QUESTION 1
A developer needs to store files in an Amazon S3 bucket for a company’s application. Each S3 object can have multiple versions. The objects must be permanently removed 1 year after object creation. The developer creates an S3 bucket that has versioning enabled. What should the developer do next to meet the data retention requirements?
A. Create an S3 Lifecycle rule on the S3 bucket. Configure the rule to expire current versions of objects and permanently delete noncurrent versions 1 year after object creation.
B. Create an event notification for all object creation events in the S3 bucket. Configure the event notification to invoke an AWS Lambda function. Program the Lambda function to check the object creation date and to delete the object if the object is older than 1 year.
C. Create an event notification for all object removal events in the S3 bucket. Configure the event notification to invoke an AWS Lambda function. Program the Lambda function to check the object creation date and to delete the object if the object is older than 1 year.
D. Create an S3 Lifecycle rule on the S3 bucket. Configure the rule to delete expired object delete markers and permanently delete noncurrent versions 1 year after object creation.
Correct Answer: A
QUESTION 2
A developer created a Node.js-based AWS Lambda function by using a container image of an AWS OS-only base image. There is a new security patch for Node.js that must be patched to the new Lambda function. Which solution will meet this requirement?
A. Set the runtime update mode of the Lambda function to Auto.
B. Patch the runtime version by redeploying the same version of the Lambda function.
C. Rebuild the Lambda container code with the latest version of the AWS OS base image. Publish a new version of the Lambda function.
D. Rebuild the Lambda container code with the latest Node.js patch version. Publish a new version of Lambda function.
Correct Answer: D
QUESTION 3
A developer is working on an AWS Lambda function. The developer notices that the Lambda function’s logs do not appear in Amazon CloudWatch Logs. How should the developer resolve this issue?
A. Bundle the latest runtime version library with the Lambda function code. Redeploy the Lambda function.
B. Configure the security group settings of the Lambda function to grant access to CloudWatch.
C. Increase the memory of the Lambda function.
D. Update the Lambda function execution role with appropriate permission to write logs to CloudWatch Logs.
Correct Answer: D
QUESTION 4
A developer updates an AWS Lambda function that an Amazon API Gateway API uses. The API is the backend for a web application. The developer needs to test the updated Lambda function before deploying the Lambda function to production . The testing must not affect any production users of the web application. Which solution will meet these requirements in the MOST operationally efficient way?
A. Create a canary release deployment for the existing API stage. Deploy the API to the existing stage. Test the updated Lambda function by using the existing URL.
B. Update the API Gateway API endpoint type to private. Deploy the changes to the existing API stage. Test the API by using the existing URL.
C. Create a new test API stage in API Gateway. Add stage variables to deploy the updated Lambda function to only the test stage. Test the updated Lambda function by using the new stage URL.
D. Create a new AWS CloudFormation stack to deploy a copy of the entire production API and Lambda function. Use the stack’s API URL to test the updated Lambda function.
Correct Answer: C
QUESTION 5
A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit. Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Select TWO.)
A. Restrict viewer access by using signed URLs.
B. Set the Origin Protocol Policy setting to Match Viewer.
C. Enable field-level encryption.
D. Enable automatic object compression.
E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
Correct Answer: BE
QUESTION 6
A developer created an AWS Lambda function to process data in an application. The function pulls large objects from an Amazon S3 bucket, processes the data, and loads the processed data into a second S3 bucket. Application users have reported slow response times. The developer checks the logs and finds that Lambda function invocations run much slower than expected. The function itself is simple and has a small deployment package. The function initializes quickly. The developer needs to improve the performance of the application. Which solution will meet this requirement with the LEAST operational overhead?
A. Store the data in an Amazon EFS file system. Mount the file system to a local directory in the function.
B. Create an Amazon EventBridge rule to schedule invocations of the function every minute.
C. Configure the function to use ephemeral storage. Upload the objects and process data in the /tmp directory.
D. Create a Lambda layer to package the function dependencies. Add the layer to the function.
Correct Answer: C
QUESTION 7
A developer uses AWS CloudFormation to deploy an Amazon API Gateway API and an AWS Step Functions state machine. The state machine must reference the API Gateway API after the CloudFormation template is deployed. The developer needs a solution that uses the state machine to reference the API Gateway endpoint. Which solution will meet these requirements MOST cost-effectively?
