QUESTION 81
A developer is designing a new feature for an existing application. The new feature uses an AWS Lambda function. The developer wants to test the Lambda function safely in a development AWS account and a testing AWS account before deploying the function into a production AWS account. The developer must roll back the function if issues are found. Which solution will meet these requirements with the LEAST operational overhead?
A. Create new Lambda function versions and aliases for the development, testing, and production accounts. After successful testing, update the production alias to point to the function. Roll back to the most recent stable function version if issues are discovered.
B. Deploy the Lambda function to the development, testing, and production accounts separately after successfully testing the function in each environment.
C. Use Lambda layers to separate the code and the libraries that are associated with each AWS account. Deploy and test the Lambda function with each Lambda layer in each environment.
D. Update the Lambda function code to use environment variables for the development, testing, and production accounts. Use the environment variables to make code updates available to specific environments.
Correct Answer: A
QUESTION 82
A developer is monitoring an application that runs on an Amazon EC2 instance. The developer has configured a custom Amazon CloudWatch metric with data granularity of 1 second. If any issues occur, the developer wants to be notified within 30 seconds by Amazon SNS. What should the developer do to meet this requirement?
A. Configure a high-resolution CloudWatch alarm.
B. Set up a custom CloudWatch dashboard.
C. Use Amazon CloudWatch Logs Insights.
D. Change to a default CloudWatch metric.
Correct Answer: A
QUESTION 83
A developer uses AWS IAM Identity Center to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation. What is the MOST likely cause of the developer’s access issue?
A. The access permissions to the developer’s AWS CLI binary file have changed.
B. The permission set that is assumed by IAM Identity Center does not have the necessary permissions to complete the API call.
C. The credentials from the IAM Identity Center federated role have expired.
D. The developer is attempting to make API calls to the incorrect AWS account.
Correct Answer: C
QUESTION 84
A developer is trying to get data from an Amazon DynamoDB table called demoman-table. The developer configured the AWS CLI to use a specific IAM user’s credentials and ran the following command:
aws dynamodb get-item –table-name demoman-table –key ‘ { “id” : 〔”N”:”1993″)} ‘
The command returned errors and no rows were returned. What is the MOST likely cause of these issues?
A. The command is incorrect; it should be rewritten to use put-item with a string argument.
B. The developer needs to log a ticket with AWS Support to enable access to the demoman-table.
C. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API.
D. The IAM user needs an associated policy with read access to demoman-table.
Correct Answer: D
QUESTION 85
A developer is automating a new application deployment with AWS SAM. The new application has one AWS lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects. How should the developer configure AWS SAM to grant the necessary read permission to the S3 bucket?
A. Reference a second Lambda authorizer function.
B. Add a custom S3 bucket policy to the Lambda function.
C. Create an Amazon SQS topic for only S3 object reads. Reference the topic in the template.
D. Add the S3ReadPolicy template to the Lambda function’s execution role.
Correct Answer: D
QUESTION 86
A company uses Amazon SQS to decouple its microservices architecture. Some messages in an SQS queue contain sensitive information. A developer must implement a solution that encrypts all the data at rest. Which solution will meet this requirement?
A. Enable server-side encryption for the SQS queue by using an SQS managed encryption key (SSE-SQS).
B. Use the aws:SecureTransport condition in the queue policy to ensure that only HTTPS (TLS) is used for all requests to the SQS queue.
C. Use AWS Certificate Manager (ACM) to generate an SSL/TLS certificate. Reference the certificate when messages are sent to the queue.
D. Set a message attribute in the SQS SendMessage request for messages that are sent to the queue. Set Name to ENCRYPT. Set the Value to TRUE.
Correct Answer: A
QUESTION 87
An application that is running on Amazon EC2 instances stores data in an Amazon S3 bucket. All the data must be encrypted in transit. How can a developer ensure that all traffic to the S3 bucket is encrypted?
A. Install certificates on the EC2 instances.
B. Create a private VPC endpoint.
C. Configure the S3 bucket with server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
D. Create an S3 bucket policy that denies traffic when the value for the aws:SecureTransport condition key is false.
Correct Answer: D
QUESTION 88
A developer manages an application that interacts with Amazon RDS. After observing slow performance with read queries, the developer implements Amazon ElastiCache to update the cache immediately following the primary database update. What will be the result of this approach to caching?
