QUESTION 181
A developer is creating an AWS Lambda function that is invoked by messages to an Amazon SNS topic. The messages represent customer data updates from a customer relationship management (CRM) system. The developer wants the Lambda function to process only the messages that pertain to email address changes. Additional subscribers to the SNS topic will process any other messages. Which solution will meet these requirements in the LEAST development effort?
A. Use Lambda event filtering to allow only messages that are related to email address changes to invoke the Lambda function.
B. Use an SNS filter policy on the Lambda function subscription to allow only messages that are related to email address changes to invoke the Lambda function.
C. Subscribe an Amazon SQS queue to the SNS topic. Configure the SQS queue with a filter policy to allow only messages that are related to email address changes. Connect the SQS queue to the Lambda function.
D. Configure the Lambda code to check the received message. If the message is not related to an email address change, configure the Lambda function to publish the message back to the SNS topic for the other subscribers to process.
Correct Answer: B
QUESTION 182
A company runs an application on Amazon EC2 instances that connect to an Amazon RDS for MySQL DB cluster. The application performs calculations for users, stores the results in the DB cluster, and displays the results. The rules for the calculations change weekly. The company creates an AWS Lambda function to read the calculation results from the DB cluster. The Lambda function provides the results to the most visited web pages in the application. The company needs to optimize the loading time for the calculation results. Which solution will meet this requirement with the LEAST operational overhead?
A. Replace the Lambda function with AWS AppSync. Use AWS AppSync server-side data caching to provide faster responses.
B. Create a new Lambda function to sync calculation data from the DB cluster to Amazon DynamoDB. Update the Lambda function that reads from the DB cluster to read from the DynamoDB table.
C. Set reserved concurrency for the Lambda function to 1. Update the Lambda function to store calculation read request results in the /imp ephemeral storage location. Use the locally cached data for the lookup to support the most visited application pages.
D. Create an Amazon ElastiCache (Redis OSS) serverless cache by using settings from the DB cluster. Update the Lambda function to read from the cache cluster.
Correct Answer: D
QUESTION 183
A developer runs a recurring build process in AWS CodeBuild. A build takes significantly longer than anticipated. The build frequently fails, which causes delays and disruptions in the development workflow. The build process failures require manual intervention to restart the builds. The developer needs to resolve the build process issues. Which solution will meet this requirement with the LEAST operational overhead?
A. Split the build process into smaller stages. Use AWS CodePipeline to link the stages together.
B. Implement a custom script that monitors the build process and automatically relaunches the build if it times out.
C. Migrate the build process to an Amazon ECS task. Use AWS Systems Manager to manage the build workflow.
D. Migrate the build process to an AWS Batch job. Use AWS Systems Manager to manage the build workflow.
Correct Answer: A
QUESTION 184
A company is building an application that must encrypt customer data. The company stores the data in an Amazon DynamoDB table. The company needs to rotate the key that encrypts the data every 90 days. Which solution will meet these requirements in the MOST operationally efficient way?
A. Create an AWS KMS customer managed key. Set the key rotation period to 90 days. Reference the key in the DynamoDB table’s encryption settings.
B. Create an AWS managed AWS KMS key. Set the key rotation period to 90 days. Reference the key in the DynamoDB table’s encryption settings.
C. Create an AWS KMS customer managed key. Create an Amazon EventBridge scheduled rule to invoke an AWS Lambda function to perform on-demand key rotation every 90 days.
D. Use an AWS owned key. Reference the key in the DynamoDB table’s encryption settings.
Correct Answer: D
QUESTION 185
A developer is creating an application that will be deployed on Amazon ECS. The application needs to access an Amazon DynamoDB table, and the developer does not want to manage the key. What is the MOST secure way for the application to access the DynamoDB table?
A. Add a policy to the task execution IAM role to grant access to the DynamoDB table.
B. Create an IAM user for the application. Store the access key in the container image.
C. Create an IAM user for the application. Store the access key in an AWS Secrets Manager secret.
D. Add a resource-based policy to the DynamoDB table to grant access from the application.
Correct Answer: A
QUESTION 186
A company is launching a feature that uses an HTTP API built with Amazon API Gateway and AWS Lambda. An API Gateway endpoint performs several independent tasks that run in a Lambda function. The independent tasks can take up to 10 minutes in total to finish running. Users report that the endpoint sometimes returns an HTTP 504 status code. The Lambda function invocations are successful. Which solution will stop the endpoint from returning the HTTP 504 status code?
