Question 0: A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across platforms. Which AWS service should the Developer use to support this authentication scenario?
Option A: AWS KMS
Option B: Amazon Cognito
Option C: AWS Directory Service
Option D: Amazon IAM

Question 1: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB. What is the MOST likely cause of this situation?
Option A: The CSS files were not compressed and S3 versioning was enabled.
Option B: S3 replication was enabled on the bucket.
Option C: Logging into the same bucket caused exponential log growth.
Option D: An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access.

Question 2: A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch. Which method would be the MOST secure way to authenticate a CloudWatch PUT request?
Option A: Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed.
Option B: Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data.
Option C: Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.
Option D: Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

Question 3: A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table: Which field, when used as the partition key, would result in the MOST consistent performance using DynamoDB?
Option A: starRating
Option B: reviewID
Option C: comment
Option D: productID

Question 4: A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB. The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?
Option A: Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package.
Option B: Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template.
Option C: Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource.
Option D: Create a bash script which uses AWS CLI to package and deploy the application.

Question 5: What are the steps to using the AWS CLI to launch a templatized serverless application?
Option A: Use AWS CloudFormation get-template then CloudFormation execute-change-set.
Option B: Use AWS CloudFormation validate-template then CloudFormation create-change-set.
Option C: Use AWS CloudFormation package then CloudFormation deploy.
Option D: Use AWS CloudFormation create-stack then CloudFormation update-stack.

Question 6: A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?
Option A: IAM temporary credentials using AWS STS.
Option B: Amazon Directory Service
Option C: Amazon Cognito with unauthenticated access enabled
Option D: IAM with SAML integration

Question 7: An application takes 40 seconds to process instructions received in an Amazon SQS message. Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?
Option A: Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use the DeleteMessage API to delete the message.
Option B: Use the DeleteMessage API call to delete the message from the queue, then call DeleteQueue API to remove the queue.
Option C: Use the ChangeMessageVisibility API to decrease the timeout value, then use the DeleteMessage API to delete the message.
Option D: Use the DeleteMessageVisibility API to cancel the VisibilityTimeout, then use the DeleteMessage API to delete the message.

Question 8: A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code: After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?
Option A: Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use.
Option B: Increase the size of the RDS database to allow for an increased number of database connections each hour.
Option C: Move the database connection and close statement out of the handler. Place the connection in the global space.
Option D: Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.

Question 9: A current architecture uses many Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks easily. Which AWS Service can help refactor and manage the state machine?
Option A: AWS Data Pipeline
Option B: AWS SNS with AWS SQS
Option C: Amazon Elastic MapReduce
Option D: AWS Step Functions

Question 10: A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?
Option A: Implement Amazon ElastiCache Redis in Cluster Mode
Option B: Install Redis on an Amazon EC2 instance.
Option C: Implement Amazon ElastiCache Memcached.
Option D: Migrate the database to Amazon Redshift.

Question 11: A current architecture uses many Lambda functions invoking one another as large state machine. The coordination of this state machine is legacy custom code that breaks easily. Which AWS Service can help refactor and manage the state machine?
Option A: AWS Data Pipeline
Option B: AWS SNS with AWS SQS
Option C: Amazon Elastic MapReduce
Option D: AWS Step Functions

Question 12: A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3 bucket will server more than 300 GET requests per second. What should be done to optimize performance? (Choose two.)
Option A: Integrate Amazon CloudFront with Amazon S3.
Option B: Enable Amazon S3 cross-region replication.
Option C: Delete expired Amazon S3 server log files.
Option D: Configure Amazon S3 lifecycle rules.
Option E: Randomize Amazon S3 key name prefixes.

Question 13: A company is building a stock trading application that requires sub-millisecond latency in processing trading requests. Amazon DynamoDB is used to store all the trading data that is used to process each request. After load testing the application, the development team found that due to data retrieval times, the latency requirement is not satisfied. Because of sudden high spikes in the number of requests, DynamoDB read capacity has to be significantly over-provisioned to avoid throttling. What steps should be taken to meet latency requirements and reduce the cost of running the application?
Option A: Add Global Secondary Indexes for trading data.
Option B: Store trading data in Amazon S3 and use Transfer Acceleration.
Option C: Add retries with exponential back-off for DynamoDB queries
Option D: Use DynamoDB Accelerator to cache trading data.

Question 14: A Developer needs temporary access to resources in a second account. What is the MOST secure way to achieve this?
Option A: Use the Amazon Cognito user pools to get short-lived credentials for the second account.
Option B: Create a dedicated IAM access key for the second account, and send it by mail.
Option C: Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.
Option D: Establish trust, and add an SSH key for the second account to the IAM user.

Question 15: An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 seconds, the application receives multiple ProvisionedThroughputExceeded errors. How should this exception be handled?
Option A: Create a new global secondary index for the table to help with the additional requests.
Option B: Retry the failed read requests with exponential backoff.
Option C: Immediately retry the failed read requests.
Option D: Use the DynamoDB 'UpdateItem' API to increase the provisioned throughput capacity of the table.

Question 16: A Developer has created a large Lambda function, and deployment is failing with the following error: ClientError: An error occurred (InvalidParameterValueException) when calling the CreateFunction operation: Unzipped size must be smaller than XXXXXXXXX bytes', where XXXXXXXXX is the current Lambda limit What can the Developer do to fix this problem?
Option A: Submit a limit increase request to AWS Support to increase the function to the size needed.
Option B: Use a compression algorithm that is more efficient than ZIP.
Option C: Break the function into multiple smaller Lambda functions.
Option D: ZIP the ZIP file twice to compress it further.

Question 17: Given the source code for an AWS Lambda function in the local store.py containing a handler function called get_store and the following AWS CloudFormation template: What should be done to prepare the template so that it can be deployed using the AWS CLI command aws cloudformation deploy?
Option A: Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.
Option B: Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template.
Option C: Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive.
Option D: Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.

Question 18: An application stores images in an S3 bucket. Amazon S3 event notifications are used to trigger a Lambda function that resizes the images. Processing each image takes less than a second. How will AWS Lambda handle the additional traffic?
Option A: Lambda will scale out to execute the requests concurrently.
Option B: Lambda will handle the requests sequentially in the order received.
Option C: Lambda will process multiple images in a single execution.
Option D: Lambda will add more compute to each execution to reduce processing time.

Question 19: A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline. How can these requirements be met?
Option A: Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of failure events.
Option B: Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events.
Option C: Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure events.
Option D: Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification of failure events.

Question 20: A serverless application uses an API Gateway and AWS Lambda. Where should the Lambda function store its session information across function calls?
Option A: In an Amazon DynamoDB table
Option B: In an Amazon SQS queue
Option C: In the local filesystem
Option D: In an SQLite session table using –DSQLITE_ENABLE_SESSION

Question 21: A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles. What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Choose two.)
Option A: Use the AWS CLI to retrieve the IAM group.
Option B: Query Amazon EC2 metadata for in-line IAM policies.
Option C: Request a token from AWS STS, and perform a describe action.
Option D: Perform a get action using the –-dry-run argument.
Option E: Validate the IAM role policy with the IAM policy simulator.

Question 22: When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?
Option A: Legibility and stylistic convention
Option B: Taking advantage of connection re-use
Option C: Better error handling
Option D: Creating a new instance per invocation

Question 23: An application on AWS is using third-party APIs. The Developer needs to monitor API errors in the code, and wants to receive notifications if failures go above a set threshold value. How can the Developer achieve these requirements?
Option A: Publish a custom metric on Amazon CloudWatch and use Amazon SES for notification.
Option B: Use an Amazon CloudWatch API-error metric and use Amazon SNS for notification.
Option C: Use an Amazon CloudWatch API-error metric and use Amazon SES for notification.
Option D: Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification.

Question 24: A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower. Which of the following is MOST likely the cause of the application latency?
Option A: Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys.
Option B: The AWS KMS API calls limit is less than needed to achieve the desired performance.
Option C: The client encryption of the objects is using a poor algorithm.
Option D: KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.

Question 25: A company wants to migrate its web application to AWS and leverage Auto Scaling to handle pear workloads. The Solutions Architect determined that the best metric for an Auto Scaling event is the number of concurrent users. Based on this information, what should the Developer use to autoscale based on concurrent users?
Option A: An Amazon SNS topic to be triggered when a concurrent user threshold is met
Option B: An Amazon Cloudwatch Networkin metric
Option C: Amazon CloudFront to leverage AWS Edge Locations
Option D: A Custom Amazon CloudWatch metric for concurrent users.

