QUESTION 161
An application ingests data from an Amazon Kinesis data stream. The shards in the data stream are set for normal traffic. During tests for peak traffic, the application ingests data slowly. A developer needs to adjust the data stream to handle the peak traffic. What should the developer do to meet this requirement MOST cost-effectively?
A. Install the Kinesis Producer Library (KPL) to ingest data into the data stream.
B. Switch to on-demand capacity mode for the data stream. Specify a partition key when writing data to the data stream.
C. Decrease the amount of time that data is kept in the data stream by using the DecreaseStreamRetentionPeriod API operation.
D. Increase the shard count in the data stream by using the UpdateShardCount API operation.
Correct Answer: B
QUESTION 162
A company uses an organization in AWS Organizations to manage a multi-account landing zone. The company has enabled service control policies (SCP) and resource control policies (RCPs) on the organization. A developer is building a new analytics application to deploy in Account A. The application needs to query an Amazon DynamoDB table named Employee TimesheetEntries in Account B. Which combination of steps will meet these requirements? (Select TWO.)
A. Create a role named TimesheetAnalyticsRole in Account B that has the dynamodb:Query permission for the Employee TimesheetEntries table.
B. Create an SCP attached to Account A that allows the dynamodb:Query permission for the Employee TimesheetEntries table.
C. Create a role named TimesheetAnalyticsRole in Account A that has the dynamodb:Query permission for the EmployeeTimesheetEntries table.
D. Create an RCP attached to Account A that allows the dynamodb:Query permission for the TimesheetAnalyticsRole role
E. Create a resource-based policy on the EmployeeTimesheetEntries table that allows the dynamodb:Query permission for the TimesheetAnalyticsRole role.
Correct Answer: AE
QUESTION 163
A company needs to rapidly prototype a web application. However, the company has not yet designed the complete architecture. A developer uses AWS Lambda functions to build three endpoints. A frontend team wants to test the endpoints while the team prototypes the frontend. Which solution will meet these requirements with the LEAST operational overhead?
A. Set up a Lambda function URL for each endpoint. Use the function URLs for testing.
B. Set up an Amazon API Gateway REST API to have a Lambda proxy integration. Use the REST API endpoint URL for testing.
C. Set up an AWS AppSync API to have a Lambda resolver. Use a GraphQL endpoint for testing.
D. Set up an Amazon ECS container that runs an open source web proxy and Lambda code. Use the web proxy endpoint for testing.
Correct Answer: A
QUESTION 164
A developer works for a company that only has a single pre-production AWS account with an AWS CloudFormation AWS SAM stack. The developer made changes to an existing AWS Lambda function specified in the AWS SAM template and additional Amazon SNS topics. The developer wants to do a one-time deployment of the changes to test if the changes are working. The developer does not want to impact the existing pre-production application that is currently being used by other team members as part of the release pipeline. Which solution will meet these requirements?
A. Use the AWS SAM CLI to package and deploy the SAM application to the pre-production AWS account. Specify the debug parameter.
B. Use the AWS SAM CLI to package and create a change set against the pre-production AWS account. Execute the change set in a new AWS account designated for a development environment.
C. Use the AWS SAM CLI to package and deploy the SAM application to a new AWS account designated for a development environment.
D. Update the CloudFormation stack in the pre-production account. Add a separate stage that points to a new AWS account designated for a development environment.
Correct Answer: C
QUESTION 165
A company uses Amazon SNS for messaging. A developer must prevent personal data, such as credit card numbers, from being sent to specific subscribers of the SNS topic. Which solution will meet this requirement?
A. Implement SNS subscription filters on the SNS topic’s subscriptions. Add string value matching patterns to prevent personal data from reaching specific subscribers.
B. Implement SNS rules on the SNS topic’s subscriptions. Add event patterns to prevent personal data from reaching specific subscribers.
C. Configure SNS message data protection. Create data protection policies on the SNS topic to prevent personal data from reaching specific subscribers.
D. Enable Amazon Macie for the SNS topic. Use Macie to scan messages for personal data and to prevent personal data from reaching specific subscribers.
Correct Answer: C
QUESTION 166
A developer wrote an application that uses an AWS Lambda function to asynchronously generate short videos based on requests from customers. This video generation can take up to 10 minutes. After the video is generated, a URL to download the video is pushed to the customer’s web browser. The customer should be able to access these videos for at least 3 hours after generation. Which solution will meet these requirements?
A. Store the video in the /mp folder within the Lambda execution environment. Push a Lambda function URL to the customer.
B. Store the video in an Amazon EFS file system attached to the function. Generate a presigned URL for the video object and push the URL to the customer.
C. Store the video in Amazon S3. Generate a presigned URL for the video object and push the URL to the customer.
D. Store the video in an Amazon CloudFront distribution. Generate a presigned URL for the video object and push the URL to the customer.
