that is sent to the S3 bucket is encrypted in transit?

Create an S3 bucket policy that denies traffic where SecureTransport is false

A developer is making some updates to an AWS Lambda function that is part of a serverless application and will be saving a new version. The application is used by hundreds of users and the developer needs to be able to test the updates and be able to rollback if there any issues with user experience. What is the SAFEST way to do this with minimal changes to the application code?

Create an alias and point it to the new and previous versions. Assign a weight of 20% to the new version to direct less traffic. Update the application code to point to the new alias

A developer is making updates to the code for a Lambda function. The developer is keen to test the code updates by directing a small amount of traffic to a new version. How can this BEST be achieved?

Create an alias that points to both the new and previous versions of the function code and assign a weighting for sending a portion of traffic to the new version

An independent software vendor (ISV) uses Amazon S3 and Amazon CloudFront to distribute software updates. They would like to provide their premium customers with access to updates faster. What is the MOST efficient way to distribute these updates only to the premium customers?

Create an origin access identity (OAI) and associate it with the distribution and configure permissions, as well as Create a signed URL with access to the content and distribute it to the premium customers

A nightly batch job loads 1 million new records in to a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job. Which is the MOST efficient and cost-effective method to provide an empty table?

Create and then delete the table after the task has completed

An application reads data from Amazon S3 and makes 55,000 read requests per second. A Developer must design the storage solution to ensure the performance requirements are met cost-effectively. How can the storage be optimized to meet these requirements?

Create at least 10 prefixes and split the files across the prefixes.

A development team have deployed a new application and users have reported some performance issues. The developers need to enable monitoring for specific metrics with a data granularity of one second. How can this be achieved?

Create custom metrics and configure them as high resolution

A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation. Which configuration would allow the Development team to meet these requirements MOST securely?

Create four distinct IAM roles, each containing the required permissions for the associated ECS services, then configure each ECS task definition to reference the associated IAM role

A Development team are developing a micro-services application that will use Docker containers on Amazon ECS. There will be 6 distinct services included in the architecture. Each service requires specific permissions to various AWS services. What is the MOST secure way to grant the services the necessary permissions?

Create six separate IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to reference the associated IAM role

An organization has a new AWS account and is setting up IAM users and policies. According to AWS best practices, which of the following strategies should be followed?

Create standalone policies instead of using inline policies and Use groups to assign permissions to users

A static website is hosted on Amazon S3 using the bucket name of dctlabs.com. Some HTML pages on the site use JavaScript to download images that are located in the bucket https://dctlabsimages.s3.amazonaws.com/. Users have reported that the images are not being displayed. What is the MOST likely cause?

Cross Origin Resource Sharing is not enabled on the dctlabsimages bucket

A company is reviewing their security practices. According to AWS best practice, how should access keys be managed to improve security?

Delete all access keys for the root account IAM user and Use different access keys for different applications

A batch job runs every 24 hours and writes around 1 million items into a DynamoDB table each day. The batch job completes quickly, and the items are processed within 2 hours and are no longer needed. What's the MOST efficient way to provide an empty table each day?

Delete the entire table and recreate it each day

A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes. What would be the BEST way to accomplish this?

Deploy the API version as unique stages with unique endpoints and use stage variables to provide further context

A Development team are creating a new REST API that uses Amazon API Gateway and AWS Lambda. To support testing there need to be different versions of the service. What is the BEST way to provide multiple versions of the REST API?

Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

A web application is using Amazon Kinesis Data Streams for ingesting IoT data that is then stored before processing for up to 24 hours.How can the Developer implement encryption at rest for data stored in Amazon Kinesis Data Streams?

Enable server-side encryption on Kinesis Data Streams with an AWS KMS CMK

A website is running on a single Amazon EC2 instance. A Developer wants to publish the website on the Internet and is creating an A record on Amazon Route 53 for the website's public DNS name. What type of IP address MUST be assigned to the EC2 instance and used in the A record to ensure ongoing connectivity?

Elastic IP address

A company runs multiple microservices that each use their own Amazon DynamoDB table. The "customers" microservice needs data that originates in the "orders" microservice. What approach represents the SIMPLEST method for the "customers" table to get near real-time updates from the "orders" table?

Enable Amazon DynamoDB streams on the "orders" table, configure the "customers" microservice to read records from the stream

A company has a global presence and managers must submit large quantities of reporting data to an Amazon S3 bucket located in the us-east-1 region on weekly basis. Uploads have been slow recently, how can you improve data throughput and upload times?

Enable S3 Transfer Acceleration on the S3 bucket

An application uses Amazon API Gateway, an AWS Lambda function and a DynamoDB table. The developer requires that another Lambda function is triggered when an item lifecycle activity occurs in the DynamoDB table. How can this be achieved?

Enable a DynamoDB stream and trigger the Lambda function synchronously from the stream

A DynamoDB table is being used to store session information for users of an online game. A developer has noticed that the table size has increased considerably and much of the data is not required after a gaming session is completed. What is the MOST cost-effective approach to reducing the size of the table?

Enable a Time To Live (TTL) on the table and add a timestamp attribute on new items

A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway and AWS Lambda. The site is showing an error that reads: "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." What should the Developer do to resolve this issue?

Enable cross-origin resource sharing (CORS) for the method in API Gateway

A development team is migrating data from various file shares to AWS from on-premises. The data will be migrated into a single Amazon S3 bucket. What is the SIMPLEST method to ensure the data is encrypted at rest in the S3 bucket?

Enable default encryption when creating the bucket

A serverless application uses Amazon API Gateway, AWS Lambda and DynamoDB. The application writes statistical data that is constantly received from sensors. The data is analyzed soon after it is written to the database and is then not required. What is the EASIEST method to remove stale data and optimize database size?

Enable the TTL attribute and add expiry timestamps to items

An organization has encrypted a large quantity of data. To protect their data encryption keys they are planning to use envelope encryption. Which of the following processes is a correct implementation of envelope encryption?

Encrypt plaintext data with a data key and then encrypt the data key with a top-level plaintext master key.

An organization has an Amazon S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The objects in the S3 bucket are private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can the organization provide only paid subscribers the ability to download the premier content in the S3 bucket?

Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download

A Developer has joined a team and needs to connect to the AWS CodeCommit repository using SSH. What should the Developer do to configure access using Git?

Generate an SSH public and private key. Upload the public key to the Developer's IAM account

A developer is creating a new application that will store data in a DynamoDB table. Which APIs can be used to read, write and modify individual items in the table?

GetItem, PutItem, UpdateItem

A team of developers are adding an API layer to a multicontainer Docker environment running on AWS Elastic Beanstalk. The client-submitted method requests should be passed directly to the backend, without modification. Which integration type is MOST suitable for this solution?

