DECK 2

Question 1

A company is migrating from a monolithic architecture to a microservices-based architecture. The Developers need to refactor the application so that the many microservices can asynchronously communicate with each other without impacting performance.

Use of which managed AWS services will enable asynchronous message passing? (Choose two.)

A. Amazon SQS
B. Amazon Cognito
C. Amazon Kinesis
D. Amazon SNS
E. Amazon ElastiCache

Answer 1

A. Amazon SQS

D. Amazon SNS

Question 2

An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?

A. Write data to Amazon ElastiCache

B. Write data to Amazon Elastic Block Store.

C. Write data to Amazon EC2 Instance Store.

D. Write data to the root filesystem.

Answer 2

A. Write data to Amazon ElastiCache

Question 3

A Developer is creating a Lambda function that will generate and export a file. The function requires 100 MB of temporary storage for temporary files while executing. These files will not be needed after the function is complete.

How can the Developer MOST efficiently handle the temporary files?

A. Store the files in EBS and delete the files at the end of the Lambda function.

B. Copy the files to EFS and delete the files at the end of the Lambda function.

C. Store the files in the /tmp directory and delete the files at the end of the Lambda function.

D. Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Answer 3

C. Store the files in the /tmp directory and delete the files at the end of the Lambda function.

Question 4

A Developer has developed a web application and wants to deploy it quickly on a Tomcat server on AWS. The Developer wants to avoid having to manage the underlying infrastructure.

What is the easiest way to deploy the application, based on these requirements?

A. AWS CloudFormation
B. AWS Elastic Beanstalk
C. Amazon S3
D. AWS CodePipeline

Answer 4

B. AWS Elastic Beanstalk

Question 5

An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the Developer wants to examine the logs of the Lambda function code for errors.

Based on this system configuration, where would the Developer find the logs?

A. Amazon S3

B. AWS CloudTrail

C. Amazon CloudWatch

D. Amazon DynamoDB

Answer 5

C. Amazon CloudWatch

Question 6

An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Choose two.)

A. Use AWS KMS to encrypt traffic between CloudFront and the web application.

B. Set the Origin Protocol Policy to HTTPS Only.

C. Set the Origin’s HTTP Port to 443.

D. Set the Viewer Protocol Policy to HTTPS Only or Redirect HTTP to HTTPS.

E. Enable the CloudFront option Restrict Viewer Access.

Answer 6

B. Set the Origin Protocol Policy to HTTPS Only.

D. Set the Viewer Protocol Policy to HTTPS Only or Redirect HTTP to HTTPS.

Question 7

An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size.

To what value should the table’s provisioned read throughput be set?

A. 50 read capacity units
B. 100 read capacity units
C. 200 read capacity units
D. 500 read capacity units

Answer 7

C. 200 read capacity units

Question 8

A web application is designed to allow new users to create accounts using their email addresses. The application will store attributes for each user, and is expecting millions of user to sign up.

What should the Developer implement to achieve the design goals?

A. Amazon Cognito user pools

B. AWS Mobile Hub user data storage

C. Amazon Cognito Sync

D. AWS Mobile Hub cloud logic

Answer 8

A. Amazon Cognito user pools

Question 9

A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway.

How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?

A. Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function source code.

B. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.

C. Create an Amazon S3 bucket policy that speci fies the Lambda service as its principal and assign it to the Amazon S3 bucket.

D. Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.

Answer 9

B. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.

Question 10

An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch.

What is the best practice for implementing this requirement?

A. Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch.

B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to CloudWatch.

C. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call.

D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.

Answer 10

D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.

Question 11

Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.

How can DynamoDB costs be minimized while maximizing application performance?

A. Batch all the writes, and perform the write operations when no or few reads are being performed.

B. Create a global secondary index with a minimum set of projected attributes.

C. Implement exponential backoffs in the application.

D. Load balance the reads to the table using an Application Load Balancer.

Answer 11

B. Create a global secondary index with a minimum set of projected attributes.

Question 12

AWS CodeBuild builds code for an application, creates the Docker image, pushes the image to Amazon Elastic Container Registry (Amazon ECR), and tags the image with a unique identifier.

If the Developers already have AWS CLI configured on their workstations, how can the Docker images be pulled to the workstations?