Question 26: A company is migrating its on-premises database to Amazon RDS for MySQL. The company has readheavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries. How can this objective be met?
Option A: Add database retries to effectively use RDS with vertical scaling
Option B: Use RDS with multi-AZ deployment
Option C: Add a connection string to use an RDS read replica for read queries
Option D: Add a connection string to use a read replica on an EC2 instance.

Question 27: A Developer is receiving HTTP 400: ThrottlingException errors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved. What best practice should first be applied to address this issue?
Option A: Contact AWS Support for a limit increase.
Option B: Use the AWS CLI to get the metrics
Option C: Analyze the applications and remove the API call
Option D: Retry the call with exponential backoff

Question 28: A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster. How should the application authenticate with AWS services in production?
Option A: Configure an ECS task IAM role for the application to use
Option B: Refactor the application to call AWS STS AssumeRole based on an instance role
Option C: Configure AWS access key/secret access key environment variables with new credentials
Option D: Configure the credentials file with a new access key/secret access key

Question 29: A Developer created a Lambda function for a web application backend. When testing the Lambda function from the AWS Lambda console, the Developer can see that the function is being executed, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes. What could cause this situation?
Option A: The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs.
Option B: The Lambda function is missing CloudWatch Logs as a source trigger to send log data.
Option C: The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.
Option D: The Lambda function is missing a target CloudWatch Log group.

Question 30: An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use. Which of the following methods should be used to obtain unique identifiers?
Option A: Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers.
Option B: Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys.
Option C: Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities.
Option D: Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier.

Question 31: An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender's messages must be processed in the order they are received. Which SQS feature should be implemented by the Developer?
Option A: Configure each sender with a unique MessageGroupId
Option B: Enable MessageDeduplicationIds on the SQS queue
Option C: Configure each message with unique MessageGroupIds.
Option D: Enable ContentBasedDeduplication on the SQS queue

Question 32: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account. What is the MOST likely cause of this situation?
Option A: An IAM inline policy is being used on the IAM role
Option B: An IAM managed policy is being used on the IAM role
Option C: The AWS CLI is corrupt and needs to be reinstalled
Option D: The AWS credential provider looks for instance profile credentials last

Question 33: A Developer is writing transactions into a DynamoDB table called 'SystemUpdates' that has 5 write capacity units. Which option has the highest read throughput?
Option A: Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size
Option B: Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size
Option C: Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size
Option D: Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size

Question 34: Where should an Elastic Beanstalk configuration file named healthcheckur1.config be placed in the application source bundle?
Option A: In the root of the application
Option B: In the bin folder
Option C: In healthcheckur1.config.ebextension under root
Option D: In the .ebextensions folder

Question 35: During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
Option A: Use parallel scans while limiting the rate
Option B: Use sequential scans
Option C: Increase read capacity units during the scan operation
Option D: Change consistency to eventually consistent during the scan operation

Question 36: A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries. What action would minimize the Lambda compute time consumed?
Option A: Install the dependencies and external libraries at the beginning of the Lambda function.
Option B: Create a Lambda deployment package that includes the external libraries.
Option C: Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location.
Option D: Install the external libraries in Lambda to be available to all Lambda functions.

Question 37: A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Application requirements state that the application must maintain full capacity during updates while minimizing cost. Which type of Elastic Beanstalk deployment policy should the Developer specify for the environment?
Option A: Immutable
Option B: Rolling
Option C: All at Once
Option D: Rolling with additional batch

Question 38: An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file. How should the Developer code the application?
Option A: Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
Option B: Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
Option C: Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
Option D: Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.

Question 39: A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?
Option A: Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/.
Option B: Get the instance user data by retrieving http://169.254.169.254/latest/userdata/.
Option C: Get the application to run IFCONFIG to get the public IP address.
Option D: Get the application to run IPCONFIG to get the public IP address.

Question 40: The Lambda function below is being called through an API using Amazon API Gateway. The average execution time for the Lambda function is about 1 second. The pseudocode for the Lambda function is as shown in the exhibit. What two actions can be taken to improve the performance of this Lambda function without increasing the cost of the solution? (Choose two.)
Option A: Package only the modules the Lambda function requires
Option B: Use Amazon DynamoDB instead of Amazon RDS
Option C: Move the initialization of the variable Amazon RDS connection outside of the handler function
Option D: Implement custom database connection pooling with the Lambda function
Option E: Implement local caching of Amazon RDS data so Lambda can re-use the cache

Question 41: An application will ingest data at a very high throughput from many sources and must store the data in an Amazon S3 bucket. Which service would BEST accomplish this task?
Option A: Amazon Kinesis Firehose
Option B: Amazon S3 Acceleration Transfer
Option C: Amazon SQS
Option D: Amazon SNS

Question 42: A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records. In which order will these records be processed?
Option A: Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method
Option B: Lambda will receive each record in the exact order it was placed into the stream following a FIFO (firstin, first-out) method.
Option C: Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards.
Option D: The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API.

Question 43: A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket. These images are not displayed when users browse the site. What is the possible cause for the issue?
Option A: The referenced Amazon S3 bucket is in another region.
Option B: The images must be stored in the same Amazon S3 bucket.
Option C: Port 80 must be opened on the security group in which the Amazon S3 bucket is located.
Option D: Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.

Question 44: Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?
Option A: Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip
Option B: Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00- 00-FILENAME.zip
Option C: Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6- FILENAME.zip
Option D: Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/ FILENAME.zip

Question 45: For a deployment using AWS CodeDeploy, what is the run order of the hooks for in-place deployments?
Option A: Before Install -> Application Stop -> Application Start -> After Install
Option B: Application Stop -> Before Install -> After Install -> Application Start
Option C: Before Install -> Application Stop -> Validate Service -> Application Start
Option D: Application Stop -> Before Install -> Validate Service -> Application Start

Question 46: A Developer is developing an application that manages financial transactions. To improve security, multifactor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?
Option A: Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
Option B: Amazon Cognito with MFA
Option C: AWS Directory Service
Option D: AWS IAM with MFA enabled

Question 47: A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users' game data. How can this be accomplished?
Option A: Encrypt the game data with individual user keys.
Option B: Restrict access to specific items based on certain primary key values.
Option C: Stage data in SQS queues to inject metadata before accessing DynamoDB.
Option D: Read records from DynamoDB and discard irrelevant data client-side.

Question 48: A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model. Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?
Option A: Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
Option B: Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
Option C: Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
Option D: Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.

Question 49: A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint. http://www.supplierdomain.com/status/customerID Which of the following application designs meet the requirements? (Choose two.)
Option A: Amazon SQS; Amazon SNS
Option B: Elastic Load Balancing; Amazon EC2
Option C: Amazon ElastiCache; Amazon Elacticsearch Service
Option D: Amazon API Gateway; AWS Lambda
Option E: Amazon S3; Amazon CloudFront

Question 50: A development team consists of 10 team members. Similar to a home directory for each team member, the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username 'TeamMemberX', the snippet of the IAM policy looks like this: Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?
Option A: Use IAM policy condition
Option B: Use IAM policy principal
Option C: Use IAM policy variables
Option D: Use IAM policy resource

Question 51: A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?
Option A: Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
Option B: Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
Option C: Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
Option D: Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.

Question 52: A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website. How should the Developer identify the cause of the failures?
Option A: Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
Option B: Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
Option C: Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
Option D: Manually re-run the build process on a local machine so that the output can be visualized.

Question 53: A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours. How can the Developer implement encryption at rest for data within the Kinesis Streams?
Option A: Enable SSL connections to Kinesis
Option B: Use Amazon Kinesis Consumer Library
Option C: Encrypt the data once it is at rest with a Lambda function
Option D: Enable server-side encryption in Kinesis Streams

Question 54: A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available. Which of the following could create this situation? (Choose two.)
Option A: The traces are reaching X-Ray, but the Developer does not have access to view the records.
Option B: The X-Ray daemon is not installed on the EC2 instance.
Option C: The X-Ray endpoint specified in the application configuration is incorrect.
Option D: The instance role does not have 'xray:BatchGetTraces' and 'xray:GetTraceGraph' permissions.
Option E: The instance role does not have 'xray:PutTraceSegments' and 'xray:PutTelemetryRecords' permissions.

