QUESTION 141
An ecommerce company manages its application’s infrastructure by using AWS Elastic Beanstalk. A developer wants to deploy the new version of the application with the least possible application downtime. The developer also must minimize the application’s rollback time if there are issues with the deployment. Which approach will meet these requirements?
A. Use a rolling deployment to deploy the new version.
B. Use a rolling deployment with additional batches to deploy the new version.
C. Use an all-at-once deployment to deploy the new version.
D. Deploy the new version to a new environment. Use a blue/green deployment.
Correct Answer: D
QUESTION 142
A company is deploying an Amazon CloudFront distribution in front of an existing web application. The web application has a domain of www.example.com. The web application runs behind an Application Load Balancer (ALB) in the eu-west-1 Region. The distribution uses the public DNS name of the ALB as its origin. The company uses an Amazon Route 53 hosted zone for the domain. A developer must ensure that all web traffic is encrypted. The developer must complete the CloudFront deployment for the application. Which combination of steps will meet these requirements? (Select TWO.)
A. Request a public certificate from AWS Certificate Manager (ACM) for www.example.com in the us-east-1 Region. Associate the certificate with the CloudFront distribution settings for custom domains.
B. Request a public certificate from AWS Certificate Manager (ACM) for www.example.com in eu-west-1. Associate the certificate with the CloudFront distribution settings for custom domains.
C. Request a private certificate from AWS Private CA for www.example.com. Import the certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Associate the certificate with the CloudFront distribution settings for custom domains
D. Update the DNS entry for the www.example.com zone in Route 53 to be an Alias A record to the public DNS name of the CloudFront distribution.
E. Update the DNS entry for the www.example.com zone in Route 53 to be a CNAME record that points to the public DNS name of the ALB.
Correct Answer: AD
QUESTION 143
A developer is building an application on AWS. The application has an Amazon API Gateway API that sends requests to an AWS Lambda function. The API is experiencing increased latency because the Lambda function has limited available CPU to fulfill the requests.
Before the developer deploys the API into production, the developer must configure the Lambda function to have more CPU. Which solution will meet this requirement?
A. Increase the virtual CPU (vCPU) cores quota of the Lambda function.
B. Increase the amount of memory that is allocated to the Lambda function.
C. Increase the ephemeral storage size of the Lambda function.
D. Increase the timeout value of the Lambda function.
Correct Answer: B
QUESTION 144
A company’s developer has deployed an application in AWS by using AWS CloudFormation. The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values. When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack. Which solution will meet these requirements with the LEAST development effort?
A. Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
B. Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application. Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table.
C. Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table.
D. Modify the CloudFormation stack policy to deny updates on Parameter Store parameters.
Correct Answer: A
QUESTION 145
A developer is building an application that is based on an AWS Lambda function. The developer needs to allow the Lambda function to send events to an Amazon EventBridge event bus in another AWS account. Which combination of steps will meet this requirement? (Select TWO.)
A. Add a policy to the execution role of the Lambda function to allow access to the event bus.
B. Configure a Lambda destination to send events to the event bus.
C. Configure an EventBridge rule to invoke the Lambda function. Configure an IAM role to allow EventBridge to invoke the Lambda function.
D. Update the Lambda function resource-based policy to allow access to the event bus.
E. Update the event bus resource-based policy to allow access from the AWS account that contains the Lambda function.
Correct Answer: AE
QUESTION 146
A developer is designing a full-stack serverless application. Files for the website are stored in an Amazon S3 bucket. AWS Lambda functions that use Amazon API Gateway endpoints return results from an Amazon DynamoDB table. The developer must create a solution that securely provides registration and authentication for the application while minimizing the amount of configuration. Which solution meets these requirements?
A. Create an Amazon Cognito user pool and an app client. Configure the app client to use the user pool and provide the hosted web Ul provided for sign-up and sign-in.
B. Configure an Amazon Cognito identity pool. Map the users with IAM roles that are configured to access the S3 bucket that stores the website.
C. Configure and launch an Amazon EC2 instance to set up an identity provider with an Amazon Cognito user pool. Configure the user pool to provide the hosted web Ul for sign-up and sign-in.
D. Create an IAM policy that allows access to the website that is stored in the S3 bucket. Attach the policy to an IAM group. Add IAM users to the group.
Correct Answer: A
QUESTION 147
A cloud-based video surveillance company is developing an application that analyzes video files. After the application analyzes the files, the company can discard the files. The company stores the files in an Amazon S3 bucket. The files are 1 GB in size on average. No file is larger than 2 GB. An AWS Lambda function will run one time for each video file that is processed. The processing is very I/O intensive, and the application must read each file multiple times. Which solution will meet these requirements in the MOST performance-optimized way?
A. Attach an Amazon EBS volume that is larger than 1 GB to the Lambda function. Copy the files from the S3 bucket to the EBS volume.