A. Configure the CloudFormation template to reference the API endpoint in the DefinitionSubstitutions property for the AWS::StepFunctions::StateMachine resource.
B. Configure the CloudFormation template to store the API endpoint in an environment variable for the AWS::StepFunctions::StateMachine resource. Configure the state machine to reference the environment variable.
C. Configure the CloudFormation template to store the API endpoint in a standard AWS::SecretsManager::Secret resource. Configure the state machine to resource.Creference the resource.
D. Configure the CloudFormation template to store the API endpoint in a standard AWS::AppConfig::ConfigurationProfile resource. Configure the state machine to reference the resource.
Correct Answer: A
QUESTION 8
A company has many microservices that are comprised of AWS Lambda functions. Multiple teams within the company split ownership of the microservices. An application reads configuration values from environment variables that are contained in the Lambda functions. During a security audit, the company discovers that some of the environment variables contain sensitive information. The company’s security policy requires each team to have full control over the rotation of AWS KMS keys that the team uses for its respective microservices. Which solution will meet these requirements?
A. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:Decrypt permissions to the Lambda function execution roles.
B. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:Decrypt permission to the Lambda function execution roles.
C. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.
D. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.
Correct Answer: B
QUESTION 9
A company runs its website on AWS. The company posts daily polls on its website and publishes the poll results next day. The website stores user responses in an Amazon DynamoDB table. After the poll results are published, the company does not need to keep the user responses. A developer needs to implement a solution that will automatically remove old user responses from the DynamoDB table. The developer adds a new expiration_date attribute to the DynamoDB table. The developer plans to use the expiration_date attribute for the automation. Which solution will meet these requirements with the LEAST development effort?
A. Create an AWS Lambda function to delete old user responses based on the expiration_date attribute. Create an Amazon EventBridge schedule to run the Lambda function daily.
B. Create an AWS Fargate task in Amazon ECS to delete old user responses based on the expiration_date attribute. Create an Amazon EventBridge schedule to run the Fargate task daily.
C. Create an AWS Glue job to delete old user responses based on the expiration_date attribute. Create an AWS Glue trigger schedule to run the job daily.
D. Enable TTL on the DynamoDB table and specify the expiration_date attribute. Expire old user responses by using DynamoDB TTL.
Correct Answer: D
QUESTION 10
A company has a website that is developed in PHP and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible. What deployment method should be used?
A. All at once
B. Rolling
C. Snapshots
D. Immutable
Correct Answer: D
QUESTION 11
A developer is setting up AWS CodePipeline for a new application. During each build, the developer must generate a test report. Which solution will meet this requirement?
A. Create an AWS CodeBuild build project that runs tests. Configure the buildspec file with the test report information.
B. Create an AWS CodeDeploy deployment that runs tests. Configure the AppSpec file with the test report information.
C. Run the builds on an Amazon EC2 instance that has AWS Systems Manager Agent (SSM Agent) installed and activated.
D. Create a repository in AWS CodeArtifact. Select the test report template.
Correct Answer: A
QUESTION 12
A company has point-of-sale devices across thousands of retail shops that synchronize sales transactions with a centralized system. The system includes an Amazon API Gateway API that exposes an AWS Lambda function. The Lambda function processes the transactions and stores the transactions in Amazon RDS for MySQL. The number of transactions increases rapidly during the day and is near zero at night. How can a developer increase the elasticity of the system MOST cost-effectively?
A. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale read replicas based on CPU consumption.
B. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale read replicas based on the number of database connections.
C. Create an Amazon SQS queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Turn on enhanced fanout for the Lambda function.
D. Create an Amazon SQS queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Set the reserved concurrency of the Lambda function to be less than the number of database connections.
Correct Answer: C
QUESTION 13
A developer created a Lambda function for a web application backend. When testing the Lambda function from the AWS Lambda console, the developer can see that the function is being run, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes. What could cause this situation?
A. The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs.
B. The Lambda function is missing CloudWatch Logs as a source trigger to send log data.
C. The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.
D. The Lambda function is missing a target CloudWatch Log group.
Correct Answer: A
QUESTION 14
A developer built a serverless application that processes medical images. The images are often more than 1 GB in size. Users upload all the images directly to an Amazon S3 bucket for processing. The application has users throughout the world, and most users are geographically far away from the AWS Region that runs the application. Users are experiencing long wait times when they upload large images. The developer must create a solution to minimize the latency that users experience when they upload images to Amazon S3. Which solution will produce the HIGHEST throughput?