Question 55: A Developer executed a AWS CLI command and received the error shown below: What action should the Developer perform to make this error human-readable?
Option A: Make a call to AWS KMS to decode the message.
Option B: Use the AWS STS decode-authorization-message API to decode the message.
Option C: Use an open source decoding library to decode the message.
Option D: Use the AWS IAM decode-authorization-message API to decode this message.

Question 56: A company is using Amazon API Gateway to manage access to a set of microservices implemented as AWS Lambda functions. Following a bug report, the company makes a minor breaking change to one of the APIs. In order to avoid impacting existing clients when the new API is deployed, the company wants to allow clients six months to migrate from v1 to v2. Which approach should the Developer use to handle this change?
Option A: Update the underlying Lambda function and provide clients with the new Lambda invocation URL.
Option B: Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.
Option C: Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.
Option D: Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.

Question 57: A company has written a Java AWS Lambda function to be triggered whenever a user uploads an image to an Amazon S3 bucket. The function converts the original image to several different formats and then copies the resulting images to another Amazon S3 bucket. The Developers find that no images are being copied to the second Amazon S3 bucket. They have tested the code on an Amazon EC2 instance with 1GB of RAM, and it takes an average of 500 seconds to complete. What is the MOST likely cause of the problem?
Option A: The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance
Option B: Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted.
Option C: Lambda functions have a maximum execution limit of 900 seconds, therefore the function is not completing.
Option D: There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js.

Question 58: An application stops working with the following error: The specified bucket does not exist. Where is the BEST place to start the root cause analysis?
Option A: Check the Elastic Load Balancer logs for DeleteBucket requests.
Option B: Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors.
Option C: Check AWS X-Ray for Amazon S3 DeleteBucket alarms.
Option D: Check AWS CloudTrail for a DeleteBucket event.

Question 59: An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security policies require that all data written to this bucket be encrypted. How can compliance with this policy be ensured?
Option A: Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.
Option B: Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amzserver-side-encryption header.
Option C: Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.
Option D: Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-serverside-encryption header.

Question 60: An application overwrites an object in Amazon S3, and then immediately reads the same object. Why would the application sometimes retrieve the old version of the object?
Option A: S3 overwrite PUTS are eventually consistent, so the application may read the old object.
Option B: The application needs to add extra metadata to label the latest version when uploading to Amazon S3.
Option C: All S3 PUTS are eventually consistent, so the application may read the old object.
Option D: The application needs to explicitly specify latest version when retrieving the object.

Question 61: The release process workflow of an application requires a manual approval before the code is deployed into the production environment. What is the BEST way to achieve this using AWS CodePipeline?
Option A: Use multiple pipelines to allow approval
Option B: Use an approval action in a stage
Option C: Disable the stage transition to allow manual approval
Option D: Disable a stage just prior the deployment stage

Question 62: Where should the appspec.yml file be placed in order for AWS CodeDeploy to work?
Option A: In the root of the application source code directory structure
Option B: In the bin folder along with all the complied code
Option C: In an S3 bucket
Option D: In the same folder as the application configuration files

Question 63: An existing serverless application processes uploaded image files. The process currently uses a single Lambda function that takes an image file, performs the processing, and stores the file in Amazon S3. Users of the application now require thumbnail generation of the images. Users want to avoid any impact to the time it takes to perform the image uploads. How can thumbnail generation be added to the application, meeting user requirements while minimizing changes to existing code?
Option A: Change the existing Lambda function handling the uploads to create thumbnails at the time of upload. Have the function store both the image and thumbnail in Amazon S3.
Option B: Create a second Lambda function that handles thumbnail generation and storage. Change the existing Lambda function to invoke it asynchronously.
Option C: Create an S3 event notification with a Lambda function destination. Create a new Lambda function to generate and store thumbnails.
Option D: Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function that processes the queue, and generates and stores thumbnails.

Question 64: A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete. What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements?
Option A: Use AWS Step Functions to execute parallel Lambda functions, and join the results.
Option B: Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results.
Option C: Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results.
Option D: Use Amazon CloudWatch Events to orchestrate the Lambda functions.

Question 65: A customer wants to deploy its source code on an AWS Elastic Beanstalk environment. The customer needs to perform deployment with minimal outage and should only use existing instances to retain application access log. What deployment policy would satisfy these requirements?
Option A: Rolling
Option B: All at once
Option C: Rolling with an additional batch
Option D: Immutable

Question 66: A Developer has been asked to build a real-time dashboard web application to visualize the key prefixes and storage size of objects in Amazon S3 buckets. Amazon DynamoDB will be used to store the Amazon S3 metadata. What is the optimal and MOST cost-effective design to ensure that the real-time dashboard is kept up to date with the state of the objects in the Amazon S3 buckets?
Option A: Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change.
Option B: Use Amazon S3 Event Notification backed by a Lambda function to persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.
Option C: Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.
Option D: Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.

Question 67: A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS. Which techniques will work? (Choose two.)
Option A: Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.
Option B: Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.
Option C: Deploy a SAM template with an inline Swagger definition.
Option D: Define a Swagger file. Deploy a SAM template that references the Swagger file.
Option E: Define an inline Swagger definition in a Lambda function. Invoke the Lambda function.

Question 68: A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs. What action can be taken to allow API customers to invalidate the API Cache?
Option A: Ask customers to use AWS credentials to call the InvalidateCache API.
Option B: Ask customers to invoke an AWS API endpoint which invalidates the cache.
Option C: Ask customers to pass an HTTP header called Cache-Control:max-age=0.
Option D: Ask customers to add a query string parameter called 'INVALIDATE_CACHE' when making an API call.

Question 69: A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords. Which of the following solutions would involve the LEAST administrative effort?
Option A: Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances.
Option B: Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.
Option C: Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances.
Option D: Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.

Question 70: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit. How can the Developer ensure that all traffic to the S3 bucket is encrypted?
Option A: Install certificates on the EC2 instances.
Option B: Create a bucket policy that allows traffic where SecureTransport is true.
Option C: Create an HTTPS redirect on the EC2 instances.
Option D: Create a bucket policy that denies traffic where SecureTransport is false.

Question 71: A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation. Which configuration would allow the Development team to meet these requirements MOST securely?
Option A: Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services, then associate that instance role with the underlying EC2 instances.
Option B: Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to reference the associated IAM role.
Option C: Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and configure the ECS cluster to reference that group.
Option D: Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to referenсe the associated IAM role.

Question 72: A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using its own master key. Which of the following AWS service can be used to meet these requirements?
Option A: SSE with Amazon S3
Option B: SSE with AWS KMS
Option C: Client-side encryption
Option D: AWS IAM roles and policies

Question 73: When a Developer tries to run an AWS CodeBuild project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters. What is the recommended solution?
Option A: Add the export LC_ALL='en_US.utf8' command to the pre_build section to ensure POSIX localization.
Option B: Use Amazon Cognito to store key-value pairs for large numbers of environment variables.
Option C: Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables.
Option D: Use AWS Systems Manager Parameter Store to store large numbers of environment variables.

Question 74: A Lambda function is packaged for deployment to multiple environments, including development, test, production, etc. Each environment has unique set of resources such as databases, etc. How can the Lambda function use the resources for the current environment?
Option A: Apply tags to the Lambda functions.
Option B: Hardcore resources in the source code.
Option C: Use environment variables for the Lambda functions.
Option D: Use separate function for development and production.

Question 75: The Developer for a retail company must integrate a fraud detection solution into the order processing solution. The fraud detection solution takes between ten and thirty minutes to verify an order. At peak, the web site can receive one hundred orders per minute. What is the most scalable method to add the fraud detection solution to the order processing pipeline?
Option A: Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.
Option B: Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.
Option C: Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.
Option D: Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.

Question 76: A Developer is creating a mobile application with a limited budget. The solution requires a scalable service that will enable customers to sign up and authenticate into the mobile application while using the organization's current SAML 2.0 identity provider. Which AWS service should be used to meet these requirements?
Option A: AWS Lambda
Option B: Amazon Cognito
Option C: AWS IAM
Option D: Amazon EC2

Question 77: An application is real-time processing millions of events that are received through an API. What service could be used to allow multiple consumers to process the data concurrently and MOST costeffectively?
Option A: Amazon SNS with fanout to an SQS queue for each application
Option B: Amazon SNS with fanout to an SQS FIFO (first-in, firtst-out) queue for each application
Option C: Amazon Kinesis Firehouse
Option D: Amazon Kinesis Streams

Question 78: A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances. What steps have to be executed to perform the monitoring?
Option A: Deploy the X-Ray SDK with the application and use X-Ray annotation.
Option B: Install the X-Ray daemon and instrument the application code.
Option C: Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events.
Option D: Deploy the X-Ray SDK with the application and instrument the application code.