A. Run the following: docker pull REPOSITORY URI : TAG

B. Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

C. Run the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

D. Run the output of the following: aws ecr get-download-url-for-layer and then run: docker pull REPOSITORY URI : TAG

Answer 12

B. Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG

Question 13

A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.

What is the simplest way to do this?

A. Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.

B. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.

C. Each day, create a new table to hold session data; delete the previous day’s table.

D. Add an attribute with the expiration time; name the attribute ItemExpiration.

Answer 13

B. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.

Question 14

An application is expected to process many files. Each file takes four minutes to process each AWS Lambda invocation. The Lambda function does not return any important data.

What is the fastest way to process all the files?

A. First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.

B. Make synchronous RequestResponse Lambda invocations and process the files one by one.

C. Make asynchronous Event Lambda invocations and process the files in parallel.

D. First join all the files, then process it all at once with an asynchronous Event Lambda invocation.

Answer 14

C. Make asynchronous Event Lambda invocations and process the files in parallel.

Question 15

The upload of a 15 GB object to Amazon S3 fails. The error message reads: Your proposed upload exceeds the maximum allowed object size.

What technique will allow the Developer to upload this object?

A. Upload the object using the multi-part upload API.

B. Upload the object over an AWS Direct Connect connection.

C. Contact AWS Support to increase the object size limit.

D. Upload the object to another AWS region.

Answer 15

A. Upload the object using the multi-part upload API.

Question 16

A company has an AWS CloudFormation template that is stored as a single file. The template is able to launch and create a full infrastructure stack.

Which best practice would increase the maintainability of the template?

A. Use nested stacks for common template patterns.

B. Embed credentials to prevent typos.

C. Remove mappings to decrease the number of variables.

D. Use AWS::Include to reference publicly-hosted template files.

Answer 16

A. Use nested stacks for common template patterns.

Question 17

A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.

Which type of encryption meets these requirements?

A. Server-side encryption using S3-managed keys

B. Server-side encryption with AWS KMS-managed keys

C. Client-side encryption with a client-side symmetric master key

D. Client-side encryption with AWS KMS-managed keys

Answer 17

B. Server-side encryption with AWS KMS-managed keys

Question 18

An on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, LimitExceeded errors are being logged.

What should be changed to fix this error?

A. Implement exponential backoffs in the application.

B. Load balance the application to multiple servers.

C. Move the application to Amazon EC2.

D. Add a one second delay to each API call.

Answer 18

A. Implement exponential backoffs in the application.

Question 19

An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata.

What AWS service should be used to accomplish this?

A. Amazon DynamoDB
B. Amazon EC2
C. AWS Lambda
D. Amazon RDS

Answer 19

A. Amazon DynamoDB

Question 20

While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs.

Which AWS service can be used to securely store these logs?

A. Amazon EC2 VPC Flow Logs

B. Amazon CloudWatch Logs

C. Amazon CloudSearch

D. AWS CloudTrail

Answer 20

B. Amazon CloudWatch Logs

Question 21

A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.

What step will allow Kinesis to accommodate the traffic during peak hours?

A. Install the Kinesis Producer Library (KPL) for ingesting data into the stream.

B. Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod.

C. Increase the shard count of the stream using UpdateShardCount.

D. Ingest multiple records into the stream in a single call using PutRecords.

Answer 21

C. Increase the shard count of the stream using UpdateShardCount.

Question 22

Where can PortMapping be defined when launching containers in Amazon ECS?

A. Security groups
B. Amazon Elastic Container Registry (Amazon ECR)
C. Container agent
D. Task definition

Answer 22

D. Task definition

Question 23

An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the hot shard is resharded.

Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

A. 12
B. 6
C. 4
D. 1

Answer 23

B. 6

Question 24

A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations.

As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing.

What is the MOST secure approach?

A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.

B. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.

C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Answer 24

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Question 25

A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS).
The app then uses the token to access AWS services.
Review the following response:

https://www.examtopics.com/assets/media/exam-media/03756/0005900001.jpg

Based on the response displayed, what permissions are associated with the call from the application?

A. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1

B. Permissions associated with the default role used when the AWS service was built

C. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE

D. Permissions associated with the account that owns the AWS service

Answer 25

A. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1

Question 26

A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out.
What can be done to avoid this time-out?