Correct Answer: C
QUESTION 167
A company runs an internal reporting application that has hundreds of AWS Lambda functions. The company must protect personally identifiable information (PII) that appears in the company’s Amazon CloudWatch Logs log groups. The company deploys a Lambda layer to redact generic PII, such as email addresses. A developer must ensure that company-specific PII, such as employee IDs, does not appear in the CloudWatch logs. Which solution will meet these requirements?
A. Run an Amazon Macie sensitive data discovery job. Use a Lambda function to redact the Macie job findings.
B. Apply a CloudWatch data protection policy that uses a custom data identifier to the company’s AWS account.
C. Apply a CloudWatch data protection policy that uses a managed data identifier to the company’s AWS account.
D. Run an Amazon Macie sensitive data discovery job. Use an AWS Systems Manager Automation runbook to redact the Macie job findings.
Correct Answer: B
QUESTION 168
A developer is trying to make API calls using AWS SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Which method should the developer use to access the multi-factor authentication protected API?
A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage
Correct Answer: C
QUESTION 169
A company introduced a new feature that should be accessible to only a specific group of premium customers. A developer needs the ability to turn the feature on and off in response to performance and feedback. The developer needs a solution to validate and deploy these configurations quickly without causing any disruptions. What should the developer do to meet these requirements?
A. Use AWS AppConfig to manage the feature configuration and to validate and deploy changes. Use feature flags to turn the feature on and off.
B. Use AWS Secrets Manager to securely manage and validate the feature configurations. Enable lifecycle rules to turn the feature on and off.
C. Use AWS Config to manage the feature configuration and validation. Set up AWS Config rules to turn the feature on and off based on predefined conditions.
D. Use AWS Systems Manager Parameter Store to store and validate the configuration settings for the feature. Enable lifecycle rules to turn the feature on and off.
Correct Answer: A
QUESTION 170
A developer is creating a web application. The developer needs to store, retrieve, and rotate database credentials, Auth tokens, and API keys. The credentials, Auth tokens, and API keys must be stored securely as secrets and must not be hardcoded in the application source code. The secrets must be automatically rotated every 6 months. What should the developer do to meet these requirements?
A. Create and store the secrets in AWS KMS. Configure AWS KMS to automatically rotate the secrets every 6 months.
B. Create and store the secrets in AWS Certificate Manager (ACM). Choose the appropriate certificate type. Set up the rotation period of the certificate to be every 6 months.
C. Create and store the secrets in Amazon EventBridge. Configure a RotateKey event in EventBridge to rotate the secrets every 6 months.
D. Create and store the secrets in AWS Secrets Manager. Choose the appropriate secret type. Turn on automatic rotation. Set the rotation schedule to every 6 months.
Correct Answer: D
QUESTION 171
A company runs a serverless application on AWS. The application includes an AWS Lambda function. The Lambda function processes data and stores the data in an Amazon RDS for PostgreSQL database. A developer created user credentials in the database for the application. The developer needs to use AWS Secrets Manager to manage the user credentials. The password must be rotated on a regular basis. The solution needs to ensure that there is high availability and no downtime for the application during secret rotation. What should the developer do to meet these requirements?
A. Configure managed rotation with the single user rotation strategy.
B. Configure managed rotation with the alternating users rotation strategy.
C. Configure automatic rotation with the single user rotation strategy.
D. Configure automatic rotation with the alternating users rotation strategy.
Correct Answer: B
QUESTION 172
An application development team decides to use AWS X-Ray to monitor application code to analyze performance and perform root cause analysis. What does the team need to do to begin using X-Ray? (Select TWO.)
A. Log instrumentation output into an Amazon SQS queue.
B. Use a visualization tool to view application traces.
C. Instrument application code using the AWS SDK.
D. Install the X-Ray agent on the application servers.
E. Create an Amazon DynamoDB table to store the trace logs.
Correct Answer: CD
QUESTION 173
A developer is trying to monitor an application’s status by running a cron job that returns 1 if the service is up and 0 if the service is down. The developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console. What is causing this issue?
A. Sending custom metrics using the CLI is not supported.
B. The developer needs to use the put-metric-data command.
C. The developer must use a unified CloudWatch agent to publish custom metrics.
D. The code is not running on an Amazon EC2 instance.
Correct Answer: B
QUESTION 174
A Lambda function processes data before sending it to a downstream service. Each piece of data is approximately 1MB in size. After a security audit, the function is now required to encrypt the data before sending it downstream. Which API call is required to perform the encryption?
A. Pass the data to the KMS ReEncrypt API for encryption.
B. Use the KMS cenerateDataKeyAPl to get an encryption key.
C. Use the KMS GenerateDataKeyWithoutPlainText API to get an encryption key
D. Pass the data to KMS as part of the Encrypt API for encryption.
Correct Answer: D
QUESTION 175
A developer created an AWS Lambda function. The Lambda function is invoked asynchronously when a message is published to an Amazon SNS topic named InputTopic. The developer uses a second SNS topic named ErrorTopic to handle alerts of failures for other services. The developer wants to receive notifications from the ErrorTopic SNS topic when the Lambda function fails to process a message. Which solution will meet this requirement?