Question 79: A Developer will be using the AWS CLI on a local development server to manage AWS services. What can be done to ensure that the CLI uses the Developer's IAM permissions when making commands?
Option A: Specify the Developer's IAM access key ID and secret access key as parameters for each CLI command.
Option B: Run the aws configure CLI command, and provide the Developer's IAM access key ID and secret access key.
Option C: Specify the Developer's IAM user name and password as parameters for each CLI command.
Option D: Use the Developer's IAM role when making the CLI command.

Question 80: After installing the AWS CLI, a Developer tries to run the command aws configure but receives the following error: Error: aws: command not found What is the most likely cause of this error?
Option A: The aws executable is not in the PATH environment variable.
Option B: Access to the aws executable has been denied to the installer.
Option C: Incorrect AWS credentials were provided.
Option D: The aws script does not have an executable file mode.

Question 81: An on-premises legacy application is caching data files locally and writing shared images to local disks. What is necessary to allow for horizontal scaling when migrating the application to AWS?
Option A: Modify the application to have both shared images and caching data written to Amazon EBS.
Option B: Modify the application to read and write cache data on Amazon S3, and also store shared images on S3.
Option C: Modify the application to use Amazon S3 for serving shared images; cache data can then be written to local disks.
Option D: Modify the application to read and write cache data on Amazon S3, while continuing to write shared images to local disks.

Question 82: A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an Amazon DynamoDB table. How can the Developer create the solution?
Option A: Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda function synchronously from the SNS message.
Option B: Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda function asynchronously from the SNS message.
Option C: Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream.
Option D: Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream.

Question 83: A gaming company is developing a mobile game application for iOS® and Android® platforms. This mobile game securely stores user data locally on the device. The company wants to allow users to use multiple device for the game, which requires user data synchronization across devices. Which service should be used to synchronize user data across devices without the need to create a backend application?
Option A: AWS Lambda
Option B: Amazon S3
Option C: Amazon DynamoDB
Option D: Amazon Cognito

Question 84: An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack. The Developer wants to run this application in AWS. Which of the following sets of AWS services can be used to run this stack?
Option A: Amazon API Gateway, Amazon S3
Option B: AWS Lambda, Amazon DynamoDB
Option C: Amazon EC2, Amazon Aurora
Option D: Amazon Cognito, Amazon RDS
Option E: Amazon ECS, Amazon EBS

Question 85: An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update. What technique provides the shortest delay in updating the dashboard?
Option A: Retrieve the messages from the queue using long polling every 20 seconds.
Option B: Reduce the size of the messages by compressing them before sending.
Option C: Retrieve the messages from the queue using short polling every 10 seconds.
Option D: Reduce the size of each message payload by sending it in two parts.

Question 86: A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline is triggered by changes to the master branch of an AWS CodeCommit repository and uses AWS CodeBuild to implement the test and build stages of the process and AWS CodeDeploy to deploy the application. The pipeline has been operating successfully for several months and there have been no modifications. Following a recent change to the application's source code, AWS CodeDeploy has not deployed the updates application as expected. What are the possible causes? (Choose two.)
Option A: The change was not made in the master branch of the AWS CodeCommit repository.
Option B: One of the earlier stages in the pipeline failed and the pipeline has terminated.
Option C: One of the Amazon EC2 instances in the company's AWS CodePipeline cluster is inactive.
Option D: The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.
Option E: AWS CodePipeline does not have permissions to access AWS CodeCommit.

Question 87: A social media company is using Amazon Cognito in order to synchronize profiles across different mobile devices, to enable end users to have a seamless experience. Which of the following configurations can be used to silently notify users whenever an update is available on all other devices?
Option A: Modify the user pool to include all the devices which keep them in sync.
Option B: Use the SyncCallback interface to receive notifications on the application.
Option C: Use an Amazon Cognito stream to analyze the data and push the notifications.
Option D: Use the push synchronization feature with the appropriate IAM role.

Question 88: A website's page load times are gradually increasing as more users access the system at the same time. Analysis indicates that a user profile is being loaded from a database in all the web pages being visited by each user and this is increasing the database load and the page load latency. To address this issue the Developer decides to cache the user profile data. Which caching strategy will address this situation MOST efficiently?
Option A: Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through caching strategy.
Option B: Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.
Option C: Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy.
Option D: Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy.

Question 89: An application needs to use the IP address of the client in its processing. The application has been moved into AWS and has been placed behind an Application Load Balancer (ALB). However, all the client IP addresses now appear to be the same. The application must maintain the ability to scale horizontally. Based on this scenario, what is the MOST cost-effective solution to this problem?
Option A: Remove the application from the AL
Option B: Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application.
Option B: Remove the application from the AL
Option B: Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol.
Option C: Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can work properly if a list of IP addresses is passed in the header.
Option D: Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.

Question 90: A development team is using AWS Elastic Beanstalk to deploy a two-tier application that consists of a loadbalanced web tier and an Amazon RDS database tier in production. The team would like to separate the RDS instance from the Elastic Beanstalk. How can this be accomplished?
Option A: Use the Elastic Beanstalk CLI to disassociate the database.
Option B: Use the AWS CLI to disassociate the database.
Option C: Change the deployment policy to disassociate the database.
Option D: Recreate a new Elastic Beanstalk environment without Amazon RDS.

Question 91: According to best practice, how should access keys be managed in AWS? (Choose two.)
Option A: Use the same access key in all applications for consistency.
Option B: Delete all access keys for the account root user.
Option C: Leave unused access keys in the account for tracking purposes.
Option D: Embed and encrypt access keys in code for continuous deployment.
Option E: Use Amazon IAM roles instead of access keys where possible.

Question 92: The development team is working on an API that will be served from Amazon API gateway. The API will be served from three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all three stages. Which is the MOST cost-efficient deployment strategy?
Option A: Create a single API Gateway with all three stages.
Option B: Create three API Gateways, one for each stage in a single AWS account.
Option C: Create an API Gateway in three separate AWS accounts.
Option D: Enable the cache for development and test environments only when needed.

Question 93: An application running on an Amazon Linux EC2 instance needs to manage the AWS infrastructure. How can the EC2 instance be configured to make AWS API calls securely?
Option A: Sign the AWS CLI command using the signature version 4 process.
Option B: Run the aws configure AWS CLI command and specify the access key id and secret access key.
Option C: Specify a role for the EC2 instance with the necessary privileges.
Option D: Pass the access key id and secret access key as parameters for each AWS CLI command.

Question 94: A company is migrating from a monolithic architecture to a microservices-based architecture. The Developers need to refactor the application so that the many microservices can asynchronously communicate with each other without impacting performance. Use of which managed AWS services will enable asynchronous message passing? (Choose two.)
Option A: Amazon SQS
Option B: Amazon Cognito
Option C: Amazon Kinesis
Option D: Amazon SNS
Option E: Amazon ElastiCache

Question 95: An application runs on multiple EC2 instances behind an ELB. Where is the session data best written so that it can be served reliably across multiple requests?
Option A: Write data to Amazon ElastiCache
Option B: Write data to Amazon Elastic Block Store.
Option C: Write data to Amazon EC2 Instance Store.
Option D: Write data to the root filesystem.

Question 96: A Developer is creating a Lambda function that will generate and export a file. The function requires 100 MB of temporary storage for temporary files while executing. These files will not be needed after the function is complete. How can the Developer MOST efficiently handle the temporary files?
Option A: Store the files in EBS and delete the files at the end of the Lambda function.
Option B: Copy the files to EFS and delete the files at the end of the Lambda function.
Option C: Store the files in the /tmp directory and delete the files at the end of the Lambda function.
Option D: Copy the files to an S3 bucket with a lifecycle policy to delete the files.