A. Configure S3 Transfer Acceleration on the S3 bucket.
B. Configure an Amazon CloudFront distribution with the S3 endpoint as the origin.
C. Configure Amazon ElastiCache on the S3 bucket.
D. Configure AWS Global Accelerator on the S3 bucket.
Correct Answer: A
QUESTION 15
A developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group. The developer wants to externalize the session state to support the application. Which AWS services or resources can the developer use to meet these requirements? (Select TWO.)
A. Amazon DynamoDB
B. Amazon Cognito
C. Amazon ElastiCache
D. Application Load Balancer
E. Amazon SQS
Correct Answer: AC
QUESTION 16
A developer maintains a serverless application that uses an Amazon API Gateway REST API to invoke an AWS Lambda function by using a non-proxy integration. The Lambda function returns data, which is stored in Amazon DynamoDB. Several application users begin to receive intermittent errors from the API. The developer examines Amazon CloudWatch Logs for the Lambda function and discovers several ProvisionedThroughputExceededException errors. The developer needs to resolve the errors and ensure that the errors do not reoccur. Which solution will meet these requirements?
A. Use provisioned capacity mode for the DynamoDB table, and assign sufficient capacity units. Configure the Lambda function to retry requests with exponential backoff.
B. Update the REST API to send requests on an Amazon SQS queue. Configure the Lambda function to process requests tom the queue.
C. Configure a usage plan for the REST API.
D. Update the REST API to invoke the Lambda function asynchronously.
Correct Answer: D
QUESTION 17
A company runs a critical application on AWS. The application uses credentials to access an Amazon RDS database. As part of a risk assessment to analyze security vulnerabilities, the company found that database credentials are not frequently rotated. A developer needs to implement a solution that securely stores and rotates the credentials. The solution must not expose the credentials to anyone who should not have access to the credentials. Which solution will meet these requirements?
A. Configure AWS Secrets Manager to store the database credentials. Schedule managed rotation for Secrets Manager secrets.
B. Configure the Systems Manager parameters with an AWS KMS AWS managed key to encrypt the database credentials at rest. Create an AWS Lambda function to rotate the KMSs key. Set up an Amazon EventBridge rule to invoke the Lambda function on a schedule.
C. Configure an Amazon S3 bucket with S3 Bucket Keys for server-side encryption with AWS KMS keys (SSE-KMS) to store the database credentials.
D. Configure the Systems Manager parameters with an AWS KMS customer managed key to encrypt the database credentials at rest. Create an AWS Lambda function to periodically rotate the KMS. Use a cron expression to invoke the Lambda function on a schedule.
Correct Answer: A
QUESTION 18
A developer is using an AWS account to build an application that stores files in an Amazon S3 bucket. Files must be encrypted at rest by AWS KMS keys. A second Aws account must have access to read files from the bucket. The developer wants to minimize operational overhead for the application. Which combination of solutions will meet these requirements? (Select TWO.)
A. Use a customer managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.
B. Use an AWS managed key to encrypt the files. Create a key policy that grants kms:Decrypt permissions to the second AWS account.
C. Create a service control policy (SCP) that grants s3:GetObject permissions to the second AWS account.
D. Create a bucket policy for the S3 bucket that grants s3:GetObject permissions to the second AWS account.
E. Create a gateway endpoint for the S3 bucket. Modify the endpoint policy to grant s3:GetObject permissions to the second AWS account.
Correct Answer: AD
QUESTION 19
A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources. What is the MOST secure solution that the developer can implement to allow access for guest users?
A. Use an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to an unauthenticated role that has access to the required resources.
B. Set up an IAM user that has permissions to the required resources. Hardcode the IAM credentials in the web and mobile application.
C. Generate temporary keys that are stored in AWS KMS. Use the temporary keys to access the required resources.
D. Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use the temporary credentials to access the required resources.
Correct Answer: A
QUESTION 20
A company has an application that consists of different microservices that run inside an AWS account. The microservices are running in containers inside a single VPC. The number of microservices is constantly increasing. A developer must create a central logging solution for application logs. Which solution will meet these requirements?
A. Create a different Amazon CloudWatch Logs stream for each microservice.
B. Create an AWS CloudTrail trail to log all the API calls.
C. Configure VPC Flow Logs to track the communications between the microservices.
D. Use AWS Cloud Map to map the interactions of the microservices.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.