A. Use pagination
B. Use shorthand syntax
C. Use parameter values
D. Use quoting strings

Answer 26

A. Use pagination

Question 27

What does an Amazon SQS delay queue accomplish?

A. Messages are hidden for a configurable amount of time when they are first added to the queue.

B. Messages are hidden for a configurable amount of time after they are consumed from the queue.

C. The consumer can poll the queue for a configurable amount of time before retrieving a message.

D. Message cannot be deleted for a configurable amount of time after they are consumed from the queue.

Answer 27

A. Messages are hidden for a configurable amount of time when they are first added to the queue.

Question 28

A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow, and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk.

Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?

A. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.

B. Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.

C. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.

D. Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the instance to Elastic Beanstalk.

Answer 28

C. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.

Question 29

A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers.
More than 95 percent of the Amazon DynamoDB requests are repeated read-requests.

How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?

A. Amazon EMR

B. Amazon DynamoDB Accelerator

C. Amazon SQS

D. Amazon CloudFront

Answer 29

B. Amazon DynamoDB Accelerator

Question 30

A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key
(user_id) and a sort key (sport_name). The table design is shown below:

https://www.examtopics.com/assets/media/exam-media/03756/0006200001.png

(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

A. Use a DynamoDB query operation with the key attributes of user_id and sport_name and order the results based on the score attribute.

B. Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results

C. Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and order the results based on the score attribute.

D. Create a local secondary index with a primary key of sport_name and a sort key of score and get the results based on the score attribute.

Answer 30

B. Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results

Question 31

A Developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

A. Use an identity provider to securely authenticate with the application.

B. Create an AWS Lambda function to create an IAM user when a user accesses the application.

C. Create credentials using AWS KMS and apply these credentials to users when using the application.

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

Answer 31

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

Question 32

An application running on Amazon EC2 instances must access objects within an Amazon S3 bucket that are encrypted using server-side encryption using AWS
KMS encryption keys(SSE-KMS). The application must have access to thecustomer master key (CMK) to decrypt the objects.

Which combination of steps will grant the application access? (Choose two.)

A. Write an S3 bucket policy that grants the bucket access to the key.

B. Grant access to the key in the IAM EC2 role attached to the application’s EC2 instances.

C. Write a key policy that enables IAM policies to grant access to the key.

D. Grant access to the key in the S3 bucket’s ACL

E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.

Answer 32

B. Grant access to the key in the IAM EC2 role attached to the application’s EC2 instances.

C. Write a key policy that enables IAM policies to grant access to the key.

Question 33

A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-to-peer. All users need to work productively even when not connected to a network.

Which source control service should be used?

A. Subversion
B. AWS CodeBuild
C. AWS CodeCommit
D. AWS CodeStar

Answer 33

C. AWS CodeCommit

Question 34

A Developer is writing a serverless application that requires that an AWS Lambda function be invoked every 10 minutes.
What is an automated and serverless way to trigger the function?

A. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda function.

B. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

C. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.

D. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.

Answer 34

C. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.

Question 35

A Developer is writing an imaging micro service on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment.

Which strategy should the Developer follow to create the Lambda deployment package?

A. Create a ZIP file with the source code and all dependent libraries.

B. Create a ZIP file with the source code and a script that installs the dependent libraries at runtime.

C. Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment variable LD_LIBRARY_PATH

D. Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.

Answer 35

A. Create a ZIP file with the source code and all dependent libraries.

Question 36

A Developer is designing a fault-tolerant environment where client sessions will be saved.
How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?

A. Use sticky sessions with an Elastic Load Balancer target group.

B. Use Amazon SQS to save session data.

C. Use Amazon DynamoDB to perform scalable session handling.

D. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Answer 36

C. Use Amazon DynamoDB to perform scalable session handling.

Question 37

In a move toward using microservices, a company’s Management team has asked all Development teams to build their services so that API requests depend only on that service’s data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.

What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

A. Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C. Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.

D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Answer 37

D. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Question 38

How should custom libraries be utilized in AWS Lambda?

