QUESTION 101
An application adds a processing date to each transaction that it receives. The application writes each transaction to an Amazon DynamoDB table by using the Putitem operation. Each transaction has a unique ID (transactionID). Sometimes the application receives transactions more than once. A developer notices that duplicate transactions in DynamoDB have the latest processing date instead of the date when the transaction was first received. Duplicate records happen infrequently, and most of the transactions are unique. What is the MOST cost-effective solution that the developer can implement to ensure that Putitem does not update an existing record?
A. Call the Getitem operation first to confirm that the record does not exist. Then call Putitem.
B. Enable the TTL attribute on the DynamoDB table.
C. Implement a conditional put by using the attribute_exists(transactionID) condition expression.
D. Implement a conditional put by using the attribute_not_exists(transactionID) condition expression.
Correct Answer: D
QUESTION 102
A developer wants to use an Amazon CloudFront distribution to deliver a web application to users. Users will access the application through the internet. The developer needs to create an SSL/TLS certificate to use with the CloudFront distribution. The developer wants to minimize operational overhead by ensuring that the certificate is renewed automatically. Which solution will meet these requirements?
A. Create a public certificate that uses DNS validation in IAM.
B. Import a certificate into IAM. Configure managed renewal for the certificate.
C. Create a public certificate that uses DNS validation in AWS Certificate Manager.
D. Create a public certificate that uses email validation in AWS Certificate Manager (ACM).
Correct Answer: C
QUESTION 103
A developer manages an application that stores user objects in an Amazon S3 bucket without versioning enabled. The application has premium users and basic users. After premium users upload objects, the premium users have unlimited downloads of their objects. Their objects are stored with a premium/prefix. After basic users upload objects, the basic users can download their objects for 90 days. Their objects are stored with a basic/prefix. The developer needs to implement a solution to automatically delete objects for the basic users after 90 days. Which solution will meet these requirements with the LEAST development effort?
A. Create an AWS Lambda function that removes any objects in the S3 bucket that have the basic/ prefix and are more than 90 days old. Set up an Amazon EventBridge schedule to invoke the Lambda function every day.
B. Set up an S3 Lifecycle rule that applies to the objects that have the premium/ prefix. Set the S3 Lifecycle rule action to expire the current version of the objects that have the premium/ prefix after 90 days.
C. Set up an S3 Lifecycle rule that applies to the obiects that have the basic/ prefix. Set the S3 Lifecycle rule action to expire the current version of the objects that have the basic/ prefix after 90 days.
D. Create a rule for the S3 bucket to identify objects that have the basic/ prefix. Set the rule action to delete any objects that have object delete markers and unfinished multipart uploads after 90 days.
Correct Answer: C
QUESTION 104
A developer needs to automate deployments for a serverless, event-based workload. The developer needs to create standardized templates to define the infrastructure and to test the functionality of the workload locally before deployment. The developer already uses a pipeline in AWS CodePipeline. The developer needs to incorporate any other infrastructure changes into the existing pipeline. Which solution will meet these requirements?
A. Create an AWS SAM template. Configure the pipeline stages in CodePipeline to run the necessary AWS SAM CLI commands to deploy the serverless workload.
B. Create an AWS Step Functions workflow template based on the infrastructure by using the Amazon States Language. Start the Step Functions state machine from the existing pipeline.
C. Create an AWS CloudFormation template. Use the existing pipeline workflow to build a pipeline for AWS CloudFormation stacks.
D. Create an AWS SAM template. Use an automated script to deploy the serverless workload by using the AWS SAM CLI deploy command.
Correct Answer: A
QUESTION 105
A developer is testing an AWS Lambda function by using the AWS SAM local CLI. The application that is implemented by the Lambda function makes several AWS API calls by using the AWS SDK. The developer wants to allow the function to make AWS API calls in a test AWS account from the developer’s laptop. What should the developer do to meet these requirements?
A. Edit the template. ymI file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.
B. Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the –profile option.
C. Edit the template. ymI file. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.
D. Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the -parameter-overrides option
Correct Answer: B
QUESTION 106
A developer is developing an application that manages financial transactions. To improve security, multi-factor authentication (MFA) will be required as part of the login process. What services can the developer use to meet these requirements?
A. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
B. Amazon Cognito with MFA
C. AWS Directory Service
D. AWS IAM with MFA enabled
Correct Answer: B
QUESTION 107
A developer is troubleshooting an application. The application includes several AWS Lambda functions that invoke an Amazon API Gateway API. The API Gateway’s method request is set up to use an Amazon Cognito authorizer for authentication. All the Lambda functions pass the user ID as part of the Authorization header to the API Gateway API. The API Gateway API returns a 403 status code for all GET requests. How should the developer resolve this issue?