B. Attach an Elastic Network Adapter (ENA) to the Lambda function. Use the ENA to read the video files from the S3 bucket.
C. Increase the ephemeral storage size to 2 GB. Copy the files from the S3 bucket to the /tmp directory of the Lambda function.
D. Configure the Lambda function code to read the video files directly from the S3 bucket.
Correct Answer: C
QUESTION 148
A developer is writing an application that will provide data files to an external company. The external company needs to verify that the data is not modified in transit. How can the developer use AWS KMS to prove the integrity of the transferred data?
A. Encrypt the data by using a symmetric key. Provide the key to the external company.
B. Sign the data by using a symmetric key. Provide the key to the external company.
C. Sign the data by using the private key of an asymmetric key pair. Provide the public key to the external company.
D. Sign the data by using the public key of an asymmetric key pair. Provide the private key to the external company.
Correct Answer: C
QUESTION 149
A developer is testing an AWS Lambda function. The developer invokes the Lambda function by using a function URL with an AWS_IAM authentication type. The invocation fails. The developer confirms that the function URL is correct and that the function’s execution role has the lambda: InvokeFunctionUrl permission for the correct resource. However, the invocation continues to fail. The developer must successfully invoke the Lambda function. Which solution will meet this requirement?
A. Add a condition to the function’s execution role to match StringEquals: {lambda:FunctionUrlAuth Type: “AWS_IAM”}.
B. Create a signed URL by using the function URL and a new public and private key pair. Add the public key to the Lambda function’s file system.
C. Add the lambda:GetFunctionUrlConfig permission to the IAM role that is used to invoke the function.
D. Sign the request to the function URL by using the AWS Signature Version 4 (SigV4) signing protocol.
Correct Answer: D
QUESTION 150
A developer is working on a web application that runs on Amazon ECS and uses an Amazon DynamoDB table to store data. The application performs a large number of read requests against a small set of the table data. How can the developer improve the performance of these requests? (Select TWO.)
A. Create an Amazon ElastiCache cluster. Configure the application to cache data in the cluster.
B. Create a DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster for DynamoDB requests.
C. Configure the application to make strongly consistent read requests against the DynamoDB table.
D. Increase the read capacity of the DynamoDB table.
E. Enable DynamoDB adaptive capacity.
Correct Answer: AB
QUESTION 151
A developer creates a serverless application. The application includes AWS Lambda functions that process data changes and Amazon DynamoDB tables. The developer needs to deploy updates to the application automatically each time the developer completes a set of code changes. The developer must use existing continuous integration and continuous delivery (CI/CD) pipeline tools to deploy updates. The developer also needs to test updates locally before committing code. Which combination of steps will meet these requirements in the MOST in the operationally efficient way? (Select TWO.)
A. Reference an AWS Lambda function that has the necessary runtime from the available functions.
B. Define infrastructure as code (IaC) by using AWS SAM templates. Configure the pipeline stages to run the necessary AWS SAM CLI commands
C. Define a cron job to initiate the deployments at specific times of the day.
D. Reference a build container image that has the necessary runtime from the available images.
E. Define infrastructure as code (IaC) by using AWS CloudFormation templates. Configure the pipeline stages to run the necessary CloudFormation CLI commands.
Correct Answer: BE
QUESTION 152
A company is using AWS SAM to develop a social media application. A developer needs a quick way to test AWS Lambda functions locally by using test event payloads. The developer needs the structure of these test event payloads to match the actual events that AWS services create. Which solution will meet these requirements with the LEAST development effort?
A. Create shareable test Lambda events. Use these test Lambda events for local testing.
B. Store manually created test event payloads locally. Use the sam local invoke command with the file path to the payloads.
C. Store manually created test event payloads in an Amazon S3 bucket. Use the sam local invoke command with the S3 path to the payloads.
D. Use the sam local generate-event command to create test payloads for local testing.
Correct Answer: D
QUESTION 153
A developer is writing a web application that will run on AWS Lambda. The application will give users the ability to log in to view private documents. All pages in the application must be designed to match the company’s branding. How can the developer host the sign-in pages with the LEAST amount of custom code?
A. Upload files for the sign-in pages with the required branding to an Amazon S3 bucket. Configure static website hosting for the S3 bucket.
B. Create a Lambda function to serve the sign-in pages with the required branding. Configure Amazon API Gateway to route traffic to the function.
C. Create a Lambda@Edge function to serve the sign-in pages with the required branding. Configure Amazon CloudFront to invoke the function in response to user requests.
D. Configure an Amazon Cognito user pool with an Amazon Cognito hosted Ul for the sign-in pages. Customize the pages with the required branding.
