1.AcompanyismigratinglegacyinternalapplicationstoAWS.Leadershipwantstorewritetheinternal employeedirectorytousenativeAWSservicesAdeveloperneedstocreateasolutionforstoring employeecontactdetailsandhigh-resolutionphotosforusewiththenewapplication. Whichsolutionwillenablethesearchandretrievalofeachemployee'sindividualdetailsand high-resolutionphotosusingAWSAPIs?
AEncodeeachemployee'scontactinformationandphotosusingBase64Storetheinformationinan AmazonDynamoDBtableusingasortkey
BStoreeachemployee'scontactinformationinanAmazonDynamoDBtablealongwiththeobjectkeys forthephotosstoredinAmazonS3
CUseAmazonCognitouserpoolstoimplementtheemployeedirectoryinafullymanaged software-as-a-service(SaaS)method
D.StoreemployeecontactinformationinanAmazonRDSDBinstancewiththephotosstoredinAmazon ElasticFileSystem(AmazonEFS)
Answer:B
2.AdeveloperismigratingsomefeaturesfromalegacymonolithicapplicationtouseAWSLambda functionsinsteadTheapplicationcurrentlystoresdatainanAmazonAuroraDBclusterthatrunsin privatesubnetsinaVPC.TheAWSaccounthasoneVPCdeployed.
TheLambdafunctionsandtheDBclusteraredeployedinthesameAWSRegioninthesameAWS account
ThedeveloperneedstoensurethattheLambdafunctionscansecurelyaccesstheDBclusterwithout crossingthepublicinternet
Whichsolutionwillmeettheserequirements?
AConfiguretheDBcluster'spublicaccesssettingtoYes
BConfigureanAmazonRDSdatabaseproxyforheLambdafunctions
CConfigureaNATgatewayandasecuritygroupfortheLambdafunctions
DConfiguretheVPC,subnets,andasecuritygroupfortheLambdafunctions
Answer:D
3AcompanywantstoshareinformationwithathirdpartyThethirdpartyhasanHTTPAPIendpointthat thecompanycanusetosharetheinformation.ThecompanyhastherequiredAPIkeytoaccessthe HTTPAPI
ThecompanyneedsawaytomanagetheAPIkeybyusingcode.TheintegrationoftheAPIkeywiththe applicationcodecannotaffectapplicationperformance
WhichsolutionwillmeettheserequirementsMOSTsecurely?
AStoretheAPIcredentialsinAWSSecretsManagerRetrievetheAPIcredentialsatruntimebyusingthe AWSSDKUsethecredentialstomaketheAPIcall
BStoretheAPIcredentialsinalocalcodevariablePushthecodetoasecureGitrepositoryUsethe localcodevariableatruntimetomaketheAPIcall
CStoretheAPIcredentialsasanobjectinaprivateAmazonS3bucketRestrictaccesstotheS3object byusingIAMpoliciesRetrievetheAPIcredentialsatruntimebyusingtheAWSSDKUsethecredentials tomaketheAPIcall
DStoretheAPIcredentialsinanAmazonDynamoDBtableRestrictaccesstothetablebyusing resource-basedpoliciesRetrievetheAPIcredentialsatruntimebyusingtheAWSSDKUsethe
credentialstomaketheAPIcall.
Answer:B
4AnapplicationusesLambdafunctionstoextractmetadatafromfilesuploadedtoanS3bucket;the metadataisstoredinAmazonDynamoDBTheapplicationstartsbehavingunexpectedly,andthe developerwantstoexaminethelogsoftheLambdafunctioncodeforerrors
Basedonthissystemconfiguration,wherewouldthedeveloperfindthelogs?
AAmazonS3
BAWSCloudTrail
CAmazonCloudWatch
DAmazonDynamoDB
Answer:C
5.AdeveloperiscreatinganapplicationthatincludesanAmazonAPIGatewayRESTAPIintheus-east-2 RegionThedeveloperwantstouseAmazonCloudFrontandacustomdomainnamefortheAPIThe developerhasacquiredanSSL/TLScertificateforthedomainfromathird-partyprovider. Howshouldthedeveloperconfigurethecustomdomainfortheapplication?
A.ImporttheSSL/TLScertificateintoAWSCertificateManager(ACM)inthesameRegionastheAPI.
CreateaDNSArecordforthecustomdomain
BImporttheSSL/TLScertificateintoCloudFrontCreateaDNSCNAMErecordforthecustomdomain CImporttheSSL/TLScertificateintoAWSCertificateManager(ACM)inthesameRegionastheAPI
CreateaDNSCNAMErecordforthecustomdomain
DImporttheSSL/TLScertificateintoAWSCertificateManager(ACM)intheus-east-1RegionCreatea DNSCNAMErecordforthecustomdomain
Answer:B
6AnapplicationthatishostedonanAmazonEC2instanceneedsaccesstofilesthatarestoredinan AmazonS3bucketTheapplicationliststheobjectsthatarestoredintheS3bucketanddisplaysatable totheuser.Duringtesting,adeveloperdiscoversthattheapplicationdoesnotshowanyobjectsinthe list
WhatistheMOSTsecurewaytoresolvethisissue?