A. Increase the Lambda function’s timeout value.
B. Increase the reserved concurrency of the Lambda function.
C. Increase the memory that is available to the Lambda function.
D. Refactor the Lambda function to start an AWS Step Functions state machine.
Correct Answer: D
QUESTION 187
A developer is using Amazon S3 as the event source that invokes a Lambda function when new objects are created in the bucket. The event source mapping information is stored in the bucket notification configuration. The developer is working with different versions of the Lambda function, and has a constant need to update notification configuration so that Amazon S3 invokes the correct version. What is the MOST efficient and effective way to achieve mapping between the S3 event and Lambda?
A. Use a different Lambda trigger.
B. Use Lambda environment variables.
C. Use a Lambda alias.
D. Use Lambda tags.
Correct Answer: C
QUESTION 188
A developer is changing the configuration for a CPU-intensive AWS Lambda function that runs once an hour. The function usually takes 45 seconds to run, but sometimes the run time is up to 1 minute. The timeout parameter is set to 3 minutes, and all other parameters are set to default. The developer needs to optimize the run time of this function. Which solution will meet this requirement?
A. Redeploy the function within the default VPC.
B. Increase the function’s memory.
C. Redeploy the function by using Lambda layers.
D. Increase the function’s reserved concurrency.
Correct Answer: B
QUESTION 189
A company’s application runs on a fleet of Amazon EC2 instances in a VPC within private subnets that do not have public internet access. The company uses Amazon CloudWatch to monitor the application. A developer is troubleshooting an issue with the application. Some performance metrics are not being published to CloudWatch. The developer uses EC2 Instance Connect to access an EC2 instance. The developer verifies that a CloudWatch agent is pre-installed and running. The developer needs to ensure that the performance metrics are published to CloudWatch. Which solution will meet this requirement in the MOST secure way?
A. Attach the CloudWatchAgentAdminPolicy managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a NAT gateway in a public subnet
B. Add a user data script to install and start up the CloudWatch agent automatically when the EC2 instances are first booted up.
C. Attach the CloudWatchAgentServerPolicy managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a VPC interface endpoint for CloudWatch.
D. Attach the CloudWatchReadOnlyAccess managed IAM policy to the IAM role that is associated with the EC2 instance profile. Provision a VPC interface endpoint for CloudWatch.
Correct Answer: C
QUESTION 190
A developer is using an AWS KMS key with imported key material to encrypt data in Amazon S3. The developer accidentally deletes the key material of the KMS key and is unable to decrypt the data. How can the developer decrypt the data that was encrypted by the KMS key?
A. Request support from AWS to recover the deleted key material.
B. Create a new KMS key. Use the new KMS key to decrypt the data.
C. Use the KMS key without the key material.
D. Reimport the same key material to the KMS key.
Correct Answer: D
QUESTION 191
A developer is creating an AWS Lambda function to process streaming data from an Amazon Kinesis data stream. When the Lambda function parses the data and encounters a malformed record from the stream, the Lambda function exits with an error. The developer is observing duplicate records downstream from the function. When the developer uses a different client to examine the Kinesis data stream output, no duplicate records are visible in the stream. What is the reason for the duplicate records?
A. The Lambda function did not advance the Kinesis data stream pointer to the next record after the error.
B. The Lambda event source used asynchronous invocation.
C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.
D. The Lambda function did not keep up with the amount of data that was coming from the Kinesis data stream.
Correct Answer: C
QUESTION 192
A developer is working on a web application that uses Amazon DynamoDB as its data store. The application has two DynamoDB tables: one table that is named artists and one table that is named songs. The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key. The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance. Which solution will meet these requirements?
A. Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName/artistName keys for the songs table and the list of artistName key for the artists table.
B. Create a local secondary index (LSI) on the songs table that uses artistName as the partition key. Perform a query operation for each artistName on the songs table that filters by the list of songName. Perform a query operation for each artistName on the artists table.
C. Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetitem operation on the artists table that uses artistName as the key.
D. Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.
Correct Answer: A
QUESTION 193
A company wants to use generative Al for development. The generative Al implementation must include the company’s internal code bases. The implementation must also answer queries based on the company’s code repositories and internal documentation. The implementation must not expose the code repositories and internal documentation to other companies. Which solution will meet these requirements in the MOST operationally efficient way?
A. Implement Amazon Bedrock with custom knowledge bases to incorporate internal documentation and code repositories.
B. Deploy Amazon Q Developer with chat customizations. Connect Amazon Q developer to the private code repositories. Activate customization in the integrated development environment (IDE).
C. Set up a self-hosted instance of a Meta Llama 2 model. Fine-tune the model on the company’s internal code base and documentation.
D. Deploy a Hugging Face model on Amazon SageMaker Al. Implement a Retrieval Augmented Generation (RAG) workflow with a vector database that contains the company’s internal code base and documentation.