HTTP_PROXY

A Developer has completed some code updates and needs to deploy the updates to an Amazon Elastic Beanstalk environment. Due to the criticality of the application, the ability to quickly roll back must be prioritized of any other considerations. Which deployment policy should the Developer choose?

Immutable

A company has a production application deployed using AWS Elastic Beanstalk. A new version of the application must be installed, and the company cannot tolerate any website downtime. If the application update fails, rollback should be fast and easy. What deployment method should be used?

Immutable

A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible. What deployment method should be used?

Immutable

A developer is planning the deployment of a new version of an application to AWS Elastic Beanstalk. The new version of the application should be deployed only to new EC2 instances. Which deployment methods will meet these requirements?

Immutable and Blue/green

A developer needs to implement a caching layer in front of an Amazon RDS database. If the caching layer fails, it is time consuming to repopulate cached data so the solution should be designed for maximum uptime. Which solution is best for this scenario?

Implement Amazon ElastiCache Redis

A retail organization stores stock information in an Amazon RDS database. An application reads and writes data to the database. A Developer has been asked to provide read access to the database from a reporting application in another region. Which configuration would provide BEST performance for the reporting application without impacting the performance of the main database?

Implement a cross-region read replica in the region where the reporting application will run

A Developer has deployed an AWS Lambda function and an Amazon DynamoDB table. The function code returns data from the DynamoDB table when it receives a request. The Developer needs to implement a front end that can receive HTTP GET requests and proxy the request information to the Lambda function. What is the SIMPLEST and most COST-EFFECTIVE solution?

Implement an API Gateway API with Lambda proxy integration

A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?

Implement an AWS Lambda authorizer that references the DynamoDB authentication table

A company is running an order processing system on AWS. Amazon SQS is used to queue orders and an AWS Lambda function processes them. The company recently started noticing a lot of orders are failing to process. How can a Developer MOST effectively manage these failures to debug the failed orders later and reprocess them, as necessary?

Implement dead-letter queues for failed orders from the order queue

A mobile application has thousands of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use. Which of the below is the BEST method to obtain unique identifiers?

Implement developer-authenticated identities by using Amazon Cognito and get credentials for these identities

A mobile application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use. Which of the following methods should be used to obtain unique identifiers?

Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities

A Developer manages a monitoring service for a fleet of IoT sensors in a major city. The monitoring application uses an Amazon Kinesis Data Stream with a group of EC2 instances processing the data. Amazon CloudWatch custom metrics show that the instances a reaching maximum processing capacity and there are insufficient shards in the Data Stream to handle the rate of data flow. What course of action should the Developer take to resolve the performance issues?

Increase the EC2 instance size and add shards to the stream

A Development team manage a hybrid cloud environment. They would like to collect system-level metrics from on-premises servers and Amazon EC2 instances. How can the Development team collect this information MOST efficiently?

Install the CloudWatch agent on the on-premises servers and EC2 instances

An application uses both Amazon EC2 instances and on-premises servers. The on-premises servers are a critical component of the application, and a developer wants to collect metrics and logs from these servers. The developer would like to use Amazon CloudWatch. How can the developer accomplish this?

Install the CloudWatch agent on the on-premises servers and specify IAM credentials with permissions to CloudWatch.

A monitoring application that keeps track of a large eCommerce website uses Amazon Kinesis for data ingestion. During periods of peak data rates, the producers are not making best use of the available shards.What step will allow the producers to better utilize the available shards and increase write throughput to the Kinesis data stream?

Install the Kinesis Producer Library (KPL) for ingesting data into the stream

A website is being delivered using Amazon CloudFront and a Developer recently modified some images that are displayed on website pages. Upon testing the changes, the Developer noticed that the new versions of the images are not displaying. What should the Developer do to force the new images to be displayed?

Invalidate the old versions of the images on the edge caches

An application uses AWS Lambda to process many files. The Lambda function takes approximately 3 minutes to process each file and does not return any important data. A Developer has written a script that will invoke the function using the AWS CLI. What is the FASTEST way to process all the files?

Invoke the Lambda function asynchronously with the invocation type Event and process the files in parallel

A Developer has setup an Amazon Kinesis Data Stream with 6 shards to ingest a maximum of 2000 records per second. An AWS Lambda function has been configured to process these records. In which order will these records be processed?

Lambda will receive each record in the exact order it was placed into the shard. There is no guarantee of order across shards

An application resizes images that are uploaded to an Amazon S3 bucket. Amazon S3 event notifications are used to trigger an AWS Lambda function that resizes the images. The processing time for each image is less than one second. A large amount of images are expected to be received in a short burst of traffic. How will AWS Lambda accommodate the workload?

Lambda will scale out and execute the requests concurrently

A serverless application composed of multiple Lambda functions has been deployed. A developer is setting up AWS CodeDeploy to manage the deployment of code updates. The developer would like a 10% of the traffic to be shifted to the new version in equal increments, 10 minutes apart. Which setting should be chosen for configuring how traffic is shifted?

Linear

What does an Amazon SQS delay queue accomplish?

Messages are hidden for a configurable amount of time when they are first added to the queue

A company is migrating an application with a website and MySQL database to the AWS Cloud. The company require the application to be refactored so it offers high availability and fault tolerance. How should a Developer refactor the application?

Migrate the website to an Auto Scaling group of EC2 instances across multiple AZs and use an Elastic Load Balancer, as well as Migrate the MySQL database to an Amazon RDS Multi-AZ deployment

A developer received the following error message during an AWS CloudFormation deployment: DELETE_FAILED (The following resource(s) failed to delete: (sg-11223344).) Which action should the developer take to resolve this error?

Modify the CloudFormation template to retain the security group resource. Then manually delete the resource after deployment.

An application searches a DynamoDB table to return items based on primary key attributes. A developer noticed some ProvisionedThroughputExceeded exceptions being generated by DynamoDB. How can the application be optimized to reduce the load on DynamoDB and use the LEAST amount of RCU?

Modify the application to issue query API calls with eventual consistency reads

An Amazon DynamoDB table has been created using provisioned capacity. A manager needs to understand whether the DynamoDB table is cost-effective. How can the manager query how much provisioned capacity is actually being used?

Monitor the ConsumedReadCapacityUnits and ConsumedWriteCapacityUnits over a specified time period

A company runs a popular website behind an Amazon CloudFront distribution that uses an Application Load Balancer as the origin. The Developer wants to set up custom HTTP responses to 404 errors for content that has been removed from the origin that redirects the users to another page. The Developer wants to use an AWS Lambda@Edge function that is associated with the current CloudFront distribution to accomplish this goal. The solution must use a minimum amount of resources. Which CloudFront event type should the Developer use to invoke the Lambda@Edge function that contains the redirect logic?