Correct Answer: D
QUESTION 154
A developer is building an application that stores objects in an Amazon S3 bucket. The bucket does not have versioning enabled. The objects are accessed rarely after 1 week. However, the objects must be immediately available at all times The developer wants to optimize storage costs for the S3 bucket. Which solution will meet this requirement?
A. Create an S3 Lifecycle rule to expire objects after 7 days.
B. Create an S3 Lifecycle rule to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days.
C. Create an S3 Lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after 7 days.
D. Create an S3 Lifecycle rule to delete objects that have delete markers.
Correct Answer: B
QUESTION 155
A company operates an application to match patients with healthcare professionals. The company is adding a standard Amazon SNS topic. Multiple AWS Lambda functions are subscribed to the topic. The Lambda functions forward company data to third-party systems. A developer needs to reduce the risk of sending protected health information (PHI) data to the third-party systems. The developer must also ensure that PHI data is not visible in Amazon CloudWatch logs. Which solution will meet these requirements in the MOST operationally efficient way?
A. Configure an SNS data protection policy with managed data identifiers to perform a de-identify operation.
B. Create a Lambda layer that includes code to perform PHI sanitization steps. Associate the layer with each Lambda function.
C. Update the code of each Lambda function to include steps to perform PHI sanitization.
D. Configure an SNS data protection policy with custom data identifiers to perform a deny operation.
Correct Answer: A
QUESTION 156
A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment. Which solution will meet this requirement with the LEAST operational overhead?
A. Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.
B. Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.
C. Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.
D. Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic-splitting mechanism in the application code.
Correct Answer: C
QUESTION 157
An application uses the Amazon RDS Data API to write data to a PostgreSQL database that is hosted in an Amazon Aurora DB cluster. The application receives predefined SQL queries in batches. Each batch consists of a maximum of 10 queries. The application runs the SQL queries in a loop by using the ExecuteStatement API call. A developer observes that some queries fail. The developer must ensure that an automatic rollback happens whenever a query fails. Which solution will meet these requirements?
A. Implement try-catch statements for the ExecuteStatement API call. Use RollbackTransaction API calls in the catch block.
B. Implement try-catch statements. Replace the ExecuteStatement API call with an ExecuteSql API call. Use RollbackTransaction API calls in the catch block.
C. Implement try-catch statements. Replace the ExecuteStatement API call with an BatchExecuteStatement API call. Use RollbackTransaction API calls in the catch block.
D. Implement try-catch statements. Run the SQL queries within a transaction. Use BeginTransaction, CommitTransaction, and Rollback Transaction API calls in the catch block.
Correct Answer: D
QUESTION 158
A developer has created a new IAM user that has the s3:PutObject permission to write to a specific Amazon S3 bucket. The S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. When an application uses the access key and secret key of the IAM user to call the PutObject API operation, the application receives an access denied error. What should the developer do to resolve this error?
A. Update the policy of the IAM user to allow the s3: EncryptionConfiguration action.
B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
C. Update the policy of the IAM user to allow the kms: GenerateDataKey action.
D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.
Correct Answer: C
QUESTION 159
A company has a web application that contains an Amazon API Gateway REST API. A developer has created an AWS CloudFormation template for the initial deployment of the application. The developer has deployed the application successfully as part of an AWS CodePipeline continuous integration and continuous delivery (CI/CD) process. All resources and methods are available through the deployed stage endpoint. The CloudFormation template contains the following resource types:
1. AWS::ApiGateway::RestApi
2. AWS::ApiGateway::Resource
3. AWS::ApiGateway::Method
4. AWS::ApiGateway::Stage
5. AWS::ApiGateway::Deployment
The developer adds a new resource to the REST API with additional methods and redeploys the template. CloudFormation reports that the deployment is successful and that the stack is in the UPDATE_COMPLETE state. However, calls to all new methods are returning 404 (Not Found) errors. What should the developer do to make the new methods available?
A. Specify the disable-rollback option during the update-stack operation.
B. Unset the CloudFormation stack failure options.
C. Add an AWS CodeBuild stage to CodePipeline to run the aws apigateway create-deployment AWS CLI command
D. Add an action to CodePipeline to run the aws cloudfront create-invalidation AWS CLI command.
Correct Answer: C
QUESTION 160
A video streaming company has a pipe in Amazon EventBridge Pipes that uses an Amazon SQS queue as an event source. The pipe publishes all source events to a target EventBridge event bus. Before events are published, the pipe uses an AWS Lambda function to retrieve the stream status of each event from a database and adds the stream status to each source event. The company wants the pipe to publish events to the event bus only if the video stream has a status of ready. Which solution will meet these requirements?
A. Add a filter step to the pipe that will match on a stream status of ready.
B. Update the Lambda function to return only video streams that have a status of ready.
C. Include a filter for a status of ready in all EventBridge rules that subscribe to the event bus.
D. Add an input transformer to the pipe output that filters streams that have a status of ready.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.