AUpdatetheIAMinstanceprofilethatisattachedtotheEC2instancetoincludetheS3:*permissionfor theS3bucket.
BUpdatetheIAMinstanceprofilethatisattachedtotheEC2instancetoincludetheS3:ListBucket permissionfortheS3bucket.
CUpdatethedeveloper'suserpermissionstoincludetheS3:ListBucketpermissionfortheS3bucket DUpdatetheS3bucketpolicybyincludingtheS3:ListBucketpermissionandbysettingthePrincipal elementtospecifytheaccountnumberoftheEC2instance
Answer:B
7AdeveloperisdesigningaserverlessapplicationwithtwoAWSLambdafunctionstoprocessphotos OneLambdafunctionstoresobjectsinanAmazonS3bucketandstorestheassociatedmetadatainan AmazonDynamoDBtableTheotherLambdafunctionfetchestheobjectsfromtheS3bucketbyusing themetadatafromtheDynamoDBtable
BothLambdafunctionsusethesamePythonlibrarytoperformcomplexcomputationsandare approachingthequotaforthemaximumsizeofzippeddeploymentpackages
WhatshouldthedeveloperdotoreducethesizeoftheLambdadeploymentpackageswiththeLEAST operationaloverhead?
APackageeachPythonlibraryinitsownzipfilearchiveDeployeachLambdafunctionwithitsown copyofthelibrary
BCreateaLambdalayerwiththerequiredPythonlibraryUsetheLambdalayerinbothLambda functions
CCombinethetwoLambdafunctionsintooneLambdafunctionDeploytheLambdafunctionasa singlezipfilearchive
DDownloadthePythonlibrarytoanS3bucketProgramtheLambdafunctionstoreferencetheobject URLs.
Answer:B
8AdeveloperiscreatinganAWSLambdafunctionthatneedscredentialstoconnecttoanAmazonRDS forMySQLdatabase.AnAmazonS3bucketcurrentlystoresthecredentials.Thedeveloperneedsto improvetheexistingsolutionbyimplementingcredentialrotationandsecurestorageThedeveloperalso needstoprovideintegrationwiththeLambdafunction.
WhichsolutionshouldthedeveloperusetostoreandretrievethecredentialswiththeLEAST managementoverhead?
AStorethecredentialsinAWSSystemsManagerParameterStoreSelectthedatabasethatthe parameterwillaccessUsethedefaultAWSKeyManagementService(AWSKMS)keytoencryptthe parameterEnableautomaticrotationfortheparameterUsetheparameterfromParameterStoreonthe Lambdafunctiontoconnecttothedatabase
BEncryptthecredentialswiththedefaultAWSKeyManagementService(AWSKMS)keyStorethe credentialsasenvironmentvariablesfortheLambdafunctionCreateasecondLambdafunctionto generatenewcredentialsandtorotatethecredentialsbyupdatingtheenvironmentvariablesofthefirst LambdafunctionInvokethesecondLambdafunctionbyusinganAmazonEventBridgerulethatrunson aschedule.Updatethedatabasetousethenewcredentials.OnthefirstLambdafunction,retrievethe credentialsfromtheenvironmentvariablesDecryptthecredentialsbyusingAWSKMS,Connecttothe database.
CStorethecredentialsinAWSSecretsManagerSetthesecrettypetoCredentialsforAmazonRDS database.Selectthedatabasethatthesecretwillaccess.UsethedefaultAWSKeyManagementService (AWSKMS)keytoencryptthesecretEnableautomaticrotationforthesecretUsethesecretfrom SecretsManagerontheLambdafunctionto connecttothedatabase
DEncryptthecredentialsbyusingAWSKeyManagementService(AWSKMS)Storethecredentialsin anAmazonDynamoDBtableCreateasecondLambdafunctiontorotatethecredentialsInvokethe secondLambdafunctionbyusinganAmazonEventBridgerulethatrunsonascheduleUpdatethe DynamoDBtableUpdatethedatabasetousethegeneratedcredentialsRetrievethecredentialsfrom DynamoDBwiththefirstLambdafunctionConnecttothedatabase
Answer:C
9AdeveloperwantstoinsertarecordintoanAmazonDynamoDBtableassoonasanewfileisaddedto
anAmazonS3bucket.
Whichsetofstepswouldbenecessarytoachievethis?
A.CreateaneventwithAmazonEventBridgethatwillmonitortheS3bucketandtheninserttherecords intoDynamoDB
BConfigureanS3eventtoinvokeanAWSLambdafunctionthatinsertsrecordsintoDynamoDB
CCreateanAWSLambdafunctionthatwillpolltheS3bucketandtheninserttherecordsinto DynamoDB
DCreateacronjobthatwillrunatascheduledtimeandinserttherecordsintoDynamoDB
Answer:B
10AdeveloperisdeployinganAWSLambdafunctionThedeveloperwantstheabilitytoreturntoolder versionsofthefunctionquicklyandseamlessly.
HowcanthedeveloperachievethisgoalwiththeLEASToperationaloverhead?
A.UseAWSOpsWorkstoperformblue/greendeployments.
BUseafunctionaliaswithdifferentversions
C.MaintaindeploymentpackagesforolderversionsinAmazonS3.
DUseAWSCodePipelinefordeploymentsandrollbacks
Answer:B