Question 97: A Developer has developed a web application and wants to deploy it quickly on a Tomcat server on AWS. The Developer wants to avoid having to manage the underlying infrastructure. What is the easiest way to deploy the application, based on these requirements?
Option A: AWS CloudFormation
Option B: AWS Elastic Beanstalk
Option C: Amazon S3
Option D: AWS CodePipeline

Question 98: An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the Developer wants to examine the logs of the Lambda function code for errors. Based on this system configuration, where would the Developer find the logs?
Option A: Amazon S3
Option B: AWS CloudTrail
Option C: Amazon CloudWatch
Option D: Amazon DynamoDB

Question 99: An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application. How can these requirements be met? (Choose two.)
Option A: Use AWS KMS to encrypt traffic between CloudFront and the web application.
Option B: Set the Origin Protocol Policy to 'HTTPS Only'.
Option C: Set the Origin's HTTP Port to 443.
Option D: Set the Viewer Protocol Policy to 'HTTPS Only' or 'Redirect HTTP to HTTPS'.
Option E: Enable the CloudFront option Restrict Viewer Access.

Question 100: An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size. To what value should the table's provisioned read throughput be set?
Option A: 50 read capacity units
Option B: 100 read capacity units
Option C: 200 read capacity units
Option D: 500 read capacity units

Question 101: A web application is designed to allow new users to create accounts using their email addresses. The application will store attributes for each user, and is expecting millions of user to sign up. What should the Developer implement to achieve the design goals?
Option A: Amazon Cognito user pools
Option B: AWS Mobile Hub user data storage
Option C: Amazon Cognito Sync
Option D: AWS Mobile Hub cloud logic

Question 102: A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway. How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?
Option A: Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function source code.
Option B: Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.
Option C: Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket.
Option D: Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.

Question 103: An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch. What is the best practice for implementing this requirement?
Option A: Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch.
Option B: Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to CloudWatch.
Option C: Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call.
Option D: Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.

Question 104: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data. How can DynamoDB costs be minimized while maximizing application performance?
Option A: Batch all the writes, and perform the write operations when no or few reads are being performed.
Option B: Create a global secondary index with a minimum set of projected attributes.
Option C: Implement exponential backoffs in the application.
Option D: Load balance the reads to the table using an Application Load Balancer.

Question 105: AWS CodeBuild builds code for an application, creates the Docker image, pushes the image to Amazon Elastic Container Registry (Amazon ECR), and tags the image with a unique identifier. If the Developers already have AWS CLI configured on their workstations, how can the Docker images be pulled to the workstations?
Option A: Run the following: docker pull REPOSITORY URI : TAG
Option B: Run the output of the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG
Option C: Run the following: aws ecr get-login and then run: docker pull REPOSITORY URI : TAG
Option D: Run the output of the following: aws ecr get-download-url-for-layer and then run: docker pull REPOSITORY URI : TAG

Question 106: A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table. What is the simplest way to do this?
Option A: Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.
Option B: Add an attribute with the expiration time; enable the Time To Live feature based on that attribute.
Option C: Each day, create a new table to hold session data; delete the previous day's table.
Option D: Add an attribute with the expiration time; name the attribute ItemExpiration.

Question 107: An application is expected to process many files. Each file takes four minutes to process each AWS Lambda invocation. The Lambda function does not return any important data. What is the fastest way to process all the files?
Option A: First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.
Option B: Make synchronous RequestResponse Lambda invocations and process the files one by one.
Option C: Make asynchronous Event Lambda invocations and process the files in parallel.
Option D: First join all the files, then process it all at once with an asynchronous Event Lambda invocation.

Question 108: The upload of a 15 GB object to Amazon S3 fails. The error message reads: 'Your proposed upload exceeds the maximum allowed object size.' What technique will allow the Developer to upload this object?
Option A: Upload the object using the multi-part upload API.
Option B: Upload the object over an AWS Direct Connect connection.
Option C: Contact AWS Support to increase the object size limit.
Option D: Upload the object to another AWS region.

Question 109: A company has an AWS CloudFormation template that is stored as a single file. The template is able to launch and create a full infrastructure stack. Which best practice would increase the maintainability of the template?
Option A: Use nested stacks for common template patterns.
Option B: Embed credentials to prevent typos.
Option C: Remove mappings to decrease the number of variables.
Option D: Use AWS::Include to reference publicly-hosted template files.

Question 110: A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application. Which type of encryption meets these requirements?
Option A: Server-side encryption using S3-managed keys
Option B: Server-side encryption with AWS KMS-managed keys
Option C: Client-side encryption with a client-side symmetric master key
Option D: Client-side encryption with AWS KMS-managed keys

Question 111: An on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, 'LimitExceeded' errors are being logged. What should be changed to fix this error?
Option A: Implement exponential backoffs in the application.
Option B: Load balance the application to multiple servers.
Option C: Move the application to Amazon EC2.
Option D: Add a one second delay to each API call.

Question 112: An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata. What AWS service should be used to accomplish this?
Option A: Amazon DynamoDB
Option B: Amazon EC2
Option C: AWS Lambda
Option D: Amazon RDS

Question 113: While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs. Which AWS service can be used to securely store these logs?
Option A: Amazon EC2 VPC Flow Logs
Option B: Amazon CloudWatch Logs
Option C: Amazon CloudSearch
Option D: AWS CloudTrail

Question 114: A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data. What step will allow Kinesis to accommodate the traffic during peak hours?
Option A: Install the Kinesis Producer Library (KPL) for ingesting data into the stream.
Option B: Reduce the data retention period to allow for more data ingestion using DecreaseStreamRetentionPeriod.
Option C: Increase the shard count of the stream using UpdateShardCount.
Option D: Ingest multiple records into the stream in a single call using PutRecords.

Question 115: Where can PortMapping be defined when launching containers in Amazon ECS?
Option A: Security groups
Option B: Amazon Elastic Container Registry (Amazon ECR)
Option C: Container agent
Option D: Task definition

Question 116: An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the 'hot' shard is resharded. Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?
Option A: 12
Option B: 6
Option C: 4
Option D: 1

Question 117: A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations. As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing. What is the MOST secure approach?
Option A: Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.
Option B: Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.
Option C: Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.
Option D: Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Question 118: A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services. Review the following response: Based on the response displayed, what permissions are associated with the call from the application?
Option A: Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1
Option B: Permissions associated with the default role used when the AWS service was built
Option C: Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE
Option D: Permissions associated with the account that owns the AWS service

Question 119: A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out. What can be done to avoid this time-out?
Option A: Use pagination
Option B: Use shorthand syntax
Option C: Use parameter values
Option D: Use quoting strings

Question 120: What does an Amazon SQS delay queue accomplish?
Option A: Messages are hidden for a configurable amount of time when they are first added to the queue.
Option B: Messages are hidden for a configurable amount of time after they are consumed from the queue.
Option C: The consumer can poll the queue for a configurable amount of time before retrieving a message.
Option D: Message cannot be deleted for a configurable amount of time after they are consumed from the queue.

Question 121: A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow, and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk. Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?
Option A: Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.
Option B: Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.
Option C: Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.
Option D: Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the instance to Elastic Beanstalk.

Question 122: A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers. More than 95 percent of the Amazon DynamoDB requests are repeated read-requests. How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?
Option A: Amazon EMR
Option B: Amazon DynamoDB Accelerator
Option C: Amazon SQS
Option D: Amazon CloudFront

Question 123: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below: (Note: Not all table attributes are shown) A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name. What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?
Option A: Use a DynamoDB query operation with the key attributes of user_id and sport_name and order the results based on the score attribute.
Option B: Create a global secondary index with a partition key of sport_name and a sort key of score, and get the results
Option C: Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and order the results based on the score attribute.
Option D: Create a local secondary index with a primary key of sport_name and a sort key of score and get the results based on the score attribute.

Question 124: A Developer is creating a mobile application that will not require users to log in. What is the MOST efficient method to grant users access to AWS resources?
Option A: Use an identity provider to securely authenticate with the application.
Option B: Create an AWS Lambda function to create an IAM user when a user accesses the application.
Option C: Create credentials using AWS KMS and apply these credentials to users when using the application.
Option D: Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

Question 125: An application running on Amazon EC2 instances must access objects within an Amazon S3 bucket that are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the customer master key (CMK) to decrypt the objects. Which combination of steps will grant the application access? (Choose two.)
Option A: Write an S3 bucket policy that grants the bucket access to the key.
Option B: Grant access to the key in the IAM EC2 role attached to the application's EC2 instances.
Option C: Write a key policy that enables IAM policies to grant access to the key.
Option D: Grant access to the key in the S3 bucket's ACL
Option E: Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.