A. Host the library on Amazon S3 and reference to it from the Lambda function.

B. Install the library locally and upload a ZIP file of the Lambda function.

C. Import the necessary Lambda blueprint when creating the function.

D. Modify the function runtime to include the necessary library.

Answer 38

B. Install the library locally and upload a ZIP file of the Lambda function.

Question 39

A company needs to secure its existing website running behind an Elastic Load Balancer. The website’s Amazon EC2 instances are CPU-constrained.
What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Choose two.)

A. Configure an Elastic Load Balancer with SSL pass-through.

B. Configure SSL certificates on an Elastic Load Balancer.

C. Configure an Elastic Load Balancer with a Loadable Storage System.

D. Install SSL certificates on the EC2 instances.

E. Configure an Elastic Load Balancer with SSL termination.

Answer 39

B. Configure SSL certificates on an Elastic Load Balancer.

E. Configure an Elastic Load Balancer with SSL termination.

Question 40

An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket.

Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

A. Use the default AWS KMS customer master key for S3 in the Lambda function code.

B. Use the S3 managed key and call the GenerateDataKey API to encrypt the file.

C. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

D. Use a custom KMS customer master key created for S3 in the Lambda function code.

Answer 40

C. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.

Question 41

A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table.
Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

A. Scan operation using eventually-consistent reads

B. Query operation using strongly-consistent reads

C. Query operation using eventually-consistent reads

D. Scan operation using strongly-consistent reads

Answer 41

C. Query operation using eventually-consistent reads

Question 42

A Developer has published an update to an application that is served to a global user base using Amazon CloudFront. After deploying the application, users are not able to see the updated changes.

How can the Developer resolve this issue?

A. Remove the origin from the CloudFront configuration and add it again.

B. Disable forwarding of query strings and request headers from the CloudFront distribution configuration.

C. Invalidate all the application objects from the edge caches.

D. Disable the CloudFront distribution and enable it again to update all the edge locations.

Answer 42

C. Invalidate all the application objects from the edge caches.

Question 43

A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.
Which procedures will deploy a Lambda function? (Choose two.)

A. Upload the code to an AWS CodeCommit repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

B. Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template.

C. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the template.

D. Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to it in an AWS::Lambda::Function resource in the template.

E. Upload the function code to a private Git repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

Answer 43

B. Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template.

C. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the template.

Question 44

A Developer wants to enable AWS X-Ray for a secure application that runs in an Amazon ECS environment.
What combination of steps will enable X-Ray? (Choose three.)

A. Create a Docker image that runs the X-Ray daemon.

B. Add instrumentation to the application code for X-Ray.

C. Install the X-Ray daemon on the underlying EC2 instance.

D. Configure and use an IAM EC2 instance role.

E. Register the application with X-Ray.

F. Configure and use an IAM role for tasks.

Answer 44

A. Create a Docker image that runs the X-Ray daemon.

B. Add instrumentation to the application code for X-Ray.

F. Configure and use an IAM role for tasks.

Question 45

A Developer is designing a new application that uses Amazon S3. To satisfy compliance requirements, the Developer must encrypt the data at rest.
How can the Developer accomplish this?

A. Use s3:x-amz-acl as a condition in the S3 bucket policy.

B. Use Amazon RDS with default encryption.

C. Use aws:SecureTransport as a condition in the S3 bucket policy.

D. Turn on S3 default encryption for the S3 bucket.

Answer 45

D. Turn on S3 default encryption for the S3 bucket.

Question 46

An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region.
Which AWS CloudFormation template key can be used to specify the correct AMI for each region?

A. Parameters
B. Outputs
C. Mappings
D. Resources

Answer 46

C. Mappings

Question 47

A Developer has been asked to make changes to the source code of an AWS Lambda function. The function is managed using an AWS CloudFormation template. The template is configured to load the source code from an Amazon S3 bucket. The Developer manually created a .ZIP file deployment package containing the changes and put the file into the correct location on Amazon S3. When the function is invoked, the code changes have not been applied.

What step is required to update the function with the changes?

A. Delete the .ZIP file on S3, and re-upload by using a different object key name.

B. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.

C. Ensure that the function source code is base64-encoded before uploading the deployment package to S3.

D. Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.

Answer 47

B. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.

