dfsdf
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
Título del Test: dfsdf Descripción: dsfsdaf |
Nuevo Comentario| Comentarios |
|---|
NO HAY REGISTROS |
|
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static WebsiteHosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page isreturned. Company C now would like a new page welcome.html to be returned when a visitor entershttp://www.companyc.com in the browser.Which of the following steps will allow Company C to meet this requirement? Choose 2 answers. Upload an html page named welcome.html to their S3 bucket. Create a welcome subfolder in their S3 bucket. Set the Index Document property to welcome.html. Move the index.html page to a welcome subfolderE. Set the Error Document property to welcome.html. What type of block cipher does Amazon S3 offer for server side encryption?. Triple DES. Advanced Encryption Standard. Blowfish. RC5. If an application is storing hourly log files from thousands of instances from a high traffic web site,which naming scheme would give optimal performance on S3?. Sequential. instanceID_log-HH-DD-MM-YYYY. instanceID_log-YYYY-MM-DD-HH. HH-DD-MM-YYYY-log_instanceIDE. YYYY-MM-DD-HH-log_instanceID. Which of the following statements about SQS is true?. Messages will be delivered exactly once and messages will be delivered in First in, First out order. Messages will be delivered exactly once and message delivery order is indeterminate. Messages will be delivered one or more times and messages will be delivered in First in, First outorder. Messages will be delivered one or more times and message delivery order is indeterminate. A corporate web application is deployed within an Amazon VPC, and is connected to the corporatedata center via IPSec VPN. The application must authenticate against the on-premise LDAP server.Once authenticated, logged-in users can only access an S3 keyspace specific to the user.Which two approaches can satisfy the objectives? Choose 2 answers. The application authenticates against LDAP. The application then calls the IAM Security Service tologin to IAM using the LDAP credentials. The application can use the IAM temporary credentials toaccess the appropriate S3 bucket. The application authenticates against LDAP, and retrieves the name of an IAM role associated withthe user. The application then calls the IAM Security Token Service to assume that IAM Role. Theapplication can use the temporary credentials to access the appropriate S3 bucket. The application authenticates against IAM Security Token Service using the LDAP credentials. Theapplication uses those temporary AWS security credentials to access the appropriate S3 bucket. Develop an identity broker which authenticates against LDAP, and then calls IAM Security TokenService to get IAM federated user credentials. The application calls the identity broker to get IAMfederated user credentials with access to the appropriate S3 bucket.E. Develop an identity broker which authenticates against IAM Security Token Service to assume anIAM Role to get temporary AWS security credentials. The application calls the identity broker to getAWS temporary security credentials with access to the appropriate S3 bucket. Company B provides an online image recognition service and utilizes SQS to decouple systemcomponents for scalability The SQS consumers poll the imaging queue as often as possible to keepend-to-end throughput as high as possible. However, Company B is realizing that polling in tightloops is burning CPU cycles and increasing costs with empty responses.How can Company B reduce the number of empty responses?. Set the imaging queue visibility Timeout attribute to 20 seconds. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds. Set the DelaySeconds parameter of a message to 20 seconds. An Amazon S3 bucket, "myawsbucket” is configured with website hosting in Tokyo region, what is theregion-specific website endpoint?. www.myawsbucket.ap-northeast-1.amazonaws.com. myawsbucket.s3-website-ap-northeast-1.amazonawscom. myawsbucket.amazonaws.com. myawsbucket.tokyo.amazonaws.com. You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items areanalyzed and then are no longer needed. You need to minimize provisioned throughput, storage, andAPI calls.Given these requirements, what is the most efficient way to manage these Items after the analysis?. Retain the items in a single table. Delete items individually over a 24 hour period. Delete the table and create a new table per hour. Create a new table per hour. You have written an application that uses the Elastic Load Balancing service to spread traffic toseveral web servers. Your users complain that they are sometimes forced to login again in the middleof using your application, after they have already logged in. This is not behavior you have designed.What is a possible solution to prevent this happening?. Use instance memory to save session state. Use instance storage to save session state. Use EBS to save session state. Use ElastiCache to save session state.E. Use Glacier to save session slate. You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. Atsome point you find out that other sites have been linking to the photos on your site, causing loss toyour business.What is an effective method to mitigate this?. Store photos on an EBS volume of the web server. Remove public read access and use signed URLs with expiry dates. Use CloudFront distributions for static content. Block the IPs of the offending websites in Security Groups. Which statements about DynamoDB are true? Choose 2 answers. DynamoDB uses a pessimistic locking model. DynamoDB uses optimistic concurrency control. DynamoDB uses conditional writes for consistency. DynamoDB restricts item access during readsE. DynamoDB restricts item access during writes. You are providing AWS consulting services for a company developing a new mobile application thatwill be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notificationmessages to individual devices each device registration identifier or token needs to be registeredwith SNS; however the developers are not sure of the best way to do this.You advise them to: Bulk upload the device tokens contained in a CSV file via the AWS Management Console. Let the push notification service (e.g. Amazon Device Messaging) handle the registration. Implement a token vending service to handle the registration. Call the CreatePlatformEndPoint API function to register multiple device tokens. You are writing to a DynamoDB table and receive the following exception:"ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for thetable, you are not exceeding your provisioned throughput.What could be an explanation for this?. You haven't provisioned enough DynamoDB storage instances. You're exceeding your capacity on a particular Range Key. You're exceeding your capacity on a particular Hash Key. You're exceeding your capacity on a particular Sort KeyE. You haven't configured DynamoDB Auto Scaling triggers. Which of the following services are included at no additional cost with the use of the AWS platform?Choose 2 answers. Simple Storage Service. Elastic Compute Cloud. Auto Scaling. Elastic Load BalancingE. CloudFormationF. Simple Workflow Service. Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposedupload exceeds the maximum allowed object size." error message.What is a possible solution for this?. None, Simple Storage Service objects are limited to 5 GB. Use the multi-part upload API for this object. Use the large object upload API for this object. Contact support to increase your object size limitE. Upload to a different region. What AWS products and features can be deployed by Elastic Beanstalk? Choose 3 answers. Auto scaling groups. Route 53 hosted zones. Elastic Load Balancers. RDS InstancesE. Elastic IP addressesF. SQS Queues. Games-R-Us is launching a new game app for mobile devices. Users will log into the game using theirexisting Facebook account and the game will record player data and scoring information directly to aDynamoDB table.What is the most secure approach for signing requests to the DynamoDB API?. Create an IAM user with access credentials that are distributed with the mobile app to sign therequests. Distribute the AWS root account access credentials with the mobile app to sign the requests. Request temporary security credentials using web identity federation to sign the requests. Establish cross account access between the mobile app and the DynamoDB table to sign therequests. Which of the following programming languages have an officially supported AWS SDK? Choose 2answers. Perl. PHP. Pascal. JavaE. SQL. A meteorological system monitors 600 temperature gauges, obtaining temperature samples everyminute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data andthe writes are evenly distributed over time.How much write throughput is required for the target table?. 1 write capacity unit. 10 write capacity units. 60 write capacity units. 600 write capacity unitsE. 3600 write capacity units. In DynamoDB, what type of HTTP response codes indicate that a problem was found with the clientrequest sent to the service?. 5xx HTTP response code. 200 HTTP response code. 306 HTTP response code. 4xx HTTP response code. Company C has recently launched an online commerce site for bicycles on AWS. They have a"Product" DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price,quantity and size to display in the online store. Due to customer demand, they want to include animage for each bicycle along with the existing details.Which approach below provides the least impact to provisioned throughput on the "Product" table?. Serialize the image and store it in multiple DynamoDB tables. Create an "Images" DynamoDB table to store the Image with a foreign key constraint to the"Product” table. Add an image data type to the "Product" table to store the images in binary format. Store the images in Amazon S3 and add an S3 URL pointer to the "Product" table item for eachimage. Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers. The number of hash keys per account. The maximum storage used per account. The number of tables per account. The number of local secondary indexes per accountE. The number of provisioned throughput units per account. When a Simple Queue Service message triggers a task that takes 5 minutes to complete, whichprocess below will result in successful processing of the message and remove it from the queuewhile minimizing the chances of duplicate processing?. Retrieve the message with an increased visibility timeout, process the message, delete themessage from the queue. Retrieve the message with an increased visibility timeout, delete the message from the queue,process the message. Retrieve the message with increased DelaySeconds, process the message, delete the messagefrom the queue. Retrieve the message with increased DelaySeconds, delete the message from the queue, processthe message. Company A has an S3 bucket containing premier content that they intend to make available to onlypaid subscribers of their website. The S3 bucket currently has default permissions of all objects beingprivate to prevent inadvertent exposure of the premier content to non-paying website visitors.How can Company A provide only paid subscribers the ability to download a premier content file inthe S3 bucket?. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket. Generate a pre-signed object URL for the premier content file when a paid subscriber requests adownload. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucketobjects. Enable server-side encryption on the S3 bucket for data protection against the non-paying websitevisitors. Which of the following is an example of a good DynamoDB hash key schema for provisionedthroughput efficiency?. User ID, where the application has many different users. Status Code where most status codes are the same. Device ID, where one is by far more popular than all the others. Game Type, where there are three possible game types. An application stores payroll information nightly in DynamoDB for a large number of employeesacross hundreds of offices. Item attributes consist of individual name, office identifier, andcumulative daily hours. Managers run reports for ranges of names working in their office. One queryis. "Return all Items in this office for names starting with A through E".Which table configuration will result in the lowest impact on provisioned throughput for this query?. Configure the table to have a hash index on the name attribute, and a range index on the officeidentifier. Configure the table to have a range index on the name attribute, and a hash index on the officeidentifier. Configure a hash index on the name attribute and no range index. Configure a hash index on the office Identifier attribute and no range index. What is one key difference between an Amazon EBS-backed and an instance-store backed instance?. Virtual Private Cloud requires EBS backed instances. Amazon EBS-backed instances can be stopped and restarted. Auto scaling requires using Amazon EBS-backed instances. Instance-store backed instances can be stopped and restarted. How can you secure data at rest on an EBS volume?. Attach the volume to an instance using EC2's SSL interface. Write the data randomly instead of sequentially. Use an encrypted file system on top of the BBS volume. Encrypt the volume using the S3 server-side encryption service.E. Create an IAM policy that restricts read and write access to the volume. Which of the following is chosen as the default region when making an API call with an AWS SDK?. ap-northeast-1. us-west-2. us-east-1. eu-west-1E. us-central-1. Which of the following statements about SWF are true? Choose 3 answers. SWF tasks are assigned once and never duplicated. SWF requires an S3 bucket for workflow storage. SWF workflow executions can last up to a year. SWF triggers SNS notifications on task assignmentE. SWF uses deciders and workers to complete tasksF. SWF requires at least 1 EC2 instance per domain. A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets.ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.The startups preparing for a public launch, by running load-testing software installed on a single EC2instance running in us-west-2a. After 60 minutes of load-testing, the webserver logs show:Which recommendations can help ensure load-testing HTTP requests are evenly distributed acrossthe four webservers? Choose 2 answers. Launch and run the load-tester EC2 instance from us-east-1 instead. Re-configure the load-testing software to re-resolve DNS for each web request. An ELB distributes web traffic across two subnets.ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.The startups preparing for a public launch, by running load-testing software installed on a single EC2instance running in us-west-2a. After 60 minutes of load-testing, the webserver logs show:Which recommendations can help ensure load-testing HTTP requests are evenly distributed acrossthe four webservers? Choose 2 answersA. Launch and run the load-tester EC2 instance from us-east-1 instead.B. Re-configure the load-testing software to re-resolve DNS for each web request. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.E. Configure ELB session stickiness to use the app-specific session cookie. Which of the following are valid SNS delivery transports? Choose 2 answers. HTTP. UDP. SMS. DynamoDBE. Named Pipes. How is provisioned throughput affected by the chosen consistency model when reading data from aDynamoDB table?. Strongly consistent reads use the same amount of throughput as eventually consistent reads. Strongly consistent reads use more throughput than eventually consistent reads. Strongly consistent reads use less throughput than eventually consistent reads. Strongly consistent reads use variable throughput depending on read activity. Which of the following are valid arguments for an SNS Publish request? Choose 3 answers. TopicAm. Subject. Destination. FormatE. MessageF. Language. How can software determine the public and private IP addresses of the Amazon EC2 instance that itis running on?. Query the appropriate Amazon CloudWatch metric. Use ipconfig or ifconfig command. Query the local instance userdata. Query the local instance metadata. EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can: be used to launch EC2 Instances in any AWS region. only be used to launch EC2 instances in the same country as the AMI is stored. only be used to launch EC2 instances in the same AWS region as the AMI is stored. only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored. Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?. DescnbeInstances. DescribeAMls. DescribeImages. GetAMlsE. You cannot retrieve a list of AMIs as there are over 10,000 AMIs. In AWS, which security aspects are the customer’s responsibility? Choose 4 answers. Life-cycle management of IAM credentials. Decommissioning storage devices. Security Group and ACL (Access Control List) settings. Encryption of EBS (Elastic Block Storage) volumesE. Controlling physical access to compute resourcesF. Patch management on the EC2 instance’s operating system. When using a large Scan operation in DynamoDB, what technique can be used to minimize theimpact of a scan on a table's provisioned throughput?. Set a smaller page size for the scan. Use parallel scans. Define a range index on the table. Prewarm the table by updating all items. Company D is running their corporate website on Amazon S3 accessed fromhttp//www.companyd.com. Their marketing team has published new web fonts to a separate S3bucket accessed by the S3 endpoint https://s3-us-west-1.amazonaws.com/cdfonts. While testing thenew web fonts, Company D recognized the web fonts are being blocked by the browser.What should Company D do to prevent the web fonts from being blocked by the browser?. Enable versioning on the cdfonts bucket for each web font. Create a policy on the cdfonts bucket to enable access to everyone. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration. Which of the following platforms are supported by Elastic Beanstalk? Choose 2 answers. Apache Tomcat. .NET. IBM Websphere. Oracle JBossE. Jetty. Which code snippet below returns the URL of a load balanced web site created in CloudFormationwith an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr” : [ "ElasticLoadBalancer","DNSName"]}]]. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr” : [ "ElasticLoadBalancer","Url"]}]]. "Fn::Join" : ["". [ "http://", {"Ref" : "ElasticLoadBalancerUrl"}]]. "Fn::Join" : [".", [ "http://", {"Ref" : "ElasticLoadBalancerDNSName"}]]. Which features can be used to restrict access to data in S3? Choose 2 answers. Use S3 Virtual Hosting. Set an S3 Bucket policy. Enable IAM Identity Federation. Set an S3 ACL on the bucket or the object.E. Create a CloudFront distribution for the bucket. What happens, by default, when one of the resources in a CloudFormation stack cannot be created?. Previously-created resources are kept but the stack creation terminates. Previously-created resources are deleted and the stack creation terminates. The stack creation continues, and the final results indicate which steps failed. CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed. Which of the following are correct statements with policy evaluation logic in AWS Identity and AccessManagement? Choose 2 answers. By default, all requests are denied. An explicit allow overrides an explicit deny. An explicit allow overrides default deny. An explicit deny does not override an explicit allowE. By default, all request are allowed. You have an environment that consists of a public subnet using Amazon VPC and 3 instances that arerunning in this subnet. These three instances can successfully communicate with other hosts on theInternet. You launch a fourth instance in the same subnet, using the same AMI and security groupconfiguration you used for the others, but find that this instance cannot be accessed from theInternet.What should you do to enable internet access?. Deploy a NAT instance into the public subnet. Modify the routing table for the public subnet. Configure a publically routable IP Address In the host OS of the fourth instance. Assign an Elastic IP address to the fourth instance. If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to otherusers by default?. 0 seconds. 1 hour. 1 day. foreverE. 30 seconds. What is the format of structured notification messages sent by Amazon SNS?. An XML object containing MessageId, UnsubscribeURL, Subject, Message and other values. An JSON object containing MessageId, DuplicateFlag, Message and other values. An XML object containing MessageId, DuplicateFlag, Message and other values. An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values. Which of the following services are key/value stores? Choose 3 answers. Amazon ElastiCache. Simple Notification Service. DynamoDB. Simple Workflow ServiceE. Simple Storage Service. When uploading an object, what request header can be explicitly specified in a request to Amazon S3to encrypt object data when saved on the server side?. x-amz-storage-class. Content-MD5. x-amz-security-token. x-amz-server-side-encryption. What item operation allows the retrieval of multiple items from a DynamoDB table in a single APIcall?. GetItem. BatchGetItem. GetMultipleItems. GetItemRange. After launching an instance that you intend to serve as a NAT (Network Address Translation) device ina public subnet you modify your route tables to have the NAT device be the target of internet boundtraffic of your private subnet. When you try and make an outbound connection to the Internet froman instance in the private subnet, you are not successful.Which of the following steps could resolve the issue?. Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the privatesubnet. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, andplacing it in the public subnet. Disabling the Source/Destination Check attribute on the NAT instance. Attaching an Elastic IP address to the instance in the private subnet. You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmationthat it has been successfully stored. You then immediately make another API call and attempt to readthis object. S3 tells you that the object does not existWhat could explain this behavior?. US-STANDARD uses eventual consistency and it can take time for an object to be readable in abucket. Objects in Amazon S3 do not become visible until they are replicated to a second region. US-STANDARD imposes a 1 second delay before new objects are readable. You exceeded the bucket object limit, and once this limit is raised the object will be visible. What is the maximum number of S3 Buckets available per AWS account?. 100 per region. there is no limit. 100 per account. 500 per accountE. 100 per IAM user. Which of the following items are required to allow an application deployed on an EC2 instance towrite data to a DynamoDB table?Assume that no security Keys are allowed to be stored on the EC2 instance. Choose 2 answers. Create an IAM User that allows write access to the DynamoDB table. Add an IAM Role to a running EC2 instance. Add an IAM User to a running EC2 Instance. Launch an EC2 Instance with the IAM Role included in the launch configuration.E. Create an IAM Role that allows write access to the DynamoDB table.F. Launch an EC2 Instance with the IAM User included in the launch configuration. A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWSLambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user tosign in and view the dashboard. It must be accessible from mobile applications, desktops, andtablets, and must remember user preferences across platforms.Which AWS service should the Developer use to support this authentication scenario?. AWS KMS. Amazon Cognito. AWS Directory Service. Amazon IAM. A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging thatpoints to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets(CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developercame back a few days later, the bucket was 50 GB.What is the MOST likely cause of this situation?. The CSS files were not compressed and S3 versioning was enabled. S3 replication was enabled on the bucket. Logging into the same bucket caused exponential log growth. An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access. A Developer is creating an Auto Scaling group whose instances need to publish a custom metric toAmazon CloudWatch.Which method would be the MOST secure way to authenticate a CloudWatch PUT request?. Create an IAM user with PutMetricData permission and put the user credentials in a privaterepository; have applications pull the credentials as needed. Create an IAM user with PutMetricData permission, and modify the Auto Scaling launchconfiguration to inject the user credentials into the instance user data. Modify the CloudWatch metric policies to allow the PutMetricData permission to instances fromthe Auto Scaling group. Create an IAM role with PutMetricData permission and modify the Auto Scaling launchingconfiguration to launch instances using that role. A Developer is working on an application that tracks hundreds of millions of product reviews in anAmazon DynamoDB table. The records include the data elements shown in the table:Which field, when used as the partition key, would result in the MOST consistent performance usingDynamoDB?. starRating. reviewID. comment. productID. A Developer has written a serverless application using multiple AWS services. The business logic iswritten as a Lambda function which has dependencies on third-party libraries. The Lambda functionendpoints will be exposed using Amazon API Gateway. The Lambda function will write theinformation to Amazon DynamoDB.The Developer is ready to deploy the application but must have the ability to rollback. How can thisdeployment be automated, based on these requirements?. Deploy using Amazon Lambda API operations to create the Lambda function by providing adeployment package. Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambdafunction resource in the template. Use syntax conforming to the Serverless Application Model in the AWS CloudFormation templateto define the Lambda function resource. Create a bash script which uses AWS CLI to package and deploy the application. What are the steps to using the AWS CLI to launch a templatized serverless application?. Use AWS CloudFormation get-template then CloudFormation execute-change-set. Use AWS CloudFormation validate-template then CloudFormation create-change-set. Use AWS CloudFormation package then CloudFormation deploy. Use AWS CloudFormation create-stack then CloudFormation update-stack. A Developer is creating a web application that requires authentication, but also needs to supportguest accessto provide users limited access without having to authenticate. What service can provide support forthe application to allow guest access?. IAM temporary credentials using AWS STS. Amazon Directory Service. Amazon Cognito with unauthenticated access enabled. IAM with SAML integration. An application takes 40 seconds to process instructions received in an Amazon SQS message.Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way,upon receiving a message, to ensure that no other instances can retrieve a message that has alreadybeen processed or is currently being processed?. Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use theDeleteMessage API to delete the message. Use the DeleteMessage API call to delete the message from the queue, then call DeleteQueue APIto remove the queue. Use the ChangeMessageVisibility API to decrease the timeout value, then use the DeleteMessageAPI to delete the message. Use the DeleteMessageVisibility API to cancel the VisibilityTimeout, then use the DeleteMessageAPI to delete the message. A Developer has implemented a Lambda function that needs to add new customers to an RDSdatabase that is expected to run hundreds of times per hour. The Lambda function is configured touse 512MB of RAM and is based on the following pseudo code:After testing the Lambda function, the Developer notices that the Lambda execution time is muchlonger than expected. What should the Developer do to improve performance?. Increase the amount of RAM allocated to the Lambda function, which will increase the number ofthreads the Lambda can use. Increase the size of the RDS database to allow for an increased number of database connectionseach hour. Move the database connection and close statement out of the handler. Place the connection in theglobal space. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second. A current architecture uses many Lambda functions invoking one another as a large state machine.The coordination of this state machine is legacy custom code that breaks easily.Which AWS Service can help refactor and manage the state machine?. AWS Data Pipeline. AWS SNS with AWS SQS. Amazon Elastic MapReduce. AWS Step Functions. A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content isexpensive to regenerate in case of service failure. Which implementation below would work whilemaintaining maximum uptime?. Implement Amazon ElastiCache Redis in Cluster Mode. Install Redis on an Amazon EC2 instance. Implement Amazon ElastiCache Memcached. Migrate the database to Amazon Redshift. A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3bucket wills server more than 300 GET requests per second. What should be done to optimizeperformance? (Select TWO.). Integrate Amazon CloudFront with Amazon S3. Enable Amazon S3 cross-region replication. Delete expired Amazon S3 server log files. Configure Amazon S3 lifecycle rules.E. Randomize Amazon S3 key name prefixes. A company is building a stock trading application that requires sub-millisecond latency in processingtrading requests. Amazon DynamoDB is used to store all the trading data that is used to process eachrequest. After load testing the application, the development team found that due to data retrievaltimes, the latency requirement is not satisfied. Because of sudden high spikes in the number ofrequests, DynamoDB readcapacity has to be significantly over-provisioned to avoid throttling.What steps should be taken to meet latency requirements and reduce the cost of running theapplication?. Add Global Secondary Indexes for trading data. Store trading data in Amazon S3 and use Transfer Acceleration. Add retries with exponential back-off for DynamoDB queries. Use DynamoDB Accelerator to cache trading data. A Developer needs temporary access to resources in a second account.What is the MOST secure way to achieve this?. Use the Amazon Cognito user pools to get short-lived credentials for the second account. Create a dedicated IAM access key for the second account, and send it by mail. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials. Establish trust, and add an SSH key for the second account to the IAM user. An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15seconds, the application receives multiple ProvisionedThroughputExceeded errors.How should this exception be handled?. Create a new global secondary index for the table to help with the additional requests. Retry the failed read requests with exponential backoff. Immediately retry the failed read requests. Use the DynamoDB “UpdateItem” API to increase the provisioned throughput capacity of thetable. A Developer has created a large Lambda function, and deployment is failing with the following error:ClientError: An error occurred (InvalidParameterValueException) when calling theCreateFunction operation: Unzipped size must be smaller than XXXXXXXXX bytes’, where XXXXXXXXXis the current Lambda limitWhat can the Developer do to fix this problem?. Submit a limit increase request to AWS Support to increase the function to the size needed. Use a compression algorithm that is more efficient than ZIP. Break the function into multiple smaller Lambda functions. ZIP the ZIP file twice to compress it further. Given the source code for an AWS Lambda function in the local store.py containing a handlerfunction called get_store and the following AWS CloudFormation template:What should be done to prepare the template so that it can be deployed using the AWS CLIcommand awscloudformation deploy?. Use aws cloudformation compile to base64 encode and embed the source file into a modifiedCloudFormation template. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produceamodified CloudFormation template. Use aws lambda zip to package the source file together with the CloudFormation template anddeploythe resulting zip archive. Use aws serverless create-package to embed the source file directly into the existingCloudFormation template. An application stores images in an S3 bucket. Amazon S3 event notifications are used to trigger aLambda function that resizes the images. Processing each image takes less than a second.How will AWS Lambda handle the additional traffic?. Lambda will scale out to execute the requests concurrently. Lambda will handle the requests sequentially in the order received. Lambda will process multiple images in a single execution. Lambda will add more compute to each execution to reduce processing time. A company wants to implement a continuous integration for its workloads on AWS. The companywants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notifiedof failure events in the pipeline.How can these requirements be met?. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. UseAmazon SNS to trigger notifications of failure events. Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SEStotrigger notifications of failure events. Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use AmazonCloudWatch to trigger notifications of failure events. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. UseAmazonCloudWatch to trigger notification of failure events. A serverless application uses an API Gateway and AWS Lambda.Where should the Lambda function store its session information across function calls?. In an Amazon DynamoDB table. In an Amazon SQS queue. In the local filesystem. In an SQLite session table using –DSQLITE_ENABLE_SESSION. A Developer has created a software package to be deployed on multiple EC2 instances using IAMroles.What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams?(Select TWO.). Use the AWS CLI to retrieve the IAM group. Query Amazon EC2 metadata for in-line IAM policies. Request a token from AWS STS, and perform a describe action. Perform a get action using the –-dry-run argument.E. Validate the IAM role policy with the IAM policy simulator. When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scopeof the handler?. Legibility and stylistic convention. Taking advantage of connection re-use. Better error handling. Creating a new instance per invocation. An application on AWS is using third-party APIs. The Developer needs to monitor API errors in thecode, and wants to receive notifications if failures go above a set threshold value.How can the Developer achieve these requirements?. Publish a custom metric on Amazon CloudWatch and use Amazon SES for notification. Use an Amazon CloudWatch API-error metric and use Amazon SNS for notification. Use an Amazon CloudWatch API-error metric and use Amazon SES for notification. Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification. A Developer has an application that can upload tens of thousands of objects per second to AmazonS3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must useserver side encryption with AWS KMS (SSE-KMS). After creating this change, performance of theapplication is slower.Which of the following is MOST likely the cause of the application latency?. Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer MasterKeys. The AWS KMS API calls limit is less than needed to achieve the desired performance. The client encryption of the objects is using a poor algorithm. KMS requires that an alias be used to create an independent display name that can be mapped toa CMK. A company wants to migrate its web application to AWS and leverage Auto Scaling to handle pearworkloads.The Solutions Architect determined that the best metric for an Auto Scaling event is the number ofconcurrent users.Based on this information, what should the Developer use to autoscale based on concurrent users?. An Amazon SNS topic to be triggered when a concurrent user threshold is met. An Amazon Cloudwatch Networkin metric. Amazon CloudFront to leverage AWS Edge Locations. A Custom Amazon CloudWatch metric for concurrent users. A company is migrating its on-premises database to Amazon RDS for MySQL. The company has readheavy workloads, and wants to make sure it re-factors its code to achieve optimum readperformance for its queries.How can this objective be met?. Add database retries to effectively use RDS with vertical scaling. Use RDS with multi-AZ deployment. Add a connection string to use an RDS read replica for read queries. Add a connection string to use a read replica on an EC2 instance. A Developer is receiving HTTP 400: ThrottlingException errors intermittently when calling theAmazonCloudWatch API. When a call fails, no data is retrieved.What best practice should first be applied to address this issue?. Contact AWS Support for a limit increase. Use the AWS CLI to get the metrics. Analyze the applications and remove the API call. Retry the call with exponential backoff. A Developer is testing a Docker-based application that uses the AWS SDK to interact with AmazonDynamoDB. In the local development environment, the application has used IAM access keys. Theapplication is now ready for deployment onto an ECS cluster.How should the application authenticate with AWS services in production?. Configure an ECS task IAM role for the application to use. In the local development environment, the application has used IAM access keys. Theapplication is now ready for deployment onto an ECS cluster.How should the application authenticate with AWS services in production?A. Configure an ECS task IAM role for the application to use. Configure AWS access key/secret access key environment variables with new credentials. Configure the credentials file with a new access key/secret access key. A Developer created a Lambda function for a web application backend. When testing the Lambdafunction from the AWS Lambda console, the Developer can see that the function is being executed,but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes.What could cause this situation?. The Lambda function does not have any explicit log statements for the log data to send it toCloudWatch Logs. The Lambda function is missing CloudWatch Logs as a source trigger to send log data. The execution role for the Lambda function is missing permissions to write log data to theCloudWatch Logs. The Lambda function is missing a target CloudWatch Log group. An application has hundreds of users. Each user may use multiple devices to access the application.The Developer wants to assign unique identifiers to these users regardless of the device they use.Which of the following methods should be used to obtain unique identifiers?. Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use thesekeys as unique identifiers. Use IAM-generated access key IDs for the users as the unique identifier, but do not store secretkeys. Implement developer-authenticated identities by using Amazon Cognito, and get credentials forthese identities. Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier. An application is designed to use Amazon SQS to manage messages from many independentsenders. Each sender’s messages must be processed in the order they are received.Which SQS feature should be implemented by the Developer?. Configure each sender with a unique MessageGroupId. Enable MessageDeduplicationIds on the SQS queue. Configure each message with unique MessageGroupIds. Enable ContentBasedDeduplication on the SQS queue. A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using accesskeys stored in environment variables. The package is running on EC2 instances, and the instanceshave been modified to run with an assumed IAM role and a more restrictive policy that allows accessto only one bucket.After the change, the Developer logs into the host and still has the ability to write into all of the S3buckets in that account.What is the MOST likely cause of this situation?. An IAM inline policy is being used on the IAM role. An IAM managed policy is being used on the IAM role. The AWS CLI is corrupt and needs to be reinstalled. The AWS credential provider looks for instance profile credentials last. A Developer is writing transactions into a DynamoDB table called “SystemUpdates” that has 5 writecapacity units.Which option has the highest read throughput?. Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size. Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size. Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size. Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size. Where should an Elastic Beanstalk configuration file named healthcheckur1.config be placed in theapplication source bundle?. In the root of the application. In the bin folder. In healthcheckur1.config.ebextension under root. In the .ebextensions folder. During non-peak hours, a Developer wants to minimize the execution time of a full AmazonDynamoDB table scan without affecting normal workloads. The workloads average half of thestrongly consistent read capacity units during non-peak hours.How would the Developer optimize this scan?. Use parallel scans while limiting the rate. Use sequential scans. Increase read capacity units during the scan operation. Change consistency to eventually consistent during the scan operation. A Developer is creating a Lambda function and will be using external libraries that are not included inthe standard Lambda libraries.What action would minimize the Lambda compute time consumed?. Install the dependencies and external libraries at the beginning of the Lambda function. Create a Lambda deployment package that includes the external libraries. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location. Install the external libraries in Lambda to be available to all Lambda functions. A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Applicationrequirements state that the application must maintain full capacity during updates while minimizingcost.Which type of Elastic Beanstalk deployment policy should the Developer specify for theenvironment?. Immutable. Rolling. All at Once. Rolling with additional batch. An application under development is required to store hundreds of video files. The data must beencrypted within the application prior to storage, with a unique key for each video file.How should the Developer code the application?. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data. Use a cryptography library to generate an encryption key for the application. Use the encryptionkey to encrypt the data. Store the encrypted data. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store theencrypted data key and data. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key. A Developer is creating an application that needs to locate the public IPv4 address of the AmazonEC2 instance on which it runs. How can the application locate this information?. Get the instance metadata by retrieving http://169.254.169.254/latest/metadata/. Get the instance user data by retrieving http://169.254.169.254/latest/userdata/. Get the application to run IFCONFIG to get the public IP address. Get the application to run IPCONFIG to get the public IP address. The Lambda function below is being called through an API using Amazon API Gateway. The averageexecution time for the Lambda function is about 1 second. The pseudocode for the Lambda functionis as shown in the exhibit.What two actions can be taken to improve the performance of this Lambda function withoutincreasing the cost of the solution? (Select two.). Package only the modules the Lambda function requires. Use Amazon DynamoDB instead of Amazon RDS. Move the initialization of the variable Amazon RDS connection outside of the handler function. Implement custom database connection pooling with the Lambda functionE. Implement local caching of Amazon RDS data so Lambda can re-use the cache. An application will ingest data at a very high throughput from many sources and must store the datain an Amazon S3 bucket. Which service would BEST accomplish this task?. Amazon Kinesis Firehose. Amazon S3 Acceleration Transfer. Amazon SQS. Amazon SNS. A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 recordsper second. A Lambda function has been configured to process these records.In which order will these records be processed?. Lambda will receive each record in the reverse order it was placed into the stream following a LIFO(last-in, first-out) method. Lambda will receive each record in the exact order it was placed into the stream following a FIFO(first-in, first-out) method. Lambda will receive each record in the exact order it was placed into the shard following a FIFO(first-in, first-out) method. There is no guarantee of order across shards. The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or requestspecific record using the getRecords API. A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript todownload images from another Amazon S3 bucket. These images are not displayed when usersbrowse the site.What is the possible cause for the issue?. The referenced Amazon S3 bucket is in another region. The images must be stored in the same Amazon S3 bucket. Port 80 must be opened on the security group in which the Amazon S3 bucket is located. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket. Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zipWhich S3 best practice would optimize performance with thousands of PUT request each second to asingle bucket?. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-0000- FILENAME.zip. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6FILENAME.zip. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip. For a deployment using AWS CodeDeploy, what is the run order of the hooks for in-placedeployments?. Before Install -> Application Stop -> Application Start -> After Install. Application Stop -> Before Install -> After Install -> Application Start. Before Install -> Application Stop -> Validate Service -> Application Start. Application Stop -> Before Install -> Validate Service -> Application Start. A Developer is developing an application that manages financial transactions. To improve security,multi-factor authentication (MFA) will be required as part of the login protocol.What services can the Developer use to meet these requirements?. Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes. Amazon Cognito with MFA. AWS Directory Service. AWS IAM with MFA enabled. A game stores user game data in an Amazon DynamoDB table. Individual users should not haveaccess to other users’ game data. How can this be accomplished?. Encrypt the game data with individual user keys. Restrict access to specific items based on certain primary key values. Stage data in SQS queues to inject metadata before accessing DynamoDB. Read records from DynamoDB and discard irrelevant data client-side. A company developed a set of APIs that are being served through the Amazon API Gateway. The APIcalls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. TheAPIs should allow access based on a custom authorization model.Which is the simplest and MOST secure design to use to build an authentication and authorizationmodel for the APIs?. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize usersbased on JSON Web Tokens. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with theseidentify providers and pass the JSON Web Token to the API to authenticate each API call. Store user credentials in Amazon DynamoDB and have the application retrieve temporarycredentials from AWS STS. Make API calls by passing user credentials to the APIs for authenticationand authorization. Use Amazon RDS to store user credentials and pass them to the APIs for authentications andauthorization. A supplier is writing a new RESTful API for customers to query the status of orders. The customersrequested the following API endpoint.http://www.supplierdomain.com/status/customerIDWhich of the following application designs meet the requirements? (Select two.). Amazon SQS; Amazon SNS. Elastic Load Balancing; Amazon EC2. Amazon ElastiCache; Amazon Elacticsearch Service. Amazon API Gateway; AWS LambdaE. Amazon S3; Amazon CloudFront. A development team consists of 10 team members. Similar to a home directory for each teammember the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For theteam member with the username “TeamMemberX”, the snippet of the IAM policy looks like this:Instead of creating distinct policies for each team member, what approach can be used to make thispolicy snippet generic for all team members?. Use IAM policy condition. Use IAM policy principal. Use IAM policy variables. Use IAM policy resource. A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionalityof the service to external clients with the Amazon API Gateway. Which technique will accomplishthis?. Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XMLmessage for the SOAP interface using mapping templates. Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface throughan Application Load Balancer. Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface throughan Application Load Balancer. Create a RESTful API with the API Gateway; transform the incoming XML into a valid message fortheSOAP interface using mapping templates. A company is using AWS CodeBuild to compile a website from source code stored in AWSCodeCommit. A recent change to the source code has resulted in the CodeBuild project being unableto successfully compile the website.How should the Developer identify the cause of the failures?. Modify the buildspec.yml file to include steps to send the output of build commands to AmazonCloudWatch. Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild projectconfiguration. Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild projectbuild history. Manually re-run the build process on a local machine so that the output can be visualized. A web application is using Amazon Kinesis Streams for clickstream data that may not be consumedfor up to 12 hours.How can the Developer implement encryption at rest for data within the Kinesis Streams?. Enable SSL connections to Kinesis. Use Amazon Kinesis Consumer Library. Encrypt the data once it is at rest with a Lambda function. Enable server-side encryption in Kinesis Streams. A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the softwarestack. The Developer made the necessary changes in the application tested it, and found that theapplication is able to send the traces to AWS X-Ray. However, when the application is deployed to anEC2 instance, the traces are not available.Which of the following could create this situation? (Select two.). The traces are reaching X-Ray, but the Developer does not have access to view the records. The X-Ray daemon is not installed on the EC2 instance. The X-Ray endpoint specified in the application configuration is incorrect. The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.E. The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords”permissions. A Developer executed a AWS CLI command and received the error shown below:What action should the Developer perform to make this error human-readable?. Make a call to AWS KMS to decode the message. Use the AWS STS decode-authorization-message API to decode the message. Use an open source decoding library to decode the message. Use the AWS IAM decode-authorization-message API to decode this message. A company is using Amazon API Gateway to manage access to a set of microservices implemented asAWSLambda functions. Following a bug report, the company makes a minor breaking change to one ofthe APIs.In order to avoid impacting existing clients when the new API is deployed, the company wants toallow clients six months to migrate from v1 to v2.Which approach should the Developer use to handle this change?. Update the underlying Lambda function and provide clients with the new Lambda invocation URL. Use API Gateway to automatically propagate the change to clients, specifying 180 days in thephased deployment parameter. Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL. Update the underlying Lambda function, create an Amazon CloudFront distribution with theupdated Lambda function as its origin. A company has written a Java AWS Lambda function to be triggered whenever a user uploads animage to an Amazon S3 bucket. The function converts the original image to several different formatsand then copies the resulting images to another Amazon S3 bucket.The Developers find that no images are being copied to the second Amazon S3 bucket. They havetested the code on an Amazon EC2 instance with 1GB of RAM, and it takes an average of 500 secondsto complete.What is the MOST likely cause of the problem?. The Lambda function has insufficient memory and needs to be increased to 1 GB to match theAmazon EC2 instance. Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needsto be deleted. Lambda functions have a maximum execution limit of 300 seconds, therefore the function is notcompleting. There is a problem with the Java runtime for Lambda, and the function needs to be converted tonode.js. An application stops working with the following error: The specified bucket does not exist. Where isthe BEST place to start the root cause analysis?. Check the Elastic Load Balancer logs for DeleteBucket requests. Check the application logs in Amazon CloudWatch Logs for Amazon S3 DeleteBucket errors. Check AWS X-Ray for Amazon S3 DeleteBucket alarms. Check AWS CloudTrail for a DeleteBucket event. An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket.Organizational security policies require that all data written to this bucket be encrypted.How can compliance with this policy be ensured?. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in thebucket. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the xamzserver-side-encryption header. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucketare encrypted. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amzserver-sideencryption header. An application overwrites an object in Amazon S3, and then immediately reads the same object. Whywould the application sometimes retrieve the old version of the object?. S3 overwrite PUTS are eventually consistent, so the application may read the old object. The application needs to add extra metadata to label the latest version when uploading to AmazonS3. All S3 PUTS are eventually consistent, so the application may read the old object. The application needs to explicitly specify latest version when retrieving the object. The release process workflow of an application requires a manual approval before the code isdeployed into the production environment.What is the BEST way to achieve this using AWS CodePipeline?. Use multiple pipelines to allow approval. Use an approval action in a stage. Disable the stage transition to allow manual approval. Disable a stage just prior the deployment stage. A Developer created configuration specifications for an AWS Elastic Beanstalk application in a filenamed healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. Thefile contains thefollowing:After the application launches, the health check is not being run on the correct path, event though itis valid.What can be done to correct this configuration file?. Convert the file to JSON format. Rename the file to a .config extension. Change the configuration section from options_settings to resources. Change the namespace of the option settings to a cusom namespace. A company is migrating a single-server, on-premises web application to AWS. The company intendsto use multiple servers behind an Elastic Load Balancer (ELB) to balance the load, and will also storesession data in memory on the web server. The company does not want to lose that session data if aserver fails or goes offline, and it wants to minimize user’s downtime.Where should the company move session data to MOST effectively reduce downtime and makeusers’ session data more fault tolerant?. An Amazon ElastiCache for Redis cluster. A second Amazon EBS volume. The web server’s primary disk. An Amazon EC2 instance dedicated to session data. A Developer is building a mobile application and needs any update to user profile data to be pushedto all devices accessing the specific identity. The Developer does not want to manage a back end tomaintain the user profile data.What is the MOST efficient way for the Developer to achieve these requirements using AmazonCognito?. Use Cognito federated identities. Use a Cognito user pool. Use Cognito Sync. Use Cognito events. An e-commerce site allows returning users to log in to display customized web pages. The workflowis shown in the image below:An application is running on EC2 instances. Amazon RDS is used for the database that stores useraccounts and preferences. The website freezes or is slow to load while waiting for the login step tocomplete. The remaining components of the site are well-optimized.Which of the following techniques will resolve this issue? (Select Two.). Implement the user login page as an asynchronous Lambda function. Use Amazon ElastiCache for MemCached to cache user data. Use Amazon Application Load Balancer to load balance the traffic to the website. Call the database asynchronously so the code can continue executing.E. Batch login requests from hundreds of users together as a single read request to the database. A Developer has created a Lambda function and is finding that the function is taking longer tocomplete than expected. After some debugging, the Developer has discovered that increasingcompute capacity would improve performance.How can the Developer increase the Lambda compute resources?. Run on a larger instance size with more compute capacity. Increase the maximum execution time. Specify a larger compute capacity when calling the Lambda function. Increase the allocated memory for the Lambda function. A Developer is writing a mobile application that allows users to view images from an S3 bucket. Theusers must be able to log in with their Amazon login, as well as Facebook® and/or Google® accounts.How can the Developer provide this authentication functionality?. Use Amazon Cognito with web identity federation. Use Amazon Cognito with SAML-based identity federation. Use AWS IAM Access/Secret keys in the application code to allow Get* on the S3 bucket. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on theS3 bucket. A company maintains a REST service using Amazon API Gateway and the API Gateway native API keyvalidation. The company recently launched a new registration page, which allows users to sign up forthe service. The registration page creates a new API key using CreateApiKey and sends the new keyto the user. When the user attempts to call the API using this key, the user receives a 403 Forbiddenerror. Existing users are unaffected and can still call the API.What code updates will grant these new users access to the API?. The createDeployment method must be called so the API can be redeployed to include the newlycreated API key. The updateAuthorizer method must be called to update the API’s authorizer to include the newlycreated API key. The importApiKeys method must be called to import all newly created API keys into the currentstage of the API. The createUsagePlanKey method must be called to associate the newly created API key with thecorrect usage plan. A company has an application that logs all information to Amazon S3. Whenever there is a new logfile, an AWS Lambda function is invoked to process the log files. The code works, gathering all of thenecessary information. However, when checking the Lambda function logs, duplicate entries withthe same request ID are found.What is causing the duplicate entries?. The S3 bucket name was specified incorrectly. The Lambda function failed, and the Lambda service retired the invocation with a delay. There was an S3 outage, which caused duplicate entries of the sale log file. The application stopped intermittently and then resumed. A nightly batch job loads 1 million new records into a DynamoDB table. The records are only neededfor one hour, and the table needs to be empty by the next night’s batch job.Which is the MOST efficient and cost-effective method to provide an empty table?. Use DeleteItem using a ConditionExpression. Use BatchWriteItem to empty all of the rows. With a recursive function that scans and calls out DeleteItem. Create and then delete the table after the task has completed. A Developer wants access to make the log data of an application running on an EC2 instanceavailable to systems administrators.Which of the following enables monitoring of this metric in Amazon CloudWatch?. Retrieve the log data from CloudWatch using the GetMetricData API call. Retrieve the log data from AWS CloudTrail using the LookupEvents API call. Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install theapplication. Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on. A Development team has pushed out 10 applications running on several Amazon EC2 instances. TheOperations team is asking for a graphical representation of one key performance metric for eachapplication. These metrics should be available on one screen for easy monitoring.Which steps should the Developer take to accomplish this using Amazon CloudWatch?. Create a custom namespace with a unique metric name for each application. Create a custom dimension with a unique metric name for each application. Create a custom event with a unique metric name for each application. Create a custom alarm with a unique metric name for each application. A Developer is creating a serverless website with content that includes HTML files, images, videos,and JavaScript (client-side scripts).Which combination of services should the Developer use to create the website?. Amazon S3 and Amazon CloudFront. Amazon EC2 and Amazon ElastiCache. Amazon ECS and Redis. AWS Lambda and Amazon API Gateway. A company is providing services to many downstream consumers. Each consumer may connect toone or more services. This has resulted in a complex architecture that is difficult to manage and doesnot scale well. The company needs a single interface to manage these services to consumers.Which AWS service should be used to refactor this architecture?. AWS Lambda. AWS X-Ray. Amazon SQS. Amazon API Gateway. A company uses Amazon DynamoDB for managing and tracking orders. The DynamoDB table ispartitioned based on the order date. The company receives a huge increase in orders during a salesevent, causing DynamoDB writes to throttle, and the consumed throughput is far below theprovisioned throughput.According to AWS best practices, how can this issue be resolved with MINIMAL costs?. Create a new DynamoDB table for every order date. Increase the read and write capacity units of the DynamoDB table. Add a random number suffix to the partition key values. Add a global secondary index to the DynamoDB table. A company has three different environments: Development, QA, and Production. The companywants to deploy its code first in the Development environment, then QA, and then Production.Which AWS service can be used to meet this requirement?. Use AWS CodeCommit to create multiple repositories to deploy the application. Use AWS CodeBuild to create, configure, and deploy multiple build application projects. Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application. Use AWS CodeDeploy to create multiple deployment groups. A company is creating an application that will require users to access AWS services and allow them toreset their own passwords.Which of the following would allow the company to manage users and authorization while allowingusers to reset their own passwords?. Amazon Cognito identify pools and AWS STS. Amazon Cognito identity pools and AWS IAM. Amazon Cognito user pools and AWS KMS. Amazon Cognito user pools and identity pools. An application that runs on an Amazon EC2 instance needs to access and make API calls to multipleAWS services.What is the MOST secure way to provide access to the AWS services with MINIMAL managementoverhead?. Use AWS KMS to store and retrieve credentials. Use EC2 instance profiles. Use AWS root user to make requests to the application. Store and retrieve credentials from AWS CodeCommit. In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configurecontainer instances in the environment?. An Amazon ECS task definition. An Amazon ECS cluster. A Docker in an application package. A CLI for Elastic Beanstalk. A Development team currently supports an application that uses an in-memory store to saveaccumulated game results. Individual results are stored in a database. As part of migrating to AWS,the team needs to use automatic scaling. The team knows this will yield inconsistent results.Where should the team store these accumulated game results to BEST allow for consistent resultswithout impacting performance?. Amazon S3. Amazon RDS. Amazon ElastiCache. Amazon Kinesis. A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of theprimary relational databases on Amazon RDS could not serve all the traffic. Some read queries forrepeatedly accessed items failed, so users received error messages.What can be done to minimize the impact on database read queries MOST efficiently during futuretraffic spikes?. Use Amazon S3 to cache database query results. Use Amazon RDS as a custom origin for Amazon CloudFront. Use local storage and memory on Amazon EC2 instances to cache data. Use Amazon ElastiCache in front of the primary database to cache data. A company has a website that is developed in PHP and WordPress and is launched using AWS ElasticBeanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalkenvironment. The company cannot tolerate having the website offline if an update fails.Deployments must have minimal impact and rollback as soon as possible.What deployment method should be used?. All at once. Rolling. Snapshots. Immutable. A company maintains an application responsible for processing several thousand external callbackseach day. The company’s System administrators want to know how many callbacks are beingreceived on a rolling basis, and they want this data available for 10 days. The company also wants theability to issue automated alerts if the number of callbacks exceeds the defined thresholds.What is the MOST cost-effective way to address the need to track and alert on these statistics?. Push callback data to an Amazon RDS database that can be queried to show historical data and toalert on exceeded thresholds. Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceededthresholds. Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function thatstores data in Amazon DynamoDB and sends the required alerts. Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alertingmechanisms to alert System Administrators. Developer is creating an AWS Lambda function to process a stream of data from an Amazon KinesisData Stream. When the Lambda function parses the data and encounters a missing field, it exits thefunction with an error. The function is generating duplicate records from the Kinesis stream. Whenthe Developer looks at the stream output without the Lambda function, there are no duplicaterecords.What is the reason for the duplicates?. The Lambda function did not advance the Kinesis stream pointer to the next record after the error. The Lambda event source used asynchronous invocation, resulting in duplicate records. The Lambda function did not handle the error, and the Lambda service attempted to reprocess thedata. The Lambda function is not keeping up with the amount of data coming from the stream. A Developer must build an application that uses Amazon DynamoDB. The requirements state thatitems being stored in the DynamoDB table will be 7KB in size and that reads must be stronglyconsistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 itemsper second.How should the Developer size the DynamoDB table to meet these requirements?. Read: 3 read capacity unitsWrite: 70 write capacity units. The requirements state thatitems being stored in the DynamoDB table will be 7KB in size and that reads must be stronglyconsistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 itemsper second.How should the Developer size the DynamoDB table to meet these requirements?A. Read: 3 read capacity unitsWrite: 70 write capacity units. Read: 6 read capacity unitsWrite: 10 write capacity units. Read: 3 read capacity unitsWrite: 10 write capacity units. An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and alsoreach a public endpoint over the internet to get additional data.Which steps must be taken to allow the function to access both the RDS resource and the publicendpoint? (Select TWO.). Modify the default configuration for the Lambda function to associate it with an Amazon VPCprivate subnet. Modify the default network access control list to allow outbound traffic. Add a NAT Gateway to the VPC. Modify the default configuration of the Lambda function to associate it with a VPC public subnet.E. Add an environmental variable to the Lambda function to allow outbound internet access. A Developer writes an AWS Lambda function and uploads the code in a .ZIP file to Amazon S3. TheDeveloper makes changes to the code and uploads a new .ZIP file to Amazon S3. However, Lambdaexecutes the earlier code.How can the Developer fix this in the LEAST disruptive way?. Create another Lambda function and specify the new .ZIP file. Call the update-function-code API. Remove the earlier .ZIP file first, then add the new .ZIP file. Call the create-alias API. A company is developing an application that will run on several Amazon EC2 instances in an AutoScaling group and can access a database running on Amazon EC2. The application needs to storesecrets required to connect to the database. The application must allow for periodic secret rotation,and there should be no changes to the application when a secret changes.What is the SAFEST way to meet these requirements?. Associate an IAM role to the EC2 instance where the application is running with permission toaccess the database. Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets. Configure the application to store secrets in Amazon S3 object metadata. Hard code the database secrets in the application code itself. A Developer needs to design an application running on AWS that will be used to consume AmazonSQS messages that range from 1 KB up to 1GB in size.How should the Amazon SQS messages be managed?. Use Amazon S3 and the Amazon SQS CLI. Use Amazon S3 and the Amazon SQS Extended Client Library for Java. Use Amazon EBS and the Amazon SQS CLI. Use Amazon EFS and the Amazon SQS CLI. A Developer has been asked to make changes to the source code of an AWS Lambda function. Thefunction is managed using an AWS CloudFormation template. The template is configured to load thesource code from an Amazon S3 bucket. The Developer manually created a .ZIP file deploymentpackage containing the changes and put the file into the correct location on Amazon S3. When thefunction is invoked, the code changes have not been applied.What step is required to update the function with the changes?. Delete the .ZIP file on S3, and re-upload by using a different object key name. Update the CloudFormation stack with the correct values for the function code propertiesS3Bucket, S3Key, or S3ObjectVersion. Ensure that the function source code is base64-encoded before uploading the deploymentpackage to S3. Modify the execution role of the Lambda function to allow S3 access permission to thedeployment package .ZIP file. An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires adifferent Amazon Machine Image (AMI) in each region.Which AWS CloudFormation template key can be used to specify the correct AMI for each region?. Parameters. Outputs. Mappings. Resources. A Developer is designing a new application that uses Amazon S3. To satisfy compliancerequirements, the Developer must encrypt the data at rest.How can the Developer accomplish this?. Use s3:x-amz-acl as a condition in the S3 bucket policy. Use Amazon RDS with default encryption. Use aws:SecureTransport as a condition in the S3 bucket policy. Turn on S3 default encryption for the S3 bucket. A Developer wants to enable AWS X-Ray for a secure application that runs in an Amazon ECSenvironment.What combination of steps will enable X-Ray? (Select THREE.). Create a Docker image that runs the X-Ray daemon. Add instrumentation to the application code for X-Ray. Install the X-Ray daemon on the underlying EC2 instance. Configure and use an IAM EC2 instance role.E. Register the application with X-Ray.F. Configure and use an IAM role for tasks. A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.Which procedures will deploy a Lambda function? (Select TWO.). Upload the code to an AWS CodeCommit repository, then add a reference to it in anAWS::Lambda::Function resource in the template. Create an AWS::Lambda::Function resource in the template, then write the code directly inside theCloudFormation template. Upload a .ZIP file containing the function code to Amazon S3, then add a reference to it in anAWS::Lambda::Function resource in the template. Upload a .ZIP file to AWS CloudFormation containing the function code, then add a reference to itin an AWS::Lambda::Function resource in the template.E. Upload the function code to a private Git repository, then add a reference to it in anAWS::Lambda::Function resource in the template. A Developer has published an update to an application that is served to a global user base usingAmazon CloudFront. After deploying the application, users are not able to see the updated changes.How can the Developer resolve this issue?. Remove the origin from the CloudFront configuration and add it again. Disable forwarding of query strings and request headers from the CloudFront distributionconfiguration. Invalidate all the application objects from the edge caches. Disable the CloudFront distribution and enable it again to update all the edge locations. A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDBtable.Which DynamoDB API call can the Developer use in order to consume the LEAST number of readcapacity units?. Scan operation using eventually-consistent reads. Query operation using strongly-consistent reads. Query operation using eventually-consistent reads. Scan operation using strongly-consistent reads. An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucketdaily. The file contains sensitive information, so the Developer must ensure that it is encryptedbefore uploading to the bucket.Which of the following modifications should the Developer make to ensure that the data isencrypted before uploading it to the bucket?. Use the default AWS KMS customer master key for S3 in the Lambda function code. Use the S3 managed key and call the GenerateDataKey API to encrypt the file. Use the GenerateDateKey API, then use that data key to encrypt the file in the Lambda functioncode. Use a custom KMS customer master key created for S3 in the Lambda function code. A company needs to secure its existing website running behind an Elastic Load Balancer. Thewebsite’s Amazon EC2 instances are CPU-constrained.What should be done to secure the website while not increasing the CPU load on the EC2 webservers? (Select TWO.). Configure an Elastic Load Balancer with SSL pass-through. Configure SSL certificates on an Elastic Load Balancer. Configure an Elastic Load Balancer with a Loadable Storage System. Install SSL certificates on the EC2 instances.E. Configure an Elastic Load Balancer with SSL termination. How should custom libraries be utilized in AWS Lambda?. Host the library on Amazon S3 and reference to it from the Lambda function. Install the library locally and upload a ZIP file of the Lambda function. Import the necessary Lambda blueprint when creating the function. Modify the function runtime to include the necessary library. In a move toward using microservices, a company’s Management team has asked all Developmentteams to build their services so that API requests depend only on that service’s data store. One teamis building a Payments service which has its own database; the service needs data that originates inthe Accounts database. Both are using Amazon DynamoDB.What approach will result in the simplest, decoupled, and reliable method to get near-real timeupdates from the Accounts database?. Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Paymentsdatabase. Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accountsdatabase. Use Amazon Kinesis Data Firehouse to deliver all changes from the Accounts database to thePayments database. Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to thePayments database. A Developer is designing a fault-tolerant environment where client sessions will be saved.How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?. Use sticky sessions with an Elastic Load Balancer target group. Use Amazon SQS to save session data. Use Amazon DynamoDB to perform scalable session hadling. Use Elastic Load Balancer connection draining to stop sending requests to failing instances. A Developer is writing an imaging micro service on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtimeenvironment.Which strategy should the Developer follow to create the Lambda deployment package?. Create a ZIP file with the source code and all dependent libraries. Create a ZIP file with the source code and a script that installs the dependent libraries at runtime. Create a ZIP file with the source code. Stage the dependent libraries on an Amazon S3 bucketindicated by the Lambda environment variable LD_LIBRARY_PATH. Create a ZIP file with the source code and a buildspec.yaml file that installs the dependent librarieson AWS Lambda. A Developer is writing a serverless application that requires that an AWS Lambda function beinvoked every 10 minutes.What is an automated and serverless way to trigger the function?. Deploy an Amazon EC2 instance based on Linux, and edit its /etc/crontab file by adding acommand to periodically invoke the Lambda function. Configure an environment variable named PERIOD for the Lambda function. Set the value to 600. Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke theLambda function. Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-secondtimer. company needs a fully-managed source control service that will work in AWS. The service mustensure that revision control synchronizes multiple distributed repositories by exchanging sets ofchanges peer-to-peer. All users need to work productively even when not connected to a network.Which source control service should be used?. Subversion. AWS CodeBuild. AWS CodeCommit. AWS CodeStar. An application running on Amazon EC2 instances must access objects within an Amaon S3 busketthat are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). Theapplication must have access to the customer master key (CMK) to decrypt the objects.Which combination of steps will grant the application access? (Select TWO.). Write an S3 bucket policy that grants the bucket access to the key. Grant access to the key in the IAM EC2 role attached to the application’s EC2 instances. Write a key policy that enables IAM policies to grant access to the key. Grant access to the key in the S3 bucket’s ACLE. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances. A Developer is creating a mobile application that will not require users to log in.What is the MOST efficient method to grant users access to AWS resources?. Use an identity provider to securely authenticate with the application. Create an AWS Lambda function to create an IAM user when a user accesses the application. Create credentials using AWS KMS and apply these credentials to users when using theapplication. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited accessto resources. A company is building an application to track athlete performance using an Amazon DynamoDBtable. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name).The table design is shown below:(Note: Not all table attributes are shown)A Developer is asked to write a leaderboard application to display the top performers (user_id)based on the score for each sport_name.What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?. Use a DynamoDB query operation with the key attributes of user_id and sport_name and orderthe results based on the score attribute. Create a global secondary index with a partition key of sport_name and a sort key of score, andget the results. Use a DynamoDB scan operation to retrieve scores and user_id based on sport_name, and orderthe results based on the score attribute. Create a local secondary index with a primary key of sport_name and a sort key of score and getthe results based on the score attribute. A company recently migrated its web, application and NoSQL database tiers to AWS. The company isusing Auto Scaling to scale the web and application tiers. More than 95 percent of the AmazonDynamoDB requests are repeated read-requests.How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?. Amazon EMR. Amazon DynamoDB Accelerator. Amazon SQS. Amazon CloudFront. A company has multiple Developers located across the globe who are updating code incrementallyfor a development project. When Developers upload code concurrently, internet connectivity is slow,and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk.Which step will result in minimized upload and deployment time with the LEAST amount ofadministrative effort?. Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to ElasticBeanstalk. Allow the Developers to upload the code to a central FTP server to deploy the application toElastic Beanstalk. Create an AWS CodeCommit repository, allow the Developers to commit code to it, and thendirectly deploy the code to Elastic Beanstalk. Create a code repository on an Amazon EC2 instance so that all Developers can update the code,and deploy the application from the instance to Elastic Beanstalk. What does an Amazon SQS delay queue accomplish?. Messages are hidden for a configurable amount of time when they are first added to the queue. Messages are hidden for a configurable amount of time after they are consumed from the queue. The consumer can poll the queue for a configurable amount of time before retrieving a message. Message cannot be deleted for a configurable amount of time after they are consumed from thequeue. A Developer is using AWS CLI, but when running list commands on a large number of resources, it istiming out.What can be done to avoid this time-out?. Use pagination. Use shorthand syntax. Use parameter values. Use quoting strings. A company has an internet-facing application that uses Web Identity Federation to obtain atemporary credential from AWS Security Token Service (AWS STS). The app then uses the token toaccess AWS services.Review the following response:Based on the response displayed what permissions are associated with the call from the application?. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1. Permissions associated with the default role used when the AWS service was built. Permission associated with the IAM principal that owns the AccessKeyIDASgeIAIOSFODNN7EXAMPLE. Permissions associated with the account that owns the AWS service. Where should the appspec.yml file be placed in order for AWS CodeDeploy to work?. In the root of the application source code directory structure. In the bin folder along with all the complied code. In an S3 bucket. In the same folder as the application configuration files. An existing serverless application processes uploaded image files. The process currently uses a singleLambda function that takes an image file, performs the processing, and stores the file in Amazon S3.Users of the application now require thumbnail generation of the images. Users want to avoid anyimpact to the time it takes to perform the image uploads.How can thumbnail generation be added to the application, meeting user requirements whileminimizing changes to existing code?. Change the existing Lambda function handling the uploads to create thumbnails at the time ofupload. Have the function store both the image and thumbnail in Amazon S3. Create a second Lambda function that handles thumbnail generation and storage. Change theexisting Lambda function to invoke it asynchronously. Create an S3 event notification with a Lambda function destination. Create a new Lambda functionto generate and store thumbnails. Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function thatprocesses the queue, and generates and stores thumbnails. A Developer must re-implement the business logic for an order fulfilment system. The business logichas to make requests to multiple vendors to decide where to purchase an item. The whole processcan take up to a week to complete.What is the MOST efficient and SIMPLEST way to implement a system that meets theserequirements?. Use AWS Step Functions to execute parallel Lambda functions, and join the results. Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results. Use Amazon CloudWatch Events to orchestrate the Lambda functions. A customer wants to deploy its source code on an AWS Elastic Beanstalk environment. The customerneeds to perform deployment with minimal outage and should only use existing instances to retainapplication access log.What deployment policy would satisfy these requirements?. Rolling. All at once. Rolling with an additional batch. Immutable. A Developer has been asked to build a real-time dashboard web application to visualize the keyprefixes and storage size of objects in Amazon S3 buckets. Amazon DynamoDB will be used to storethe Amazon S3 metadata.What is the optimal and MOST cost-effective design to ensure that the real-time dashboard is keptup to date with the state of the objects in the Amazon S3 buckets?. Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 APIcall to get a list of all Amazon S3 objects and persist the metadata within DynamoD. Have the webapplication poll the DynamoDB table to reflect this change. Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist themetadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change. Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist themetadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change. A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS.Which techniques will work? (Choose two.). Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file. Deploy a SAM template with an inline Swagger definition. Define a Swagger file. Deploy a SAM template that references the Swagger file.E. Define an inline Swagger definition in a Lambda function. Invoke the Lambda function. A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have cachingenabled on the API Gateway. Customers have asked for an option to invalidate this cache for each ofthe APIs.What action can be taken to allow API customers to invalidate the API Cache?. Ask customers to use AWS credentials to call the InvalidateCache API. Ask customers to invoke an AWS API endpoint which invalidates the cache. Ask customers to pass an HTTP header called Cache-Control:max-age=0. Ask customers to add a query string parameter called “INVALIDATE_CACHE” when making an APIcall. A Developer uses AWS CodeDeploy to automate application deployment that connects to anexternal MySQL database. The Developer wants to securely access the encrypted secrets, such as APIkeys and database passwords.Which of the following solutions would involve the LEAST administrative effort?. Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL toaccess them by using the IAM role from Amazon EC2 instances. Use the instance metadata to store the secrets and to programmatically access the secrets fromEC2 instances. Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and toprogrammatically access the secrets from EC2 instances. Use AWS SSM Parameter Store to store the secrets and to programmatically access them by usingthe IAM role from EC2 instances. An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates thatall data must be encrypted in transit.How can the Developer ensure that all traffic to the S3 bucket is encrypted?. Install certificates on the EC2 instances. Create a bucket policy that allows traffic where SecureTransport is true. Create an HTTPS redirect on the EC2 instances. Create a bucket policy that denies traffic where SecureTransport is false. A company is developing a new online game that will run on top of Amazon ECS. Four distinctAmazon ECS services will be part of the architecture, each requiring specific permissions to variousAWS services. The company wants to optimize the use of the underlying Amazon EC2 instances bybin packing the containers based on memory reservation.Which configuration would allow the Development team to meet these requirements MOSTsecurely?. Create a new Identity and Access Management (IAM) instance profile containing the requiredpermissions for the various ECS services, then associate that instance role with the underlying EC2instances. Create four distinct IAM roles, each containing the required permissions for the associated ECSservice, then configure each ECS service to reference the associated IAM role. Create four distinct IAM roles, each containing the required permissions for the associated ECSservice, then, create an IAM group and configure the ECS cluster to reference that group. Create four distinct IAM roles, each containing the required permissions for the associated ECSservice, then configure each ECS task definition to referenсe the associated IAM role. A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using itsown master key.Which of the following AWS service can be used to meet these requirements?. SSE with Amazon S3. SSE with AWS KMS. Client-side encryption. AWS IAM roles and policies. When a Developer tries to run an AWS CodeBuild project, it raises an error because the length of allenvironment variables exceeds the limit for the combined maximum of characters.What is the recommended solution?. Add the export LC_ALL=“en_US.utf8” command to the pre_build section to ensure POSIXlocalization. Use Amazon Cognito to store key-value pairs for large numbers of environment variables. Update the settings for the build project to use an Amazon S3 bucket for large numbers ofenvironment variables. Use AWS Systems Manager Parameter Store to store large numbers of environment variables. A Lambda function is packaged for deployment to multiple environments, including development,test, production, etc. Each environment has unique set of resources such as databases, etc.How can the Lambda function use the resources for the current environment?. Apply tags to the Lambda functions. Hardcore resources in the source code. Use environment variables for the Lambda functions. Use separate function for development and production. The Developer for a retail company must integrate a fraud detection solution into the orderprocessing solution. The fraud detection solution takes between ten and thirty minutes to verify anorder. At peak, the web site can receive one hundred orders per minute.What is the most scalable method to add the fraud detection solution to the order processingpipeline?. Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanningmultiple AZs with the fraud detection solution installed on them to pull orders from this queue.Update the order with a pass or fails status. Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depthmetric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZswith the fraud detection solution installed on them to pull orders from this queue. Update the orderwith a pass or fails status. Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automaticallyread batches of records from the Kinesis Stream. The Lambda function includes the fraud detectionsoftware and will update the order with a pass or fail status. Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all neworders. Subscribe a Lambda function to automatically read batches of records from the KinesisStream. The Lambda function includes the fraud detection software and will update the order with apass or fail status. A Developer is creating a mobile application with a limited budget. The solution requires a scalableservice that will enable customers to sign up and authenticate into the mobile application whileusing the organization’s current SAML 2.0 identity provider.Which AWS service should be used to meet these requirements?. AWS Lambda. Amazon Cognito. AWS IAM. Amazon EC2. An application is real-time processing millions of events that are received through an API.What service could be used to allow multiple consumers to process the data concurrently and MOSTcost-effectively?. Amazon SNS with fanout to an SQS queue for each application. Amazon SNS with fanout to an SQS FIFO (first-in, firtst-out) queue for each application. Amazon Kinesis Firehouse. Amazon Kinesis Streams. A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances.What steps have to be executed to perform the monitoring?. Deploy the X-Ray SDK with the application and use X-Ray annotation. Install the X-Ray daemon and instrument the application code. Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events. Deploy the X-Ray SDK with the application and instrument the application code. A Developer will be using the AWS CLI on a local development server to manage AWS services.What can be done to ensure that the CLI uses the Developer’s IAM permissions when makingcommands?. Specify the Developer’s IAM access key ID and secret access key as parameters for each CLIcommand. Run the aws configure CLI command, and provide the Developer’s IAM access key ID and secretaccess key. Specify the Developer’s IAM user name and password as parameters for each CLI command. Use the Developer’s IAM role when making the CLI command. After installing the AWS CLI, a Developer tries to run the command aws configure but receives thefollowing error:Error: aws: command not foundWhat is the most likely cause of this error?. The aws executable is not in the PATH environment variable. Access to the aws executable has been denied to the installer. Incorrect AWS credentials were provided. The aws script does not have an executable file mode. An on-premises legacy application is caching data files locally and writing shared images to localdisks.What is necessary to allow for horizontal scaling when migrating the application to AWS?. Modify the application to have both shared images and caching data written to Amazon EBS. Modify the application to read and write cache data on Amazon S3, and also store shared imageson S3. Modify the application to use Amazon S3 for serving shared images; cache data can then bewritten to local disks. Modify the application to read and write cache data on Amazon S3, while continuing to writeshared images to local disks. A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an AmazonDynamoDB table.How can the Developer create the solution?. Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda functionsynchronously from the SNS message. Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda functionasynchronously from the SNS message. Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream. Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream. A gaming company is developing a mobile game application for iOS® and Android® platforms. Thismobile game securely stores user data locally on the device. The company wants to allow users touse multiple device for the game, which requires user data synchronization across device.Which service should be used to synchronize user data across devices without the need to create abackend application?. AWS Lambda. Amazon S3. Amazon DynamoDB. Amazon Cognito. An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack.The Developer wants to run this application in AWS.Which of the following sets of AWS services can be used to run this stack?. Amazon API Gateway, Amazon S3. AWS Lambda, Amazon DynamoDB. Amazon EC2, Amazon Aurora. Amazon Cognito, Amazon RDSE. Amazon ECS, Amazon EBS. An application displays a status dashboard. The status is updated by 1 KB messages from an SQSqueue. Although the status changes infrequently, the Developer must minimize the time betweenthe message arrival in the queue and the dashboard update.What technique provides the shortest delay in updating the dashboard?. Retrieve the messages from the queue using long polling every 20 seconds. Reduce the size of the messages by compressing them before sending. Retrieve the messages from the queue using short polling every 10 seconds. Reduce the size of each message payload by sending it in two parts. A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline istriggered by changes to the master branch of an AWS CodeCommit repository and uses AWSCodeBuild to implement the test and build stages of the process and AWS CodeDeploy to deploy theapplication.The pipeline has been operating successfully for several months and there have been nomodifications. Following a recent change to the application’s source code, AWS CodeDeploy has notdeployed the updates application as expected.What are the possible causes? (Choose two.). The change was not made in the master branch of the AWS CodeCommit repository. One of the earlier stages in the pipeline failed and the pipeline has terminated. One of the Amazon EC2 instances in the company’s AWS CodePipeline cluster is inactive. The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.E. AWS CodePipeline does not have permissions to access AWS CodeCommit. A social media company is using Amazon Cognito in order to synchronize profiles across differentmobile devices, to enable end users to have a seamless experience.Which of the following configurations can be used to silently notify users whenever an update isavailable on all other devices?. Modify the user pool to include all the devices which keep them in sync. Use the SyncCallback interface to receive notifications on the application. Use an Amazon Cognito stream to analyze the data and push the notifications. Use the push synchronization feature with the appropriate IAM role. A website’s page load times are gradually increasing as more users access the system at the sametime. Analysis indicates that a user profile is being loaded from a database in all the web pages beingvisited by each user and this is increasing the database load and the page load latency. To addressthis issue the Developer decides to cache the user profile data.Which caching strategy will address this situation MOST efficiently?. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data withinthis database using the write-through caching strategy. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside cachingstrategy. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through cachingstrategy. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy. An application needs to use the IP address of the client in its processing. The application has beenmoved into AWS and has been placed behind an Application Load Balancer (ALB). However, all theclient IP addresses now appear to be the same. The application must maintain the ability to scalehorizontally.Based on this scenario, what is the MOST cost-effective solution to this problem?. Remove the application from the AL. Delete the ALB and change Amazon Route 53 to directtraffic to the instance running the application. Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can workproperly if a list of IP addresses is passed in the header. Alter the application code to inspect a custom header. Alter the client code to pass the IP addressin the custom header. A development team is using AWS Elastic Beanstalk to deploy a two-tier application that consists of aload-balanced web tier and an Amazon RDS database tier in production. The team would like toseparate the RDS instance from the Elastic Beanstalk.How can this be accomplished?. Use the Elastic Beanstalk CLI to disassociate the database. Use the AWS CLI to disassociate the database. Change the deployment policy to disassociate the database. Recreate a new Elastic Beanstalk environment without Amazon RDS. According to best practice, how should access keys be managed in AWS? (Choose two.). Use the same access key in all applications for consistency. Delete all access keys for the account root user. Leave unused access keys in the account for tracking purposes. Embed and encrypt access keys in code for continuous deployment.E. Use Amazon IAM roles instead of access keys where possible. The development team is working on an API that will be served from Amazon API gateway. The APIwill be served from three environments: development, test, and production. The API Gateway isconfigured to use 237 GB of cache in all three stages.Which is the MOST cost-efficient deployment strategy?. Create a single API Gateway with all three stages. Create three API Gateways, one for each stage in a single AWS account. Create an API Gateway in three separate AWS accounts. Enable the cache for development and test environments only when needed. n application running on an Amazon Linux EC2 instance needs to manage the AWS infrastructure.How can the EC2 instance be configured to make AWS API calls securely?. Sign the AWS CLI command using the signature version 4 process. Run the aws configure AWS CLI command and specify the access key id and secret access key. Specify a role for the EC2 instance with the necessary privileges. Pass the access key id and secret access key as parameters for each AWS CLI command. A company is migrating from a monolithic architecture to a microservices-based architecture. TheDevelopers need to refactor the application so that the many microservices can asynchronouslycommunicate with each other without impacting performance.Use of which managed AWS services will enable asynchronous message passing? (Choose two.). Amazon SQS. Amazon Cognito. Amazon Kinesis. Amazon SNSE. Amazon ElastiCache. An application runs on multiple EC2 instances behind an ELB.Where is the session data best written so that it can be served reliably across multiple requests?. Write data to Amazon ElastiCache. Write data to Amazon Elastic Block Store. Write data to Amazon EC2 Instance Store. Write data to the root filesystem. A Developer is creating a Lambda function that will generate and export a file. The function requires100 MB of temporary storage for temporary files while executing. These files will not be needed afterthe function is complete.How can the Developer MOST efficiently handle the temporary files?. Store the files in EBS and delete the files at the end of the Lambda function. Copy the files to EFS and delete the files at the end of the Lambda function. Store the files in the /tmp directory and delete the files at the end of the Lambda function. Copy the files to an S3 bucket with a lifecycle policy to delete the files. A Developer has developed a web application and wants to deploy it quickly on a Tomcat server onAWS. The Developer wants to avoid having to manage the underlying infrastructure.What is the easiest way to deploy the application, based on these requirements?. AWS CloudFormation. AWS Elastic Beanstalk. Amazon S3. AWS CodePipeline. An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; themetadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and theDeveloper wants to examine the logs of the Lambda function code for errors.Based on this system configuration, where would the Developer find the logs?. Amazon S3. The application starts behaving unexpectedly, and theDeveloper wants to examine the logs of the Lambda function code for errors.Based on this system configuration, where would the Developer find the logs?A. Amazon S3. Amazon CloudWatch. Amazon DynamoDB. An organization is using Amazon CloudFront to ensure that its users experience low-latency access toits web application. The organization has identified a need to encrypt all traffic between users andCloudFront, and all traffic between CloudFront and the web application.How can these requirements be met? (Choose two.). Use AWS KMS to encrypt traffic between CloudFront and the web application. Set the Origin Protocol Policy to “HTTPS Only”. Set the Origin’s HTTP Port to 443. Set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS”.E. Enable the CloudFront option Restrict Viewer Access. An application is using Amazon DynamoDB as its data store, and should be able to read 100 items persecond as strongly consistent reads. Each item is 5 KB in size.To what value should the table’s provisioned read throughput be set?. 50 read capacity units. 100 read capacity units. 200 read capacity units. 500 read capacity unitsc. A web application is designed to allow new users to create accounts using their email addresses. Theapplication will store attributes for each user, and is expecting millions of user to sign up.What should the Developer implement to achieve the design goals?. Amazon Cognito user pools. AWS Mobile Hub user data storage. Amazon Cognito Sync. AWS Mobile Hub cloud logic. A company needs a new REST API that can return information about the contents of an Amazon S3bucket, such as a count of the objects stored in it. The company has decided that the new API shouldbe written as a microservice using AWS Lambda and Amazon API Gateway.How should the Developer ensure that the microservice has the necessary access to the Amazon S3bucket, while adhering to security best practices?. Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM usercredentials in the Lambda function source code. Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to theLambda function as its execution role. Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign itto the Amazon S3 bucket. Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role tothe Lambda function as its execution role. An application is running on an EC2 instance. The Developer wants to store an application metric inAmazon CloudWatch.What is the best practice for implementing this requirement?. Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke aLambda function to publish data to CloudWatch. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe aLambda function that publishes data to CloudWatch. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide therequired credentials to enable the API call. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch theEC2 instance with the required IAM role to enable the API call. Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table hasa significant number of large attributes. The application does not need all of the attribute data.How can DynamoDB costs be minimized while maximizing application performance?. Batch all the writes, and perform the write operations when no or few reads are being performed. Create a global secondary index with a minimum set of projected attributes. Implement exponential backoffs in the application. Load balance the reads to the table using an Application Load Balancer. AWS CodeBuild builds code for an application, creates the Docker image, pushes the image toAmazon Elastic Container Registry (Amazon ECR), and tags the image with a unique identifier.If the Developers already have AWS CLI configured on their workstations, how can the Docker imagesbe pulled to the workstations?. Run the following:docker pull REPOSITORY URI : TAG. Run the output of the following:aws ecr get-loginand then run:docker pull REPOSITORY URI : TAG. Run the following:aws ecr get-loginand then run:docker pull REPOSITORY URI : TAG. Run the output of the following:aws ecr get-download-url-for-layerand then run:docker pullREPOSITORY URI : TAG. A company caches session information for a web application in an Amazon DynamoDB table. Thecompany wants an automated way to delete old items from the table.What is the simplest way to do this?. Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2instance. Add an attribute with the expiration time; enable the Time To Live feature based on that attribute. Each day, create a new table to hold session data; delete the previous day’s table. Add an attribute with the expiration time; name the attribute ItemExpiration. An application is expected to process many files. Each file takes four minutes to process each AWSLambda invocation. The Lambda function does not return any important data.What is the fastest way to process all the files?. First split the files to make them smaller, then process with synchronous RequestResponseLambda invocations. Make synchronous RequestResponse Lambda invocations and process the files one by one. Make asynchronous Event Lambda invocations and process the files in parallel. First join all the files, then process it all at once with an asynchronous Event Lambda invocation. The upload of a 15 GB object to Amazon S3 fails. The error message reads: “Your proposed uploadexceeds the maximum allowed object size.”What technique will allow the Developer to upload this object?. Upload the object using the multi-part upload API. Upload the object over an AWS Direct Connect connection. Contact AWS Support to increase the object size limit. Upload the object to another AWS region. A company has an AWS CloudFormation template that is stored as a single file. The template is ableto launch and create a full infrastructure stack.Which best practice would increase the maintainability of the template?. Use nested stacks for common template patterns. Embed credentials to prevent typos. Remove mappings to decrease the number of variables. Use AWS::Include to reference publicly-hosted template files. A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by anapplication. There must be an audit trail of who has used the key during this process. There shouldbe no change to the performance of the application.Which type of encryption meets these requirements?. Server-side encryption using S3-managed keys. Server-side encryption with AWS KMS-managed keys. Client-side encryption with a client-side symmetric master key. Client-side encryption with AWS KMS-managed keys. n on-premises application makes repeated calls to store files to Amazon S3. As usage of theapplication has increased, “LimitExceeded” errors are being logged.What should be changed to fix this error?. Implement exponential backoffs in the application. Load balance the application to multiple servers. Move the application to Amazon EC2. Add a one second delay to each API call. An organization is storing large files in Amazon S3, and is writing a web application to display metadata about the files to end-users. Based on the metadata a user selects an object to download. Theorganization needs a mechanism to index the files and provide single-digit millisecond latencyretrieval for the metadata.What AWS service should be used to accomplish this?. Amazon DynamoDB. Amazon EC2. AWS Lambda. Amazon RDS. While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifiesthe need for centralized storage of application-level logs.Which AWS service can be used to securely store these logs?. Amazon EC2 VPC Flow Logs. Amazon CloudWatch Logs. Amazon CloudSearch. AWS CloudTrail. A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated testsof peak data rates, the Kinesis stream cannot keep up with the incoming data.What step will allow Kinesis to accommodate the traffic during peak hours?. Install the Kinesis Producer Library (KPL) for ingesting data into the stream. Reduce the data retention period to allow for more data ingestion usingDecreaseStreamRetentionPeriod. Increase the shard count of the stream using UpdateShardCount. Ingest multiple records into the stream in a single call using PutRecords. Where can PortMapping be defined when launching containers in Amazon ECS?. Security groups. Amazon Elastic Container Registry (Amzon ECR). Container agent. Task definition. An application uses Amazon Kinesis Data Streams to ingest and process large streams of data recordsin real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis datastream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenariosand does not require standby workers. The application reports that a specific shard is receiving moredata than expected. To adapt to the chnages in the rate of data flow, the “hot” shard is resharded.Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding thenumber of shards increased to 6, what is the maximum number of EC2 instances that can bedeployed to process data from all the shards?. 12. 6. 4. 1. A Development team is working on a case management solution that allows medical claims to beprocessed and reviewed. Users log in to provide information related to their medical and financialsituations.As part of the application, sensitive documents such as medical records, medical imaging, bankstatements, and receipts are uploaded to Amazon S3. All documents must be securely transmittedand stored. All access to the documents must be recorded for auditing.What is the MOST secure approach?. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destinationbucket. Use Amazon Cognito for authorization and authentication to ensure the security of the applicationand documents. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket. Use client-side encryption/decryption with Amazon S3 and AWS KMS. A Developer is trying to make API calls using SDK. The IAM user credentials used by the applicationrequire multi-factor authentication for all API calls.Which method the Developer use to access the multi-factor authentication protected API?. GetFederationToken. GetCallerIdentity. GetSessionToken. DecodeAutherizationMessage. An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resultingwrite traffic slows the read query performance and affects all application users.What can be done to eliminate the performance impact on application users?. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic. Create an RDS Read Replica and direct all read traffic to the replica. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic. A company wants to implement authentication for its new REST service using Amazon API Gateway.To authenticate the calls, each request must include HTTP headers with a client ID and user ID. Thesecredentials must be compared to authentication data in an Amazon DynamoDB table.What MUST the company do to implement this authentication in API Gateway?. Implement an AWS Lambda authorizer that references the DynamoDB authentication table. Create a model that requires the credentials, then grant API Gateway access to the authenticationtable. Modify the integration requests to require the credentials, then grant API Gateway access to theauthentication table. Thesecredentials must be compared to authentication data in an Amazon DynamoDB table.What MUST the company do to implement this authentication in API Gateway?A. Implement an AWS Lambda authorizer that references the DynamoDB authentication tableB. Create a model that requires the credentials, then grant API Gateway access to the authenticationtableC. Modify the integration requests to require the credentials, then grant API Gateway access to theauthentication table. A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration.The service must run different versions for testing purposes.What would be the BEST way to accomplish this?. Use an X-Version header to denote which version is being called and pass that header to theLambda function(s). Create an API Gateway Lambda authorizer to route API clients to the correct API version. Create an API Gateway resource policy to isolate versions and provide context to the Lambdafunction(s). Deploy the API versions as unique stages with unique endpoints and use stage variables to providefurther context. A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. Theencryption keys must be rotated annually, at least.What is the easiest way to achieve this?. Encrypt the data before sending it to Amazon S3. Import a custom key into AWS KMS with annual rotation enabled. Use AWS KMS with automatic key rotation. Export a key from AWS KMS to encrypt the data. When developing an AWS Lambda function that processes Amazon Kinesis Data Streams,Administrators within the company must receive a notice that includes the processed data.How should the Developer write the function to send processed data to the Administrators?. Separate the Lambda handler from the core logic. Use Amazon CloudWatch Events to send the processed data. Publish the processed data to an Amazon SNS topic. Push the processed data to Amazon SQS. A Developer is writing a REST service that will add items to a shopping list. The service is built onAmazon API Gateway with AWS Lambda integrations. The shopping list items are send as querystring parameters in the method request.How should the Developer convert the query string parameters to arguments for the Lambdafunction?. Enable request validation. Include the Amazon Resource Name (ARN) of the Lambda function. Change the integration type. Create a mapping template. A Development team would like to migrate their existing application code from a GitHub repositoryto AWS CodeCommit.What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?. A GitHub secure authentication token. A public and private SSH key file. A set of Git credentials generated from IAM. An Amazon EC2 IAM role with CodeCommit permissions. A Developer must encrypt a 100-GB object using AWS KMS.What is the BEST approach?. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key(CMK). Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key(CMK) with imported key material. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key.Use a plaintext key to encrypt the data. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key.Use an encrypted key to encrypt the data. A team of Developers must migrate an application running inside an AWS Elastic Beanstalkenvironment from a Classic Load Balancer to an Application Load Balancer.Which steps should be taken to accomplish the task using the AWS Management Console?. 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment. 1. Create anew environmentwith the same configurations exceptforthe load balancertype. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action. 1. Edit the environment definitions in the existingdeployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type. A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so theDevelopment team wants to implement indexing so they can filter the data.What should the Development team do to achieve this?. Add annotations to the segment document and the code. Add metadata to the segment document and the code. Configure the necessary X-Ray environment variables. Install required plugins for the appropriate AWS SDK. A Developer created a new AWS account and must create a scalable AWS Lambda function thatmeets the following requirements for concurrent execution:Average execution time of 100 seconds50 requests per secondWhich step must be taken prior to deployment to prevent errors?. Implement dead-letter queues to capture invocation errors. Add an event source from Amazon API Gateway to the Lambda function. Implement error handling within the application code. Contact AWS Support to increase the concurrent execution limits. A company is using continuous integration and continuous delivery systems. A Developer now needsto automate a software package deployment to both Amazon EC2 instances and virtual serversrunning on-premises.Which AWS service should be used to accomplish this?. AWS CodePipeline. AWS CodeBuild. AWS Elastic Beanstalk. AWS CodeDeploy. A company needs a version control system for collaborative software development. Features of thesystem must include the following:Support for batches of changes across multiple filesParallel branchingVersion trackingWhich AWS service will meet these requirements?. AWS CodePipeline. Amazon S3. AWS Code Build. AWS CodeCommit. A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items isdynamically updated in real time. At any given time, multiple updates may occur simultaneously forpricing information on a particular product. This is causing the original editor’s changes to beoverwritten without a proper review process.Which DynamoDB write option should be selected to prevent this overwriting?. Concurrent writes. Conditional writes. Atomic writes. Batch writes. An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. Theprimary table is write-heavy, whereas the GSI is used for read operations. Looking at AmazonCloudWatch metrics, the Developer notices that write operations to the primary table are throttledfrequently under heavy write activity. However, write capacity units to the primary table areavailable and not fully consumed.Why is the table being throttled?. The GSI write capacity units are underprovisioned. There are not enough read capacity units on the primary table. Amazon DynamoDB Streams is not enabled on the table. A large write operation is being performed against another table. A Developer is building a three-tier web application that should be able to handle a minimum of5000 requests per minute. Requirements state that the web tier should be completely stateless whilethe application maintains session state for the users.How can session data be externalized, keeping latency at the LOWEST possible value?. Create an Amazon RDS instance, then implement session handling at the application level toleverage a database inside the RDS database instance for session data storage. Implement a shared file system solution across the underlying Amazon EC2 instances, thenimplement session handling at the application level to leverage the shared file system for sessiondata storage. Create an Amazon ElastiCache Memcached cluster, then implement session handling at theapplication level to leverage the cluster for session data storage. Create an Amazon DynamoDB table, then implement session handling at the application level toleverage the table for session data storage. An application is being developed to audit several AWS accounts. The application will run in AccountA and must access AWS services in Accounts B and C.What is the MOST secure way to allow the application to call AWS services in each audited account?. Configure cross-account roles in each audited account. Write code in Account A that assumesthose roles. Use S3 cross-region replication to communicate among accounts, with Amazon S3 eventnotifications to trigger Lambda functions. Deploy an application in each audited account with its own role. Have Account A authenticate withthe application. Create an IAM user with an access key in each audited account. Write code in Account A that usesthose access keys. A Developer has been asked to create an AWS Lambda function that is triggered any time updatesare made to items in an Amazon DynamoDB table. The function has been created, and appropriatepermissions have been added to the Lambda execution role. Amazon DynamoDB streams have beenenabled for the table, but the function is still not being triggered.Which option would enable DynamoDB table updates to trigger the Lambda function?. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDBtable. Configure event source mapping for the Lambda function. Map an Amazon SNS topic to the DynamoDB streams. increase the maximum execution time (timeout) setting of the Lambda function. A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWSCodeCommit are tied to a user with the following permissions:The Developer needs to create/delete branches.Which specific IAM permissions need to be added, based on the principle of least privilege?. “codecommit:CreateBranch”“codecommit:DeleteBranch”. “codecommit:Put*”. “codecommit:Update*”. “codecommit:*”. A company needs to ingest terabytes of data each hour from thousands of sources that are deliveredalmost continually throughout the day. The volume of messages generated varies over the course ofthe day. Messages must be delivered in real time for fraud detection and live operationaldashboards.Which approach will meet these requirements?. Send the messages to an Amazon SQS queue, then process the messages by using a fleet ofAmazon EC2 instances. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by usingAmazon Redshift. Use AWS Data Pipeline to automate the movement and transformation of data. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages. A company is running a Docker application on Amazon ECS. The application must scale based on userload in the last 15 seconds.How should a Developer instrument the code so that the requirement can be met?. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publishdata every 30 seconds. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publishdata every 5 seconds. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, thenpublish data every 30 seconds. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, thenpublish data every 5 seconds. A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.Which of the following solutions will accomplish this task? (Choose two.). Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key. Set up Server-Side Encryption with AWS KMS-Managed Keys. Transfer the data over an SSL connectionE. Set up Server-Side Encryption with S3-Managed Keys. A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application wasupdated and needs to be redeployed.What file does the Developer need to update to push that change through CodeDeploy?. dockerrun.aws.json. buildspec.yml. appspec.yml. ebextensions.config. An AWS Lambda function must access an external site by using a regularly rotated user name andpassword. These items must be kept securely and cannot be stored in the function code.What combination of AWS services can be used to accomplish this? (Choose two.). AWS Certificate Manager (ACM). AWS Systems Manager Parameter Store. AWS Trusted Advisor. AWS KMSE. Amazon GuardDuty. A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambdafunction to process requests from clients. During testing, the Developer notices that the API Gatewaytimes out even though the Lambda function finishes under the set time limit.Which of the following API Gateway metrics in Amazon CloudWatch can help the Developertroubleshoot the issue? (Choose two.). CacheHitCount. IntegrationLatency. CacheMissCount. LatencyE. Count. A Developer is working on an application that handles 10MB documents that contain highly-sensitivedata. The application will use AWS KMS to perform client-side encryption.What steps must be followed?. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference thecustomer managed key ARN in the KeyId parameter. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key toencrypt the data. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key toencrypt the data. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key toencrypt the data. An application deployed on AWS Elastic Beanstalk experiences increased error rates duringdeployments of new application versions, resulting in service degradation for users. TheDevelopment team believes that this is because of the reduction in capacity during the deploymentsteps. The team would like to change the deployment policy configuration of the environment to anoption that maintains full capacity during deployment while using the existing instances.Which deployment policy will meet these requirements while using the existing instances?. All at once. Rolling. Rolling with additional batch. Immutable. An application writes items to an Amazon DynamoDB table. As the application scales to thousands ofinstances, calls to the DynamoDB API generate occasional ThrottlingException errors. The applicationis coded in a language incompatible with the AWS SDK.How should the error be handled?. Add exponential backoff to the application logic. Use Amazon SQS as an API message bus. Pass API calls through Amazon API Gateway. Send the items to DynamoDB through Amazon Kinesis Data Firehose. A company is running an application built on AWS Lambda functions. One Lambda function hasperformance issues when it has to download a 50MB file from the Internet in every execution. Thisfunction is called multiple times a second.What solution would give the BEST performance increase?. Cache the file in the /tmp directory. Increase the Lambda maximum execution time. Put an Elastic Load Balancer in front of the Lambda function. Cache the file in Amazon S3. A company needs to distribute firmware updates to its customers around the world.Which service will allow easy and secure control of the access to the downloads at the lowest cost?. Use Amazon CloudFront with signed URLs for Amazon S3. Create a dedicated Amazon CloudFront Distribution for each customer. Use Amazon CloudFront with AWS Lambda@Edge. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket. A Developer has a stateful web server on-premises that is being migrated to AWS. The Developermust have greater elasticity in the new design.How should the Developer re-factor the application to make it more elastic? (Choose two.). Use pessimistic concurrency on Amazon DynamoDB. Use Amazon CloudFront with an Auto Scaling group. Use Amazon CloudFront with an AWS Web Application Firewall. Store session state data in an Amazon DynamoDB tableE. Use an ELB with an Auto Scaling group. A Developer is creating a template that uses AWS CloudFormation to deploy an application. Thisapplication is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.Which tool should the Developer use to define simplified syntax for expressing serverless resources?. CloudFormation serverless intrinsic functions. AWS serverless express. An AWS serverless application model. A CloudFormation serverless plugin. An e-commerce web application that shares session state on-premises is being migrated to AWS. Theapplication must be fault tolerant, natively highly scalable, and any service interruption should notaffect the user experience.What is the best option to store the session state?. Store the session state in Amazon ElastiCache. Store the session state in Amazon CloudFront. Store the session state in Amazon S3. Enable session stickiness using elastic load balancers. A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metricfilter to count exceptions in the application logs. However, no results are returned from the logs.What is the reason that no filtered results are being returned?. A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering theCloudWatch Logs in the VPC. CloudWatch Logs only publishes metric data for events that happen after the filter is created. The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Servicebefore metric filtering returns the results. Metric data points for logs groups can be filtered only after they are exported to an Amazon S3bucket. A Developer must analyze performance issues with production-distributed applications written asAWS Lambda functions. These distributed Lambda applications invoke other components that makeup the applications.How should the Developer identify and troubleshoot the root cause of the performance issues inproduction?. Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs. Use AWS Cloud Trail and then examine the logs. Use AWS X-Ray, then examine the segments and errors. Run Amazon Inspector agents and then analyze performance. A Developer is investigating an issue whereby certain requests are passing through an Amazon APIGateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI.The Developer found that a second Lambda function sometimes runs at maximum concurrencyallowed for the given AWS account.How can the Developer address this issue?. Manually reduce the concurrent execution limit at the account level. Add another API Gateway stage for /MyAPI, and shard the requests. Configure the second Lambda function’s concurrency execution limit. Reduce the throttling limits in the API Gateway /MyAPI endpoint. A company is using Amazon RDS MySQL instances for its application database tier and ApacheTomcat servers for its web tier. Most of the database queries from web applications are repeatedread requests.Use of which AWS service would increase in performance by adding in-memory store for repeatedread queries?. Amazon RDS Multi-AZ. Amazon SQS. Amazon ElastiCache. Amazon RDS read replica. To include objects defined by the AWS Serverless Application Model (SAM) in an AWSCloudFormation template, in addition to Resources, what section MUST be included in the documentroot?. Conditions. Globals. Transform. Properties. A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk.After the Developer completes the changes, what solutions will update the Elastic Beanstalkenvironment with the new application version? (Choose two.). Package the application code into a .zip file, and upload, then deploy the packaged applicationfrom the AWS Management Console. Package the application code into a .tar file, create a new application version from the AWSManagement Console, then update the environment by using AWS CLI. Package the application code into a .tar file, and upload and deploy the packaged application fromthe AWS Management Console. Package the application code into a .zip file, create a new application version from the packagedapplication by using AWS CLI, then update the environment by using AWS CLIE. Package the application code into a .zip file, create a new application version from the AWSManagement Console, then rebuild the environment by using AWS CLI. A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.Which approach will MINIMIZE the average runtime of the function?. Deploy the function into multiple AWS Regions. Deploy the function into multiple Availability Zones. Deploy the function using Lambda layers. Deploy the function with its memory allocation set to the maximum amount. A Developer is publishing critical log data to a log group in Amazon CloudWatch Lops, which wascreated 2 months ago. The Developer must encrypt the log data using an AWS KMS customer masterkey (CMK) so future data can be encrypted to comply with me company's security policyHow can the Developer meet this requirement?. Use the Cloud Watch Logs console and enable the encrypt feature on the log group. Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN). Use the KMs console and associate the CMK with the log group. Use the AWS CLI associate-Kms-key command and specify the key Amazon Resource Name (ARN). A company wants to containerize an existing three-tier web application and deploy it to Amazon ECSFargate. The application is using session data to keep track of user activities.Which approach would provide the BEST user experience?. Provision a Redic cluster in Amazon ElasticCache and save the session data in the cluster. Create a session table in Amazon Redshift and save the session data in the database table. Enable session stickness in the existing Network Load Balancer and manage the session data in thecontainer. Use an Amazon S3 bucket as data store and save the session data in the bucket. A company has implemented AWS CodeDeploy as part of its cloud native CI/CD stack The companyenables automatic rollbacks while deploying a new version of a popular web application from inplace to Amazon EC2.What occurs it the deployment of the new version fails due to code regression?. The last known good deployment is automatically restored using the snapshot stored in AmazonS3. CodeDeploy switches the Amazon Route 53 alias records back to the known good greendeployment and terminates the failed blue deployment. A new deployment of the last known good version of the application is deployed with a newdeployment ID. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production. A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. Theapplication has environment variables that must be passed to a container tor the application toinitializeHow should the environment variables be passed to the container?. Define an array that includes the environment variables under the environment parameter withinthe service definition. Define an array that includes the environment variables under the environment parameter withinthe task definition. Define an array that includes the environment variables under the entrypoint parameter withinthe task definition. Define in array that includes the environment variables under the entryPoint parameter withinthe service definition. A Developer decides lo store highly secure data in Amazon S3 and wants to implement server-sideencryption (SSF) with granular control of who can access the master key Company policy requiresthat the master key be created, rotated, and disabled easily when needed, all for security reasons.Which solution should be used to moot these requirements?. SSE with Amazon S3 managed keys (SSE-S3). SSFE with AWS KMS managed keys (SSE KMS). SSE with AWS Secrets Manager. SSE with customer provided encryption keys. A developer has created a new AWS IAM user that has s3 putobject permission to write to a specificAmazon bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SEE-KMS)as the encryption. Using the access key and secret key of the IAM user, the application received anaccess denied error when calling the PutObject API.How can this issue be resolved?. Update the policy of the IAM user to allow the s3 Encrypt action. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects. Update the policy of the IAM user to allow the kms GenerateDatakey action. Update the ACL of the bucket to allow the IAM user to upload objects. An application is running on a cluster of Amazon EC2 instance. While trying to read objects storedwithin a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMSmanaged keys (SSE-KMS), the application receives the following error:Service : AWSKMS: Status Code: 400: Code : ThrottlingExceptionWhich combination of steps should be taken to prevent this failure? (Select TWO.). Contact AWS Support to request an AWS KMS rate limit increase. Perform error retries with exponential backoff in the application code. Contact AWS Support to request a S3 rate limit increase. Import a customer master key (CMK) with a larger key size.E. Use more than one customer master key (CMK) to encrypt S3 data. An advertising company has a dynamic website with heavy traffic. The company wants to migrate thewebsite infrastructure to AWS to handle everything except website development.Which solution BEST meets these requirements?. Use AWS VM Import to migrate a web server image to AWS Launch the image on a computeoptimized Amazon EC2 instanceLaunch. Launch multiple Amazon Lighsall instance behind a load balancer. Set up the website on thoseinstances. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale thenumbers of instance. Use Amazon S3 to host the website. Use Amazon CloudFornt to deliver the content at scale. A Developer is migrating existing applications to AWS. These applications use MongoDB as theirprimary data store, and they will be deployed to Amazon EC2 instances. Management requires thatthe Developer minimize changes to applications while using AWS servicesWhich solution should the Developer use to host MongoDB in AWS?. Install MongoDB on the same instance where the application is running. Deploy Amazon DocumentDB in MongoDB compatibility mode. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB. Replicate the existing MongoDB workload to Amazon DynamoDB. A developer has written an application that runs on Amazon EC2 instances and generates a valueevery minute. The Developer wants to monitor and graph the values generated over time withoutlogging in to the instance each time.Which approach should the Developer use to achieve this goal?. Use the Amazon CloudWatch metrics reported by default for all EC2 instances View each valuefrom the CloudWatch console. Develop the application to store each value in a file on Amazon S3 every minute with theUmestamp as the name. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs. Store each value as a variable and add the variable to the list of EC2 metrics that should bereported to the Amazon CloudWatch console. A company stores all personally identifiable information (PII) in an Amazon DynamoDB table namedPII in Account. An application running on Amazon EC2 instances in Account B requires access to the PII table. Anadministrators in Account A created an IAM role named AccessPII with privileges to access the PIItable, and made account B a trusted entity.Which combination of actional steps should Developers take to access the table? (Select TWO ). Ask an Administrator in Account B to allow the EC2 IAM role permission to assume the AccessPllrole with predefined service control policies. Ask an Administrator in Account A to allow the EG2 IAM role permission to assume the AccessPIIrole with predefined service control policies. Include the AssumeRole API in the application code logic to obtain credentials to access the PlItableE. Include the GetSession token API in the application code logic to obtain credentials to access thePll table. A developer is setting up Amazon API gateway for their company’s products. The API will beregistered developers to query and update their environments. The company wants to limit theamount of requests end users send for.bot cost and security reason management wants to offerregistered the option of buying larger packages that allow for more requests. Enable throttling for the API Gateway stage Set a value tor both the rate and burst capacity If aregistered larger package, create a stage for them, adjust the values, and share the new URL withthem. Set up Amazon CloudWatch API logging in API Gateway Create a filter based on the user andrequestTime fields and create an alarm on this filter Write an AWS Lambda function to analyze thevalues and requester information, and respond accordingly Set up the function as the target tor thealarm If a registered user chooses a larger package, update the Lambda code with the values. Enable Amazon CloudWatch metrics for the API Gateway stage Set up CloudWatch alarms basedoft the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts whenrequest rates pass the threshold Set the alarm action to Deny If a registered user chooses a largerpackage, create a user-specific alarm and adjust the values. Set up a default usage plan specify values for the rate and burst capacity, and associate it with astage If a registered user chooses a larger package, create a custom plan with the appropriate valuesand associate the plan with the user. A global company has an application running on Amazon EC2 instances that serves image files fromAmazon S3. User requests from the browser are causing high traffic, which results in degradedperformance.Which optimization solution should a Developer implement to increase application performance?. Create multiple prefix in the S3 bucket to increase the request rate. Create an Amazon ElastiCache cluster to cache and serve frequently accessed items. Use Amazon CloudFront to serve the content of images stored in Amazon S3. Submit a ticket to AWS support to request a rate limit increase for the S3 bucket. A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group.The application data is stored in an Amazon DynamoDB table and records are constantly updated byall instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent.How can the developer accomplish this?. Set consistentRead to true when calling Getitem. Create a new DynamoDB Accelerator (DAX) table. Set consistency to strong when calling Update Table. Use the Getshardlterator command. A company provides APIs as a service and commits to a service level agreement (SLA) with all itsusers.To comply with each SLA, what should the company do?. Enable throttling limits for each method in Amazon API Getaway. Create a usage plan for each user and request API keys to access the APIs. Enable API rate limiting in Amazon cognito for each user. Enable default throttling limits for each stage after deploying the APIs. A Developer is migrating an on-premises application to AWS. The application currently takes useruploads and saves them to a local directory on the server. All uploads must be saved and madeimmediately available to all instances in an Auto scaling group.Which approach will meet these requirements?. Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance onboot. Use Amazon S3 and rearchitect the application so all uploads are placed in S3. Use instance storage and share it between instances launched from the same Amazon machineimage (AMI). Use Amazon EBS and file synchronization software to achieve eventual consistency among theauto scaling group. A developer is building an application that needs to store date in Amazon S3. Management requiresthat the data be encrypted before is it sent to Amazon S3 for storage. The encryption keys need to bemanaged by the security team.Which approach should the developer take to meet these requirements?. Implement server-side encryption using customer-provided encryption keys (SSE-C). Implement server-side encryption by using client-side master key. Implement client-side encryption using an AWS KMS managed customer master key (CMK). Implement Client-side encryption using Amazon S3 managed keys. A developer has written an Amazon kinesis Data streams application. As usage grows and traffic overtime, the application is regularly receiving provisionedThroughputExceededException errormessages.Which steps should the Developer take to resolve the error? (Select Two.). Use Auto scaling to scale the stream for better performance. Increase the delay between the GetRecords call and the PutRecords call. Increase the number of shards in the data stream. Specify a shard iterator using the shardlterator parameter.E. Implement exponential backoff on the GetRecords call and the PutRecords call. A developer is creating as AWS lambda function that generates a new file each time it runs. Each newfile must be checked into an AWS CodeCommit repository hosted in the same AWS account.How should the developer accomplish this?. When the Lambda function starts, use the Git CLI to Clone the repository. Check the new file intothe cloned repository and push the change. After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file tothe repository. Use an AWS SDK to instantiate a CodeCommit Client. Invoke the put _ file method to add the fileto the repository. Upload the new file to an Amazon S3 bucket. Create an AWS step Function to accept S3 events. Inthe step Function, add the new file to the repository. An application is using single -node Amazon ElastiCache for Redis instance to improve readperformance. Over time, demand for the application has increased exponentially, which hasincreased the load on the ElastiCache instance. It is critical that this cache layer handles the load andis resilient in case of node failures.What can the Developer do to address the load and resiliency requirements?. Add a read replica instance. Migrate to a Memcached cluster. Migrate to an Amazon ElastiCache service cluster. Vertically scale the ElastiCache instance. A company runs continuous integration/continuous delivery (CI/CD) pipeline for its application onAWS CodePipeline. A developer must write unit tests and run them as part of the pipelines beforestaging the artifacts for testing.How should the Developer incorporate unit tests as part of CI/CD pipeline?. Create a separate codePipline pipline to run unit tests. Update the AWS codeBuild build specification to include a phase for running unit tests. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests. Create a testing branch in AWS CodeCommit to run unit tests. A company has a REST application comprised of an Amazon API Gateway and several AWS Lambdafunctions. A developer is responding to an alert that the API Gateway’s HTTP response error rate hasunexpectedly increased. The developer must determine must which Lambda function ismalfunctioning.Which method would help the developer make this determination while minimizing delays?. Execute an Amazon Athena query against the API Gateway and Lambda execution logs. Execute an Amazon CloudWatch Logs Insights query against the API Gateway and Lambdaexecution logs. Download the API Gateway and Lambda execution logs from Amazon S3, and perform a line-byline search against them. Download the API Gateway and Lambda execution logs from Amazon CloudWatch Events, andperform line-by-line search against them. A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository.What needs to be configured before cloning this repository?. Use AWS KMS to set up public and private keys for use with CodeCommit. Set up the Git credential helper to use an AWS credential profile, and enable the helper to sendthe path to the repositories. Generate encryption keys using AWS CloudHSM, then export the key for use with AWSCodeCommit. Use AWS certificate manager to provision public and private SSL/TLS certificates. A development team wants to immediately build and deploy an application whenever there is achange to the source code. Which approaches could be used to trigger the deployment? (SelectTWO.). Store the source code in an Amazon S3 bucket Configure AWS CodePipeline to start whenever afile in the bucket changes. Store the source code in an encrypted Amazon EBS volume Configure AWS CodePipeline to startwhenever a file in the volume changes. Store the source code in an AWS CodeCommit repository Configure AWS CodePipeline to startwhenever a change is committed to the repository. Store the source code in an Amazon S3 bucket Configure AWS CodePipeline to start every 15minutesE. Store the source code in an Amazon EC2 instance's ephemeral storage. Configure the instance tostart AWS CodePipeline whenever there are changes to the source code. A developer is writing a web application that must share secure documents with end users Thedocuments are stored in a private Amazon S3 bucket The application must allow only authenticatedusers to download specific documents when requested, and only for a duration of 15 minutesHow can the developer meet these requirements?. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15minutes. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documentsusing HTTPS. Modify the S3 bucket policy to only allow specific users to download the documents Revert thechange after 15 minutes. A developer has built an application running on AWS Lambda using AWS Serverless ApplicationModel (AWS SAM). What is the correct order of execution to successfully deploy the application?. 1 Build the SAM template in Amazon EC22 Package the SAM template to Amazon EBS storage3. Deploy the SAM template from Amazon EBS. 1 Build the SAM template locally2 Package the SAM template onto Amazon S33. Deploy the SAM template from Amazon S3. 1 Build the SAM template locally2. Deploy the SAM template from Amazon S3.3 Package the SAM template for use. 1 Build the SAM template locally2 Package the SAM template from AWS CodeCommit.3 Deploy the SAM template to CodeCommit. A company experienced partial downtime during the last deployment of a new application AWSElastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a newversion one batch at a time after taking them out of service. Therefore, full capacity was notmaintained during deployment.The developer plans to release a new version of the application, and is looking for a policy that willmaintain full capacity and minimize the impact of the failed deploymentWhich deployment policy should the developer use?. Immutable. All at Once. Rolling. Rolling with an Additional Batch. An application ingests a large number of small messages and stores them in a database. Theapplication uses AWS Lambda. A development team is making changes to the application's processing logic. In testing, it is takingmore than 15 minutes to process each message. The team is concerned the current backend maytime out.Which changes should be made to the backend system to ensure each message is processed in theMOST scalable way1?. Add the messages to an Amazon SQS queue Set up an Amazon EC2 instance to poll the queue andprocess messages as they arrive. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scalinggroup to poll the queue and process the messages as they arrive. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increasedprocessing time. Change the application to directly insert the body of the message into an Amazon RDS database. A company is developing a web application that allows its employees to upload a profile picture to aprivate Amazon S3 bucket There is no size limit for the profile pictures, which should be displayedevery time an employee logs in. For security reasons, the pictures cannot be publicly accessible.What is a viable long-term solution for this scenario''. Generate a presigned URL when a picture is uploaded Save the URL in an Amazon DynamoDBtable Return the URL to the browser when the employee logs in. Save the picture's S3 key in an Amazon DynamoDB table Create an Amazon S3 VPC endpoint toallow the employees to download pictures once they log in. Encode a picture using base64 Save the base64 string in an Amazon DynamoDB table Allow thebrowser to retrieve the string and convert it to a picture. Save the picture's S3 key in an Amazon DynamoDB table. Use a function to generate a presignedURL every time an employee logs in. Return the URL to the browser. A developer is testing a Docker-based application that uses the AWS SDK to interact with AmazonDynamoDB In the local development environment, the application has used IAM access keys Theapplication is now ready for deployment onto an ECS duster.How should the application authenticate with AWS services in production?. Configure an ECS task IAM role for the application to use. Refactor the application to call AWS STS AssumeRole based on an instance role. Configure AWS access key/secret access key environment variables with new credentials. Configure the credentials file with a new access key/secret access key. A company wants to migrate an imaging service to Amazon EC2 while following security bestpractices. The images are sourced and read from a non-public Amazon S3 bucket.What should a developer do to meet these requirements?. Create an IAM user with read-only permissions for the S3 bucket Temporarily store the usercredentials in the Amazon EBS volume of the EC2 instance. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the usercredentials in the user data of the EC2 instance. Create an EC2 service role with read-only permissions for the S3 bucket Attach the role to the EC2instance. Create an S3 service role with read-only permissions for the S3 bucket Attach the role to the EC2instance. A developer wants to send multi-value headers to an AWS Lambda function that is registered as atarget with an Application Load Balancer (ALB).What should the developer do to achieve this?. Place the Lambda function and target group in the same account. Send the request body to the Lambda function with a size less than 1 MB 0. Include the Base64 encoding status status code, status description, and headers in the Lambdafunction. Enable the multi-value headers on the ALB. An ecommerce startup is preparing for an annual sales event As the traffic to the company'sapplication increases, the development team wants to be notified when the Amazon EC2 instance'sCPU utilization exceeds 80%.Which solution will meet this requirement?. Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topicwhen the CPU utilization exceeds 80%. Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when theCPU utilization exceeds 80%. Create a cron job on the EC2 instance that executes the --describe-instance-information commandon the host instance every 15 minutes and sends the results to an Amazon SNS topic. Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtihzationmetric every 15 minutes and sends a notification to an Amazon SNS topic when the CPU utilizationexceeds 80%. An application running on Amazon EC2 opens connections to an Amazon RDS SQL Server databaseThe developer does not want to store the user name and password for the database in the code. Thedeveloper would also like to automatically rotate the credentials.What is the MOST secure way to store and access the database credentials?. Create an IAM role that has permissions to access the database Attach the role to the EC2 instance. Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manageras needed. Store the credentials in an encrypted text file in an Amazon S3 bucket Configure the EC2 instance'suser data to download the credentials from Amazon S3 as the instance boots. Store the user name and password credentials directly in the source code. No further action isneeded because the source code is stored in a private repository. An application needs to encrypt data that is written to Amazon S3 where the keys are managed in anon-premises data center and the encryption is handled by S3. Which type of encryption should beused?. Use server-side encryption with Amazon S3-managed keys. Use server-side encryption with AWS KMS-managed keys. Use client-side encryption with customer master keys. Use server-side encryption with customer-provided keys. A software engineer developed an AWS Lambda function in Node.js to do some CPU-intensive dataprocessing. With the default settings, the Lambda function takes about 5 minutes to complete.Which approach should a developer take to increase the speed of completion''. Instead of using Node js. rewrite the Lambda function using Python. Instead of packaging the libraries in the ZIP file with the function move them to a Lambda layerand use the layer with the function. Allocate the maximum available CPU units lo the function. Increase the available memory to the function. A developer wants to build an application that will allow new users to register and create new useraccounts. The application must also allow users with social media accounts to log in using their socialmedia credentials.Which AWS service or feature can be used to meet these requirements?. AWS IAM. Amazon Cognito identity pools. Amazon Cognito user pools. AWS Directory Service. A developer has written an Amazon Kinesis Data Streams application. As usage grows and trafficincreases over time, the application is regularly receiving ProvisionedThroughputExceededExceptionerror messagesWhich steps should the developer take to resolve the error? (Select TWO.). Use Auto Scaling to scale the stream for better performance. Increase the delay between the GetRecords call and the PutRecords call. Increase the number of shards in the data stream. Specify a shard iterator using the Shardlterator parameter.E. Implement exponential backoff on the GetRecords call and the PutRecords call. A developer wants the ability to roll back to a previous version of an AWS Lambda function in theevent of errors caused by a new deployment.How can the developer achieve this with MINIMAL impact on users?. Change the application to use an alias that points to the current version Deploy the new version ofthe code Update the alias to use the newly deployed version. If too many errors are encountered,point the alias back to the previous version. Change the application to use an alias that points to the current version Deploy the new version ofthe code. Update the alias to direct 10% of users to the newly deployed version. If too many errorsare encountered, send 100% of traffic to the previous version. Do not make any changes to the application Deploy the new version of the code. If too manyerrors are encountered, point the application back to the previous version using the version numberin the Amazon Resource Name (ARN). Create three aliases: new, existing, and router Point the existing alias to the current version Havethe router alias direct 100% of users to the existing alias Update the application to use the routeralias Deploy the new version of the code Point the new alias to this version Update the router alias todirect 10% of users to the new alias If too many errors are encountered, send 100% of traffic to theexisting alias. A development team is working on a mobile app that allows users to upload pictures to Amazon S3The team expects the app will be used by hundreds of thousands of users during a single eventsimultaneously Once the pictures are uploaded, the backend service will scan and parse the picturesfor inappropriate content.Which approach is the MOST resilient way to achieve this goal which also smooths out temporaryvolume spikes for the backend service?. Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploadedpictures are detected, the Lambda function will scan and parse them. Once a picture is uploaded to Amazon S3: publish the event to an Amazon SQS queue. Use thequeue as an event source to trigger an AWS Lambda function In the Lambda function scan and parsethe picture. When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API willinvoke an AWS Lambda function to scan and parse the picture. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a ne wpicture is detected, invoke an AWS Lambda function to scan and parse it. A company requires that AWS Lambda functions written by developers log errors so systemadministrators can more effectively troubleshoot issues What should the developers implement tomeet this need?. Publish errors to a dedicated Amazon SQS queue. Create an Amazon CloudWatch Events event to trigger based on certain Lambda events. Report errors through logging statements in Lambda function code. Set up an Amazon SNS topic that sends logging statements upon failure. A development team wants to run their container workloads on Amazon ECS Each applicationcontainer needs to share data with another container to collect logs and metrics.What should the development team do to meet these requirements?. Create two pod specifications Make one to include the application container and the other toinclude the other container Link the two pods together. Create two task definitions Make one to include the application container and the other to includethe other container. Mount a shared volume between the two tasks. Create one task definition Specify both containers in the definition Mount a shared volumebetween those two containers. Create a single pod specification Include both containers in the specification Mount a persistentvolume to both containers. A company has 25:000 employees and is growing The company is creating an application that will beaccessible to its employees only A developer is using Amazon S3 to store images and Amazon RDS tostore application data. The company requires that all employee information remain in the legacy Security AssertionMarkup Language (SAML) employee directory only and is not interested in mirroring any employeeinformation on AWS.How can the developer provide authorized access for the employees who will be using thisapplication so each employee can access their own application data only?. Use Amazon VPC and keep all resources inside the VPC. and use a VPC link for the S3 bucket withthe bucket policy. Use Amazon Cognito user pools, federate with the SAML provider and use user pool groups withan IAM policy. and use a VPC link for the S3 bucket withthe bucket policy.B. Use Amazon Cognito user pools, federate with the SAML provider and use user pool groups withan IAM policy. Create a unique IAM role for each employee and have each employee assume the role to accessthe application so they can access their personal data only. A company has developed a new serverless application using AWS Lambda functions that will bedeployed using the AWS Serverless Application Model (AWS SAM) CLI Which step should thedeveloper complete prior to deploying the application?. Compress the application to a .zip file and upload it into AWS Lambda. Test the new AWS Lambda function by first tracing it in AWS X-Ray. Bundle the serverless application using a SAM package. Create the application environment using the eb create my-env command. A developer needs to create an application that supports Security Assertion Markup Language(SAML) and Facebook authentication It must also allow access to AWS services, such as AmazonDynamoDB.Which AWS service or feature will meet these requirements with the LEAST amount of additionalcoding?. AWSAppSync. Amazon Cognito identity pools. Amazon Cognito user pools. Amazon Lambda@Edge. A developer has a legacy application that is hosted on-premises Other applications hosted on AWSdepend on the on-premises application for proper functioning In case of any application errors, thedeveloper wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applicationsfrom one place.How can the developer accomplish this?. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch . Download the CloudWatch agent to the on-premises server Configure the agent to use IAM usercredentials with permissions for CloudWatch. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files. Upload log files from the on-premises server to an Amazon EC2 instance and have the instanceforward the logs to CloudWatch. A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table namedPll in Account. An application running on Amazon EC2 instances in Account B requires access to the Pll table. Anadministrator in Account A created an IAM role named AccessPII with privileges to access the Plltable and made Account B a trusted entity.Which combination of additional steps should developers take to access the table1? (Select TWO ). Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPIIrole with predefined service control policies. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPIIrole with predefined service control policies. Include the AssumeRole API in the application code logic to obtain credentials to access the Plltable.E. Include the Gets ess ionToken API in the application code logic to obtain credentials to access thePll table. A developer is working on an AWS Lambda function that accesses Amazon DynamoDB The Lambdafunction must retrieve an item and update some of its attributes. or create the item if it does notexist The Lambda function has access to the primary key.Which IAM permissions should the developer request for the Lambda function to achieve thisfunctionality?. dynaracdb:DeleteItemdynamodb:GetItemdynamcdb:Putltem. dynamodb:Updateltemdynamcdb:Getltemdynamodb:DescribeTable. dynamcdb:GetRecordsdynamcdb:Putltemdynamodb:updateTable. dynamodb:Updateltemdynamodb:Getltemdynamodb:Putltem. A developer added a new feature to an application running on an Amazon EC2 instance that usesAmazon SQS After deployment, the developer noticed a significant increase in Amazon SQS costs.When monitoring the Amazon SQS metrics on Amazon CloudWatch. the developer found that onaverage one message per minute is posted on this queue.What can be done to reduce Amazon SQS costs for this application?. Increase the Amazon SQS queue polling timeout. Scale down the Amazon SQS queue to the appropriate size for low traffic demand. Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue. A development team is designing a mobile app that requires multi-factor authenticationWhich steps should be taken to achieve this? (Select TWO). Use Amazon Cognito to create a user pool and create users in the user pool. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in theapp code. Enable multi-factor authentication for the Amazon Cognito user pool. Use AWS IAM to create IAM usersE. Enable multi-factor authentication for the users created in AWS IAM. A developer is writing an application in AWS Lambda To simplify testing and deployments, thedeveloper needs the database connection string to be easily changed without modifying the Lambdacode.How can this requirement be met?. Store the connection string as a secret in AWS Secrets Manager. Store the connection string in an IAM user account. Store the connection string in AWS KMS. Store the connection string as a Lambda layer. A developer must ensure that the IAM credentials used by an application in Amazon EC2 are notmisused or compromised What should the developer use to keep user credentials secure?. Environment variables. AWS credentials file. Instance profile credentials. Command line options. A developer is storing sensitive data generated by an application in Amazon S3. The developer wantsto encrypt the data at rest. A company policy requires an audit trail of when the master key was usedand by whom.Which encryption option will meet these requirements?. Server-side encryption with Amazon S3 managed keys (SSE-S3). Server-side encryption with AWS KMS managed keys (SSE-KMS). Server-side encryption with customer-provided keys (SSE-C). Server-side encryption with self-managed keys. A company is launching an ecommerce website and will host the static data in Amazon S3. Thecompany expects approximately 1 000 transactions per second (TPS) for GET and PUT requests intotal. Logging must be enabled to track all requests and must be retained for auditing purposes.What is the MOST cost-effective solution?. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to movethe data from the log bucket to Amazon S3 Glacier in 90 days. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expirethe data in 90 days. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3Glacier in 90 days. A company is developing an application that will be accessed through the Amazon API Gateway RESTAPI Registered users should be the only ones who can access certain resources of this API. The tokenbeing used should expire automatically and needs to be refreshed periodically.How can a developer meet these requirements'?. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in APIGateway, and use the temporary credentials generated by the identity pool. Create and maintain a database record for each user with a corresponding token and use an AWSLambda authorizer m API Gateway. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and usethe identity or access token. Create an IAM user for each API user, attach an invoke permissions policy to the API. and use anIAM authorizer in API Gateway. A company has an application where reading objects from Amazon S3 is based on the type of userThe user types are registered user and guest user The company has 25.000 users and is growingInformation is pulled from an S3 bucket depending on the user type.Which approaches are recommended to provide access to both user types? (Select TWO.). Provide a different access key and secret access key in the application code for registered usersand guest users to provide read access to the objects. Use S3 bucket policies to restrict read access to specific IAM users. Use Amazon Cognito to provide access using authenticated and unauthenticated roles. Create a new IAM user for each user and grant read access.E. Use the AWS IAM service and let the application assume the different roles using the AWS SecurityToken Service (AWS STS) AssumeRole action depending on the type of user and provide read accessto Amazon S3 using the assumed role. A company is developing a report executed by AWS Step Functions Amazon CloudWatch showserrors in the Step Functions task state machine To troubleshoot each task, the state input needs to beincluded along with the error message in the state output.Which coding practice can preserve both the original input and the error for the state?. Use ResultPath in a Catch statement to include the error with the original input. Use inputPath in a Catch statement and set the value to null. Use ErrorEquals in a Retry statement to include the error with the original input. Use OutputPath in a Retry statement and set the value to $. A developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB)using a CLI command. However, the Lambda function is not being invoked when the client sendsrequests through the ALB.Why is the Lambda function not being invoked?. A Lambda function cannot be registered as a target for an ALB. A Lambda function can be registered with an ALB using AWS Management Console only. The permissions to invoke the Lambda function are missing. Cross-zone is not enabled on the ALB. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-A company has implemented AWS CodePipeline to automate its release pipelines The developmentteam is writing an AWS Lambda function that will send notifications for state changes of each of theactions in the stages.Which steps must be taken to associate the Lambda function with the event source?. Create a trigger that invokes the Lambda function from the Lambda console by selectingCodePipeline as the event source. Create an event trigger and specify the Lambda function from the CodePipeline console. Create an Amazon CloudWatch alarm that monitors status changes in CodePipeline and triggersthe Lambda function. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source. A developer is preparing a deployment package using AWS Cloud Formation. The package consists oftwo separate templates: one for the infrastructure and one for the application. The application has tobe inside the VPC that is created from the infrastructure templateHow can the application stack refer to the VPC created from the infrastructure template?. Use the Ret function to import the VPC into the application stack from the infrastructure template. Use the export flag in the infrastructure template, and then use the Fn::lmportValue function inthe application template. Use the DependsOn attribute to specify that the application instance depends on the VPC in theapplication template. Use the Fn::GetAtt function to include the attribute of the VPC in the application template. A company s website runs on an Amazon EC2 instance and uses Auto Scale the environment duringpeak times Website users across the world are experiencing high to sea latency due to static contenton the EC2 instance, even during non-peak hours.Which combination of steps will resolve the latency issue? (Select TWO ). Double the Auto Scaling group's maximum number of servers. Host the application code on AWS Lambda. Scale vertically by resizing the EC2 instances. Create an Amazon CloudFront distribution to cache the static contentE. Store the application's static content in Amazon S3. A developer is writing an application that will process data delivered into an Amazon S3 bucket. Thedata is delivered approximately 10 times a day, and the developer expects the data will be processedin less than 1 minute, on average.How can the developer deploy and invoke the application with the lowest cost and lowest latency?. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatchalarm triggered by an S3 object upload. Deploy the application as an AWS Lambda function and invoke it with an S3 event notification. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatchscheduled event. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for newobjects. A developer is testing an application that invokes an AWS Lambda function asynchronously Duringthe testing phase, the Lambda function fails to process after two retriesHow can the developer troubleshoot the failure?. Configure AWS CloudTrail logging to investigate the invocation failures. Configure Dead Letter Queues by sending events to Amazon SQS for investigation. Configure Amazon Simple Workflow Service to process any direct unprocessed events. Configure AWS Config to process any direct unprocessed events. A developer needs temporary access to resources in a second accountWhat is the MOST secure way to achieve this?. Use the Amazon Cognito user pools to get short-lived credentials for the second account. Create a dedicated IAM access key for the second account, and send it by mail. Create a cross-account access role, and use sts:AssumeRcie API to get short-lived credentials. Establish trust, and add an SSH key for the second account to the IAM user. A developer is updating an application deployed on AWS Elastic Beanstalk The new version isincompatible with the old version To successfully deploy the update, a full cutover to the newupdated version must be performed on all instances at one time, with the ability to roll back changesin case of a deployment failure in the new versionHow can this be performed with the LEAST amount of downtime?. Use the Elastic Beanstalk All at once deployment policy to update all instances simultaneously. Perform an Elastic Beanstalk Rolling with additional batch deployment. Deploy the new version in a new Elastic Beanstalk environment and swap environment URLs. Perform an Elastic Beanstalk Rolling deployment. A developer is setting up Amazon API Gateway for their company's products The API will be used byregistered developers to query and update their environments. The company wants to limit theamount of requests end users can send for both cost and security reasons Management wants tooffer registered developers the option of buying larger packages that allow for more requests.How can the developer accomplish this with the LEAST amount of overhead management?. Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If aregistered user chooses a larger package, create a stage for them, adjust the values, and share thenew URL with them. Set up Amazon CloudWatch API logging in API Gateway Create a filter based on the user andrequestTime fields and create an alarm on this filter Write an AWS Lambda function to analyze thevalues and requester information, and respond accordingly Set up the function as the target for thealarm If a registered user chooses a larger package, update the Lambda code with the values. Enable Amazon CloudWatch metrics for the API Gateway stage Set up CloudWatch alarms basedoff the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts whenrequest rates pass the threshold Set the alarm action to Deny If a registered user chooses a largerpackage create a user-specific alarm and adjust the values. Set up a default usage plan, specify values for the rate and burst capacity, and associate it with astage, if a registered user chooses a larger package, create a custom plan with the appropriate valuesand associate the plan with the user. A developer is refactoring a monolithic application. The application takes a POST request andperforms several operations. Some of the operations are in parallel while others run sequentially.These operations have been refactored into individual AWS Lambda functions. The POST request willbe processed by Amazon API Gateway.How should the developer invoke the Lambda functions in the same sequence using API Gateway*?. Use Amazon SQS to invoke the Lambda functions. Use an AWS Step Functions activity to run the Lambda functions. Use Amazon SNS to trigger the Lambda functions. Use an AWS Step Functions state machine to orchestrate the Lambda functions. A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. Theapplication stores data in a MySQL database that is currently installed on a single EC2 instance Thecompany has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS.What should the developer do to update the application to support data storage in Amazon RDS?. Update the database connection parameters in the application to point to the new RDS instance. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials. Create a new EC2 instance with an IAM role that allows access to the new RDS database. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database. A company is adding stored value for gift card) capability to its highly popular casual gaming website.Users need to be able to trade this value for other users' items on the platform. This would requireboth users' records be updated as a single transaction, or both users' records to be completely rolledback.Which AWS database options can provide the transactional capability required for this new feature?(Select TWO ). Amazon DynamoDB with operations made with the ConsistentRead parameter set to true. Amazon ElastiCache for Memcached with operations made within a transaction block. Amazon Aurora MySQL with operations made within a transaction block. Amazon DynamoDB with reads and writes made using Transact" operationsE. Amazon Redshift with operations made within a transaction block. A developer is implementing authentication and authorization for an application. The developerneeds to ensure that the user credentials are never exposed. Which approach should the developertake to meet this requirement?. Store the user credentials In Amazon DynamoDB Build an AWS Lambda function to validate thecredentials and authorize users. Deploy a custom authentication and authorization API on an Amazon EC2 instance. Store the usercredentials in Amazon S3 and encrypt the credentials using Amazon S3 server-side encryption. Use Amazon Cognito to configure a user pool, and use the Cognito API to authenticate andauthorize the users. Store the user credentials In Amazon RDS Enable the encryption option for the Amazon RDS D8instances Build an API using AWS Lambda to validate the credentials and authorize users. A developer wants to ensure the Amazon EC2 instances in AWS Elastic Beanstalk execute a certain setof commands before the application is ready to use Which Elastic Beanstalk feature will allow thedeveloper to accomplish this?. Rolling update. Immutable update. User data. ebextensions. A developer has written a serverless application and wants to deploy it to AWS Lambda to leveragethe function's multi-threaded execution to improve performance. Which action should the developertake to achieve these requirements?. increase the Lambda function execution timeout. Use unreserved account concurrency. Increase the memory allocation of the Lambda function. Set the reserved concurrency of the Lambda function to a higher number. A developer is migrating code to an AWS Lambda function that will access an Amazon Aurora MySQLdatabase.What is the MOST secure way to authenticate the function to the database?. Store the database credentials as encrypted parameters in AWS Systems Manager ParameterStore Obtain the credentials from Systems Manager when the Lambda function needs to connect tothe database. Store the database credentials in AWS Secrets Manager Let Secrets Manager handle the rotationof the credentials, as required. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for theLambda role only when accessing the credentials Use AWS KMS to encrypt the data. Create a policy with rds-db connect access to the database and attach it to the role assigned to theLambda function. A company has a two-tier application running on an Amazon EC2 server that handles all of its AWSbased e-commerce activity During peak times, the backend servers that process orders areoverloaded with requests. This results in some orders failing to process. A developer needs to createa solution that will re-factor the application.Which steps will allow for more flexibility during peak times, while still remaining cost-effective?(Select TWO.). Increase the backend T2 EC2 instance sees to xl to handle the largest possible load throughout theyear. implement an Amazon SQS queue to decouple the front-end and backend servers. Use an Amazon SNS queue to decouple the front-end and backend servers. Migrate the backend servers to on-premises and pull from an Amazon SNS queueE. Modify the backend servers to pull from an Amazon SQS queue. A developer is creating a new application that will be accessed by users through an API created usingAmazon API Gateway The users need to be authenticated by a third-party Security Assertion MarkupLanguage (SAML) identity provider Once authenticated, users will need access to other AWS servicessuch as Amazon S3 and Amazon DynamoDBHow can these requirements be met?. Use an Amazon Cognito user pool with SAML as the resource server. Use Amazon Cognito Identity pools with a SAML identity provider as one of the authenticationproviders. Use the AWS IAM service to provide the sign-up and sign-in functionality. Use Amazon CloudFront signed URLs to connect with the SAML identity provider. A development team is creating a new application designed to run on AWS. While the test andproduction environments will run on Amazon EC2 instances, developers will each run their ownenvironment on their laptops.Which of the following is the simplest and MOST secure way to access AWS services from the localdevelopment machines?. Use an IAM role to assume a role and execute API calls using the role. Create an IAM user to be shared with the entire development team, provide the developmentteam with the access key. Create an IAM user for each developer on the team: provide each developer with a unique accesskey. Set up a federation through an Amazon Cognito user pool. A developer has discovered that an application responsible for processing messages in an AmazonSQS queue is routinely falling behind. The application is capable of processing multiple messages inone execution, but is only receiving one message at a timeWhat should the developer do to increase the number of messages the application receives?. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a valuegreater than the default of 1. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to avalue greater than the default of 1. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of1. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greaterthan the default of 1. A front-end web application is using Amazon Cognito user pools to handle the user authenticationflow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK forJavaScriptHow would the developer securely call the API without exposing the access or secret keys?. Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporarycredentials. Run the web application in an Amazon EC2 instance with the instance profile configured. Hardcode the credentials use Amazon S3 to host the web application, and enable server-sideencryption. Use Amazon Cognito user pool JSON Web Tokens (JWTs) to access the DynamoDB APIs. A developer uses Amazon S3 buckets for static website hosting. The developer creates one S3 bucketfor the code and another S3 bucket for the assets, such as image and video files. Access is deniedwhen a user attempts to access the assets bucket from the code bucket, with the website applicationshowing a 403 errorHow should the developer solve this issue?. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access. Edit the bucket policy of the assets bucket to open access to all principals. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any originto access the assets. Change the code bucket to use AWS Lambda functions instead of static website hosting. A software company needs to make sure user-uploaded documents are securely stored in AmazonS3. The documents must be encrypted at rest in Amazon S3. The company does not want to managethe security infrastructure in-house, but the company still needs extra protection to ensure it hascontrol over its encryption keys due to industry regulationsWhich encryption strategy should a developer use to meet these requirements?. Server-side encryption with Amazon S3 managed keys (SSE-S3). Server-side encryption with customer-provided encryption keys (SSE-C). Server-side encryption with AWS KMS managed keys (SSE-KMS). Client-side encryption. A company is managing a NoSQL database on-premises to host a critical component of anapplication, which is starting to have scaling issues. The company wants to migrate the application toAmazon DynamoDB with the following considerations:• Optimize frequent queries• Reduce read latencies• Plan for frequent queries on certain key attributes of the tableWhich solution would help achieve these objectives?. Create global secondary indexes on keys that are frequently queried Add the necessary attributesinto the indexes. Create local secondary indexes on keys that are frequently queried DynamoDB will fetch neededattributes from the table . Create DynamoDB global tables to speed up query responses Use a scan to fetch data from thetable. Create an AWS Auto Scaling policy for the DynamoDB table. A company's ecommerce website is experiencing massive traffic spikes, which are causingperformance problems in the company database. Users are reporting that accessing the websitetakes a long timeA developer wants to implement a caching layer using Amazon ElastiCache. The website is requiredto be responsive no matter which product a user views, and the updates to product information andprices must be strongly consistent. Which cache writing policy will satisfy these requirements?. Write to the cache directly and sync the backend at a later time. Write to the backend first and wait for the cache to expire. Write to the cache and the backend at the same timeE. Write to the backend first and invalidate the cache. A developer is working on a serverless project based in Java. Initial testing shows a cold start takes about 8 seconds on average for AWS Lambda functions.What should the developer do to reduce the cold start time'' (Select TWO). Add the Spring Framework to the project and enable dependency injection. Reduce the deployment package by including only the needed modules from the AWS SDK forJava. Increase the memory allocation setting for the Lambda function. Increase the timeout setting for the Lambda function.E. Change the Lambda invocation mode from synchronous to asynchronous. An application is using a custom library to make HTTP calls directly to AWS service endpoints. Theapplication is experiencing transient errors that are causing processes to stop when each error is firstencountered A request has been made to make the application more resilient by adding error retriesand exponential backoff.How should a developer implement the changes with MINIMAL custom code?. Add a Retry-After HTTP header to API requests. Use the AWS CLI to configure the retry settings in a named profile. Change the custom library to retry on 5xx errors only. Use an AWS SDK and set retry-specific configurations. An application is processing clickslream data using Amazon Kinesis. The clickstream data feed intoKinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show thatthe failed call returns the response shown below.Which techniques will help mitigate this exception? (Select TWO.). Implement retries with exponential backoff. Use a PutRecord API instead of PutRecords. Reduce the frequency and/or size of the requests. Use Amazon SNS instead of Kinesis.E. Reduce the number of KCL consumers. A company's fleet of Amazon EC2 instances receives data from millions of users through an API. Theservers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensurehigh access rates The object attributes are Customer ID, Server ID, TS-Server (TimeStamp and ServerID) the size of the object, and a timestamp A developer wants to find all the objects for a given usercollected during a specified time rangeAfter creating an S3 object created event, how can the developer achieve this requirement^. Execute an AWS Lambda function in response to the S3 object creation events that creates anAmazon DynamoDB record for every object with the Customer ID as the partition key and the ServerID as the sort key Retrieve all the records using the Customer ID and Server ID attributes. Execute an AWS Lambda function in response to the S3 object creation events that creates anAmazon Redshift record for every object with the Customer ID as the partition key and TS-Server asthe sort key Retrieve all the records using the Customer ID and TS-Server attributes. Execute an AWS Lambda function in response to the S3 object creation events that creates anAmazon DynamoDB record for every object with the Customer ID as the partition key and TS-Serveras the sort key Retrieve all the records using the Customer ID and TS-Server attributes. Execute an AWS Lambda function in response to the S3 object creation events that creates anAmazon Redshift record for every object with the Customer ID as the partition key and the Server IDas the sort key. Retrieve all the records using the Customer ID and Server ID attributes. A development team decides to adopt a continuous integration/continuous delivery (CI/CD) processusing AWS CodePipehne and AWS CodeCommit for a new application. However, management wantsa person to review and approve the code before it is deployed to production How can the development team add a manual approver to the CI/CD pipeline?. Use AWS SES to send an email to approvers when their action is required Develop a simpleapplication that allows approvers to accept or reject a build Invoke an AWS Lambda function toadvance the pipeline when a build is accepted. If approved, add an approved tag when pushing changes to the CodeCommit repository.CodePipeiine will proceed to build and deploy approved commits without interruption. Add an approval step to CodeCommit Commits will not be saved until approved. Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNStopic when approval is required. The pipeline execution will stop and wait for an approval. A developer is building an application integrating an Amazon API Gateway with an AWS Lambdafunction. When calling the API, the developer receives the following error. Wed Nov 03 01:13:00UTC 2017 : Method completed with status: 502 What should the developer do to resolve theerror?. Change the HTTP endpoint of the API to an HTTPS endpoint. Change the format of the payload sent to the API Gateway. Change the format of the Lambda function response to the API call. Change the authorization header in the API call to access the Lambda function. A developer has built a market application that stores pricing data in Amazon DynamoDB withAmazon ElastiCache in front. The prices of items in the market change frequently Sellers have beguncomplaining that, after they update the price of an item, the price does not actually change in theproduct listingWhat could be causing this issue?. The cache is not being invalidated when the price of the item is changed. The price of the item is being retrieved using a write-through ElastiCache cluster. The DynamoDB table was provisioned with insufficient read capacity. The DynamoDB table was provisioned with insufficient write capacity. A development team uses AWS Elastic Beanstalk for application deployment. The team hasconfigured the application version lifecycle policy to limit the number of application versions to 25However even with the lifecycle policy the source bundle is deleted from the Amazon S3 sourcebucketWhat should a developer do in the Elastic Beanstalk application version lifecycle settings to retain thesource code in the S3 bucket?. Change the Set the application versions limit by total count setting to zero. Disable the Lifecycle policy setting. Change the Set the application version limit by age setting to zero. Set Retention to Retain source bundle in S3. A development team is building a new application that will run on Amazon EC2 and use AmazonDynamoDB as a storage layer The developers all have assigned IAM user accounts in the same IAMgroup The developers currently can launch EC2 instances and they need to be able to launch EC2instances with an instance role allowing access to Amazon DynamoDB.Which AWS I AM changes are needed when creating an instance role to provide this functionality^. Create an IAM permission policy attached to the role that allows access to DynamoDB Add a trustpolicy to the role that allows DynamoDB to assume the role Attach a permissions policy to thedevelopment group in AWS IAM that allows developers to use the IAM GetRole and IAM PassRolepermissions for the role. Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trustpolicy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to thedevelopment group in AWS IAM that allows developers to use the IAM PassRole permission for therole. Create an IAM permission policy attached to the role that allows access to Amazon EC2 Add a trustpolicy to the role that allows DynamoDB to assume the role Attach a permissions policy to thedevelopment group in AWS IAM that allows developers to use the IAM PassRole permission for therole. Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trustpolicy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to thedevelopment group in AWS IAM that allows developers to use the iam GetRole permission for therole. A company has a web application that uses an Amazon Cognito user pool for authentication. Thecompany wants to create a login page with the company logo. What should a developer do to meetthese requirements?. Create a hosted user interface in Amazon Cognito and customize it with the company logo. Create a login page with the company logo and upload it to Amazon Cognito. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page. A company is building a compute-intensive application that will run on a fleet of Amazon EC2instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted.What should a developer do to ensure the data is encrypted on disk without impacting performance?. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data. Add logic to write all data to an encrypted Amazon S3 bucket. Add a custom encryption algorithm to the application that will encrypt and decrypt all data. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data toephemeral disks. A gaming application stores scores for players in an Amazon DynamoDB table that has four attributesuser_id, user_name, user_score, and user_rank. The users are allowed to update their names only Auser is authenticated by web identity federation.Which set of conditions should be added in the policy attached to the role for the dynamodb PutltemAPI call?A)B)C)D). Option A. Option B. Option C. Option D. A developer is building a serverless application using AWS Lambda and must create a REST API usingan HTTP GET method What needs to be defined to meet this requirement? (Select TWO ). A Lambda@Edge function. An Amazon API Gateway with a Lambda function. An exposed GET method in an Amazon API Gateway ID. An exposed GET method in the Lambda functionE. An exposed GET method in Amazon Route 53. A developer is trying to monitor an application's status by running a cron job that returns 1 if theservice is up and 0 if the service is down. The developer created code that uses an AWS CLI putmetric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarmHowever the developer is unable to create an alarm as the custom metrics do not appear m theCloudWatch console.What is causing this issue?. Sending custom metrics using the CLI is not supported. The developer needs to use the put-metric-data command. The developer must use a unified CloudWatch agent to publish custom metrics. The code is not running on an Amazon EC2 instance. A developer converted an existing program to an AWS Lambda function in the console. The programruns properly on a local laptop, but shows an "Unable to import module" error when tested in theLambda consoleWhich of the following can fix the error?. Install the missing module and specify the current directory as the target Create a ZIP file toinclude all files under the current directory, and upload the ZIP file. Install the missing module in a lib directory Create a ZIP file to include all files under the libdirectory, and upload the ZIP file as a dependency file. In the Lambda code invoke a Linux command to install the missing modules under the /usr/libdirectory. In the Lambda console, create a LD_LIBRARY_PATH environment and specify the value for thesystem library path. A developer must allow guest users without logins to access an Amazon Cognito-enabled site to viewfiles stored within an Amazon S3 bucketHow should the developer meet these requirements'?. Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources. Create a new identity pool, enable access to unauthenticated identities and grant access to AWSresources. Create a new user pool, enable access to unauthenticated identities, and grant access to AWSresources. Create a new user pool disable authentication access, and grant access to AWS resources. A developer has written an AWS Lambda function using Java as the runtime environment. Thedeveloper wants to isolate a performance bottleneck in the code.Which steps should be taken to reveal the bottleneck?. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric Use theCloudWatch console to analyze the resulting data. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code Use theAmazon CloudWatch console to analyze the resulting data. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Usethe X-Ray console to analyze the resulting data. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric Use theAWS X-Ray console to analyze the resulting data. A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is addedto an Amazon S3 bucket.Which set of steps would be necessary to achieve this?. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insertthe records into DynamoDB. Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB. Create a cron job that will run at a scheduled time and insert the records into DynamoDB. A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connectfrom on-premises to Amazon EC2 instances in the developer's account The developer is able toaccess an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the sameVPCWhich logs can the developer use to verify whether the traffic is reaching subnet B?. VPN logs. BGP logs. VPC Flow Logs. AWS CloudTrail logs. A developer is writing an AWS Lambda function. The developer wants to log key events that occurduring the Lambda function and include a unique identifier to associate the events with a specificfunction invocation.Which of the following will help the developer accomplish this objective?. Obtain the request identifier from the Lambda context object Architect the application to writelogs to the console. Obtain the request identifier from the Lambda event object Architect the application to write logsto a file. Obtain the request identifier from the Lambda event object Architect the application to write logsto the console. Obtain the request identifier from the Lambda context object Architect the application to writelogs to a file. A developer receives the following error message when trying to launch or terminate an Amazon EC2instance using a boto3 script.What should the developer do to correct this error message?. Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of the client. Implement an exponential backoff algorithm for optimizing the number of API requests made toAmazon EC2. Increase the overall network bandwidth to handle higher API request rates. Upgrade to the latest AWS CLI version so that boto3 can handle higher request rates. A developer is creating a script to automate the deployment process for a serverless application. Thedeveloper wants to use an existing AWS Serverless Application Model (AWS SAM) template for theapplicationWhat should the developer use for the project? (Select TWO). Callaws cloudformation package to create the deployment package Call aws cloudformationdeploy to deploy the package afterward. Call sam package to create the deployment package Call sam deploy to deploy the packageafterward. Callaws s3 cp to upload the AWS SAM template to Amazon S3 Call aws lambda update-functioncode to create the application. Create a ZIP package locally and call aws serverlessrepo create-applicarion to create theapplication. A company is running a custom application on a set of on-premises Linux servers that are accessedusing Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stageHow can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount ofconfiguration''. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the XRay service. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to theX-Ray service. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process,and relay relevant data to X-Ray using the PutTraceSegments API call. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process,and relay relevant data to X-Ray using the PutTelemetryRecords API call. A developer has created a REST API using Amazon API Gateway. The developer wants to log who andhow each caller accesses the API. The developer also wants to control how long the logs are keptWhat should the developer do to meet these requirements?. Enable API Gateway execution logging Delete old logs using API Gateway retention settings. Enable API Gateway access logs Use Amazon CloudWatch retention settings to delete old logs. Enable detailed Amazon CloudWatch metrics Delete old logs with a recurring AWS Lambdafunction. Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function. A development team uses AWS Elastic Beanstalk to deploy a Java-based web application. The teamwants to ensure that the changes to the source code and the configuration are always deployed onnew instances The team configures the Elastic Beanstalk environment to use immutable updates.However an error occurs the first time a change is deployed with the new update policyWhat is the MOST likely cause of this issue?. Immutable updates are not supported for Java-based applications. The account has reached its on-demand instance limit. Immutable updates are only supported for m4 large and larger instance types. The developer must also modify the ebextensions/immutable-updates config file to enableimmutable updates. How does Envelope Encryption work in AWS KMS?. The Customer Master Key is used to encrypidecrypt a data key The Plaintext Data Key is used toencrypt customer data. Two encryption keys are used The Customer Master Key encrypts customer data. The Data Key isused to re-encrypt the encrypted data. Two encryption keys are used The Data Key encrypts customer data The Customer Master Key isused to re-encrypt the encrypted data. The Customer Master Key is used to encrypt'decrypt a data key. The Encrypted Data Key is used toencrypt customer data. A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that theAPIs be used by test account users only. What is the MOST secure way to restrict API access to usersof this particular AWS account?. Client-side SSL certificates for authentication. API Gateway resource policies. Cross-origin resource sharing (CORS). Usage plans. An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 APIactions. The EC2 instance credentials file specifies the IAM access key and secret access key, whichallow full administrative access.Given that multiple modes of IAM access are present for this EC2 instance, which of the following iscorrect?. The EC2 instance will only be able to list the S3 buckets. The EC2 instance will only be able to list the contents of one S3 bucket at a time. The EC2 instance will be able to perform all actions on any S3 bucket. The EC2 instance will not be able to perform any S3 action on any S3 bucket. A developer is using Amazon DynamoDB to store application data . The developer wants to furtherimprove application performance by reducing response limes for read and write operations.Which DynamoDB feature should be used to meet these requirement?. Amazon DynamoDB Streams. Amazon DynamoDB Accelerator. Amazon DynamoDB global tables. Amazon DynamoDB transactions. An application contains two components one component to handle HI IP requests, and anothercomponent to handle background processing tasks Bach component must scale independently Thedeveloper wants to deploy this application using AWS Elastic Beanstalk.How should this application be deployed, based on these requirements?. Deploy the application in a single Elastic Beanstalk environment. Deploy each component in a separate Elastic Beanstalk environment. Use multiple Elastic Beanstalk environments for the HTTP component but one environment for thebackground task component. Use multiple Elastic Beanstalk environments for the background task component but oneenvironment tor the HTTP component. Given the following AWS CloudFormation template:What is the MOST efficient way to reference the new Amazon S3 bucket from another AWSCloudFormation template?. Add an Export declaration to the outputs section of the original template and use ImportValue inother templates. Add Exported: True to the ContentBucket in the original template and use ImportResource in othertemplates. Create a custom AWS CloudFormation resource that gets the bucket name from theContentBucket resource of the first stack. Use Fn: : Include to include the existing template in other template and use the ContentBucketresource directly. A developer implemented a static website hosted in Amazon S3 that makes web service requestshosted in Amazon API Gateway AWS Lambda. The site is showing an error that reads"No ' Access-Control-Allow Origin' header is present on the requested resource Origin 'null' istherefore not allowed access " What should the developer do to resolve this issue?. Enable cross-origin resource sharing (CORS) on the S3 bucket. Enable cross-origin resource sharing (CORS) for the method in API Gateway. Add the Access-Control-Request-Method header to the request. Add the Access-Control-Request-Headers header to the request. A developer is creating a role to access Amazon S3 buckets To create the role, the developer uses theAWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service toassume the role?. Managed policy. Trust policy. Inline policy. Service control policy (SCP). An application is experiencing performance issues based on increased demand. This increaseddemand is on read-only historical records pulled from an Amazon RDS-hosted database with customviews and queries. A developer improve performance without changing the database structure.Which approach will improve performance and MINIMIZE management overhead?. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB. Deploy Amazon ElasticCache for Redis and cache the data for the application. Deploy Memcached on Amazon EC2 and cache the data for the application. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance. A developer is building an application that runs behind an application Load Balancer (ALB). Theapplication is configured as the origin for an Amazon CloudFront distribution. Users will log in to theapplication using their social media accounts.How can the developer authenticate and authorize users?. Validate the user by inspecting the tokens using AWS Lambda authorizers on the ALB. Configure the ALB to use Amazon Cognito as one of the authentication providers. Configure Cloudfront to use Amazon Cognito as one of the authentication providers. Authorize the users by calling the Amazon Cognito API in the AWS Lambda authorizer on the ALB. An application development team decides to use AWS X Ray to monitor application code to analyzeperformance and perform r cause analysisWhat does the team need to do to begin using X Ray? (Select TWO ). Log instrumentation output into an Amazon SQS queue. Use a visualization tool to view application traces. Instrument application code using the AWS SDK. Install the X-Ray agent on the application serversE. Create an Amazon DynamoDB table to store the trace logs. A developer is using AWS CodeDeploy to deploy an application running on Amazon EC2. Thedeveloper wants to change the file permissions for a specific deployment file. Which lifecycle eventshould a developer use to meet this requirement?. Afterlnstall. DownloadBundle. Beforelnstall. ValtdateService. A developer must increase read performance from an unencrypted Amazon S3 bucket. Theapplication requires 100.000 read requests each second Cost-effectiveness is a priority. What wouldbe the SIMPLEST approach to implement these requirements?. Create 20 or more prefixes in Amazon S3 Place files by prefixes. Read in parallel by prefixes. Create 20 of more AWS accounts Create a bucket in each account Read in parallel by bucket. Deploy Memcached on Amazon EC2 Cache the files in memory Retrieve from the Memcachedcache. Copy all files to Amazon DynamoDB Index the files with S3 metadata Retrieve from DynamoDB. A company runs its APIs using Amazon API Gateway in front of AWS Lambda functions The companywants to add logging at the API level Each API must have production and development environmentsThe developer wants to enable different logging levels in both environments.How can these requirements be met?. Set up a stage for each environment In each stage, point to different Lambda functions thatimplement the logging logic m the code Access the logs in Amazon CloudWatch Logs. Set up a stage for each environment In each stage, define a different logging level according to thelogging requirements Access the logs in Amazon CloudWatch Logs. Set up a stage and use the same Lambda functions In Amazon CloudWatch Logs set up a filterbased on the log level according to the logging requirements. Set up a stage for each environment In each stage, define a variable for the log level Set the valueaccording to the logging requirements. A developer is building a highly secure healthcare application using .. application requires writingtemporary data to /tmp storage on an AWS Lambda function.How should the developer encrypt this data?. Enable Amazon EBS volume encryption with an AWS KMS .. configuration so that all storageattached to the Lambda function is encrypted. Set up the Lambda function with a role and key policy to access an AWS KMS CMK Use the CMK togenerate a data key used to encrypt all data prior to writing to /tmp storage. Use OpenSSL to generate a symmetric encryption key on Lambda startup Use this key to encryptthe data prior to writing to /tmp. Use an on-premises hardware security module (HSM) to generate keys where the Lambdafunction requests a data key from the HSM and uses that to encrypt data on all requests to thefunction. A large company has its application components distributed across.. company needs to collect andvisualize trace data across these accounts.What should be used to meet these requirements?. AWS X-Ray. Amazon CloudWatch. Amazon VPC flow logs. Amazon Elasticsearch Service. An application running on multiple Amazon EC2 instances pulls messages ...SQS queue. Arequirement for the application is that all messages must be encrypted at rest.Developers are instructed to use methods that allow for centralized .. possible support requirementswhenever possible.Which of the following solution supports these requirements?. Encrypt individual messages by using client-side encryption with customer managed keys, thenwrite to the SQS queue. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client. Create an SQS queue, and encrypt the queue by using server-side encryption with AWS KMS. Create an SQS queue and encrypt the queue by using client-side encryption. A developer needs to modify an application architecture to meet new functional requirements.Application data is stored in Amazon DynamoDB and processed for analysis in a rightly batch. Thesystem analysts do not want to wait unit the next day to view the processed data and have asked tohave it available in near-real time.Which application architect pattern would enables the data to be processed as it is received?. Evert driven. Client served driven. Fan-out driven. Schedule driven. A three-tier application hosted on AWS uses Amazon RDS for MYSQL as its database. A developermust ensure the database credentials are stored and accessed securely.What is the MOST secure way for the developer to achieve this?. Store the credentials in a configuration file and commit it to the GIT repository. Store the credentials in AWS Secrets Manager and enable automatic secret rotation. Store the credentials using Amazon RDS and enable automatic rotation. Store the credentials in code and handle credentials rotation within the application. A company is launching a poling application. The application will store the results of each pool anAmazon DynamoDB table. Management wants to remove pool data after a few data and store anarchive of those records in Amazon S3.Which approach would allow the application to archive each poll's data while keeping complexity toa MINIMUM?. Enable Time to Live (TTL) on the DynamoDB table. Enable DynamoDB Streams on the table andstore the records removed from the stream in Amazon S3. Schedule an AWS Lambda function to periodically scan the DynamoDB table. Use the BatchWrittenoperation to delete the results of a scan Enable DynamoDB Stream on the table and store the recordsremoved from the stream in Amazon S3. Enable DynamoDB Streams on the table. Configure the steam as trigger for AWS Lambda. Saverecords to Amazon S3 when records on the stream are modified. Enable cross-Region replication on the S3 bucket to achieve the poll data. A developer is designing a distributed application built using a microservices architect spanningmultiple AWS accounts. The company's operations team wants to analyze and debug applicationissues from a centralized account.How can the developer meet these requirements?. Use an Amazon X-Ray agent with role assumption on to publish data into the centralized account. Use Amazon X-Ray and create a new IAM user to publish the access keys into the centralizedaccount. Use VPC Flow Logs to collect application logs across different accounts. Enable AWS CloudTrail to publish the trails in an Amazon S3 bucket in the centralized account. What is required to trace Lambda-based applications with AWS X-Ray?. Send logs from the Lambda application to an S3 bucket trigger a Lambda function from that bucketto send data to AWS X-Ray. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing datato AWS X-Ray. Use an IAM execution role to give the Lambda function permissions and enabled tracing. Update and add AWS X-ray daemon code to relevant parts of the Lambda function to set up thetrace. A developer is creating an application to process a large number of requests Requests must beprocessed in order, and each request should be processed only once How should Amazon SQS bedeployed to achieve this?. Configure First in First out (FIFO) delivery in a standard Amazon SQS queue to process requests. Use an SQS FIFO queue to process requests. Use the SetOrder attribute to ensure sequential request processing. Convert the standard queue to a FIFO queue by renaming the queue to use the fifo suffix. A developer must modify an Alexa skill backed by an AWS Lambda function to access an AmazonDynamoDB table in a second account A role in the second account has been created withpermissions to access the tableHow should the table be accessed?. Modify the Lambda function execution role's permissions to include the new role. Change the Lambda function execution role to be the new role. Assume the new role in the Lambda function when accessing the table. Store the access key and the secret key for the new role and use them when accessing the table. A developer Is designing an AWS Lambda function that create temporary files that are less than 10MB during execution. The temporary files will be accessed and modified multiple times duringexecution. The developer has no need to save or retrieve these files in the future.Where should the temporary file be stored?. the /tmp directory. Amazon EFS. Amazon EBS. Amazon S3. A video-hosting website has two types of members: those who pay a fee. and those who do not Eachvideo upload places a message in Amazon SQS A fleet of Amazon EC2 instances polls Amazon SQSand processes each videoThe developer needs to ensure that the videos uploaded by the paying members are processed firstHow can the developer meet this requirement?. Create two SQS queues: one for paying members, and one for non-paying members Poll thepaying member queue first and then poll the non-paying member queue. Use SQS to set priorities on individual items within a single queue: give the paying members'videos the highest priority. Use SQS to set priorities on individual items within a single queue and use Amazon SNS to encodethe videos. Create two Amazon SNS topics: one for paying members and one for non-paying members UseSNS topic subscription priorities to differentiate between the two types of members. A company has a web application In an Amazon Elastic Container Service (Amazon ECS) clusterrunning hundreds of secure services in AWS Fargate containers. The services are in target groupsrouted by an Application Load Balancer (ALB) Application users log in to the website anonymously,but they must be authenticated using any OpenID Connect protocol-compatible identity provider(IdP) to access the secure servicesWhich authentication approach would meet these requirements with the LEAST amount of effort?. Configure the services to use Amazon Cognito. Configure the ALB to use Amazon Cognito. Configure the services to use AWS Security Token Service (AWS STS) with the OpenID Connect IdP. Configure the Amazon ECS cluster to use AWS Security Token Service (AWS STS) with the OpenIDConnect IdP. A developer from AnyCompany's AWS account needs access to the Example Corp AWS accountAnyCompany uses an identity provider that is compatible with OpenID Connect.What is the MOST secure way for Example Corp to allow developer access?. Create a cross-account role and call the AssumeRole API operation. Create a user in the Example Corp account and provide the access keys. Create a user in the Example Corp account and provide the credentials. Create a cross-account role and call the AssumeRoleWithWebldentity API operation. A company is developing a new web application in Python A developer must deploy the applicationusing AWS Elastic Beanstalk from the AWS Management Console The developer creates an ElasticBeanstalk source bundle to upload using the consoleWhich of the following are requirements when creating the source bundle? (Select TWO.). The source bundle must include the ebextensions.yaml file. The source bundle must not include a top-level directory. The source bundle must be compressed with any required dependencies in a top-level parentfolder. The source bundle must be created as a single zip or war fileE. The source bundle must be uploaded into Amazon EFS. A developer is building an application on Amazon EC2 The developer encountered an "AccessDenied" error on some of the API calls to AWS services while testing The developer needs to modifypermissions that have been already given to the instanceHow can these requirements be met with minimal changes and minimum downtime?. Make a new 1AM role with the needed permissions Stop the instance. Attach the new 1AM role tothe instance Start the instance. Delete the existing 1AM role Attach a new 1AM role with the needed permissions. Stop the instance Update the attached 1AM role adding the needed permissions. Start theinstance. Update the attached 1AM role adding the needed permissions. A developer is building an AWS Lambda function that will dynamically generate and send a weeklynewsletter to 100.000 users This newsletter contains both static text and images The developerneeds a fast and highly scalable place to store the images that will be hyperlinked in the newsletterWhere should the developer store these images?. Use an Amazon DynamoDB table with DynamoDB Streams and read capacity auto scaling enabled. Use an Amazon S3 bucket and S3 Transfer Acceleration to speed up the image download. Use an Amazon Aurora database with a public DNS endpoint and auto scaling enabled. Use an Amazon S3 backed Amazon CloudFront distribution with a high Time-to-Live (TTL) tomaximize caching. A developer Is working with a Docker application that needs to be quickly deployed using AWSwithout changing the infrastructure or configuring health checks. The application should beconfigured so that changes and updates can be made automatically without any downtimeWhich solution will meet these requirements?. Use AWS Elastic Beanstalk for application deployment and select an all-at-once update policy. Use AWS Elastic Beanstalk for application deployment and select a rolling deployment policy. Deploy the Docker container on an Amazon EC2 instance in an Auto Scaling group and configure ahealth check on the EC2 instance. Deploy the Docker container using AWS Lambda and enable Amazon CloudWatch monitoring. A developer must build a mobile application that allows users to read and write data from anAmazon DynamoDB table to store user state for each unique user. The solution needs to limit dataaccess to allow users access only to their own dataWhich solution below is the most secure?. Embed AWS access credentials into the application and create DynamoDB queries that limit useraccess. Use Amazon Cognito identity pools to assign unique identifiers and provide user access. Modify the DynamoDB table to allow public read and writes, then add client-side filtering. Create a web portal for users to create an account on AWS Directory Service. A developer is trying to get data from an Amazon DynamoDB table called demoman-table Thedeveloper configured the AWS CLI to use a specific 1AM user's credentials and executed thefollowing command:aws dynamodb get-item table-name demoman-table --key '("id": <"N''; ''1993''}} 'The command returned errors and no rows were returnedWhat is the MOST likely cause of these issues?. The command is incorrect; it should be rewritten to use : ut-i t am with a string argument. The developer needs to log a ticket with AWS Support to enable access to the demoman-table. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API. The 1AM user needs an associated policy with read access to demoman-table. A photo sharing website gets millions of new images every week The images are stored in AmazonS3 under a formatted date prefix A developer wants to move images to a few S3 buckets for analysisand further processing Images are not required to be moved in real timeWhat is the MOST efficient method for performing this task?. Use S3 PutObject events to Invoke AWS Lambda Then Lambda will copy the files to the otherobjects. Create an AWS Lambda function that will pull a day of Images from the origin bucket and copythem to the other buckets. Use S3 Batch Operations to create jobs for images to be copied to each Individual bucket. Use Amazon EC2 to batch pull images from multiple days and copy them to the other buckets. A developer is building an application using an Amazon API Gateway REST API backed by an AWSLambda function that interacts with an Amazon DynamoDB table During testing, the developerobserves high latency when making requests to the APIHow can the developer evaluate the end-to-end latency and identify performance bottlenecks?. Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function Use X-Ray totrace and analyze user requests. Enable Amazon CloudWatch Logs for the Lambda function Enable execution logs for API Gatewayto view and analyze user request logs. Enable VPC Flow Logs to capture and analyze network traffic within the VPC. A developer is building a WebSocket API using Amazon API Gateway. The payload sent to this API isJSON that includes an action key This key can have three different values create, update, and removeThe developer must integrate with different routes based on the value of the action key of theincoming JSON payload.How can the developer accomplish this task with the LEAST amount of configuration?. Deploy the WebSocket API to three stages for the respective routes create, update, and remove. Create a new route key and set the name as action. Set the value of the route selection expression to action. Set the value of the route selection expression to $request.body action. Which of the following are good use cases for how Amazon ElastiCache can help an application?