Correct Answer: B
QUESTION 194
A developer is creating a solution to track an account’s Amazon S3 buckets over time. The developer has created an AWS Lambda function that will run on a schedule. The function will list the account’s S3 buckets and will store the list in an Amazon DynamoDB table. The developer receives a permissions error when the developer runs the function with the AWSLambdaBasicExecutionRole AWS managed policy. Which combination of permissions should the developer use to resolve this error? (Select TWO.)
A. Cross-account IAM role
B. Permission for the Lambda function to list buckets in Amazon S3
C. Permission for the Lambda function to write in DynamoDB
D. Permission for Amazon S3 to invoke the Lambda function
E. Permission for DynamoDB to invoke the Lambda function
Correct Answer: BC
QUESTION 195
A company is building an application on AWS. The application’s backend includes an Amazon API Gateway REST API. The company’s frontend application developers cannot continue work until the backend API is ready for integration. The company needs a solution that will allow the frontend application developers to continue their work. Which solution will meet these requirements in the MOST operationally efficient way?
A. Configure mock integrations for API Gateway API methods.
B. Integrate a Lambda function with API Gateway and return a mocked response.
C. Add new API endpoints to the API Gateway stage and returns a mocked response.
D. Configure a proxy resource for API Gateway API methods.
Correct Answer: A
QUESTION 196
A company uses an AWS Lambda function that reads messages from an Amazon SQS standard queue. The Lambda function makes an HTTP call to a third-party API for each message. The company wants to ensure that the Lambda function does not overwhelm the third-party API with more than two concurrent requests. Which solution will meet these requirements?
A. Configure a provisioned concurrency of two on the Lambda function.
B. Configure a batch size of two on the Amazon SQS event source mapping for the Lambda function.
C. Configure Lambda event filtering to process two messages from Amazon SQS at every invocation.
D. Configure a maximum concurrency of two on the Amazon SQS event source mapping for the Lambda function.
Correct Answer: D
QUESTION 197
A company has a web application that uses an Amazon Cognito user pool for authentication. The company wants to create a login page that includes the company logo. What should a developer do to meet these requirements?
A. Create a hosted user interface (Ul) in Amazon Cognito. Customize the hosted Ul with the company logo.
B. Create a login page that includes the company logo. Upload the login page to Amazon Cognito.
C. Create a login page that includes the company logo in Amazon API Gateway. Save the link in Amazon Cognito.
D. Upload the company logo to an Amazon S3 bucket. Specify the S3 object path in app client settings in Amazon Cognito.
Correct Answer: A
QUESTION 198
A company has a virtual reality (VR) game. The game has a serverless backend that consists of Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. Recently, the company noticed a sudden increase of new users globally. The company also noticed delays in the retrieval of user data. Which AWS service or feature can the company use to reduce the database response time to microseconds?
A. Amazon ElastiCache
B. DynamoDB Accelerator (DAX)
C. DynamoDB auto scaling
D. Amazon CloudFront
Correct Answer: B
QUESTION 199
A company has an application that provides blog hosting services to its customers. The application includes an Amazon DynamoDB table with a primary key. The primary key consists of the customers’ UserName as a partition key and the NumberOfBlogs as a sort key. The application stores the TotalReactionsOnBlogs as an attribute on the same DynamoDB table. A developer needs to implement an operation to retrieve the top 10 customers based on the greatest number of reactions on their blogs. This operation must not consume the DynamoDB table’s existing read capacity. What should the developer do to meet these requirements in the MOST operationally efficient manner?
A. For the existing DynamoDB table, create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key.
B. For the existing DynamoDB table, create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key.
C. Back up and restore the DynamoDB table to a new DynamoDB table. Create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. Delete the old DynamoDB table.
D. Back up and restore the DynamoDB table to a new DynamoDB table. Create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. Delete the old DynamoDB table.
Correct Answer: A
QUESTION 200
A developer is building a containerized application on AWS. The application communicates with a third-party service by using API keys. The developer needs a secure way to store the API keys and pass the API keys to the containerized application. Which solutions will meet these requirements? (Select TWO.)
A. Store the API keys as a SecureString parameter in AWS Systems Manager Parameter Store. Grant the application access to retrieve the value from Parameter Store.
B. Store the API keys in AWS CloudFormation templates by using base64 encoding. Pass the API keys to the application through container definition environment variables.
C. Add a new AWS CloudFormation parameter to the CloudFormation template. Pass the API keys to the application by using the container definition environment variables.
D. Embed the API keys in the application. Build the container image on-premises. Upload the container image to Amazon ECR.
E. Store the API keys as a SecretString parameter in AWS Secrets Manager. Grant the application access to retrieve the value from Secrets Manager.
Correct Answer: AE
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.