Origin response

A Developer has completed some code updates and needs to deploy the updates to an Amazon Elastic Beanstalk environment. The environment includes twelve Amazon EC2 instances and there can be no reduction in application performance and availability during the update. Which deployment policy is the most cost-effective choice to suit these requirements?

Rolling with additional batch

A mobile application runs as a serverless application on AWS. A Developer needs to create a push notification feature that sends periodic message to subscribers. How can the Developer send the notification from the application?

Publish a notification to an Amazon SNS Topic

Messages produced by an application must be pushed to multiple Amazon SQS queues. What is the BEST solution for this requirement?

Publish the messages to an Amazon SNS topic and subscribe each SQS queue to the topic

A Developer recently created an Amazon DynamoDB table. The Developer attempted to add two items for userid "user0001" with unique timestamps and received an error for the second item stating: "The conditional request failed". What MUST the Developer do to resolve the issue?

Recreate the table with a composite key consisting of userid and timestamp

A Developer is creating a social networking app for games that uses a single Amazon DynamoDB table. All users' saved game data is stored in the single table, but users should not be able to view each other's data. How can the Developer restrict user access so they can only view their own data?

Restrict access to specific items based on certain primary key values

A gaming application displays the results of games in a leaderboard. The leaderboard is updated by 4 KB messages that are retrieved from an Amazon SQS queue. The updates are received infrequently but the Developer needs to minimize the time between the messages arriving in the queue and the leaderboard being updated. Which technique provides the shortest delay in updating the leaderboard?

Retrieve the messages from the queue using long polling every 15 seconds

An application deployed on AWS Elastic Beanstalk experienced increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances. Which deployment policy will meet these requirements while using the existing instances?

Rolling with additional batch

A Developer has created the code for a Lambda function saved the code in a file named lambda_function.py. He has also created a template that named template.yaml. The following code is included in the template file: AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31'Resources: microservicehttpendpointpython3: Type: 'AWS::Serverless::Function' Properties: Handler: lambda_function.lambda_handler CodeUri: . What commands can the Developer use to prepare and then deploy this template?

Run aws cloudformation package and then aws cloudformation deploy, as well as Run sam package and then sam deploy

A developer has created a Docker image and uploaded it to an Amazon Elastic Container Registry (ECR) repository. How can the developer pull the image to his workstation using the docker client?

Run aws ecr get-login-password use the output to login in then issue a docker pull command specifying the image name using registry/repository[:tag]

The source code for an application is stored in a file named index.js that is in a folder along with a template file that includes the following code: AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Resources: LambdaFunctionWithAPI: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs12.x What does a Developer need to do to prepare the template so it can be deployed using an AWS CLI command?

Run the aws cloudformation package command to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template

A Developer needs to create an instance profile for an Amazon EC2 instance using the AWS CLI. How can this be achieved?

Run the aws iam create-instance-profile command; Run the "aws ec2 associate-instance-profile" command; Run the "aws iam add-role-to-instance-profile" command

AWS CodeBuild builds code for an application, creates a Docker image, pushes the image to Amazon Elastic Container Registry (ECR), and tags the image with a unique identifier. If the Developers already have AWS CLI configured on their workstations, how can the Docker images be pulled to the workstations?

Run the output of the following: aws ecr get-login-password, and then run docker pull REPOSITORY URI : TAG

A company uses an Amazon EC2 web application with Amazon CloudFront to distribute content to its customers globally. The company requires that all traffic is encrypted between the customers and CloudFront, and CloudFront and the web application. What steps need to be taken to enforce this encryption?

Set the Origin Protocol Policy to "HTTPS Only" and Set the Viewer Protocol Policy to "HTTPS Only" or "Redirect HTTP to HTTPS"

A utilities company needs to ensure that documents uploaded by customers through a web portal are securely stored in Amazon S3 with encryption at rest. The company does not want to manage the security infrastructure in-house. However, the company still needs maintain control over its encryption keys due to industry regulations. Which encryption strategy should a Developer use to meet these requirements?

Server-side encryption with customer-provided encryption keys (SSE-C)

A Developer has deployed an application that runs on an Auto Scaling group of Amazon EC2 instances. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent. How can the Developer accomplish this?

Set ConsistentRead to true when calling GetItem

A company has a large Amazon DynamoDB table which they scan periodically so they can analyze several attributes. The scans are consuming a lot of provisioned throughput. What technique can a Developer use to minimize the impact of the scan on the table's provisioned throughput?

Set a smaller page size for the scan

A Developer needs to write some code to invoke an AWS Lambda function using the AWS Command Line Interface (CLI). Which option must be specified to cause the function to be invoked asynchronously?

Set the -invocation-type option to Event

An application runs on a fleet of Amazon EC2 instances in an Auto Scaling group. The application stores data in an Amazon DynamoDB table and all instances make updates to the table. When querying data, EC2 instances sometimes retrieve stale data. The Developer needs to update the application to ensure the most up-to-date data is retrieved for all queries. How can the Developer accomplish this?

Set the ConsistentRead parameter to true when calling GetItem.

A company uses Amazon SQS to decouple an online application that generates memes. The SQS consumers poll the queue regularly to keep throughput high and this is proving to be costly and resource intensive. A Developer has been asked to review the system and propose changes that can reduce costs and the number of empty responses. What would be the BEST approach to MINIMIZING cost?

Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds

A company is using Amazon CloudFront to provide low-latency access to a web application to its global users. The organization must encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application. How can these requirements be met?

Set the Origin Protocol Policy to "HTTPS Only" and Set the Viewer Protocol Policy to "HTTPS Only" or "Redirect HTTP to HTTPS"

An application component writes thousands of item-level changes to a DynamoDB table per day. The developer requires that a record is maintained of the items before they were modified. What MUST the developer do to retain this information?

Set the StreamViewType to OLD_IMAGE and Enable DynamoDB Streams for the table

A Developer is building a WebSocket API using Amazon API Gateway. The payload sent to this API is JSON that includes an action key which can have multiple values. The Developer must integrate with different routes based on the value of the action key of the incoming JSON payload. How can the Developer accomplish this task with the LEAST amount of configuration?

Set the value of the route selection expression to $request.body.action

An application will use AWS Lambda and an Amazon RDS database. The Developer needs to secure the database connection string and enable automatic rotation every 30 days. What is the SIMPLEST way to achieve this requirement?

Store a secret in AWS Secrets Manager and enable automatic rotation every 30 days

A serverless application uses an Amazon API Gateway and AWS Lambda. The application processes data submitted in a form by users of the application and certain data must be stored and available to subsequent function calls. What is the BEST solution for storing this data?