A. Modify the client GET request to include a valid API key in the Authorization header.
B. Modify the client GET request to include a valid token in the Authorization header.
C. Update the resource policy for the API Gateway API to allow the execute-api:Invoke action.
D. Modify the client to send an OPTIONS preflight request before the GET request.
Correct Answer: B
QUESTION 108
A company is launching a photo sharing application on AWS. Users use the application to upload images to an Amazon S3 bucket. When users upload images, an AWS Lambda function creates thumbnail versions of the images and stores the thumbnail versions in another S3 bucket. During development, a developer notices that the Lambda function takes more than 2 minutes to complete the thumbnail process. The company needs all images to be processed in less than 30 seconds. What should the developer do to meet these requirements?
A. Increase the virtual CPUs (CPUs) for the Lambda function to use 10 CPUs.
B. Change Lambda function instance type to use m6a. 4xlarge.
C. Configure the Lambda function to increase the amount of memory.
D. Configure burstable performance for the Lambda function.
Correct Answer: C
QUESTION 109
A company has on-premises data centers that run an image processing service. The service consists of containerized applications that run on Kubernetes clusters. All the applications have access to the same NFS share for files and data storage. The company is running out of NFS capacity in the data centers and needs to migrate to AWS as soon as possible. The Kubernetes clusters must be highly available on AWS. Which combination of actions will meet these requirements? (Select TWO.)
A. Transfer the information that is in the NFS share to an Amazon EBS volume. Upload the container images to Amazon ECR.
B. Transfer the information that is in the NFS share to an Amazon EFS volume. Upload the container images to Amazon ECR.
C. Create an Amazon ECS cluster to run the applications. Configure each node of the cluster to mount the Amazon EBS volume at the required path for the container images
D. Create an Amazon EKS cluster to run the applications. Configure each node of the cluster to mount the Amazon EBS volume at the required path for the container images.
E. Create an Amazon EKS cluster to run the applications. Configure each node of the cluster to mount the Amazon EFS volume at the required path for the container images.
Correct Answer: BE
QUESTION 110
A developer wants to connect an Amazon RDS DB instance to an AWS Lambda function. The Amazon RDS credentials are stored in AWS Secrets Manager. The developer wants to optimize the performance of the Lambda function. The developer wants to reduce the latency that is associated with retrieving parameters. Which solution will meet these requirements MOST securely?
A. Update the Lambda code to store and retrieve the database credentials in a Lambda layer.
B. Use the AWS Parameters and Secrets Lambda Extension to cache and manage the retrieval of parameters.
C. Store the database credentials in the Lambda function environment variables.
D. Retrieve the parameters by using API Gateway. Pass the parameters to the Lambda function as input parameters.
Correct Answer: B
QUESTION 111
A web application that runs on a fleet of Amazon EC2 instances sends logs to a log group in Amazon CloudWatch Logs. The logs are in the following format: [ip, id, user, timestamp, request, status_code, size]. A developer needs to create a metric filter that will identify all log events that have a status_code value that indicates a server-side error. Which solution will meet this requirement?
A. Create a metric filter on the log group that uses the following pattern: [ip, id, user, timestamp, request, status_code=4*, size].
B. Create metric filter on the log group that uses the following pattern: [ip, id, user, timestamp, request, status_code=5*, size].
C. Create metric filter on a log stream that uses the following pattern: [ip, id, user, timestamp, request, status_code=4*, size].
D. Create metric filter on a log stream that uses the following pattern: [ip, id, user, timestamp, request, status_code=5″, size]
Correct Answer: B
QUESTION 112
A developer is creating a role to access Amazon S3 buckets. To create the role, the developer uses the AWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service to assume the role?
A. Managed policy
B. Trust policy
C. Inline policy
D. Service control policy (SCP)
Correct Answer: B
QUESTION 113
An ecommerce company is developing a serverless application to track user activities. The company needs to track each type of activity with a timestamp and a unique product ID. The company also must track actions that are associated with each activity, such as product views, shopping cart actions, purchases, and checkout processes. The company is planning a marketing campaign based on each user’s activity. A developer needs to implement a partitioning strategy for an Amazon DynamoDB table to meet the data storage and access requirements for the application. The strategy must maximize provisioned throughput efficiency while minimizing the risk of throttling. Which solution will meet these requirements?
A. Create a composite primary key. Set the user ID as the partition key and the timestamp as the sort key.
B. Create a composite primary key. Set the product ID as the partition key and the associated actions as the sort key.
C. Use the product ID as the partition key. Create an Application Auto Scaling policy to update the table’s provisioned throughput when the table exceeds its capacity usage target.