Question 126: A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-topeer. All users need to work productively even when not connected to a network. Which source control service should be used?
Option A: Subversion
Option B: AWS CodeBuild
Option C: AWS CodeCommit
Option D: AWS CodeStar

Question 127: A Developer is writing a serverless application that requires that an AWS Lambda function be invoked every 10 minutes. What is an automated and serverless way to trigger the function?
Option A: Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding a command to periodically invoke the Lambda function.
Option B: Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.
Option C: Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.
Option D: Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.

Question 128: A Developer is writing an imaging micro service on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment. Which strategy should the Developer follow to create the Lambda deployment package?
Option A: Create a ZIP file with the source code and all dependent libraries.
Option B: Create a ZIP file with the source code and a script that installs the dependent libraries at runtime.
Option C: Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment variable LD_LIBRARY_PATH
Option D: Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.

Question 129: A Developer is designing a fault-tolerant environment where client sessions will be saved. How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?
Option A: Use sticky sessions with an Elastic Load Balancer target group.
Option B: Use Amazon SQS to save session data.
Option C: Use Amazon DynamoDB to perform scalable session handling.
Option D: Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Question 130: In a move toward using microservices, a company's Management team has asked all Development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB. What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?
Option A: Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.
Option B: Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.
Option C: Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.
Option D: Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Question 131: How should custom libraries be utilized in AWS Lambda?
Option A: Host the library on Amazon S3 and reference to it from the Lambda function.
Option B: Install the library locally and upload a ZIP file of the Lambda function.
Option C: Import the necessary Lambda blueprint when creating the function.
Option D: Modify the function runtime to include the necessary library.

Question 132: A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained. What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Choose two.)
Option A: Configure an Elastic Load Balancer with SSL pass-through.
Option B: Configure SSL certificates on an Elastic Load Balancer.
Option C: Configure an Elastic Load Balancer with a Loadable Storage System.
Option D: Install SSL certificates on the EC2 instances.
Option E: Configure an Elastic Load Balancer with SSL termination.

Question 133: An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket. Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?
Option A: Use the default AWS KMS customer master key for S3 in the Lambda function code.
Option B: Use the S3 managed key and call the GenerateDataKey API to encrypt the file.
Option C: Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda function code.
Option D: Use a custom KMS customer master key created for S3 in the Lambda function code.

Question 134: A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table. Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?
Option A: Scan operation using eventually-consistent reads
Option B: Query operation using strongly-consistent reads
Option C: Query operation using eventually-consistent reads
Option D: Scan operation using strongly-consistent reads

Question 135: A Developer has published an update to an application that is served to a global user base using Amazon CloudFront. After deploying the application, users are not able to see the updated changes. How can the Developer resolve this issue?
Option A: Remove the origin from the CloudFront configuration and add it again.
Option B: Disable forwarding of query strings and request headers from the CloudFront distribution configuration.
Option C: Invalidate all the application objects from the edge caches.
Option D: Disable the CloudFront distribution and enable it again to update all the edge locations.

Question 136: A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template. Which procedures will deploy a Lambda function? (Choose two.)
Option A: Upload the code to an AWS CodeCommit repository, then add a reference to it in an AWS::Lambda::Function resource in the template.
Option B: Create an AWS::Lambda::Function resource in the template, then write the code directly inside the CloudFormation template.
Option C: Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in an AWS::Lambda::Function resource in the template.
Option D: Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to it in an AWS::Lambda::Function resource in the template.
Option E: Upload the function code to a private Git repository, then add a reference to it in an AWS::Lambda::Function resource in the template.

Question 137: A Developer wants to enable AWS X-Ray for a secure application that runs in an Amazon ECS environment. What combination of steps will enable X-Ray? (Choose three.)
Option A: Create a Docker image that runs the X-Ray daemon.
Option B: Add instrumentation to the application code for X-Ray.
Option C: Install the X-Ray daemon on the underlying EC2 instance.
Option D: Configure and use an IAM EC2 instance role.
Option E: Register the application with X-Ray.
Option F: Configure and use an IAM role for tasks.

Question 138: A Developer is designing a new application that uses Amazon S3. To satisfy compliance requirements, the Developer must encrypt the data at rest. How can the Developer accomplish this?
Option A: Use s3:x-amz-acl as a condition in the S3 bucket policy.
Option B: Use Amazon RDS with default encryption.
Option C: Use aws:SecureTransport as a condition in the S3 bucket policy.
Option D: Turn on S3 default encryption for the S3 bucket.

Question 139: An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region. Which AWS CloudFormation template key can be used to specify the correct AMI for each region?
Option A: Parameters
Option B: Outputs
Option C: Mappings
Option D: Resources

Question 140: A Developer has been asked to make changes to the source code of an AWS Lambda function. The function is managed using an AWS CloudFormation template. The template is configured to load the source code from an Amazon S3 bucket. The Developer manually created a .ZIP file deployment package containing the changes and put the file into the correct location on Amazon S3. When the function is invoked, the code changes have not been applied. What step is required to update the function with the changes?
Option A: Delete the .ZIP file on S3, and re-upload by using a different object key name.
Option B: Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.
Option C: Ensure that the function source code is base64-encoded before uploading the deployment package to S3.
Option D: Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.

Question 141: A Developer needs to design an application running on AWS that will be used to consume Amazon SQS messages that range from 1KB up to 1GB in size. How should the Amazon SQS messages be managed?
Option A: Use Amazon S3 and the Amazon SQS CLI.
Option B: Use Amazon S3 and the Amazon SQS Extended Client Library for Java.
Option C: Use Amazon EBS and the Amazon SQS CLI.
Option D: Use Amazon EFS and the Amazon SQS CLI.

Question 142: A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes. What is the SAFEST way to meet these requirements?
Option A: Associate an IAM role to the EC2 instance where the application is running with permission to access the database.
Option B: Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.
Option C: Configure the application to store secrets in Amazon S3 object metadata.
Option D: Hard code the database secrets in the application code itself.

Question 143: A Developer writes an AWS Lambda function and uploads the code in a .ZIP file to Amazon S3. The Developer makes changes to the code and uploads a new .ZIP file to Amazon S3. However, Lambda executes the earlier code. How can the Developer fix this in the LEAST disruptive way?
Option A: Create another Lambda function and specify the new .ZIP file.
Option B: Call the update-function-code API.
Option C: Remove the earlier .ZIP file first, then add the new .ZIP file.
Option D: Call the create-alias API.

Question 144: An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data. Which steps must be taken to allow the function to access both the RDS resource and the public endpoint? (Choose two.)
Option A: Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.
Option B: Modify the default network access control list to allow outbound traffic.
Option C: Add a NAT Gateway to the VPC.
Option D: Modify the default configuration of the Lambda function to associate it with a VPC public subnet.
Option E: Add an environmental variable to the Lambda function to allow outbound internet access.

Question 145: A Developer must build an application that uses Amazon DynamoDB. The requirements state that the items being stored in the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 items per second. How should the Developer size the DynamoDB table to meet these requirements?
Option A: Read: 3 read capacity units Write: 70 write capacity units
Option B: Read: 6 read capacity units Write: 70 write capacity units
Option C: Read: 6 read capacity units Write: 10 write capacity units
Option D: Read: 3 read capacity units Write: 10 write capacity units

Question 146: A Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records. What is the reason for the duplicates?
Option A: The Lambda function did not advance the Kinesis stream pointer to the next record after the error.
Option B: The Lambda event source used asynchronous invocation, resulting in duplicate records.
Option C: The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.
Option D: The Lambda function is not keeping up with the amount of data coming from the stream.

Question 147: A company maintains an application responsible for processing several thousand external callbacks each day. The company's System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days. The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds. What is the MOST cost-effective way to address the need to track and alert on these statistics?
Option A: Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds.
Option B: Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds.
Option C: Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends the required alerts.
Option D: Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System Administrators.

Question 148: A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible. What deployment method should be used?
Option A: All at once
Option B: Rolling
Option C: Snapshots
Option D: Immutable

Question 149: A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages. What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?
Option A: Use Amazon S3 to cache database query results.
Option B: Use Amazon RDS as a custom origin for Amazon CloudFront.
Option C: Use local storage and memory on Amazon EC2 instances to cache data.
Option D: Use Amazon ElastiCache in front of the primary database to cache data.