Store the data in an Amazon DynamoDB table

An AWS Lambda functions downloads a 50MB from an object storage system each time it is invoked. The download delays the function completion and causes intermittent timeouts which is slowing down the application. How can the application be refactored to resolve the timeout?

Store the file in the /tmp directory of the execution context and reuse it on subsequent invocations

A developer is creating a multi-tier web application. The front-end will place messages in an Amazon SQS queue for the back-end to process. Each job includes a file that is 1GB in size. What MUST the developer do to ensure this works as expected?

Store the large files in Amazon S3 and use the SQS Extended Client Library for Java to manage SQS messages

A company is creating a serverless application that uses AWS Lambda functions. The developer has written the code to initialize the AWS SDK outside of the Lambda handler function. What is PRIMARY benefit of this action?

Takes advantage of execution environment reuse.

An Auto Scaling Group (ASG) of Amazon EC2 instances is being created for processing messages from an Amazon SQS queue. To ensure the EC2 instances are cost-effective a Developer would like to configure the ASG to maintain aggregate CPU utilization at 70%. Which type of scaling policy should the Developer choose?

Target Tracking Scaling Policy

A Developer is deploying an application using Docker containers on Amazon ECS. One of the containers runs a database and should be placed on instances in the "databases" task group. What should the Developer use to control the placement of the database task?

Task Placement Constraint

A developer is building a Docker application on Amazon ECS that will use an Application Load Balancer (ALB). The developer needs to configure the port mapping between the host port and container port. Where is this setting configured?

Task definition

A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found. What is the BEST explanation for the duplicate entries?

The Lambda function failed, and the Lambda service retried the invocation with a delay

A company maintains a REST API service using Amazon API Gateway with native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API. What code updates will grant these new users' access to the API?

The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan

A Developer has added a Global Secondary Index (GSI) to an existing Amazon DynamoDB table. The GSI is used mainly for read operations whereas the primary table is extremely write-intensive. Recently, the Developer has noticed throttling occurring under heavy write activity on the primary table. However, the write capacity units on the primary table are not fully utilized. What is the best explanation for why the writes are being throttled on the primary table?

The write capacity units on the GSI are under provisioned

A Developer has created a task definition that includes the following JSON code: "placementConstraints": [ { "expression": "task:group == databases", "type": "memberOf" } ] What will be the effect for tasks using this task definition?

They will be placed on container instances in the "databases" task group

A Developer has created a task definition that includes the following JSON code: "placementConstraints": [ { "expression": "attribute:ecs.instance-type =~ t2.*", "type": "memberOf" } ] What will be the effect for tasks using this task definition?

They will be placed only on container instances using the T2 instance type

A company is migrating a stateful web service into the AWS cloud. The objective is to refactor the application to realize the benefits of cloud computing. How can the Developer leading the project refactor the application to enable more elasticity?

Use an Elastic Load Balancer and Auto Scaling Group, as well as Store the session state in an Amazon DynamoDB table

Data must be loaded into an application each week for analysis. The data is uploaded to an Amazon S3 bucket from several offices around the world. Latency is slowing the uploads and delaying the analytics job. What is the SIMPLEST way to improve upload times?

Upload using Amazon S3 Transfer Acceleration

An application exports documents to an Amazon S3 bucket. The data must be encrypted at rest and company policy mandates that encryption keys must be rotated annually. How can this be achieved automatically and with the LEAST effort?

Use AWS KMS keys with automatic rotation enabled

A Developer is storing sensitive documents in Amazon S3. The documents must be encrypted at rest and company policy mandates that the encryption keys must be rotated annually. What is the EASIEST way to achieve this?

Use AWS KMS with automatic key rotation

An application runs on a fleet of Amazon EC2 instances and stores data in a Microsoft SQL Server database hosted on Amazon RDS. The developer wants to avoid storing database connection credentials the application code. The developer would also like a solution that automatically rotates the credentials. What is the MOST secure way to store and access the database credentials?

Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed.

A company runs a booking system for a medical practice. The AWS SDK is used to communicate with between several AWS services. Due to compliance requirements, the security department has requested that a record is made of all API calls. How can this requirement be met?

Use Amazon CloudTrail to keep a history of API calls

A development team are creating a mobile application that customers will use to receive notifications and special offers. Users will not be required to log in. What is the MOST efficient method to grant users access to AWS resources?

Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources

A company has an application that provides access to objects in Amazon S3 based on the type of user. The user types are registered user and guest user. The company has 30,000 users. Information is read from an S3 bucket depending on the user type. Which approaches are recommended to provide access to both user types MOST efficiently?

Use Amazon Cognito to provide access using authenticated and unauthenticated roles, as well as Use the AWS IAM service and let the application assume different roles depending on the type of user.

A Developer is writing a web application that allows users to view images from an Amazon S3 bucket. The users will log in with their Amazon login, as well as Facebook and/or Google accounts. How can the Developer provide this authentication capability?

Use Amazon Cognito with web identity federation

A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table. What is the MOST secure approach the Developer should take to accomplish this task?

Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances

A Development team are creating a financial trading application. The application requires sub-millisecond latency for processing trading requests. Amazon DynamoDB is used to store the trading data. During load testing the Development team found that in periods of high utilization the latency is too high and read capacity must be significantly over-provisioned to avoid throttling. How can the Developers meet the latency requirements of the application?

Use Amazon DynamoDB Accelerator (DAX) to cache the data

A company manages an application that stores data in an Amazon DynamoDB table. The company need to keep a record of all new changes made to the DynamoDB table in another table within the same AWS region. What is the MOST suitable way to deliver this requirement?

Use Amazon DynamoDB streams

A Developer is designing a fault-tolerant environment where client sessions will be saved. How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?

Use Amazon DynamoDB to perform scalable session handling

A company needs to ingest several terabytes of data every hour from a large number of distributed sources. The messages are delivered continually 24 hrs a day. Messages must be delivered in real time for security analysis and live operational dashboards. Which approach will meet these requirements?

Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages

An application needs to read up to 100 items at a time from an Amazon DynamoDB. Each item is up to 100 KB in size and all attributes must be retrieved. What is the BEST way to minimize latency?

Use BatchGetItem

An application collects data from sensors in a manufacturing facility. The data is stored in an Amazon SQS Standard queue by an AWS Lambda function and an Amazon EC2 instance processes the data and stores it in an Amazon RedShift data warehouse. A fault in the sensors' software is causing occasional duplicate messages to be sent. Timestamps on the duplicate messages show they are generated within a few seconds of the primary message. How can a Developer prevent duplicate data being stored in the data warehouse?