A. Configure a subscription for the ErrorTopic SNS topic. Configure a filter policy for failures. Specify the Lambda function as the endpoint.
B. Configure a failure destination for the Lambda function. Specify the Amazon Resource Name (ARN) of the ErrorTopic SNS topic as the destination ARN.
C. Configure a trigger for the Lambda function. Specify the ErrorTopic SNS topic as the trigger topic. Configure a filter policy on the topic for failures.
D. Configure a delivery policy on the ErrorTopic SNS topic. Configure a filter policy for failures. Specify the Lambda function as the input endpoint.
Correct Answer: B
QUESTION 176
A developer needs to fix an AWS CodeDeploy deployment that failed. During the failed deployment, the developer received the following error message:
“The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems. (Error code: HEALTH_CONSTRAINTS)” What are the possible causes of the failed deployment? (Select TWO.)
A. The CodeDeploy agent was not running on the instances that CodeDeploy was trying to deploy to.
B. The unified Amazon CloudWatch agent was not running on the instances that CodeDeploy was trying to deploy to.
C. The developer’s IAM role did not have the necessary permissions to perform code deployment to the instances.
D. CodeDeploy was trying to deploy to instances that were attached to an IAM instance profile that did not have the required permissions.
E. CodeDeploy was trying to deploy to instances that were not set up with correct CodeDeploy health checks.
Correct Answer: AE
QUESTION 177
A company is building an ecommerce application. The company stores the application’s static content in an Amazon 53 bucket. The application stores data that includes personally identifiable information (PII). The application makes dynamic requests in JSON format through an Amazon CloudFront distribution to an Amazon API Gateway REST API. The REST API invokes an AWS Lambda function that stores and queries data in Amazon DynamoDB. The company must ensure that all PII data is encrypted at rest in DynamoDB. The company must also protect specific data fields more granularly. The company must ensure that the specified fields are encrypted at the edge. The specified fields must remain encrypted throughout the full stack of the application. Which solution will meet these requirements?
A. Configure a Lambda@Edge function to identify and encrypt the sensitive fields. Associate the function with the CloudFront distribution.
B. Create an RSA key pair. Configure the CloudFront distribution to use field-level encryption directly.
C. Create an AWS KMS key. Update the Lambda function to encrypt the data before inserting the data into DynamoDB. Configure the function to decrypt the data after retrieval.
D. Create a new resource on the existing REST API and add a new POST method to the new resource. Configure the POST method to invoke the Lambda function and an AWS KMS key to encrypt the sensitive data fields.
Correct Answer: A
QUESTION 178
A company used AWS to develop an application for customers. The application includes an Amazon API Gateway API that invokes AWS Lambda functions. The Lambda functions process data and store the data in Amazon DynamoDB tables. The company must monitor the entire application to identify potential bottlenecks in the architecture that can negatively affect customers. Which solution will meet this requirement with the LEAST development effort?
A. Instrument the application with AWS X-Ray. Inspect the service map to identify errors and issues.
B. Configure Lambda exceptions and additional logging to Amazon CloudWatch. Use CloudWatch Logs Insights to query the logs.
C. Configure API Gateway to log responses to Amazon CloudWatch. Create a metric filter for the TooManyRequestsException error message.
D. Use Amazon CloudWatch metrics for the DynamoDB tables to identify all the ProvisionedThroughputExceededException error messages.
Correct Answer: A
QUESTION 179
A developer tested an application locally and then deployed it to AWS Lambda. While testing the application remotely, the Lambda function fails with an access denied message. How can this issue be addressed?
A. Update the Lambda function’s execution role to include the missing permissions.
B. Update the Lambda function’s resource policy to include the missing permissions.
C. Include an IAM policy document at the root of the deployment package and redeploy the Lambda function.
D. Redeploy the Lambda function using an account with access to the AdministratorAccess policy.
Correct Answer: A
QUESTION 180
A developer at a company writes an AWS CloudFormation template. The template refers to subnets that were created by a separate AWS CloudFormation template that the company’s network team wrote. When the developer attempts to launch the stack for the first time, the launch fails. Which template coding mistakes could have caused this failure? (Select TWO.)
A. The developer’s template does not use the Ref intrinsic function to refer to the subnets.
B. The developer’s template does not use the ImportValue intrinsic function to refer to the subnets.
C. The Mappings section of the developer’s template does not refer to the subnets.
D. The network team’s template does not export the subnets in the Outputs section.
E. The network team’s template does not export the subnets in the Mappings section.
Correct Answer: AD
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.