Question 150: A Development team currently supports an application that uses an in-memory store to save accumulated game results. Individual results are stored in a database. As part of migrating to AWS, the team needs to use automatic scaling. The team knows this will yield inconsistent results. Where should the team store these accumulated game results to BEST allow for consistent results without impacting performance?
Option A: Amazon S3
Option B: Amazon RDS
Option C: Amazon ElastiCache
Option D: Amazon Kinesis

Question 151: In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configure container instances in the environment?
Option A: An Amazon ECS task definition
Option B: An Amazon ECS cluster
Option C: A Dockerfile in an application package
Option D: A CLI for Elastic Beanstalk

Question 152: An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services. What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?
Option A: Use AWS KMS to store and retrieve credentials.
Option B: Use EC2 instance profiles.
Option C: Use AWS root user to make requests to the application.
Option D: Store and retrieve credentials from AWS CodeCommit.

Question 153: A company is creating an application that will require users to access AWS services and allow them to reset their own passwords. Which of the following would allow the company to manage users and authorization while allowing users to reset their own passwords?
Option A: Amazon Cognito identify pools and AWS STS
Option B: Amazon Cognito identity pools and AWS IAM
Option C: Amazon Cognito user pools and AWS KMS
Option D: Amazon Cognito user pools and identity pools

Question 154: A company has three different environments: Development, QA, and Production. The company wants to deploy its code first in the Development environment, then QA, and then Production. Which AWS service can be used to meet this requirement?
Option A: Use AWS CodeCommit to create multiple repositories to deploy the application.
Option B: Use AWS CodeBuild to create, configure, and deploy multiple build application projects.
Option C: Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.
Option D: Use AWS CodeDeploy to create multiple deployment groups.

Question 155: A company uses Amazon DynamoDB for managing and tracking orders. The DynamoDB table is partitioned based on the order date. The company receives a huge increase in orders during a sales event, causing DynamoDB writes to throttle, and the consumed throughput is far below the provisioned throughput. According to AWS best practices, how can this issue be resolved with MINIMAL costs?
Option A: Create a new DynamoDB table for every order date.
Option B: Increase the read and write capacity units of the DynamoDB table.
Option C: Add a random number suffix to the partition key values.
Option D: Add a global secondary index to the DynamoDB table.

Question 156: A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in a complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers. Which AWS service should be used to refactor this architecture?
Option A: AWS Lambda
Option B: AWS X-Ray
Option C: Amazon SQS
Option D: Amazon API Gateway

Question 157: A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts). Which combination of services should the Developer use to create the website?
Option A: Amazon S3 and Amazon CloudFront
Option B: Amazon EC2 and Amazon ElastiCache
Option C: Amazon ECS and Redis
Option D: AWS Lambda and Amazon API Gateway

Question 158: A Development team has pushed out 10 applications running on several Amazon EC2 instances. The Operations team is asking for a graphical representation of one key performance metric for each application. These metrics should be available on one screen for easy monitoring. Which steps should the Developer take to accomplish this using Amazon CloudWatch?
Option A: Create a custom namespace with a unique metric name for each application.
Option B: Create a custom dimension with a unique metric name for each application.
Option C: Create a custom event with a unique metric name for each application.
Option D: Create a custom alarm with a unique metric name for each application.

Question 159: A Developer wants access to make the log data of an application running on an EC2 instance available to systems administrators. Which of the following enables monitoring of this metric in Amazon CloudWatch?
Option A: Retrieve the log data from CloudWatch using the GetMetricData API call.
Option B: Retrieve the log data from AWS CloudTrail using the LookupEvents API call.
Option C: Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application.
Option D: Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

Question 160: A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job. Which is the MOST efficient and cost-effective method to provide an empty table?
Option A: Use DeleteItem using a ConditionExpression.
Option B: Use BatchWriteItem to empty all of the rows.
Option C: Write a recursive function that scans and calls out DeleteItem.
Option D: Create and then delete the table after the task has completed.

Question 161: A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found. What is causing the duplicate entries?
Option A: The S3 bucket name was specified incorrectly.
Option B: The Lambda function failed, and the Lambda service retried the invocation with a delay.
Option C: There was an S3 outage, which caused duplicate entries of the same log file.
Option D: The application stopped intermittently and then resumed.

Question 162: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API. What code updates will grant these new users access to the API?
Option A: The createDeployment method must be called so the API can be redeployed to include the newly created API key.
Option B: The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key.
Option C: The importApiKeys method must be called to import all newly created API keys into the current stage of the API.
Option D: The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Question 163: A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebook® and/or Google® accounts. How can the Developer provide this authentication functionality?
Option A: Use Amazon Cognito with web identity federation.
Option B: Use Amazon Cognito with SAML-based identity federation.
Option C: Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket.
Option D: Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

Question 164: A Developer has created a Lambda function and is finding that the function is taking longer to complete than expected. After some debugging, the Developer has discovered that increasing compute capacity would improve performance. How can the Developer increase the Lambda compute resources?
Option A: Run on a larger instance size with more compute capacity.
Option B: Increase the maximum execution time.
Option C: Specify a larger compute capacity when calling the Lambda function.
Option D: Increase the allocated memory for the Lambda function.

Question 165: An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below: An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized. Which of the following techniques will resolve this issue? (Choose two.)
Option A: Implement the user login page as an asynchronous Lambda function.
Option B: Use Amazon ElastiCache for MemCached to cache user data.
Option C: Use an Amazon Application Load Balancer to load balance the traffic to the website.
Option D: Call the database asynchronously so the code can continue executing.
Option E: Batch login requests from hundreds of users together as a single read request to the database.

Question 166: A Developer is building a mobile application and needs any update to user profile data to be pushed to all devices accessing the specific identity. The Developer does not want to manage a back end to maintain the user profile data. What is the MOST efficient way for the Developer to achieve these requirements using Amazon Cognito?
Option A: Use Cognito federated identities.
Option B: Use a Cognito user pool.
Option C: Use Cognito Sync.
Option D: Use Cognito events.

Question 167: A company is migrating a single-server, on-premises web application to AWS. The company intends to use multiple servers behind an Elastic Load Balancer (ELB) to balance the load, and will also store session data in memory on the web server. The company does not want to lose that session data if a server fails or goes offline, and it wants to minimize user's downtime. Where should the company move session data to MOST effectively reduce downtime and make users' session data more fault tolerant?
Option A: An Amazon ElastiCache for Redis cluster
Option B: A second Amazon EBS volume
Option C: The web server's primary disk
Option D: An Amazon EC2 instance dedicated to session data

Question 168: A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following: After the application launches, the health check is not being run on the correct path, even though it is valid. What can be done to correct this configuration file?
Option A: Convert the file to JSON format.
Option B: Rename the file to a .config extension.
Option C: Change the configuration section from options_settings to resources.
Option D: Change the namespace of the option settings to a custom namespace.

Question 169: A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk. After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose two.)
Option A: Package the application code into a .zip file, and upload, then deploy the packaged application from the AWS Management Console
Option B: Package the application code into a .tar file, create a new application version from the AWS Management Console, then update the environment by using AWS CLI
Option C: Package the application code into a .tar file, and upload and deploy the packaged application from the AWS Management Console
Option D: Package the application code into a .zip file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI
Option E: Package the application code into a .zip file, create a new application version from the AWS Management Console, then rebuild the environment by using AWS CLI

Question 170: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?
Option A: Conditions
Option B: Globals
Option C: Transform
Option D: Properties

Question 171: A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests. Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?
Option A: Amazon RDS Multi-AZ
Option B: Amazon SQS
Option C: Amazon ElastiCache
Option D: Amazon RDS read replica

Question 172: A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account. How can the Developer address this issue?
Option A: Manually reduce the concurrent execution limit at the account level
Option B: Add another API Gateway stage for /MyAPI, and shard the requests
Option C: Configure the second Lambda function's concurrency execution limit
Option D: Reduce the throttling limits in the API Gateway /MyAPI endpoint

Question 173: A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications. How should the Developer identify and troubleshoot the root cause of the performance issues in production?
Option A: Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.
Option B: Use AWS CloudTrail and then examine the logs.
Option C: Use AWS X-Ray, then examine the segments and errors.
Option D: Run Amazon Inspector agents and then analyze performance.