Use a FIFO queue and configure the Lambda function to add a message deduplication token to the message body

A Developer is creating a serverless application. The application looks up information about a customer using a separate Lambda function for each item such as address and phone number. The Developer has created branches in AWS Step Functions for each lookup function. How can the Developer optimize the performance, so the lookups complete faster?

Use a Parallel state to iterate over all the branches parallel.

An Amazon ElastiCache cluster has been placed in front of a large Amazon RDS database. To reduce cost the ElastiCache cluster should only cache items that are actually requested. How should ElastiCache be optimized?

Use a lazy loading caching strategy

A Developer is creating a service on Amazon ECS and needs to ensure that each task is placed on a different container instance. How can this be achieved?

Use a task placement constraint

A Developer is creating a database solution using an Amazon ElastiCache caching layer. The solution must provide strong consistency to ensure that updates to product data are consistent between the backend database and the ElastiCache cache. Low latency performance is required for all items in the database. Which cache writing policy will satisfy these requirements?

Use a write-through caching strategy

A developer is creating a microservices application that includes and AWS Lambda function. The function generates a unique file for each execution and must commit the file to an AWS CodeCommit repository. How should the developer accomplish this?

Use an AWS SDK to instantiate a CodeCommit client. Invoke the PutFile method to add the file to the repository and execute a commit with CreateCommit.

A Developer is creating an AWS Lambda function that generates a new file each time it runs. Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account. How should the Developer accomplish this?

Use an AWS SDK to instantiate a CodeCommit client. Invoke the put_file method to add the file to the repository

A Developer manages a website running behind an Elastic Load Balancer in the us-east-1 region. The Developer has recently deployed an identical copy of the website in us-west-1 and needs to send 20% of the traffic to the new site. How can the Developer achieve this requirement?

Use an Amazon Route 53 Weighted Routing Policy

A Development team is creating a microservices application running on Amazon ECS. The release process workflow of the application requires a manual approval step before the code is deployed into the production environment.What is the BEST way to achieve this using AWS CodePipeline?

Use an approval action in a stage before deployment

A development team manage a high-traffic e-Commerce site with dynamic pricing that is updated in real-time. There have been incidents where multiple updates occur simultaneously and cause an original editor's updates to be overwritten. How can the developers ensure that overwriting does not occur?

Use conditional writes

A Developer is writing code to run in a cron job on an Amazon EC2 instance that sends status information about the application to Amazon CloudWatch. Which method should the Developer use?

Use the AWS CLI put-metric-data command.

A Java based application generates email notifications to customers using Amazon SNS. The emails must contain links to access data in a secured Amazon S3 bucket. What is the SIMPLEST way to maintain security of the bucket whilst allowing the customers to access specific objects?

Use the AWS SDK for Java with GeneratePresignedUrlRequest to create a presigned URL

A Developer received the following error when attempting to launch an Amazon EC2 instance using the AWS CLI. An error occurred (UnauthorizedOperation) when calling the RunInstances operation: You are not authorized to perform this operation. Encoded authorization failure message: VNVaHFdCohROkbyT_rIXoRyNTp7vXFJCqnGiwPuyKnsSVf-WSSGK_06H3vKnrkUa3qx5D40hqj9HEG8kznr04Acmi6lvc8m51tfqtsomFSDylK15x96ZrxMW7MjDJLrMkM0BasPvy8ixo1wi6X2b0C-J1ThyWU9IcrGd7WbaRDOiGbBhJtKs1z01WSn2rVa5_7sr5PwEK-ARrC9y5Pl54pmeF6wh7QhSv2pFO0y39WVBajL2GmByFmQ4p8s-6Lcgxy23b4NJdJwWOF4QGxK9HcKof1VTVZ2oIpsI-dH6_0t2DI0BTwaIgmaT7ldontI1p7OGz-3wPgXm67x2NVNgaK63zPxjYNbpl32QuXLKUKNlB9DdkSdoLvsuFIvf-lQOXLPHnZKCWMqrkI87eqKHYpYKyV5c11TIZTAJ3MntTGO_TJ4U9ySYvTzU2LgswYOtKF_O76-13fryGG5dhgOW5NxwCWBj6WT2NSJvqOeLykAFjR_ET4lM6Dl1XYfQITWCqIzlvlQdLmHJ1jqjp4gW56VcQCdqozLv2UAg8IdrZIXd0OJ047RQcvvN1IyZN0ElL7dR6RzAAQrftoKMRhZQng6THZs8PZM6wep6-yInzwfg8J5_FW6G_PwYqO-4VunVtJSTzM_F_8kojGlRmzqy7eCk5or__bIisUoslw What action should the Developer perform to make this error more human-readable?

Use the AWS STS decode-authorization-message API to decode the message

A serverless application is used to process customer information and outputs a JSON file to an Amazon S3 bucket. AWS Lambda is used for processing the data. The data is sensitive and should be encrypted. How can a Developer modify the Lambda function to ensure the data is encrypted before it is uploaded to the S3 bucket?

Use the GenerateDataKey API, then use the data key to encrypt the file using the Lambda code

An application scans an Amazon DynamoDB table once per day to produce a report. The scan is performed in non-peak hours when production usage uses around 50% of the provisioned throughput. How can you MINIMIZE the time it takes to produce the report without affecting production workloads?

Use the Limit parameter and Use a Parallel Scan API operation

An application uses an Amazon DynamoDB table that is 50 GB in size and provisioned with 10,000 read capacity units (RCUs) per second. The table must be scanned during non-peak hours when normal traffic consumes around 5,000 RCUs. The Developer must scan the whole table in the shortest possible time whilst ensuring the normal workload is not affected. How would the Developer optimize this scan cost-effectively?

Use the Parallel Scan API operation and limit the rate.

A developer is planning to launch as serverless application composed of AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. What is the EASIEST way to deploy the application using simple syntax?

Use the Serverless Application Model

The manager of a development team is setting up a shared S3 bucket for team members. The manager would like to use a single policy to allow each user to have access to their objects in the S3 bucket. Which feature can be used to generalize the policy?

Variable

A web application runs on a fleet of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). A developer needs a store for session data so it can be reliably served across multiple requests. Where is the best place to store the session data?

Write the data to an Amazon ElastiCache cluster.