Question 48

A Developer needs to design an application running on AWS that will be used to consume Amazon SQS messages that range from 1KB up to 1GB in size.
How should the Amazon SQS messages be managed?

A. Use Amazon S3 and the Amazon SQS CLI.

B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.

C. Use Amazon EBS and the Amazon SQS CLI.

D. Use Amazon EFS and the Amazon SQS CLI.

Answer 48

B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.

Question 49

A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes.

What is the SAFEST way to meet these requirements?

A. Associate an IAM role to the EC2 instance where the application is running with permission to access the database.

B. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.

C. Configure the application to store secrets in Amazon S3 object metadata.

D. Hard code the database secrets in the application code itself.

Answer 49

B. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.

Question 50

A Developer writes an AWS Lambda function and uploads the code in a .ZIP file to Amazon S3. The Developer makes changes to the code and uploads a new
.ZIP file to Amazon S3. However,Lambda executes the earlier code.

How can the Developer fix this in the LEAST disruptive way?

A. Create another Lambda function and specify the new .ZIP file.

B. Call the update-function-code API.

C. Remove the earlier .ZIP file first, then add the new .ZIP file.

D. Call the create-alias API.

Answer 50

B. Call the update-function-code API.

Question 51

An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data.

Which steps must be taken to allow the function to access both the RDS resource and the public endpoint? (Choose two.)

A. Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.

B. Modify the default network access control list to allow outbound traffic.

C. Add a NAT Gateway to the VPC.

D. Modify the default configuration of the Lambda function to associate it with a VPC public subnet.

E. Add an environmental variable to the Lambda function to allow outbound internet access.

Answer 51

A. Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.

C. Add a NAT Gateway to the VPC.

Question 52

A Developer must build an application that uses Amazon DynamoDB. The requirements state that the items being stored in the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 items per second.
How should the Developer size the DynamoDB table to meet these requirements?

A. Read: 3 read capacity units Write: 70 write capacity units

B. Read: 6 read capacity units Write: 70 write capacity units

C. Read: 6 read capacity units Write: 10 write capacity units

D. Read: 3 read capacity units Write: 10 write capacity units

Answer 52

B. Read: 6 read capacity units Write: 70 write capacity units

Question 53

A Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records.

What is the reason for the duplicates?

A. The Lambda function did not advance the Kinesis stream pointer to the next record after the error.

B. The Lambda event source used asynchronous invocation, resulting in duplicate records.

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

D. The Lambda function is not keeping up with the amount of data coming from the stream.

Answer 53

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

Question 54

A company maintains an application responsible for processing several thousand external callbacks each day. The company’s System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days.
The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds.

What is the MOST cost-effective way to address the need to track and alert on these statistics?

A. Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds.

B. Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds.

C. Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends the required alerts.

D. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System Administrators.

Answer 54

D. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System Administrators.

Question 55

A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible.

What deployment method should be used?

A. All at once
B. Rolling
C. Snapshots
D. Immutable

Answer 55

D. Immutable

Question 56

A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages.

What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?

A. Use Amazon S3 to cache database query results.

B. Use Amazon RDS as a custom origin for Amazon CloudFront.

C. Use local storage and memory on Amazon EC2 instances to cache data.

D. Use Amazon ElastiCache in front of the primary database to cache data.

Answer 56

D. Use Amazon ElastiCache in front of the primary database to cache data.

Question 57

A Development team currently supports an application that uses an in-memory store to save accumulated game results. Individual results are stored in a database. As part of migrating to AWS, the team needs to use automatic scaling. The team knows this will yield inconsistent results.

Where should the team store these accumulated game results to BEST allow for consistent results without impacting performance?

A. Amazon S3

B. Amazon RDS

C. Amazon ElastiCache

D. Amazon Kinesis

Answer 57

C. Amazon ElastiCache

Question 58

In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configure container instances in the environment?

A. An Amazon ECS task definition

B. An Amazon ECS cluster

C. A Dockerfile in an application package

D. A CLI for Elastic Beanstalk

Answer 58

A. An Amazon ECS task definition

Question 59

An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services.