Question 174: A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs. What is the reason that no filtered results are being returned?
Option A: A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC
Option B: CloudWatch Logs only publishes metric data for events that happen after the filter is created
Option C: The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results
Option D: Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket

Question 175: An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience. What is the best option to store the session state?
Option A: Store the session state in Amazon ElastiCache
Option B: Store the session state in Amazon CloudFront
Option C: Store the session state in Amazon S3
Option D: Enable session stickiness using elastic load balancers

Question 176: A Developer is creating a template that uses AWS CloudFormation to deploy an application. This application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which tool should the Developer use to define simplified syntax for expressing serverless resources?
Option A: CloudFormation serverless intrinsic functions
Option B: AWS serverless express
Option C: An AWS serverless application model
Option D: A CloudFormation serverless plugin

Question 177: A Developer has a stateful web server on-premises that is being migrated to AWS. The Developer must have greater elasticity in the new design. How should the Developer re-factor the application to make it more elastic? (Choose two.)
Option A: Use pessimistic concurrency on Amazon DynamoDB
Option B: Use Amazon CloudFront with an Auto Scaling group
Option C: Use Amazon CloudFront with an AWS Web Application Firewall
Option D: Store session state data in an Amazon DynamoDB table
Option E: Use an ELB with an Auto Scaling group

Question 178: A company needs to distribute firmware updates to its customers around the world. Which service will allow easy and secure control of the access to the downloads at the lowest cost?
Option A: Use Amazon CloudFront with signed URLs for Amazon S3
Option B: Create a dedicated Amazon CloudFront Distribution for each customer
Option C: Use Amazon CloudFront with AWS Lambda@Edge
Option D: Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

Question 179: A company is running an application built on AWS Lambda functions. One Lambda function has performance issues when it has to download a 50MB file from the Internet in every execution. This function is called multiple times a second. What solution would give the BEST performance increase?
Option A: Cache the file in the /tmp directory
Option B: Increase the Lambda maximum execution time
Option C: Put an Elastic Load Balancer in front of the Lambda function
Option D: Cache the file in Amazon S3

Question 180: An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is coded in a language incompatible with the AWS SDK. How should the error be handled?
Option A: Add exponential backoff to the application logic
Option B: Use Amazon SQS as an API message bus
Option C: Pass API calls through Amazon API Gateway
Option D: Send the items to DynamoDB through Amazon Kinesis Data Firehose

Question 181: An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances. Which deployment policy will meet these requirements while using the existing instances?
Option A: All at once
Option B: Rolling
Option C: Rolling with additional batch
Option D: Immutable

Question 182: A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client-side encryption. What steps must be followed?
Option A: Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
Option B: Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data
Option C: Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
Option D: Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Question 183: A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit. Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)
Option A: CacheHitCount
Option B: IntegrationLatency
Option C: CacheMissCount
Option D: Latency
Option E: Count

Question 184: An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code. What combination of AWS services can be used to accomplish this? (Choose two.)
Option A: AWS Certificate Manager (ACM)
Option B: AWS Systems Manager Parameter Store
Option C: AWS Trusted Advisor
Option D: AWS KMS
Option E: Amazon GuardDuty

Question 185: A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was updated and needs to be redeployed. What file does the Developer need to update to push that change through CodeDeploy?
Option A: dockerrun.aws.json
Option B: buildspec.yml
Option C: appspec.yml
Option D: ebextensions.config

Question 186: A Developer wants to upload data to Amazon S3 and must encrypt the data in transit. Which of the following solutions will accomplish this task? (Choose two.)
Option A: Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint
Option B: Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key
Option C: Set up Server-Side Encryption with AWS KMS-Managed Keys
Option D: Transfer the data over an SSL connection
Option E: Set up Server-Side Encryption with S3-Managed Keys

Question 187: A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds. How should a Developer instrument the code so that the requirement can be met?
Option A: Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Option B: Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Option C: Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Option D: Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

Question 188: A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards. Which approach will meet these requirements?
Option A: Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
Option B: Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
Option C: Use AWS Data Pipeline to automate the movement and transformation of data
Option D: Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages

Question 189: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions: The Developer needs to create/delete branches. Which specific IAM permissions need to be added, based on the principle of least privilege?
Option A: 'codecommit:CreateBranch' 'codecommit:DeleteBranch'
Option B: 'codecommit:Put*'
Option C: 'codecommit:Update*'
Option D: 'codecommit:*'

Question 190: A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered. Which option would enable DynamoDB table updates to trigger the Lambda function?
Option A: Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
Option B: Configure event source mapping for the Lambda function
Option C: Map an Amazon SNS topic to the DynamoDB streams
Option D: Increase the maximum execution time (timeout) setting of the Lambda function

Question 191: An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?
Option A: Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
Option B: Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
Option C: Deploy an application in each audited account with its own role. Have Account A authenticate with the application
Option D: Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys

Question 192: A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users. How can session data be externalized, keeping latency at the LOWEST possible value?
Option A: Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage
Option B: Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage
Option C: Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage
Option D: Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage

Question 193: An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed. Why is the table being throttled?
Option A: The GSI write capacity units are underprovisioned
Option B: There are not enough read capacity units on the primary table
Option C: Amazon DynamoDB Streams is not enabled on the table
Option D: A large write operation is being performed against another table

Question 194: A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process. Which DynamoDB write option should be selected to prevent this overwriting?
Option A: Concurrent writes
Option B: Conditional writes
Option C: Atomic writes
Option D: Batch writes

Question 195: A company needs a version control system for collaborative software development. Features of the system must include the following: Support for batches of changes across multiple files Parallel branching Version tracking Which AWS service will meet these requirements?
Option A: AWS CodePipeline
Option B: Amazon S3
Option C: AWS CodeBuild
Option D: AWS CodeCommit

Question 196: A company is using continuous integration and continuous delivery systems. A Developer now needs to automate a software package deployment to both Amazon EC2 instances and virtual servers running onpremises. Which AWS service should be used to accomplish this?
Option A: AWS CodePipeline
Option B: AWS CodeBuild
Option C: AWS Elastic Beanstalk
Option D: AWS CodeDeploy

Question 197: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution: Average execution time of 100 seconds 50 requests per second Which step must be taken prior to deployment to prevent errors?
Option A: Implement dead-letter queues to capture invocation errors
Option B: Add an event source from Amazon API Gateway to the Lambda function
Option C: Implement error handling within the application code
Option D: Contact AWS Support to increase the concurrent execution limits

Question 198: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data. What should the Development team do to achieve this?
Option A: Add annotations to the segment document and the code
Option B: Add metadata to the segment document and the code
Option C: Configure the necessary X-Ray environment variables
Option D: Install required plugins for the appropriate AWS SDK

Question 199: A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load Balancer. Which steps should be taken to accomplish the task using the AWS Management Console?
Option A: Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment.
Option B: Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
Option C: Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
Option D: Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type.

Question 200: A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?
Option A: Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
Option B: Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
Option C: Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
Option D: Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data

Question 201: A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?
Option A: A GitHub secure authentication token
Option B: A public and private SSH key file
Option C: A set of Git credentials generated from IAM
Option D: An Amazon EC2 IAM role with CodeCommit permissions

Question 202: A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are sent as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?
Option A: Enable request validation
Option B: Include the Amazon Resource Name (ARN) of the Lambda function
Option C: Change the integration type
Option D: Create a mapping template

Question 203: When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data. How should the Developer write the function to send processed data to the Administrators?
Option A: Separate the Lambda handler from the core logic
Option B: Use Amazon CloudWatch Events to send the processed data
Option C: Publish the processed data to an Amazon SNS topic
Option D: Push the processed data to Amazon SQS

Question 204: A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?
Option A: Encrypt the data before sending it to Amazon S3
Option B: Import a custom key into AWS KMS with annual rotation enabled
Option C: Use AWS KMS with automatic key rotation
Option D: Export a key from AWS KMS to encrypt the data

Question 205: A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes. What would be the BEST way to accomplish this?
Option A: Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)
Option B: Create an API Gateway Lambda authorizer to route API clients to the correct API version
Option C: Create an API Gateway resource policy to isolate versions and provide context to the Lambda function (s)
Option D: Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

Question 206: A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?
Option A: Implement an AWS Lambda authorizer that references the DynamoDB authentication table
Option B: Create a model that requires the credentials, then grant API Gateway access to the authentication table
Option C: Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
Option D: Implement an Amazon Cognito authorizer that references the DynamoDB authentication table

Question 207: An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users. What can be done to eliminate the performance impact on application users?
Option A: Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
Option B: Create an RDS Read Replica and direct all read traffic to the replica.
Option C: Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
Option D: Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.