A Developer needs to update an Amazon ECS application that was deployed using AWS CodeDeploy. What file does the Developer need to update to push the change through CodeDeploy?

appspec.yml

A serverless application uses an IAM role to authenticate and authorize access to an Amazon DynamoDB table. A Developer is troubleshooting access issues affecting the application. The Developer has access to the IAM role that the application is using. Which of the following commands will help the Developer to test the role permissions using the AWS CLI?

aws sts assume-role

A Developer is migrating Docker containers to Amazon ECS. A large number of containers will be deployed onto an existing ECS cluster that uses container instances of different instance types. Which task placement strategy can be used to minimize the number of container instances used based on available memory?

binpack

A large quantity of sensitive data must be encrypted. A Developer will use a custom CMK to generate the encryption key. What API action must be added to the key policy?

kms:GenerateDataKey

A company is planning to use AWS CodeDeploy to deploy a new AWS Lambda function. What are the MINIMUM properties required in the 'resources' section of the AppSpec file for CodeDeploy to deploy the function successfully?

name, alias, currentversion, and targetversion

A Developer is migrating Docker containers to Amazon ECS. A large number of containers will be deployed across some newly deployed ECS containers instances using the same instance type. High availability is provided within the microservices architecture. Which task placement strategy requires the LEAST configuration for this scenario?

random

A developer has created a YAML template file that includes the following header: 'AWS::Serverless-2016-10-31'. Which commands should the developer use to deploy the application?

sam package and sam deploy

A developer has deployed an application on an Amazon EC2 instance in a private subnet within a VPC. The subnet does not have Internet connectivity. The developer would like to write application logs to an Amazon S3 bucket. What MUST be configured to enable connectivity?

A VPC endpoint should be provisioned for S3

A Development team wants to run their container workloads on Amazon ECS. Each application container needs to share data with another container to collect logs and metrics. What should the Development team do to meet these requirements?

Create one task definition. Specify both containers in the definition. Mount a shared volume between those two containers

A serverless application uses an AWS Lambda function to process Amazon S3 events. The Lambda function executes 20 times per second and takes 20 seconds to complete each execution. How many concurrent executions will the Lambda function require?

400

Users of an application using Amazon API Gateway, AWS Lambda and Amazon DynamoDB have reported errors when using the application. Which metrics should a Developer monitor in Amazon CloudWatch to determine the number of client-side and server-side errors?

4XXError and 5XXError

A Development team would use a GitHub repository and would like to migrate their application code to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

A set of Git credentials generated with IAM

A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

A set of credentials generated from IAM

An application is hosted in AWS Elastic Beanstalk and is connected to a database running on Amazon RDS MySQL. A Developer needs to instrument the application to trace database queries and calls to downstream services using AWS X-Ray. How can the Developer enable tracing for the application?

Add a .ebextensions/xray-daemon.config file to the source code to enable the X-Ray daemon

A Development team is involved with migrating an on-premises MySQL database to Amazon RDS. The database usage is very read-heavy. The Development team wants re-factor the application code to achieve optimum read performance for queries. How can this objective be met?

Add a connection string to use an Amazon RDS read replica for read queries

A developer is using AWS CodeBuild to build an application into a Docker image. The buildspec file is used to run the application build. The developer needs to push the Docker image to an Amazon ECR repository only upon the successful completion of each build.

Add a post_build phase to the buildspec file that uses the commands block to push the Docker image.

An application will be hosted on the AWS Cloud. Developers will be using an Agile software development methodology with regular updates deployed through a continuous integration and delivery (CI/CD) model. Which AWS service can assist the Developers with automating the build, test, and deploy phases of the release process every time there is a code change?

AWS CodePipeline

An AWS Lambda function authenticates to an external web site using a regularly rotated user name and password. The credentials need to be stored securely and must not be stored in the function code. What combination of AWS services can be used to achieve this requirement?

AWS Systems Manager Parameter Store and AWS Key Management Store (KMS)

A developer created an operational dashboard for a serverless application using Amazon API Gateway, AWS Lambda, Amazon S3, and Amazon DynamoDB. Users will connect to the dashboard from a variety of mobile applications, desktops and tablets. The developer needs an authentication mechanism that can allow users to sign-in and will remember the devices users sign in from and suppress the second factor of authentication for remembered devices. Which AWS service should the developer use to support this scenario?

Amazon Cognito

A Development team are currently creating a new application that uses a microservices design pattern and runs on Docker containers. The team would like to run the platform on AWS using a managed platform. They want minimize management overhead for the platform. Which service should the Development team use?

Amazon ECS with Fargate launch type

A company runs many microservices applications that use Docker containers. The company are planning to migrate the containers to Amazon ECS. The workloads are highly variable and therefore the company prefers to be charged per running task. Which solution is the BEST fit for the company's requirements?

Amazon ECS with the Fargate launch type

An application uses an Amazon RDS database. The company requires that the performance of database reads is improved, and they want to add a caching layer in front of the database. The cached data must be encrypted, and the solution must be highly available. Which solution will meet these requirements?

Amazon ElastiCache for Redis in cluster mode.

An application on-premises uses Linux servers and a relational database using PostgreSQL. The company will be migrating the application to AWS and require a managed service that will take care of capacity provisioning, load balancing, and auto-scaling. Which combination of services should the Developer use?

Amazon RDS with PostrgreSQL and AWS Elastic Beanstalk

A Developer has been tasked by a client to create an application. The client has provided the following requirements for the application: -Performance efficiency of seconds with up to a minute of latency -Data storage requirements will be up to thousands of terabytes -Per-message sizes may vary between 100 KB and 100 MB -Data can be stored as key/value stores supporting eventual consistency What is the MOST cost-effective AWS service to meet these requirements?

Amazon S3

An application needs to generate SMS text messages and emails for a large number of subscribers. Which AWS service can be used to send these messages to customers?

Amazon SNS

A customer requires a serverless application with an API which mobile clients will use. The API will have both and AWS Lambda function and an Amazon DynamoDB table as data sources. Responses that are sent to the mobile clients must contain data that is aggregated from both of these data sources. The developer must minimize the number of API endpoints and must minimize the number of API calls that are required to retrieve the necessary data. Which solution should the developer use to meet these requirements?

GraphQL API on AWS AppSync

A Developer is deploying an AWS Lambda update using AWS CodeDeploy. In the appspec.yaml file, which of the following is a valid structure for the order of hooks that should be specified?

BeforeAllowTraffic > AfterAllowTraffic

A Developer is setting up a code update to Amazon ECS using AWS CodeDeploy. The Developer needs to complete the code update quickly. Which of the following deployment types should the Developer use?

Blue/green

A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process. Which DynamoDB write option should be selected to prevent this overwriting?

Conditional writes

A developer is troubleshooting problems with a Lambda function that is invoked by Amazon SNS and repeatedly fails. How can the developer save discarded events for further processing?