What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

A. Use AWS KMS to store and retrieve credentials.

B. Use EC2 instance profiles.

C. Use AWS root user to make requests to the application.

D. Store and retrieve credentials from AWS CodeCommit.

Answer 59

B. Use EC2 instance profiles.

Question 60

A company is creating an application that will require users to access AWS services and allow them to reset their own passwords.

Which of the following would allow the company to manage users and authorization while allowing users to reset their own passwords?

A. Amazon Cognito identify pools and AWS STS

B. Amazon Cognito identity pools and AWS IAM

C. Amazon Cognito user pools and AWS KMS

D. Amazon Cognito user pools and identity pools

Answer 60

D. Amazon Cognito user pools and identity pools

Question 61

A company has three different environments: Development, QA, and Production. The company wants to deploy its code first in the Development environment, then QA, and then Production.

Which AWS service can be used to meet this requirement?

A. Use AWS CodeCommit to create multiple repositories to deploy the application.

B. Use AWS CodeBuild to create, configure, and deploy multiple build application projects.

C. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.

D. Use AWS CodeDeploy to create multiple deployment groups.

Answer 61

D. Use AWS CodeDeploy to create multiple deployment

Question 62

A company uses Amazon DynamoDB for managing and tracking orders. The DynamoDB table is partitioned based on the order date. The company receives a huge increase in orders during a sales event, causing DynamoDB writes to throttle, and the consumed throughput is far below the provisioned throughput.

According to AWS best practices, how can this issue be resolved with MINIMAL costs?

A. Create a new DynamoDB table for every order date.

B. Increase the read and write capacity units of the DynamoDB table.

C. Add a random number suffix to the partition key values.

D. Add a global secondary index to the DynamoDB table.

Answer 62

C. Add a random number suffix to the partition key values.

Question 63

A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in a complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers.

Which AWS service should be used to refactor this architecture?

A. AWS Lambda
B. AWS X-Ray
C. Amazon SQS
D. Amazon API Gateway

Answer 63

D. Amazon API Gateway

Question 64

A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts).

Which combination of services should the Developer use to create the website?

A. Amazon S3 and Amazon CloudFront

B. Amazon EC2 and Amazon ElastiCache

C. Amazon ECS and Redis

D. AWS Lambda and Amazon API Gateway

Answer 64

A. Amazon S3 and Amazon CloudFront

Question 65

A Development team has pushed out 10 applications running on several Amazon EC2 instances. The Operations team is asking for a graphical representation of one key performance metric for each application. These metrics should be available on one screen for easy monitoring.

Which steps should the Developer take to accomplish this using Amazon CloudWatch?

A. Create a custom namespace with a unique metric name for each application.

B. Create a custom dimension with a unique metric name for each application.

C. Create a custom event with a unique metric name for each application.

D. Create a custom alarm with a unique metric name for each application.

Answer 65

A. Create a custom namespace with a unique metric name for each application.

Question 66

A Developer wants access to make the log data of an application running on an EC2 instance available to systems administrators.
Which of the following enables monitoring of this metric in Amazon CloudWatch?

A. Retrieve the log data from CloudWatch using the GetMetricData API call.

B. Retrieve the log data from AWS CloudTrail using the LookupEvents API call.

C. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application.

D. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

Answer 66

D. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

Question 67

A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night’s batch job.

Which is the MOST efficient and cost-effective method to provide an empty table?

A. Use DeleteItem using a ConditionExpression.

B. Use BatchWriteItem to empty all of the rows.

C. Write a recursive function that scans and calls out DeleteItem.

D. Create and then delete the table after the task has completed.

Answer 67

D. Create and then delete the table after the task has completed.

Question 68

A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found.

What is causing the duplicate entries?

A. The S3 bucket name was specified incorrectly.

B. The Lambda function failed, and the Lambda service retried the invocation with a delay.

C. There was an S3 outage, which caused duplicate entries of the same log file.

D. The application stopped intermittently and then resumed.

Answer 68

B. The Lambda function failed, and the Lambda service retried the invocation with a delay.

Question 69

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.

B. The updateAuthorizer method must be called to update the API’s authorizer to include the newly created API key.

C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Answer 69

D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Question 70

A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebookֲ® and/or Googleֲ® accounts.
How can the Developer provide this authentication functionality?

A. Use Amazon Cognito with web identity federation.

B. Use Amazon Cognito with SAML-based identity federation.

C. Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket.