A. Caching will increase the load on the database instance because the cache is updated for every database update.
B. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data.
C. The cache will become large and expensive because the infrequently requested data is also written to the cache.
D. Overhead will be added to the initial response time because the cache is updated only after a cache miss.
Correct Answer: A
QUESTION 89
A company uses an AWS CloudFormation template to deploy and manage its AWS infrastructure. The CloudFormation template creates Amazon VPC security groups and Amazon EC2 security groups. A manager finds out that some engineers modified the security groups of a fewEC2 instances for testing purposes. A developer needs to determine
what modifications occurred. Which solution will meet this requirement?
A. Add a Conditions section statement in the source YAML file of the template.
B. Run the CloudFormation stack. Perform a drift detection operation on the CloudFormation stack.
C. Execute a change set for the CloudFormation stack.
D. Use Amazon Detective to detect the modifications.
Correct Answer: B
QUESTION 90
A developer team needs to store credentials for an external API. An AWS Lambda function needs to retrieve the API credentials at runtime. Which solution will meet these requirements in the MOST cost-effective way?
A. Create a secure string advanced parameter in AWS Systems Manager Parameter Store.
B. Create a secure string standard parameter in AWS Systems Manager Parameter Store.
C. Create a secret in Aws Secrets Manager.
D. Create a configuration file in an Amazon S3 bucket.
Correct Answer: B
QUESTION 91
A development team is using an Amazon SNS topic as part of an application. The development team is using an AWS SDK to send messages to the SNS topic. The SNS topic sends an email message to a specific person when each message arrives in the topic. The development team wants a solution to invoke a specific AWS Lambda function if a message that arrives in the topic contains the word “Important” in the title attribute of the JSON message. The solution must not require any changes to the application code. Which solution will meet these requirements?
A. Add a new subscription to the topic that will invoke the specified Lambda function. Add a subscription filter on a title that contains “Important.”
B. Add a new subscription to the topic that will invoke the specified Lambda function. Add a redrive policy that filters on a title that contains “Important.”
C. Create a new SNS topic that will invoke the specified Lambda function. Add a subscription filter policy that filters on a title that contains “Important.”
D. Create a new SNS topic that will invoke the specified Lambda function. Add a redrive policy that filters on a title that contains “Important “
Correct Answer: A
QUESTION 92
A developer uses AWS Step Functions to build a complex workflow. The workflow takes several hours to finish running An AWS Lambda function runs as part of the end of the workflow. However, the Lambda function is generating errors. The developer must troubleshoot the Lambda function errors. Which solution will meet this requirement in the MOST operationally efficient way?
A. Create a test event that contains the JSON that serves as the input to the Lambda function step.
B. Enable active tracing on the function. Visualize the results in the Amazon CloudWatch service map.
C. Redrive the Step Functions workflow from the failed Lambda function step.
D. Add a retrier to the Lambda function step of the workflow for the States. IntrinsicFailure error type.
Correct Answer: C
QUESTION 93
A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster. How should the application authenticate with AWS services in production?
A. Configure an ECS task IAM role for the application to use.
B. Refactor the application to call AWS STS AssumeRole based on an instance role.
C. Configure AWS access key/secret access key environment variables with new credentials.
D. Configure the credentials file with a new access key/secret access key.
Correct Answer: A
QUESTION 94
A developer is configuring AWS CodeDeploy to deploy an existing application to on-premises servers. The developer has a copy of application source files and configurations in a directory on a local development machine. How can the developer prepare an application revision to be ready for deployment?
A. Add an AppSpec file to the root of the application’s directory. Bundle the directory into an archive file. Upload the bundle to Amazon S3.
B. Use the AWS CLI create-deployment command.
C. Create an AppSpec file locally. Upload the file to Amazon S3.
D. Use the AppSpec editor in the CodeDeploy console to specify the AppSpec file for the application revision.
Correct Answer: A
QUESTION 95
A development team is working on a mobile app that allows users to upload pictures to Amazon S3. The team expects the app will be used by hundreds of thousands of users during a single event simultaneously. Once the pictures are uploaded, the backend service will scan and parse the pictures for inappropriate content. Which approach is the MOST resilient way to achieve this goal, which also smooths out temporary volume spikes for the backend service?
A. Develop an AWS Lambda function to check the upload folder in the S3 bucket If new uploaded pictures are detected, the Lambda function will scan and parse them.
B. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event Source to trigger an AWS Lambda function. In the Lambda function, scan and parse the picture.
C. When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda
D. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected invoke an AWS Lambda function to scan and parse it.
Correct Answer: B
QUESTION 96
A company has a serverless application that uses Amazon API Gateway backed by AWS Lambda proxy integration. The company is developing several backend APIs. The company needs a landing page to provide an overview of navigation to the APIs. A developer creates a new/LandingPage resource and a new GET method that uses mock
integration. What should the developer do next to meet these requirements?
A. Configure the integration request mapping template with Content-Type of text/html and statusCode of 200. Configure the integration response mapping template with Content-Type of application/json. In the integration response mapping template, include the Landing age HTML code that references the APIs.
B. Configure the integration request mapping template with Content-Type of application/json. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content-Type of text/html and statusCode of 200.
C. Configure the integration request mapping template with Content-Type of application/son and statusCode of 200. Configure the integration response mapping template with Content-Type of text/html. In the integration response mapping template, include the Landing age HTML code that references the APIs.
D. Configure the integration request mapping template with Content-Type of text/html. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content-Type of application/json and statusCode of 200.
Correct Answer: A
QUESTION 97
A developer creates a static website for their department. The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront. The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket. The developer notices users can access the root URL and specific pages but cannot access directories without specifying a file name. For example,/products/index.html works, but /products/ returns an error. The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly. Which solution will meet these requirements?
A. Update the CloudFront distribution’s default root object setting to be index.html.
B. Update the Amazon S3 bucket settings and enable static website hosting. Specify index.html as the Index document. Update the S3 bucket policy to enable access. Update the CloudFront distribution’s origin to use the S3 website endpoint.
C. Create a CloudFront function that examines the request URL and appends index.html when directories are being accessed. Add the function as a viewer request CloudFront function to the CloudFront distribution’s behavior.
D. Create a custom error response on the CloudFront distribution with the HTTP error code set to the HTTP 404 Not Found response code and the response page path to /index.html. Set the HTTP response code to the HTTP 200 OK response code.
Correct Answer: D
QUESTION 98
A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type. Which approaches are recommended to provide access to both user types? (Select TWO.)
A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.
B. Use S3 bucket policies to restrict read access to specific IAM users.
C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.
D. Create a new IAM user for each user and grant read access.
E. Use IAM and let the application assume the different roles by using the AWS STS AssumeRole action depending on the type of user. Provide read access to Amazon S3 by using the assumed role.
Correct Answer: CE
QUESTION 99
A developer is updating an application that analyzes digital images. Multiple systems need to process the images after the images are stored. The number of systems that need to process the images will change over time. An AWS Lambda function stores the images in an Amazon S3 bucket. Each processing system has a separate Amazon SQS queue. Each SQS queue handles messages that contain a path to images that the corresponding system must process. The developer needs a solution to publish messages to the SQS queues for the processing systems. The solution must handle the change in the number of processing systems over time. Which solution will meet these requirements with the
LEAST development effort?
A. Create one Amazon SNS topic and one SNS subscription for each SQS queue. Configure the Lambda function to publish the S3 path for each image to the SNS topic.
B. Create one Amazon SNS subscription and one SNS topic for each SQS queue. Configure the Lambda function to publish the S3 path for each image to the SNS subscription.
C. Create one new SQS queue and one Amazon SNS subscription for each SQS queue that will receive the S3 paths. Configure the Lambda function to send the S3 paths to the new SQS queue.
D. Create a new SQS queue. Configure S3 Event Notifications to send messages to the new SQS queue. Configure a new Lambda function to process the S3 notification messages from the new SQS queue and to route messages to the existing processing SQS queues based on the S3 paths.
Correct Answer: A
QUESTION 100
A development team is responsible for an application that uses a microservices architecture. The microservices are deployed to AWS Elastic Beanstalk. One of the services calls Amazon DynamoDB, Amazon S3, and a third-party service. The team notices that every morning around 7 AM, the production service performs poorly for a few minutes. Which action can the developer take to understand what is happening?
A. Analyze the error logs in Amazon CloudTrail.
B. Perform performance tests in the stage environment.
C. Enable the configuration option for the AWS X-Ray daemon and use the X-Ray SDK to get performance metrics about the service calls.
D. Use the AWS X-Ray SDK to get performance metrics about the service calls and analyze the logs in Amazon CloudWatch.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.