Configure a Dead Letter Queue (DLQ)

A critical application runs on an Amazon EC2 instance. A Developer has configured a custom Amazon CloudWatch metric that monitors application availability with a data granularity of 1 second. The Developer must be notified within 30 seconds if the application experiences any issues. What should the Developer do to meet this requirement?

Configure a high-resolution CloudWatch alarm and use Amazon SNS to send the alert.

An application asynchronously invokes an AWS Lambda function. The application has recently been experiencing occasional errors that result in failed invocations. A developer wants to store the messages that resulted in failed invocations such that the application can automatically retry processing them. What should the developer do to accomplish this goal with the LEAST operational overhead?

Configure a redrive policy on an Amazon SQS queue. Set the dead-letter queue as an event source to the Lambda function.

A developer must identify the public IP addresses of clients connecting to Amazon EC2 instances behind a public Application Load Balancer (ALB). The EC2 instances run an HTTP server that logs all requests to a log file. How can the developer ensure the client public IP addresses are captured in the log files on the EC2 instances?

Configure the HTTP server to add the x-forwarded-for request header to the logs.

A website is deployed in several AWS regions. A Developer needs to direct global users to the website that provides the best performance. How can the Developer achieve this?

Create A records in AWS Route 53 and use a latency-based routing policy

An application serves customers in several different geographical regions. Information about the location users connect from is written to logs stored in Amazon CloudWatch Logs. The company needs to publish an Amazon CloudWatch custom metric that tracks connections for each location. Which approach will meet these requirements?

Create a CloudWatch metric filter to extract metrics from the log files with location as a dimension.

A Developer is deploying an application using Docker containers running on the Amazon Elastic Container Service (ECS). The Developer is testing application latency and wants to capture trace information between the microservices. Which solution will meet these requirements?

Create a Docker image that runs the X-Ray daemon, upload it to a Docker image repository, and then deploy it to the Amazon ECS cluster.

A company runs a legacy application that uses an XML-based SOAP interface. The company needs to expose the functionality of the service to external customers and plans to use Amazon API Gateway. How can a Developer configure the integration?

Create a RESTful API using Amazon API Gateway. Transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.

A Developer is writing an imaging microservice on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment. Which strategy should the Developer follow to create the Lambda deployment package?

Create a ZIP file with the source code and all dependent libraries

A Developer is configuring an Amazon ECS Service with Auto Scaling. The tasks should scale based on user load in the previous 20 seconds. How can the Developer enable the scaling?

Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 10 seconds

A Developer is developing a web application and will maintain separate sets of resources for the alpha, beta, and release stages. Each version runs on Amazon EC2 and uses an Elastic Load Balancer. How can the Developer create a single page to view and manage all of the resources?

Create a resource group

A developer is planning to use a Lambda function to process incoming requests from an Application Load Balancer (ALB). How can this be achieved?

Create a target group and register the Lambda function using the AWS CLI

A company is deploying a static website hosted from an Amazon S3 bucket. The website must support encryption in-transit for website visitors. Which combination of actions must the Developer take to meet this requirement?

Create an Amazon CloudFront distribution. Set the S3 bucket as an origin and Configure an Amazon CloudFront distribution with an SSL/TLS certificate.

A Developer is writing a serverless application that will process data uploaded to a file share. The Developer has created an AWS Lambda function and requires the function to be invoked every 15 minutes to process the data. What is an automated and serverless way to trigger the function?

Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function

A company has implemented AWS CodePipeline to automate its release pipelines. The Development team is writing an AWS Lambda function that will send notifications for state changes of each of the actions in the stages. Which steps must be taken to associate the Lambda function with the event source?

Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source

There are multiple AWS accounts across multiple regions managed by a company. The operations team require a single operational dashboard that displays some key performance metrics from these accounts and regions. What is the SIMPLEST solution?

Create an Amazon CloudWatch cross-account cross-region dashboard

A Developer is building a three-tier web application that must be able to handle a minimum of 10,000 requests per minute. The requirements state that the web tier should be completely stateless while the application maintains session state data for users. How can the session state data be maintained externally, whilst keeping latency at the LOWEST possible value?

Create an Amazon ElastiCache Redis cluster, then implement session handling at the application level to leverage the cluster for session data storage

A company is deploying an on-premise application server that will connect to several AWS services. What is the BEST way to provide the application server with permissions to authenticate to AWS services?

Create an IAM user and generate access keys. Create a credentials file on the application server

A developer needs use the attribute of an Amazon S3 object that uniquely identifies the object in a bucket. Which of the following represents an Object Key?

Development/Projects.xls

An application is deployed using AWS Elastic Beanstalk and uses a Classic Load Balancer (CLB). A developer is performing a blue/green migration to change to an Application Load Balancer (ALB). After deployment, the developer has noticed that customers connecting to the ALB need to re-authenticate every time they connect. Normally they would only authenticate once and then be able to reconnect without re-authenticating for several hours. How can the developer resolve this issue?

Enable Sticky Sessions on the target group

A Developer has recently created an application that uses an AWS Lambda function, an Amazon DynamoDB table, and also sends notifications using Amazon SNS. The application is not working as expected and the Developer needs to analyze what is happening across all components of the application. What is the BEST way to analyze the issue?

Enable X-Ray tracing for the Lambda function

A company manages a web application that is deployed on AWS Elastic Beanstalk. A Developer has been instructed to update to a new version of the application code. There is no tolerance for downtime if the update fails and rollback should be fast. What is the SAFEST deployment method to use?

Immutable

A new AWS Lambda function processes data and sends it to another service. The data is around 1 MB in size. A developer has been asked to update the function so it encrypts the data before sending it on to the other service. Which API call is required to perform the encryption?

Issue the AWS KMS GenerateDataKey API to return an encryption key.

A Developer has created a task definition that includes the following JSON code: "placementStrategy": [ { "field": "attribute:ecs.availability-zone", "type": "spread" }, { "field": "instanceId", "type": "spread" } ] What is the effect of this task placement strategy?

It distributes tasks evenly across Availability Zones and then distributes tasks evenly across the instances within each Availability Zone

A Developer is creating a new web application that will be deployed using AWS Elastic Beanstalk from the AWS Management Console. The Developer is about to create a source bundle which will be uploaded using the console. Which of the following are valid requirements for creating the source bundle?

Must not include a parent folder or top-level directory and Must not exceed 512 MB.

A Development team need to push an update to an application that is running on AWS Elastic Beanstalk. The business SLA states that the application must maintain full performance capabilities during updates whilst minimizing cost. Which Elastic Beanstalk deployment policy should the development team select?

Rolling with additional batch

A Developer needs to manage AWS services from a local development server using the AWS CLI. How can the Developer ensure that the CLI uses their IAM permissions?