D. Create an AWS Lambda function that adds a counter attribute that increases by one for each new record. Use the counter attribute as the partition key.
Correct Answer: A
QUESTION 114
A developer has created an AWS Lambda function for a company’s application. The developer must make the Lambda function available for other developers at the company to deploy as needed. The other developers must be able to use the application without needing to configure the environment or resources. The developer decides to publish the application in the AWS Serverless Application Repository and needs to build the AWS SAM template for the deployment. Which sections is the developer required to include in the template? (Select TWO.)
A. Resources
B. Parameters
C. Metadata
D. Globals
E. Transform
Correct Answer: AE
QUESTION 115
A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket. The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS STS to assume a role with access to perform the S3 PUT operation to upload the file. The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an IAM instance profile in the same AWS account that owns the S3 bucket. What is the MOST secure solution for the developer to use to migrate the automation code?
A. Remove the code that calls the STS AssumeRole operation. Use the same access key and secret key from the server to access the S3 bucket.
B. Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.
C. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an IAM instance profile role that grants access to the S3 bucket.
D. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Create a new access key and secret key. Use the new keys to access the S3 bucket.
Correct Answer: C
QUESTION 116
A developer is deploying an application on Amazon ECS. The application connects to an Amazon DynamoDB table. The ECS task uses a gateway VPC endpoint to handle the DynamoDB traffic. The developer needs to ensure that the DynamoDB table can be accessed only through the gateway VPC endpoint. Which solution will meet this requirement?
A. Update the gateway VPC endpoint policy to deny requests to the DynamoDB table that are not from the gateway VPC endpoint.
B. Enable attribute-based access control for DynamoDB. Attach a resource-based policy to the DynamoDB table that restricts access based on the gateway VPC endpoint tag.
C. Create a resource-based policy for the DynamoDB table to deny requests to the DynamoDB table that are not from the gateway VPC endpoint.
D. Update the task role to deny public access to the DynamoDB table.
Correct Answer: A
QUESTION 117
A company is running a custom web application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group. The company’s development team is using AWS CloudFormation to deploy all the services. The application is time-consuming to install and configure when the development team launches a new instance. Which combination of steps should a developer take to optimize the performance when a new instance is launched? (Select TWO.)
A. Use an AWS Marketplace Amazon Machine Image (AMI) with a prebuilt application.
B. Create a prebuilt Amazon Machine Image (AMI) with the application installed and configured.
C. Update the launch template resource in the CloudFormation template.
D. Use AWS Systems Manager Run Command to install and configure the application.
E. Use CloudFormation helper scripts to install and configure the application.
Correct Answer: BC
QUESTION 118
A developer is building an application on AWS. The application includes an AWS Lambda function that processes messages from an Amazon SQS queue. The Lambda function sometimes fails or times out. The developer needs to figure out why the Lambda function fails to process some messages. Which solution will meet these requirements with the LEAST operational overhead?
A. Increase the maximum timeout of the Lambda function to 15 minutes. Check the AWS CloudTrail event history for error details.
B. Increase the visibility timeout of the SQS queue. Check logs in Amazon CloudWatch Logs for error details.
C. Create a dead-letter queue. Configure the Lambda function to send the failed messages to the dead-letter queue.
D. Create an Amazon DynamoDB table. Update the Lambda function to send the failed messages to the DynamoDB table.
Correct Answer: C
QUESTION 119
A developer is building a web application. The application will read temperature information from an Amazon DynamoDB table and will display the information for users. Each record is 5 KB to 7 KB in size. The application can request up to 80 items each second. The application must always return the most recent temperature values from the table. How much read throughput is required to meet this load?
A. 40 read capacity units (RCUs)
B. 80 read capacity units (RCUs)
C. 160 read capacity units (RCUs)
D. 560 read capacity units (RCUs)
Correct Answer: C
QUESTION 120
A company built a new application in the AWS Cloud. The company automated the bootstrapping of new resources with an Auto Scaling group by using AWS CloudFormation templates. The bootstrap scripts contain sensitive data. The company needs a solution that is integrated with CloudFormation to manage the sensitive data in the bootstrap scripts. Which solution will meet these requirements in the MOST secure way?
A. Put the sensitive data into a CloudFormation parameter. Encrypt the CloudFormation templates by using an AWS KMS key.
B. Put the sensitive data into an Amazon S3 bucket. Update the CloudFormation templates to download the object from Amazon S3 during bootstrap.
C. Put the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter. Update the CloudFormation templates to use dynamic references to specify template values.
D. Put the sensitive data into Amazon EFS. Enforce EFS encryption after file system creation. Update the CloudFormation templates to retrieve data from Amazon EFS.
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.