D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Answer 70

A. Use Amazon Cognito with web identity federation.

Question 71

A Developer has created a Lambda function and is finding that the function is taking longer to complete than expected. After some debugging, the Developer has discovered that increasing compute capacity would improve performance.
How can the Developer increase the Lambda compute resources?

A. Run on a larger instance size with more compute capacity.

B. Increase the maximum execution time.

C. Specify a larger compute capacity when calling the Lambda function.

D. Increase the allocated memory for the Lambda function.

Answer 71

D. Increase the allocated memory for the Lambda function.

Question 72

An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below:

https://www.examtopics.com/assets/media/exam-media/03756/0008200001.png

An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized.

Which of the following techniques will resolve this issue? (Choose two.)

A. Implement the user login page as an asynchronous Lambda function.

B. Use Amazon ElastiCache for MemCached to cache user data.

C. Use an Amazon Application Load Balancer to load balance the traffic to the website.

D. Call the database asynchronously so the code can continue executing.

E. Batch login requests from hundreds of users together as a single read request to the database.

Answer 72

B. Use Amazon ElastiCache for MemCached to cache user data.

D. Call the database asynchronously so the code can continue executing.

Question 73

A Developer is building a mobile application and needs any update to user profile data to be pushed to all devices accessing the specific identity. The Developer does not want to manage a back end to maintain the user profile data.

What is the MOST efficient way for the Developer to achieve these requirements using Amazon Cognito?

A. Use Cognito federated identities.
B. Use a Cognito user pool.
C. Use Cognito Sync.
D. Use Cognito events.

Answer 73

C. Use Cognito Sync.

Question 74

A company is migrating a single-server, on-premises web application to AWS. The company intends to use multiple servers behind an Elastic Load Balancer (ELB) to balance the load, and will also store session data in memory on the web server. The company does not want to lose that session data if a server fails or goes offline, and it wants to minimize user’s downtime.

Where should the company move session data to MOST effectively reduce downtime and make users’ session data more fault tolerant?

A. An Amazon ElastiCache for Redis cluster

B. A second Amazon EBS volume

C. The web server’s primary disk

D. An Amazon EC2 instance dedicated to session data

Answer 74

A. An Amazon ElastiCache for Redis cluster

Question 75

A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following:

https://www.examtopics.com/assets/media/exam-media/03756/0008400001.png

After the application launches, the health check is not being run on the correct path, even though it is valid.

What can be done to correct this configuration file?

A. Convert the file to JSON format.

B. Rename the file to a .config extension.

C. Change the configuration section from options_settings to resources.

D. Change the namespace of the option settings to a custom namespace.

Answer 75

B. Rename the file to a .config extension.

Question 76

A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk.

After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose two.)

A. Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console

B. Package the application code into a .tar file, create a new application version from the AWS Management Console, then update the environment by using AWS CLI

C. Package the application code into a .tar file, and upload and deploy the packaged application from the AWS Management Console

D. Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI

E. Package the application code into a .zip file, create a new application version from the AWS Management Console, then rebuild the environment by using AWS CLI

Answer 76

A. Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console

D. Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI

Question 77

To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

A. Conditions
B. Globals
C. Transform
D. Properties

Answer 77

C. Transform

Question 78

A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests.

Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?

A. Amazon RDS Multi-AZ
B. Amazon SQS
C. Amazon ElastiCache
D. Amazon RDS read replica

Answer 78

C. Amazon ElastiCache

Question 79

A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the
AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account.

How can the Developer address this issue?

A. Manually reduce the concurrent execution limit at the account level

B. Add another API Gateway stage for /MyAPI, and shard the requests

C. Configure the second Lambda function’s concurrency execution limit

D. Reduce the throttling limits in the API Gateway /MyAPI endpoint

Answer 79

C. Configure the second Lambda function’s concurrency execution limit

Question 80

A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications.

How should the Developer identify and troubleshoot the root cause of the performance issues in production?

A. Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.

B. Use AWS CloudTrail and then examine the logs.

C. Use AWS X-Ray, then examine the segments and errors.

D. Run Amazon Inspector agents and then analyze performance.

Answer 80

C. Use AWS X-Ray, then examine the segments and errors.

Question 81

A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.