Run the aws configure command and provide the Developer's IAM access key ID and secret access key

A company needs to store sensitive documents on Amazon S3. The documents should be encrypted in transit using SSL/TLS and then be encrypted for storage at the destination. The company do not want to manage any of the encryption infrastructure or customer master keys and require the most cost-effective solution. What is the MOST suitable option to encrypt the data?

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

To reduce the cost of API actions performed on an Amazon SQS queue, a Developer has decided to implement long polling. Which of the following modifications should the Developer make to the API actions?

Set the ReceiveMessage API with a WaitTimeSeconds of 20

A Developer will be launching several Docker containers on a new Amazon ECS cluster using the EC2 Launch Type. The containers will all run a web service on port 80. What is the EASIEST way the Developer can configure the task definition to ensure the web services run correctly and there are no port conflicts on the host instances?

Specify port 80 for the container port and port 0 for the host port

A Developer is creating an application that will process some data and generate an image file from it. The application will use an AWS Lambda function which will require 150 MB of temporary storage while executing. The temporary files will not be needed after the function execution is completed. What is the best location for the Developer to store the files?

Store the files in the /tmp directory and delete the files when the execution completes

An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience. What is the best option to store the session state?

Store the session state in Amazon ElastiCache

A Developer is creating an application and would like add AWS X-Ray to trace user requests end-to-end through the software stack. The Developer has implemented the changes and tested the application and the traces are successfully sent to X-Ray. The Developer then deployed the application on an Amazon EC2 instance, and noticed that the traces are not being sent to X-Ray. What is the most likely cause of this issue?

The instance's instance profile role does not have permission to upload trace data to X-Ray and The X-Ray daemon is not installed on the EC2 instance.

A Developer is building an application that will store data relating to financial transactions in multiple DynamoDB tables. The Developer needs to ensure the transactions provide atomicity, isolation, and durability (ACID) and that changes are committed following an all-or nothing paradigm. What write API should be used for the DynamoDB table?

Transactional

An application must be refactored for the cloud. The application data is stored in an Amazon DynamoDB table and is processed by a Lambda function which prepares the data for analytics. The data processing currently takes place once a day, but the data analysts require it to be performed in near-real time. Which architecture pattern could be used to enable the data to be processed as it is received?

Use an event-driven architecture.

A Developer has created an Amazon S3 bucket and uploaded some objects that will be used for a publicly available static website. What steps MUST be performed to configure the bucket as a static website?

Upload an index document and enter the name of the index document when enabling static website hosting and Enable public access and grant everyone the s3:GetObject permissions

A Developer has used a third-party tool to build, bundle, and package a software package on-premises. The software package is stored in a local file system and must be deployed to Amazon EC2 instances. How can the application be deployed onto the EC2 instances?

Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.

A company is using Amazon API Gateway to manage access to a set of microservices implemented as AWS Lambda functions. The company has made some minor changes to one of the APIs. The company wishes to give existing customers using the API up to 6 months to migrate from version 1 to version 2. What approach should a Developer use to implement the change?

Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL

A company has three different environments: Development, QA, and Production. The company wants to deploy its code first in the Development environment, then QA, and then Production. Which AWS service can be used to meet this requirement?

Use AWS CodeDeploy to create multiple deployment groups

A Developer attempted to run an AWS CodeBuild project, and received an error. The error stated that the length of all environment variables exceeds the limit for the combined maximum of characters. What is the recommended solution?

Use AWS Systems Manager Parameter Store to store large numbers of environment variables

A static website that serves a collection of images runs from an Amazon S3 bucket in the us-east-1 region. The website is gaining in popularity and is now being viewed around the world. How can a Developer improve the performance of the website for global users?

Use Amazon CloudFront to cache the website content

An organization developed an application that uses a set of APIs that are being served through Amazon API Gateway. The API calls must be authenticated based on OpenID identity providers such as Amazon, Google, or Facebook. The APIs should allow access based on a custom authorization model.Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?

Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens

A Developer is designing a fault-tolerant application that will use Amazon EC2 instances and an Elastic Load Balancer. The Developer needs to ensure that if an EC2 instance fails session data is not lost. How can this be achieved?

Use Amazon DynamoDB to perform scalable session handling

An application requires an in-memory caching engine. The cache should provide high availability as repopulating data is expensive. How can this requirement be met?

Use Amazon ElastiCache Redis with replicas

A company is workflow using an AWS Step Functions state machine. When testing the state machine errors were experienced in the Step Functions task state machine. To troubleshoot the issue a developer requires that the state input be included along with the error message in the state output. Which coding practice can preserve both the original input and the error for the state?

Use ResultPath in a Catch statement to include the original input with the error.

A company is deploying a microservices application on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize. How should the environment variables be passed to the container?

Use advanced container definition parameters and define environment variables under the environment parameter within the task definition.

A Developer is creating a web application that will be used by employees working from home. The company uses a SAML directory on-premises for storing user information. The Developer must integrate with the SAML directory and authorize each employee to access only their own data when using the application. Which approach should the Developer take?

Use an Amazon Cognito identity pool, federate with the SAML provider, and use a trust policy with an IAM condition key to limit employee access.

An AWS Lambda function has been packaged for deployment to multiple environments including development, test, and production. The Lambda function uses an Amazon RDS MySQL database for storing data. Each environment has a different RDS MySQL database. How can a Developer configure the Lambda function package to ensure the correct database connection string is used for each environment?

Use environment variables for the database connection strings

A developer has deployed an application on AWS Lambda. The application uses Python and must generate and then upload a file to an Amazon S3 bucket. The developer must implement the upload functionality with the least possible change to the application code. Which solution BEST meets these requirements?

Use the AWS SDK for Python that is installed in the Lambda execution environment.

A company uses Amazon DynamoDB to store sensitive data that must be encrypted. The company security policy mandates that data must be encrypted before it is submitted to DynamoDB How can a Developer meet these requirements?

Use the DynamoDB Encryption Client to enable end-to-end protection using client-side encryption.

A decoupled application is using an Amazon SQS queue. The processing layer that is retrieving messages from the queue is not able to keep up with the number of messages being placed in the queue. What is the FIRST step the developer should take to increase the number of messages the application receives?

Use the ReceiveMessage API to retrieve up to 10 messages at a time

A Developer is deploying an application in a microservices architecture on Amazon ECS. The Developer needs to choose the best task placement strategy to MINIMIZE the number of instances that are used. Which task placement strategy should be used?

binpack


Related study sets

Spanish: Unit:5 Unit Test "A estudiar Unit Test "

View Set

Geography- Phys Geography of the Middle East

View Set

Chapter 8: Other Income/Adjustments

View Set

Exam 2: Blood, Heart & Blood Vessels

View Set