What is the reason that no filtered results are being returned?

A. A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC

B. CloudWatch Logs only publishes metric data for events that happen after the filter is created

C. The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results

D. Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket

Answer 81

B. CloudWatch Logs only publishes metric data for events that happen after the filter is created

Question 82

An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience.

What is the best option to store the session state?

A. Store the session state in Amazon ElastiCache

B. Store the session state in Amazon CloudFront

C. Store the session state in Amazon S3

D. Enable session stickiness using elastic load balancers

Answer 82

A. Store the session state in Amazon ElastiCache

Question 83

A Developer is creating a template that uses AWS CloudFormation to deploy an application. This application is serverless and uses Amazon API Gateway,
Amazon DynamoDB, and AWS Lambda.

Which tool should the Developer use to define simplified syntax for expressing serverless resources?

A. CloudFormation serverless intrinsic functions

B. AWS serverless express

C. An AWS serverless application model

D. A CloudFormation serverless plugin

Answer 83

C. An AWS serverless application model

Question 84

A Developer has a stateful web server on-premises that is being migrated to AWS. The Developer must have greater elasticity in the new design.

How should the Developer re-factor the application to make it more elastic? (Choose two.)

A. Use pessimistic concurrency on Amazon DynamoDB

B. Use Amazon CloudFront with an Auto Scaling group

C. Use Amazon CloudFront with an AWS Web Application Firewall

D. Store session state data in an Amazon DynamoDB table

E. Use an ELB with an Auto Scaling group

Answer 84

D. Store session state data in an Amazon DynamoDB table

E. Use an ELB with an Auto Scaling group

Question 85

A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

A. Use Amazon CloudFront with signed URLs for Amazon S3

B. Create a dedicated Amazon CloudFront Distribution for each customer

C. Use Amazon CloudFront with AWS Lambda@Edge

D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

Answer 85

A. Use Amazon CloudFront with signed URLs for Amazon S3

Question 86

A company is running an application built on AWS Lambda functions. One Lambda function has performance issues when it has to download a 50MB file from the
Internet in every execution. This function iscalled multiple times a second.

What solution would give the BEST performance increase?

A. Cache the file in the /tmp directory

B. Increase the Lambda maximum execution time

C. Put an Elastic Load Balancer in front of the Lambda function

D. Cache the file in Amazon S3

Answer 86

A. Cache the file in the /tmp directory

Question 87

An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional
ThrottlingException errors. The application is coded in a language incompatible with the AWS SDK.

How should the error be handled?

A. Add exponential backoff to the application logic

B. Use Amazon SQS as an API message bus

C. Pass API calls through Amazon API Gateway

D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

Answer 87

A. Add exponential backoff to the application logic

Question 88

An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances.

Which deployment policy will meet these requirements while using the existing instances?

A. All at once
B. Rolling
C. Rolling with additional batch
D. Immutable

Answer 88

C. Rolling with additional batch

Question 89

A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client- side encryption.

What steps must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter

B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Answer 89

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Question 90

A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

A. CacheHitCount
B. IntegrationLatency
C. CacheMissCount
D. Latency
E. Count

Answer 90

B. IntegrationLatency

D. Latency

Question 91

An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code.

What combination of AWS services can be used to accomplish this? (Choose two.)

A. AWS Certificate Manager (ACM)
B. AWS Systems Manager Parameter Store
C. AWS Trusted Advisor
D. AWS KMS
E. Amazon GuardDuty

Answer 91

B. AWS Systems Manager Parameter Store

D. AWS KMS

Question 92

A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was updated and needs to be redeployed.
What file does the Developer need to update to push that change through CodeDeploy?

A. dockerrun.aws.json
B. buildspec.yml
C. appspec.yml
D. ebextensions.config

Answer 92

C. appspec.yml

Question 93

A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.

Which of the following solutions will accomplish this task? (Choose two.)

A. Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint

B. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key

C. Set up Server-Side Encryption with AWS KMS-Managed Keys

D. Transfer the data over an SSL connection

E. Set up Server-Side Encryption with S3-Managed Keys

Answer 93

B. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key

D. Transfer the data over an SSL connection