(Select TWO.). Improve the performance of S3 PUT operations. Improve the latency of deployments performed by AWS CodeDeploy. Improve latency and throughput for read-heavy application workloads. Reduce the time required to merge AWS CodeCommit branchesE. Improve performance of compute-intensive applications. A developer has code stored in an Amazon S3 bucket The code must be deployed as an AWS Lambdafunction across multiple accounts in the same Region as the S3 bucket The Lambda function will bedeployed using an AWS CloudFormation template that is run for each accountWhat is the MOST secure approach to allow access to the Lambda code in the S3 bucket?. Grant the CloudFormation execution role S3 list and get permissions Add a bucket policy toAmazon S3 with the Pnncipal of "AWS": [account numbers]. Grant the CloudFormation execution role S3 get permissions Add a bucket policy to Amazon S3with the Principal of "". Use a service-based link to grant the Lambda function S3 list and get permissions by explicitlyadding the S3 bucket's account number in the resource. Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of"*" to allow access to the S3 bucket. A developer is building an application that reads 90 Items of data each second from an AmazonDynamoDB table. Each item Is 3 KB m size. The table is configured to use eventually consistent readsHow many read capacity units should the developer provision for the table?. 25. 35. 45. 85. A company process incoming documents from an Amazon S3 bucket. Users upload documents to anS3 bucket using a web user interface. Upon receiving files in S3, and AWS Lambda function is invokedto process the files, but the Lambda function times out intermittently.If the Lambda function is configured with the default settings, what will happen to the S3 event whenthere is a timeout exception?. Notification of a failed S3 event is sent as an email through Amazon SNS. The S3 event is sent to the default Deed Letter Queue. The S3 event is processed unit it is successful. The S3 event is discarded after the event is retried twice. A developer has launched an application that calls an API by way of Amazon API Gateway. It offersinformation that changes several times a day, but is not updated in real time. The application hasbecome so popular that the API endpoint is overloaded and that traffic to the endpoint must bereduced.What can the developer do to address the performance issues?. Enable API caching in Amazon ElastiCache. Enable an Auto Scaling group on the endpoint service and database. Create an additional API Gateway and use an Application Load Balancer. A developer wants to secure sensitive configuration date such as passwords, database strings, andapplication license codes. Access to this sensitive information must be tracked for future auditpurposes. In an encrypted file on the source code bundle; grant the application access with Amazon IAM. In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM. On an Amazon EBS encrypted volume attach the volume to an Amazon EC2 instance to access thedata. As on object in on Amazon S3 bucket, grant on Amazon EC2 instance access with on IAM rob. A developer has built an application using Amazon Cognito for authentication and authorization.After a user is successfully logged in to the application, the application creates a user record in anAmazon DynamoDB table.What is the correct flow to authenticate the user and create a record in the DynamoDB table?. Authenticate and get a token from an Amazon Cognito user pool. Use the token to accessDynamoDB. Authenticate and get a token from an Amazon Cognito identity pool. Use the token to accessDynamoDB. Authenticate and get a token from an Amazon Cognito user pool Exchange the token for AWScredentials with an Amazon Cognito identity pool. Use the credential to access DynamoDB. Authenticate and get a token from an Amazon Cognito identity pool. Exchange the token for AWScredentials with an Amazon Cognito user pool. Use the credentials to access DynamoDB. A developer has designed a customer, facing application that is running on an Amazon EC2 instance.The application logs every request made to it. The application usually runs seamlessly, but a spike intraffic generates several logs that cause the disk to fill up and eventually run out of memoryCompany policy requires old to be centralized for analysis.Which long-term solution should the developer employ to prevent the issue from reoccurring?. Install the Amazon CloudWatch agent on the instance to send the logs to CloudWatch. Delete thelogs from the instance once they are sent to CloudWatch. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) to automatically addvolumes to the instance when it reaches a specified threshold. Enable AWS Auto Scaling on Amazon Elastic Block Store (Amazon EBS) a outomatically add volumeto the instance when it reaches a specified threshold. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to pull the logs from theinstance. Configure the rule to delete the logs they have been pulled. A company recently experienced some unexpected downtime. After investigating, the companydetermines that a developer mistakenly terminated several production Amazon EC2 instances.What should the company do to BEST protect against accidental terminations in the future. Enable EC2 termination protection on all production instances unless approval has been giventhrough AWS Resource Access Manager. Modify the developer group’s permissions policy to deny them access to delete productioninstances unless approved has been given through AWS Resource Access Manager. Modify the developer group’s permission policy to require multi-factor authentication (MFA) onlyproduction instances are being delete Enable EC2 termination protection on production instances. Enable EC2 termination protection on production instances. Deny the developer group’spermissions policy access to terminate instance. Create a new role that developer can assume whentermination is necessary. A developer works in an environment with multiple AWS accounts that have AWS Lambda functionsprocessing the same 100 KB payloads. The developer wants to centralize the point of origin of thepayloads to one account and have all the Lambda functions be invoked whenever the initiating eventoccurs in the parent account.How can the developer design the workflow in the MOST efficient way, so all the multi-accountLambda functions get invoked when the event occurs?. Create a Lambda function in the parent account and use cross-account IAM roles with the AWSSecurity Token Service (AWS STS) AssumeRole API call to make AWS Lambda invoke the API call toinvoke all the cross-account Lambda functions. Subscribe all the multi-account Lambda functions to an Amazon SNS topic and make a SNS PublishAPI call with the payload to the SNS topic. Set up an Amazon SQS queue with the queue policy permitting the ReceiveMessage action formulti-account Lambda functions. Then send the payload to the SQS queue using thesqs:SendMessage permission and poll the queue using multi-account Lambda functions. Use a worker on an Amazon EC2 instance to poll for the payload event. Invoke all Lambdafunctions using the Lambda Invoke API after using cross-account IAM roles with the AWS SecurityToken Service (AWS STS) AssumeRole API call. A developer is creating a serverless web application and maintains different branches of code Thedeveloper wants to avoid updating the Amazon API Gateway target endpoint each time a new codepush is performed What solution would allow me developer to perform a code push efficiently,without the need to update the API Gateway?. Associate different AWS Lambda functions to an API Gateway target endpoint. Create different stages in API Gateway, then associate API Gateway with aws Lambda. Create aliases and versions In AWS Lambda. Tag the AWS Lambda functions with different names. When using the AWS Encryption SDK now does the developer keep track of the data encryption keysused to encrypt data?. The developer must manually Keep track of the data encryption keys used for each data object. The SDK encrypts the data encryption key and stores it (encrypted) as part of the returnedciphertext. The SDK stores the data encryption keys automatically m Amazon S3. The data encryption key is stored in the userdata for the EC2 instance. A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API Thedeveloper will have three distinct environments to manage development, test, and production. Howshould the application be deployed while minimizing the number of resources to manage?. Create a separate API Gateway and separate Lambda function for each environment in the sameRegion. Assign a Region for each environment and deploy API Gateway and Lambda to each Region. Create one API Gateway with multiple stages with one Lambda function with multiple aliases. Create one API Gateway and one Lambda function, and use a REST parameter to identify tneenvironment. A company wants to make sure that only one user from its Admin group has the permanent right todelete an Amazon EC2 resource There should be no changes in the existing policy under the Admingroup What should a developer use to meet these requirements?. AWS managed policy. Inline policy. IAM trust relationship. AWS Security Token Service (AWS STS). A development team is migrating a monolithic application to Amazon API Gateway with AWSLambda integrations using the AWS CD The zip deployment package exceeds the Lambda directupload deployment package size limit. How should the Lambda function be deployed?. Use the zip tile to create a Lambda layer and reference it using the -code CLI parameter. Create a Docker image and reference the image using the --docker-image CLI parameter. Upload a deployment package using the --zp-file CLI parameter. Upload a deployment package to Amazon S3 and reference Amazon S3 using the --code CLIparameter. A developer has written an application that writes data to Amazon DynamoDB- The DynamoDB tablehas been configured to use conditional writes During peak usage times, writes are failing due to aCondittonatCheckFailedException error How can the developer increase the application's reliabilitywhen multiple clients are attempting to write to the same record?. Write the data to an Amazon SNS topic. Increase the amount of write capacity for the table to anticipate short-term spikes or bursts mwrite operations. Implement a caching solution, such as DynamoDB Accelerator or Amazon ElastiCache. Implement error retries and exponential backoff with jitter. A company uses a third-party tool to build, bundle, and package rts applications on-premises. andstore them locally The company uses Amazon EC2 instances to run its front-end applications How canan application be deployed from the source control system onto the EC2 instances?. Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle m a zip. tar. ortar.gz format. Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deploymentusing AWS CodeDeploy. Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2instances. Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances. A Lambda function processes data before sending it to a downstream service Each piece of data isapproximately 1 MB in size After a security audit, the function t]is now required to encrypt the databefore sending it downstream Which API call is required to perform the encryption?. Pass the data to the KMS ReEncrypi API for encryption. Use the KMS GenerateDataKey API to get an encryption key. Use the KMS GenerateDataKeyWithoutPlain.Text API to get an encryption key. Pass the data to KMS as part of the Encrypt API for encryption. A developer is using Amazon S3 as the event source that invokes a Lambda function when newobjects are created in the bucket The event source mapping Information Is stored in the bucketnotification configuration The developer is working with different versions of the Lambda function,and has a constant need to update notification configuration so that Amazon S3 invokes the correctversionWhat is the MOST efficient and effective way to achieve mapping Between the S3 event andLambda?. Use a different Lambda trigger. Use Lambda environment variables. Use a Lambda alias. Use Lambda tags. A developer needs to manage AWS infrastructure as code and must be able to deploy multipleidentical copiesof the infrastructure, stage changes, and revert to previous versions.Which approach addresses these requirements?. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and managetheinfrastructure. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure. A company is using an AWS Lambda function to process records from an Amazon Kinesis data streamThe company recently observed slow processing of the records. A developer notices that the iteratorage metric for the function is Increasing and that the Lambda run duration is constantly abovenormal.Which actions should the developer take to increase the processing speed? (Select TWO.). Increase the number of shards of the Kinesis data stream. Decrease the timeout of the Lambda function. Increase the memory that is allocated to the Lambda function. Decrease the number of shards of the Kinesis data streamE. Increase the timeout of the Lambda function. A developer has written code for an application and wants to share it with other developers on theteam to receive feedback. The shared application code needs to be stored long-term with multipleversions and batch change tracking.Which AWS service should the developer use?. AWSCodeBuild. Amazon S3. AWS CodeCommit. AWS Cloud9. An organization is using Amazon API Gateway to provide a public API called "Survey" for collectinguser feedback posts about its products The survey API has "DEV" and "PROD" stages and consists ofone resource "/feedback" which allows users to retrieve/create/update single feedback posts.Aversion-controlled Swagger file is used to define a new API that retrieves multiple feedback posts Toadd the new API resource "/listFeedbackForProduct" the developer makes changes to the Swaggerfile defining an API uploads the fie to the organization's version control system, and uses the APIGateway Import API feature to apply the changes to the Survey API After successful import thedeveloper runs the tests against the DEV stage and finds that resource VlistFeedbackForProduct" isnot available.What is MOST likely the reason for resource not being available?. Even though the Swagger import was successful, resource creation failed afterwards. There is a propagation delay of several minutes in creating API Gateway resources after import. The developer needs to restart the API Gateway stage after import in order to apply the changes. The developer needs to create a new deployment after import in order to deploy the changes. A developer is building an application that processes a stream of user-supplied data The data streammust be consumed by multiple Amazon EC2 based processing applications in parallel and in realtime. Each processor must be able to resume without losing data if there is a service interruption.The Application Architect plans to add other processors in the near future, and wants to minimize theamount of data duplication involved.Which solution will satisfy these requirements?. Publish the data to Amazon SQS. Publish the data to Amazon Kinesis Data Firehose. Publish the data to Amazon CloudWatch Events. Publish the data to Amazon Kinesis Data Streams. A company is developing a serverless ecommerce web application The application needs to makecoordinated, all-or-nothing changes to multiple items in the company's inventory table in AmazonDynamoDB.Which solution will meet these requirements?. Enable transactions for the DynamoDB table Use the BatchWriteltem operation to update theitems. Use the TransactWriteitem operation to group the changes Update the items in the table. Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update the table basedon the grouped changes. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions Write abackend process to sync the Aurora DB table and the DynamoDB table. An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve theperformance of the Lambda function by identifying bottlenecks in the function. How can thedeveloper inspect the timing of the DynamoDB API calls?. Add DynamoDB as an event source to the Lambda function. View the performance with AmazonCloudWatch metrics. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALBlogs. Limit Lambda to no more than five concurrent invocations Monitor from the Lambda console. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service. A developer has written a multi-threaded application that is running on a fleet of Amazon EC2instances. The operations team has requested a graphical method to monitor the number of runningthreads over time.What is the MOST efficient way to fulfill this request?. Periodically send the thread count to AWS X-Ray segments, then generate a service graph ondemand. Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call withthe current thread count. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into agraph. Periodically write the current thread count to a table using Amazon DynarnoDB and use AmazonCloudFront to create a graph. A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a newAWS Lambda function The Lambda function runs complex code. The developer wants to test theLambda function with more CPU power.What should the developer do to meet this requirement?. Increase the runtime engine version. Increase the timeout. Increase the number of Lambda layers. Increase the memory. A developer is working on a web application that runs on Amazon Elastic Container Service (AmazonECS) and uses an Amazon DynamoDB table to store data. The application performs a large number of read requests against a small set of the table data.How can the developer improve the performance of these requests'? (Select TWO ). Create an Amazon ElastiCache cluster Configure the application to cache data in the cluster. Create a DynamoDB Accelerator (DAX) cluster Configure the application to use the DAX cluster forDynamoDB requests. Configure the application to make strongly consistent read requests against the DynamoDB table. Increase the read capacity of the DynamoDB tableE. Enable DynamoDB adaptive capacity. A developer is changing the configuration for a CPU-intensive AWS Lambda function that runs oncean hour. The function usually takes 45 seconds to run, but sometimes the run time is up to 1 minute.The timeout parameter is set to 3 minutes, and all other parameters are set to default.The developer needs to optimize the run time of this function.Which solution will meet this requirement?. Redeploy the function within the default VPC. Increase the function's memory. Redeploy the function by using Lambda layers. Increase the function's reserved concurrency. A developer is creating an event handling system. To handle messages asynchronously, thedeveloper created a standard Amazon SQS queue Quality assurance testing reveals that some eventswere processed multiple times.What is the recommended way to ensure the events are not processed more than once?. Change long polling to short polling. Use a FIFO queue and configure deduplication. Convert the standard SQS queue into a FIFO queue. Send the messages with message timers. A developer is working on an ecommerce website. The developer wants to review server logswithout logging in to each of the application servers individually. The website runs on multipleAmazon EC2 instances, is written in Python, and needs to be highly available.How can the developer update the application to meet these requirements with MINIMUMchanges?. Rewrite the application to be cloud native and to run on AWS Lambda where the logs can bereviewed in Amazon CloudWatch. Set up centralized logging by using Amazon Elasticsearch Service (Amazon ES), Logstash, andKibana. Scale down the application to one larger EC2 instance where only one instance is recording logs. Install the unified Amazon CloudWatch agent on the EC2 instances. Configure the agent to pushthe application logs to CloudWatch. A developer is attempting to use the Amazon S3 PutObject API operation to upload an object to anS3 bucket that has default encryption enabled. The developer receives a 400 Bad Request error.What is the MOST likely cause of this error?. The API operation cannot access the encryption key. The HTTP Content-Length header is missing. The object exceeds the maximum object size that is allowed. The S3 bucket exceeds the maximum storage capacity that is allowed. A company is using AWS CloudFormation templates to deploy AWS resources. The company needs toupdate one of its AWS CloudFormation stacks What can the company do to find out how the changeswill impact the resources that are running?. Investigate the change sets. Investigate the stack policies. Investigate the Metadata section. Investigate the Resources section. A developer has created a Node js web application on a local development machine. The developerwants to use AWS technology to host the website. The developer needs a solution that requires theleast possible operational overhead and no code changes.Which AWS service should the developer use to meet these requirements?. AWS Elastic Beanstalk. Amazon EC2. AWS Lambda. Amazon Elastic Kubernetes Service (Amazon EKS). A developer is creating AWS CloudFormation templates to manage an application's deployment inAmazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants toautomatically deploy new versions of the application to a percentage of users before the new versionbecomes available for all users.How should the developer manage the deployment of the new version?. Modify the CloudFormation template to include a Transform section and the AWS"CodeDeploy::BlueGreen hook. Deploy the new version in a new CloudFormation stack After testing is complete, update theapplication's DNS records for the new stack. Run CloudFormation stack updates on the application stack to deploy new application versionswhen they are available. Create a nested stack for the new version. Include a Transform section and the AWS: CodeDeployBlueGreen hook. A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances The EC2instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of theEC2 instances, logging all requests to a log file.The developer wants to capture the client public IP addresses. The developer analyzes the log filesand notices only the IP address of the ALBWhat must the developer do to capture the client public IP addresses in the log file?. Add a Host header to the HTTP server log configuration file. Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write tothe log file. Install the AWS X-Ray daemon on each EC2 instance Configure the daemon to write to the log file. Add an X-Forwarded-For header to the HTTP server log configuration file. A developer at a company writes an AWS ClojdForination template. The template refers to subnetsthat were created by a separate AWS Cloud Formation template that the company's network teamwrote. When the developer attempts to launch the stack for the first time, the launch fails.Which template coding mistakes could have caused this failure? (Select TWO.). The developer's template does not use the Ref intrinsic function to refer to the subnets. The developer's template does not use the ImportValue intrinsic function to refer to the subnets. The Mappings section of the developer's template does not refer to the subnets. The network team's template does not export the subnets in the Outputs sectionE. The network team's template does not export the subnets in the Mappings section. A developer is building an application. The application's front end is developed in JavaScript, and thedata is stored in an Amazon DynamoDB table During testing, the application returns an HTTP 5xxerror from the strongly consistent reads to the DynamoDB table; "Internal server error (Service:AmazonDynamoDBv2. Status Code: 500; Error Code; InternalServerError)."Which actions should the developer take to mitigate this error? (Select TWO ). Avoid strongly consistent reads. Use DynamoDB Accelerator (DAX). Increase read/write capacity of DynamoDB to meet the peak load. Retry the failed read requests with exponential backoffE. Configure DynamoDB auto scaling. A developer wants to modify the following AWS Cloud Formation template to embed anotherCloudFormation stack:Which syntax should the developer add to the blank line of the CloudFormation template to meetthis requirement?. "Mapping" : "AWS::CloudFormation::Stack",. "Type" : "AWS;:CloudFcrmation::NestedStack",. "Typ©" : "AWS::CloudFormation::Stack",. "Mapping" : "AWS::CloudFormation::NestedStack",. A developer is working on a serverless application. The application uses Amazon API Gateway. AWSLambda functions that are written in Python, and Amazon DynamoDB.Which combination of steps should the developer take so that the Lambda functions can bedebugged in the event of application failures? (Select TWO ). Configure an AWS CloudTrail trail to deliver log files to an Amazon S3 bucket. Ensure that the Lambda functions write log messages to stdout and stderr. Enable an AWS CloudTrail trail for the Lambda function. Ensure that the execution role for the Lambda function has access to write to Amazon CloudWatchLogs.E. Use the Amazon CloudWatch metric for Lambda errors to create a CloudWatch alarm. A developer supports an application that accesses data in an Amazon DynamoDB table One of theitem attributes is expirationDate In the timestamp format The application uses this attribute to finditems archive them and remove them from the table based on the timestamp valueThe application will be decommissioned soon, and the developer must find another way toimplement this functionality The developer needs a solution that will require the least amount ofcode to write.Which solution will meet these requirements?. Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create anAWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambdafunction. Create two AWS Lambda functions one to delete the items and one to process the items Create aDynamoDB stream Use the Deleteltem API operation to delete the items based on theexpirationDate attribute Use the GetRecords API operation to get the items from the DynamoDBstream and process them. Create two AWS Lambda functions one to delete the items and one to process the items Create anAmazon EventBridge (Amazon CloudWatch Events) scheduled rule to invoke the Lambda functionsUse the Deleteltem API operation to delete the items based on the expirationDate attribute Use theGetRecords API operation to get the items from the DynamoDB table and process them. Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue Service(Amazon SQS) dead-letter queue as the target to delete the items Create an AWS Lambda function toprocess the items. A developer must extend an existing application that is based on the AWS Services Application Model(AWS SAM). The developer has used the AWS SAM CLI to create the project. The project containsdifferent AWS Lambda functions.Which combination of commands must the developer use to redeploy the AWS SAM application(Select TWO.). Sam init. Sam validate. Sam build. Sam deployE. Sam publish. A developer used the BalehWnteltern API operation to insert items in an Amazon DynamoDB tableOynamoDB returned a few items as unprocessed due to throttling The developer decides to retry therecords on the unprocessed itemsWhat should the developer do to reprocess the records with the LEAST number of API calls'?. Retry the BatchWriteltem operation immediately. Perform the Putltem operation on the unprocessed items individually instead of using theBatchWriteltem operation. Delay the BatchWriteltem operation by using progressively longer wait times between retries, orexponential backoff. Delete the items that were successfully processed, and reissue a new BatchWriteltem operation. A team deployed an AWS CloudFormaiion template to update a stack that already included anAmazon RDS DB instance However, before the deployment of the update the team changed thename of the DB instance on the template by mistake The DeletionPoIicy attribute for all resourceswas not changed from the default valuesWhat will be the result of this mistake?. AWS CloudFormation will create a new database and delete the old one. AWS CloudFormation will create a new database and keep the old one. AWS CloudFormation will overwrite the existing database and rename it. AWS CloudFormation will leave the existing database and will not create a new one. An application uses Amazon DynamoDB as its backend database The application experiences suddenspikes in traffic over the weekend and variable but predictable spikes during weekdays The capacityneeds to be set to avoid throttling errors at all timesHow can this be accomplished cost-effectively?. Use provisioned capacity with AWS Auto Scaling throughout the week. Use on-demand capacity for the weekend and provisioned capacity with AWS Auto Scaling duringthe weekdays. Use on-demand capacity throughout the week. Use provisioned capacity with AWS Auto Scaling enabled during the weekend and reservedcapacity enabled during the weekdays. A developer needs to deploy a new version to an AWS Elastic Beanstalk application How can thedeveloper accomplish this task?. Upload and deploy the new application version in the Elastic Beanstalk console. Use the eb init CLI command to deploy a new version '. Terminate the current Elastic Beanstalk environment and create a new one. Modify the ebextensions folder to add a source option to services. A developer wants to use React to build a web and mobile application. The application will be hostedon AWS The application must authenticate users and then allow users to store and retrieve files thatthey own The developer wants to use Facebook for authenticationWhich CLI will MOST accelerate the development and deployment of this application on AWS?. AWS CLI. AWS Amplify CLI. AWS Serverless Application Model (AWS SAM) CLI. Amazon Elastic Container Service (Amazon ECS) CLI. A developer has created an AWS Lambda function that is written in Python The Lambda functionreads data from objects in Amazon S3 and writes data to an Amazon DynamoDB tableThe function is successfully invoked from an S3 event notification when an object is createdHowever, the function fails when if attempts to write to the DynamoDB tableWhat is the MOST likely cause of this issue?. The Lambda function's concurrency limit has been exceeded. The DynamoDB table requires a global secondary index (GSI) to support writes. The Lambda function does not have 1AM permissions to write to DynamoDB ID. The DynamoDB table is not running in the same Availability Zone as the Lambda function. Multiple development teams are working on a project to migrate a monolithic application to amicroservices-based application running on AWS Lambda The teams need a way to centrally managecode that is shared across multiple functionsWhich approach requires the LEAST maintenance?. Each team maintains the code for the common components in their own code repository. Theybuild and deploy the components with their Lambda functions together. One team builds a Lambda layer to include the common components and shares the layer with theother teams. Each team builds and publishes the component they want to share to an Amazon S3 bucket TheLambda functions will download the components from the bucket. One team builds a Docker container for the common components and shares the container withthe other teams. A developer has written an application that runs on Amazon EC2 instances. The developer is addingfunctionality for the application to write objects to an Amazon S3 bucket Which policy must thedeveloper modify to allow the instances to write these objects?. The 1AM policy that is attached to the EC2 instance profile role. The session policy that is applied to the EC2 instance role session. The AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instanceprofile role. The Amazon VPC endpoint policy. A developer tested an application locally and then deployed it to AWS Lambda While testing theapplication remotely the Lambda function fails with an access denied message. How can this issue beaddresksed?. Update the Lambda function's execution role to include the missing permissions. Update the Lambda function's resource policy to include the missing permissions. Include an 1AM policy document at the root of the deployment package and redeploy the Lambdafunction. Redeploy the Lambda function using an account with access to the AdministratorAccess policy. A developer is working on a serverless application lhat needs lo process any changes to an AmazonDynamoDB table with an AWS Lambda functionHow should the developer configure the Lambda function to detect changes to the DynamoDB tabled. Create an Amazon Kinesis data stream, and attach it to the DynamoDB table Create a trigger toconnect the data stream to the Lambda function. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda functionon a regular schedule Connect to the DynamoDB table from the Lambda function to detect changes. Enable DynamoDB Streams on the table Create a trigger to connect the DynamoDB stream to theLambda function. Create an Amazon Kinesis Data Firehose delivery stream, and attach it to the DynamoDB tableConfigure the delivery stream destination as the Lambda function. A company has three AWS Lambda functions that are written in Node js The Lambda functionsinclude a mix of custom code and open-source modules When bugs are occasionally detected in theopen-source modules, all three Lambda functions must be patched.What is the MOST operationally efficient solution to deploy a patched open-source library for allthree Lambda functions?. Create a custom AWS CloudFormation public registry extension Reference a GitHub repository thathosts the open-source modules m the extension Configure Formation to scan the repository onceeach day Write an AWS Serverless Application Model (AWS SAM) template to redeploy the threeLambda functions upon a scan notification change. Create an Amazon CloudFront distribution with an Amazon S3 bucket as the origin Upload thepatched modules to Amazon S3 when needed Modify each Lambda function to download thepatched modules from the CloudFront distribution during the cold start. Launch an Amazon EC2 instance Host a private open-source module registry on the EC2 instanceUpload the modified open-source modules to the private registry when needed. Modify eachLambda function deployment script to download the modules from the private registry Redeploy thethree new Lambda functions. Create a Lambda layer with the open-source modules Modify all three Lambda functions todepend on the layer Remove the open-source modules from each Lambda function Patch theLambda layer with the modified open-source modules when needed Update the Lambda functions toreference the new layer version. A company is launching a new web application in the AWS Cloud. The company's development teamis using AWS Elastic Beanstalk for deployment and maintenance. According to the company's changemanagement process, the development team must evaluate changes for a specific time periodbefore completing the rollout.Which deployment policy meets this requirement?. Immutable. Rolling. Rolling with additional batch. Traffic splitting. A company is using continuous integration/continuous deliver (CI/CD) system. A developer mustautomate the deployment of an application software package to Amazon EC2 instances and virtualservers that run on premises.Which AWS services should the developer use to meet these requirements?. AWS Cloud9. AWS CodeBuild. AWS Elastic Beanstalk. AWS CodeDeploy. An application runs on multiple EC2 instances behind an ELB.Where is the session data best written so that it can be served reliably across multiple requests?. Write data to Amazon ElasticCache. Write data to Amazon Elastic Block Store. Write data to Amazon EC2 instance Block Store. Write data to the root filesystem. A developer is troubleshooting a three-tier application, which is deployed on Amazon EC2 instances.There is a connectivity problem between the application servers and the database servers.Which AWS services or tools should be used to identify the faulty component? (Select TWO.). AWS CloudTrail. AWS Trusted Advisor. Amazon VPC Flow Logs. Network access control listsE. AWS Config rules. A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The webapplication can be accessed through Amazon CloudFront from https://www.example.com. After asuccessful rollout, the company wants to host three more client-side web applications for itsremaining subsidiaries on three separate S3 buckets.To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3bucket that serves the web applications. However, during testing, the developer notices that thebrowser blocks the JavaScript files and web fonts.What should the developer do to prevent the browser from blocking the JavaScript files and webfonts?. Create four access points that allow access to the central S3 bucket. Assign an access point to eachweb application bucket. Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to thecentral S3 bucket. Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3bucket. Add the CORS configuration to the central S3 bucket. Create a Content-MD5 header that provides a message integrity check for the central S3 bucket.insert the Content-MD5 header for each web application request. A company hosts a microservices application that uses Amazon API Gateway, AWS Lambda, AmazonSimple Queue Service (Amazon SOS), and Amazon DynamoDB, One of the Lambda functions addsmessages to an SOS FIFO queue.When a developer checks the application logs, the developer finds a few duplicated items in aDynamoDB table. The items were inserted by another polling function that processes messages fromthe queue.What is the MOST likely cause of this issue?. Write operations on the DynamoDB table are being throttled. The SOS queue delivered the message to the function more than once. API Gateway duplicated the message in the SOS queue. The polling function timeout is greater than the queue visibility timeout. A developer has written an application hosted on Amazon EC2 instances. The application generatesand uploads thousands of new objects to an Amazon S3 bucket located in the same AWS region. Thesize of each object is less than 1 MB. The application is taking too long to run.How can the performance of the application be improved?. Use the S3 Multipart Upload API. The application is taking too long to run.How can the performance of the application be improved?A. Use the S3 Multipart Upload API. Upload the objects in parallel to Amazon S3. Add a random prefix to the object keys. A developer has written an application that uses Amazon API Gateway and AWS Lambda Thedeveloper needs to configure the application so that the developer can visualize the application'scomponents and Identify performance bottlenecksWhat should the developer do to meet these requirements?. Enable AWS X-Ray tracing on the API Gateway stage. Enable AWS X-Ray tracing on the API Gateway methods. Enable Amazon CloudWatch Logs for API Gateway. Enable Amazon CloudWatch Logs for Lambda. A company wants to migrate an existing web application to AWS. The application consists of two webservers and a MySQL databaseThe company wants the application to automatically scale in response to demand The company alsowants to reduce its operational overhead for database backups and maintenance The companyneeds the ability to deploy multiple versions of the application concurrentlyWhat is the MOST operationally efficient solution that meets these requirements?. Deploy the application to AWS Elastic Beanstalk. Migrate the database to an Amazon RDS Multi-AZDB instance. Create an Amazon Machine Image (AMI) that contains the application code. Create an AutoScaling group that is based onthe AMI Integrate the Auto Scaling group with an Application Load Balancer for the web servers.Migrate the database to a MySQL instance that runs on an Amazon EC2 instance. Deploy the application to AWS Elastic Beanstalk. Migrate the database to a MySQL instance thatruns on an Amazon EC2instance. Create an Amazon Machine Image (AMI) that contains the application code. Create an AutoScaling group that is based onthe AMI. Integrate the Auto Scaling group with an Application Load Balancer for the web servers.Migrate the database to an Amazon RDS Multi-AZ DB Instance. A developer is building a new application that uses an Amazon DynamoDB table. The specificationstates that all items that are older than 48 hours must be removedWhich solution will meet this requirement?. Create a new attribute that has the Number data type Add a local secondary index (LSI) for thisattribute and enable TTLwith an expiration of 48 hours In the application code, set the value of this attribute to the currenttimestamp for each new item that is being inserted. Create a new attribute that has the String data type Add a local secondary index (LSI) for thisattribute and enable TTLwith an expiration of 48 hours In the application code, set the value of this attribute to the currenttimestamp for each new item that is being inserted. Create a new attribute that has the Number data type Enable TTL on the DynamoDB table for thisattribute in theapplication code set the value of this attribute to the current timestamp plus 48 hours for each newitem that is being inserted. Create a new attribute that has the String data type Enable TTL on the DynamoDB table for thisattribute In the applicationcode set the value of this attribute to the current timestamp plus 48 hours for each new item that isbeing inserted. A developer has written the following 1AM policy to provide access to an Amazon S3 bucket:Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?. Access on all buckets except the "DOC-EXAMPLE-BUCKET' bucket. Access on all buckets that start with "DOC-EXAMPLE-BUCKET" except the "DOC-EXAMPLEBUCKET/secrets" bucket. Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket along with access to all S3 actions forobjects in the"DOC-EXAMPLE-BUCKET" bucket that start with "secrets". Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket except on objects that start with"secrets". A developer creates an Amazon S3 bucket to store project status files that are uploaded hourly. Thedeveloper also creates an AWS Lambda function that will be used to process the project status filesWhat should the developer do to invoke the function with the LEAST amount of AWS infrastructure'?. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every 5minutes and scan for new objects. Create an S3 event notification to invoke the function when a new object is created in the S3bucket. Create an S3 event notification that publishes a message to an Amazon Simple Notification Service(Amazon SNS) topicSubscribe the function to the SNS topic. Create an S3 event notification that adds a message to an Amazon Simple Queue Service (AmazonSQS) queue Configure the function to poll the queue. A developer is automating a new application deployment with AWS Serverless Application Model(AWS SAM) The new application has one AWS Lambda function and one Amazon S3 bucket TheLambda function must access the S3 bucket to only read objectsHow should the developer configure AWS SAM to grant the necessary read privilege to the S3bucket?. Reference a second Lambda authorizer function. Add a custom S3 bucket policy to the Lambda function. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads Reference the topic inthe template. Add the S3ReadPolicy template to the Lambda function's execution role. A developer is creating an application that is based on an AWS Lambda function. The function usesthe AWS SDK to read product price data from an Amazon S3 bucket and to write user information toan Amazon Aurora DB instance The Lambda function runs often, up to a few times each minute Tomeet performance requirements, the developer must minimize the run duration of the LambdafunctionWhich actions can help the developer increase the performance? (Select TWO). Initialize SDK clients and database connections outside of the function handler. Read the S3 product price data initially and cache it locally in the /imp directory. Use environment variables to pass operational parameters to the function. Use most-restrictive permissions when setting the 1AM policies for the Lambda 1AM roleE. Split the code into different Lambda functions to keep the functions smaller. A company has a three-tier application that is deployed in Amazon Elastic Container Service (AmazonECS). The application is using an Amazon RDS for MySQL DB Instance The application performs moredatabase reads than writes.During times of peak usage. the application's performance degrades. When this performancedegradation occurs, the DB instance's ReadLatency metric in Amazon CloudWatch increases suddenlyHow should a developer modify the application to improve performance?. Use Amazon ElastiCache to cache query results. Scale the ECS cluster to contain more ECS instances. Add read capacity units (RCUs) to the DB instance. Modify the ECS task definition to increase the task memory. A developer must cache dependent artifacts from Maven Central, a public package repository, as partof an application's build pipeline. The build pipeline has an AWS CodeArtifact repository whereartifacts of the build are published. The developer needs a solution that requires minimum changesto the build pipelineWhich solution meets these requirements?. Modify the existing CodeArtifact repository to associate an upstream repository with the publicpackage repository. Create a new CodeArtifact repository that has an external connection to the public packagerepository. Create a new CodeArtifact domain that contains a new repository that has an external connectionto the public packagerepository. Modify the CodeArtifact repository resource policy to allow artifacts to be fetched from the publicpackage repository. A developer is developing an application that uses signed requests (Signature Version 4) to call otherAWS services The developer has created a canonical request, has created the string to sign, and hascalculated signing informationWhich methods could the developer use to complete a signed request? (Select TWO). Add the signature to an HTTP header that is named Authorization. Add the signature to a session cookie. Add the signature to an HTTP header that 15 named Authentication. Add the signature to a query string parameter that is named X-Amz-SignatureE. Add the signature to an HTTP header that is named WWW-Authenticate. An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucketmust be resized to a thumbnail image by the application Each thumbnail image is uploaded with anew name in the same S3 bucket.Which AWS service can a developer configure to directly process each single S3 event (or each S3object upload?. Amazon EC2. Amazon Elastic Container Service (Amazon ECS). AWS Elastic Beanstalk. AWS Lambda. A company has a large number of documents that are stored securely in Amazon S3 The company iscreating an application that occasionally will read these documents The application will be deployedon Amazon EC2 instances.The company's security requirements mandate that no long-term credentials can be stored on theEC2 instances and that only the needed documents can be accessed Only authorized users andapplications can access the documents access must be logged by Amazon S3, and each documentmust follow S3 Lifecycle policies for archival and destructionWhat should a developer do to meet these requirements?. Create an event to invoke an AWS Lambda function when a document is uploaded Configure thefunction to write thedocuments to an Amazon Elastic File System (Amazon EFS) file system Configure the EC2 instances tomount the EFS file system Configure the application to access the documents that are stored m thefile system as needed. Create a user that has programmatic credentials, and attach a policy that allows read access to theS3 bucket Use theAWS CLI to configure those credentials for the EC2 instances to use Create an Amazon MachineImage (AMI), and add the access key and secret access key to the user data section to createenvironment variables Use the AMI to launch each EC2 instance that runs the application Addapplication code to use the keys that are stored in the environment variables to access the S3 bucketobjects as needed. Modify the S3 bucket, make the bucket public, and make each object public Add application codeto make REST calls to access the objects in the S3 bucket as needed. Create an IAM role with permissions to read objects from Amazon S3 Attach the role to the EC2instances as an instance profile Add application code to access the objects in the S3 bucket asneeded. A company is adding items to an Amazon DynamoDB table from an AWS Lambda function that iswritten in Python A developer needs to implement a solution that inserts records in the DynamoDBtable and performs automatic retry when the insert failsWhich solution meets these requirements with MINIMUM code changes?. Configure the Python code to run the AWS CLl through shell to call the Putltem operation. Call the Putltem operation from Python by using the DynamoDB HTTP API. Queue the items in AWS Glue: which will put them into the DynamoDB table. Use the AWS software development kit (SDK) for Python (boto3) to call the Putltem operation. A developer has an AWS CodePipelme pipeline that invokes AWS CodeBuild in the build stage Thedeveloper wants to pass in a variable from CodePipeline so that the variable can be read in theCodeBuild buiidspec yml fileHow can the developer accomplish this goal?. Configure a unique CodePipelme vanable namespace and vanables as key-value pairs that defineeach of the variables required in CodeBuild. Configure a CodePipelme environment vanable that contains a JSON document that defines eachof the variables required in CodeBuild. Configure an AWS CloudFormation stack set that contains a JSON document that defines each ofthe variables required in CodeBuild Reference the stack set from CodePipelme. Configure an AWS CodeArtifact repository to store each environment variable ReferenceCodeArtifact from CodePipelme and CodeBuild. A company is migrating the content delivery network for its dynamic PHP website to AWS AnAmazon CloudFront web distribution is part of the new infrastructure The distnbution has thefollowing cache behavior settings• Allowed HTTP Methods is set to GET, HEAD• Viewer Protocol Policy is set to HTTP and HTTPSDevelopers test the solution and can reach the company's website over HTTP and HTTPS Howeverthe developers are unable to tog in lo the previously working administration panel of the websiteWhich action will resolve this login issue1?. Set Allowed HTTP Methods to GET. HEAD; OPTIONS. Set Viewer Protocol Policy to HTTPS Only. Set Allowed HTTP Methods to GET, HEAD: OPTIONS, PUT, POST PATCH, DELETE. Set Viewer Protocol Policy to Redirect HTTP to HTTPS. An ecommerce application is using Amazon Simple Notification Service (Amazon SNS) with an AWSLambda subscription to save all new orders into an Amazon DynamoDB table The company wants torecord all the orders that are more than a certain amount of money in a separate table The companywants to avoid changes to the processes that post orders to Amazon SNS or the current Lambdafunction that saves the orders to the DynamoDB tableHow can a developer implement this feature with the LEAST change to the existing application?. Create another Lambda subscription with the SNS message attribute value matching a filter optionto save the appropriate orders to a separate table. Create another SNS topic, and also send orders in that topic Create a Lambda subscription with anumeric value filter option to save the appropriate orders to a separate table. Create anotherftambda subscnption with the SNS message numeric value matching a filter optionto save the appropriate orders to a separate table. Modify the Lambda code to filter the orders and save the appropriate orders to a separate table. A physician's office management application requires that all data in transit between an EC2 instanceand an Amazon EBS volume be encryptedWhich of the following techniques fulfills this requirement? (Select TWO ). Create encrypted snapshots into Amazon S3. Use Amazon RDS with encryption. Use 1AM roles to limit access to the Amazon EBS volume. Enable EBS encryptionE. Leverage OS-level encryption. A developer is building a backend system for the long-term storage of information from an inventorymanagement system. The information needs to be stored so that other teams can build tools toreport and analyze the dataHow should the developer implement this solution to achieve the FASTEST running time?. Create an AWS Lambda function that writes to Amazon S3 synchronously Increase the function'sconcurrency to match the highest expected value of concurrent scans and requests. Create an AWS Lambda function that writes to Amazon S3 asynchronously Configure a dead-letterqueue to collect unsuccessful invocations. Create an AWS Lambda function that writes to Amazon S3 synchronously Set the inventory systemto retry failed requests. Create an AWS Lambda function that writes to an Amazon ElastiCache for Redis clusterasynchronously Configure a dead-letter queue to collect unsuccessful invocations. A developer is deploying an application in the AWS Cloud by using AWS Cloud Formation Theapplication will connect to an existing Amazon RDS database The hostname of the RDS database isstored in AWS Systems Manager Parameter Store as a plaintext value The developer needs toincorporate the database hostname into the Cloud Formation template to initialize the applicationwhen the stack is createdHow should the developer reference the parameter that contains the database hostname?. Use the ssm dynamic reference. Use the Ref intrinsic function. Use the Fn: ImportVatue intrinsic function. Use the ssm-secure dynamic reference. A company has deployed an application on AWS Elastic Beanstalk The company has configured theAuto Scaling group that is associated with the Elastic Beanstalk environment to have five Amazon EC2instances If the capacity is fewer than four EC2 instances during the deployment, applicationperformance degrades The company is using the all-at-once deployment policyWhat is the MOST cost-effective way to solve the deployment issue1?. Change the Auto Scaling group to six desired instances. Change the deployment policy to traffic splitting Specify an evaluation time of 1 hour. Change the deployment policy to rolling with additional batch Specify a batch size of 1. Change the deployment policy to rolling Specify a batch size of 2. A company has an internal website that gives users the ability to access contract Idata that is storedin an Amazon RDS DB instance The number of contracts has increased and several users havereported slow retrieval of the contract dataThe company wants to set up a cache to improve the latency A developer must create a solution thatensures data resiliency The data must be encrypted and must be partitioned by departmentWhich solution will meet these requirements?. Amazon ElastiCache for Memcached with cluster mode enabled. Amazon ElastiCache for Redis with cluster mode enabled. Amazon ElastiCache for Redis with cluster mode disabled. Amazon ElastiCache for Memcached with cluster mode disabled. A company has an application that is based on Amazon EC2 The company provides API access to theapplication through Amazon API Gateway and uses Amazon DynamoDB to store the application'sdata A developer is investigating performance issues that are affecting the application. During peakusage, the application is overwhelmed by a large number of identical data read requests that comethrough APIsWhat is the MOST operationally efficient way for the developer to improve the application'sperformance''. Use DynamoDB Accelerator (DAX) to cache database responses. Configure Amazon EC2 Auto Scaling policies to meet fluctuating demand. Enable API Gateway caching to cache API responses. Use Amazon ElastiCache to cache application responses. A developer is building a web and mobile application for two types of users regular users and guestusers Regular users are required to log in, but guest users do not log in Users should see only theirdata regardless of whether they authenticate Users need AWS credentials before they can accessAWS resourcesWhat is the MOST secure solution that the developer can implement toallow access for guest users?. Use an Amazon Cognito credentials provider to issue temporary credentials that are linked to anunauthenticated role that has access to the required resources. Set up an IAM user that has permissions to the required resources. Hardcode the 1AM credentialsin the web and mobile application. Generate temporary keys that are stored in AWS Key Management Service (AWS KMS) Use thetemporary keys to access the required resources. Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager Use thetemporary credentials to access the required resources. A developer is designing a web application in which new users will use their email addresses tocreate accounts Millions of users are expected to sign up. The application will store attributes foreach userWhich AWS service or feature should the developer implement to meet these requirements?. Amazon Cognito user pools. AWS Mobile Hub User File Storage. AWS AppSync. AWS Mobile Hub Cloud Logic. A developer is building a static, client-side rendered website that is powered by ReactJS The code hasno server-side generated components and does not need to run any programming languages on theserver However the code serves static HTML, CSS, and JavaScript to the client on each request Thedeveloper's solution to host the website must maximize performance and cost-effectivenessWhich combination of AWS services or resources should the developer use to meet theserequirements?. Application Load Balancer and Amazon EC2. Amazon API Gateway and AWS Lambda. Amazon CloudFront and Amazon S3. Amazon CloudFront and AWS Elastic Beanstalk. A company has an AWS Lambda function that runs hourly, reads log files that are stored in AmazonS3, and forwards alerts to Amazon Simple Notification Service (Amazon SNS) topics based on contentA developer wants to add a custom metric to the Lambda function to track the number of alerts ofeach type for each run The developer needs to log this information in Amazon CloudWatch in ametnc that is named Lambda/AlertCountsHow should the developer modify the Lambda function to meet this requirement with the LEASToperational overhead1?. Add a print statement to standard out for each alert and the number of occurrences. Add a call to the PutMetncData API operation Pass an array for alerts and the number ofoccurrences in the Values and Counts fields with a namespace of "Lambda/AlertCounts". Add a call to the PutMetncAlarm API operation Pass an array of alerts in the metrics member withthe namespace of "Lambda/AlertCounts". Add a call to the PutDashboard API operation Pass an array of alerts in the metrics member withthe namespace of "Lambda/AlertCounts". A company has a web application that uses an Amazon Cogmto user pool for authentication. Thecompany wants to create a login page that includes the-company logoWhat should a developer do to meet these requirements?. Create a hosted user interface (Ul) in Amazon Cognito Customize the hosted Ui with the companylogo. Create a login page that includes the company logo. Upload the login page to Amazon Cognito. Create a login page that includes the company logo in Amazon API Gateway Save the link inAmazon Cognito. Upload the company logo to an Amazon S3 bucket Specify the S3 object path in app client settingsin Amazon Cognito. A company is providing read access to objects in an Amazon S3 bucket for different customers Thecompany uses 1AM permissions to restnd access to the S3 bucket The customers can access onlytheir own filesDue to a regulation requirement the company needs to enforce encryption in transit for interactionswith Amazon S3Which solution will meet these requirements'?. Add a bucket policy to the S3 bucket to deny S3 actions when the aws SecureTransport condition isequal to false. Add a bucket policy to the S3 bucket to deny S3 actions when the s3 x-amz-aci condition is equal topublic-read. Add an IAM policy to the IAM users to enforce the usage of the AWS SDK. Add an IAM policy to the IAM users that allows S3 actions when the s3 x-arnz-acl condition isequal to bucket-owner-read. A company's security policies require all database passwords to be rotated every 30 days Thecompany uses different database platforms, including Amazon Aurora databases and proprietaryNoSQL document databases, for different applications A developer needs to implement a solutionfor password rotationWhich solution will meet these requirements?. Create an AWS Lambda rotation function that has appropriate IAM permissions Store thepassword in AWS Secrets Manager Configure Secrets Manager to rotate the password by using theLambda function. Encrypt the existing password with AWS Key Management Service (AWS KMS) Export the existingpassword Generate a random password with AWS KMS Use the AWS KMS password renewal featureto replace the existing password with the new password. Create an AWS Lambda rotation function that has appropriate IAM permissions Store thepassword in AWS Systems Manager Parameter Store Configure Parameter Store to rotate thepassword by using the Lambda function. Integrate AWS Systems Manager Parameter Store with a Key Management InteroperabilityProtocol (KMIP)-compliant third-party secret manager to enable third-party database passwordrotation on AWS. A company requires objects that are stored in Amazon S3 to be encrypted The company is currentlyusing server-side encryption with AWS KMS managed encryption keys (SSE-KMS) A developer needsto optimize the cost-effectiveness of the encryption mechanism without negatively affectingperformanceWhat should the developer do to meet these requirements?. Change the encryption type to customer-provided keys. Configure the SJ bucket to use an S3 Bucket Key for SSE-KMS. Use S3 bucket policies to limit the principals who can create objects. Use a custom policy to limit the number of AWS KMS calls that are allowed. A developer is migrating a legacy monolithic application to AWS and wants to convert theapplication's internal processes to microservices The application's internal processes communicatethrough internal asynchronous messaging Occasionally messages need to be reprocessed by multiplemicroservicesHow should the developer migrate the application's internal messaging to AWS to meet theserequirements?. Use Amazon Simple Queue Service (Amazon SQS) queues to communicate messages between themicroservices. Use Amazon API Gateway to provide REST interfaces between the microservices. Use Amazon Kinesis Data Streams to communicate messages between the microservices. Use Amazon API Gateway to provide WebSocket APIs between the microservices. A company hosts a monolithic application on Amazon EC2 instances. The company starts convertingsome features of the application to a serverless architecture by using Amazon API Gateway and AWSLambda After the migration, some users report problems with payment processingUpon inspection, a developer discovers that the Lambda function that calls the external payment APIis taking longer than expected Therefore, the API Gateway requests are timing outWhat should the developer do to resolve this issue in the serverless architecture?. Use the EC2 instances to make the API calls to the payment API. Use Amazon Simple Queue Service (Amazon SQS) with API Gateway and the Lambda function toasynchronously call the payment API. Increase the API Gateway timeout duration to match the payment API time. Increase the Lambda function's memory to increase the network bandwidth and increase thespeed of the payment API calls. A developer is troubleshooting a new AWS Lambda function. The function should run automaticallyeach time a new object is uploaded to an Amazon S3 bucket. However, the developer finds that allcalls failed before they reached the application code inside the function.Which of the following is a possible reason for this failure?. The function resource policy does not allow access from Amazon S3. The function execution role does not allow access from Amazon S3. The function execution role does not allow access to Amazon S3. The IAM user does not have access to Amazon S3. A developer has built an application running on AWS Lambda using AWS Serverless ApplicationModel (AWS SAM).What is the correct sequence of steps to successfully deploy the application?. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use. 1. Build the SAM template locally. 2 Package the SAM template from AWS CodeCommit. A company has a front-end application that runs on four Amazon EC2 instances behind an ElasticLoad Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. Adeveloper needs to deploy and test new application code while updating the Elastic Beanstalkplatform from the current version to a newer version of Node.js. The solution must result in zerodowntime for the application.Which solution meets these requirements?. Clone the production environment to a different platform version. Deploy the new applicationcode, and test it. Swap the environment URLs upon verification. Deploy the new application code in an all-at-once deployment to the existing EC2 instances. Testthe code. Redeploy the previous code if verification fails. Perform an immutable update to deploy the new application code to new EC2 instances. Servetraffic to the new instances after they pass health checks. Use a rolling deployment for the new application code. Apply the code to a subset of EC2instances until the tests pass. Redeploy the previous code if the tests fail. A company is running an application on AWS Elastic Beanstalk in a single-instance environment. Thecompany's deployments must avoid any downtime. Which deployment option will meet theserequirements?. All at once. Rolling. Rolling with additional batch. Immutable. A developer is receiving an intermittent ProvisionedThroughputExceededException error from anapplication that is based on Amazon DynamoDB. According to the Amazon CloudWatch metrics forthe table, the application is not exceeding the provisioned throughputWhat could be the cause of the issue?. The DynamoDB table storage size is larger than the provisioned size. According to the Amazon CloudWatch metrics forthe table, the application is not exceeding the provisioned throughputWhat could be the cause of the issue?A. The DynamoDB table storage size is larger than the provisioned size. The DynamoDB table is exceeding the provisioned scaling operations. The application is exceeding capacity on a particular sort key. A developer is working on a Python application that runs on Amazon EC2 instances. The developerwants to enable tracing of application requests to debug performance issues in the code.Which combination of actions should the developer take to achieve this goal? (Select TWO.). Install the Amazon CloudWatch agent on the EC2 instances. Install the AWS X-Ray daemon on the EC2 instances. Configure the application to write JSON-formatted logs to /var/log/cloudwatch. Configure the application to write trace data to /var/log/xray.E. Install and configure the AWS X-Ray SDK for Python in the application. A company is building a serverless application that uses AWS Lambda. The application includes Lambda functions that are exposed by Amazon API Gateway The functionswill use several large third-party libraries, and the build artifacts will exceed 50 MB in size.Which combination of steps should a developer take to prepare and perform the deployment?(Select TWO.). Issue the aws lambda update-function-code CLI command with the -zip-file fileb://my-function.zipparameter. Upload the build artifact to Amazon S3. Issue the aws cloudformation package CLI command. Issue the aws lambda update-function-code CLI command with the -s3-bucket and -s3-keyparameters.E. Issue the aws lambda update-function-code CLI command with a parameter that points to thesource code in AWS CodeCommit. A developer is migrating a Windows-based legacy application from on premises to AWS. Theapplication will run on Amazon EC2 instances that run Amazon Linux. The application stores a largenumber of files in an NFS drive. The migration solution must minimize downtime and applicationcode changes.Which solution should the developer use to migrate the application data?. Create an Amazon S3 bucket. Use the s3 sync command to upload the files to the S3 bucket. Create an Amazon Elastic Block Store (Amazon E8S) volume. Upload the files to the volume. Attachthe volume to the EC2 instances. Create an Amazon Elastic File System (Amazon EFS) file system. Use AWS DataSync to transfer thefiles to Amazon EFS. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system fromthe legacy application. Copy the files to the EFS mount. A movie fan club hosts a serverless web application in an Amazon S3 bucket. The application uses anAWS Lambda function that is exposed by an Amazon API Gateway API. The function queries anAmazon DynamoDB table to list actors sorted by movie. In the DynamoDB table. Actor is the primarykey, Movie is the sort key, and Role and Year are attributes.In the web application, a developer wants to add a page that is named Phase 1 that lists only themovies that were released between 2008 and 2012. The developer needs to fetch the Phase 1 itemsin a way that minimizes the impact on the DynamoDB table.Which solution will meet these requirements?. Create a global secondary index (GSl) with the Year attribute as the sort key. Create a Lambdafunction to return the results from a new method in the API. Design a Lambda function that scans the DynamoDB table and filters the results for the Phase 1items. Invoke the function from a new method in the API. Use a DynamoDB stream to send items that are filtered by Year to a new DynamoDB table. Invokea Lambda function from a new method in the API. Set up an Amazon CloudFront distribution. Create a Lambda@Edge function to filter the items thatare returned from the API request. A company is concerned that a malicious user could deploy unauthorized changes to the code for anAWS Lambda function. What can a developer do to ensure that only trusted code is deployed toLambda?. Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to theLambda package before deploying the package to Lambda. Define the code signing configuration in the Lambda console Use AWS Signer to digitally sign theLambda package before deploying the package to Lambda. Link Lambda to AWS Key Management Service (AWS KMS) in the Lambda console. Use AWS KMSto digitally sign the Lambda package before deploying the package to Lambda. Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of atrusted key before deploying the package to Lambda. A developer wants to migrate a Windows .NET application that is running on IIS with a Microsoft SQLServer database to AWS. The developer does not want to think about provisioning and managing theinfrastructure.What should the developer do to migrate the application with the LEAST amount of effort?. Launch Amazon EC2 instances for Windows Server. Back up and restore the database to AmazonRDS. Deploy the web application to the new EC2 instances. Back up and restore the database to Amazon RDS. Use the .NET Migration Assistant for AWS ElasticBeanstalk to migrate the web application to a preconfigured solution stack that Elastic Beanstalkprovides. Migrate the database to Amazon DynamoDB Use Amazon API Gateway and AWS Lambda to createa web application interface that is hosted in an Amazon S3 bucket. Containerize the application on premises. Push the image to Amazon Elastic Container Registry(Amazon ECR). Create an AWS CloudFormation template todeploy the application. What are the MINIMUM properties required in the resources section of the AppSpace file forCodeDeploytodeploytheECSservicesuccessfully?. name, alias, currentversion, and targetversion. TaskDefinition, ContainerName, and PlartformVersion. TaskDefinitionContainerName, ContainerPort. name, Currentversion, NetworkConfiguration, and Platform Version. A developer is designing a serverless application for an ecommerce website. An Amazon APIGateway API exposes.....user operations. The website features shopping carts for the users. The shopping carts must bestored for extended .... the front-end application.The load on the application will vary significantly based on the time of day and the promotional salesthat are offered ....scale automatically to meet these changing demands.Which solution will meet these requirements?. Store the data objects on an Amazon RDS DB instance. Cache the data objects in memory by usingAmazon ElastiCache. Store the data objects on Amazon EC2 instances behind an Application Load Balancer. Use sessionaffinity (sticky sessions) for each user's shopping cart. Store the data objects in Amazon S3 buckets. Cache the data objects by using Amazon CloudFrontwith the maximum TTL. Store the data objects in Amazon DynamoDB tables. Cache the data objects by using DynamoDBAccelerator (DAX). Which solution will meet these requirements?. Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK toinstrument the application. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publishcustom metrics from each of the microservices. Install the AWS X-Ray daemon on each of the ECS instances. Configure AWS CloudTrail data events to capture the traffic between the microservices. A developer is migrating to Amazon Cognito from a custom user management solution that storesuser information in a database. The developer has created a…… Amazon Cognito user pool. Thedeveloper needs to migrate the existing user information to the user pool without forcing users tochange their passwords.Which solution will meet these requirements?. Import users from a .csv file. Add an OpenID Connect (OIDC) identity provider to the user pool. Import users from a .json file. Import users with a user migration AWS Lambda trigger. A developer has created a Java application that makes HTTP requests directly to AWS services.Application logging shows 5xx HTTP response codes that occ irregular intervals. The errors areaffecting users.How should the developer update the application to improve the application's resiliency?. Revise the request content in the application code. Use the AWS SDK for Java to interact with AWS APIs. Scale out the application so that more instances of the application are running. Add additional logging to the application code. A developer designed an application on an Amazon EC2 instance. The application makes API requeststo objects in an Amazon S3 bucket. Which combination of steps will ensure that the applicationmakes the API requests in the MOST secure manner? (Select TWO.). Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group. Create an IAM role that has permissions to the S3 bucket. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance. Create an IAM role that has permissions to the S3 bucket. Assign the role to an 1AM group.E. Store the credentials of the 1AM user in the environment variables on the EC2 instance. A company is migrating a legacy application to a serverless application on AWS. The legacyapplication consists of a set of web services that are exposed by a Amazon API Gateway API. Adeveloper needs to replace the existing implementation of web services with AWS Lambdafunctions. The developer needs to test new version of the" API that uses the functions in production.The developer must minimize the impact of the testing on the application's users.Which solution will meet these requirements?. Create a beta stage for the new version of the API. Send the updated endpoint to the users. Create a development stage for the new version of the API. Use a canary deployment. Create a development stage for the new version of the API. Promote a canary release. Create a deployment stage. Enable mutual TLS for the new version of the API. A developer is debugging an AWS Lambda function behind an Amazon API Gateway. Whenever theAPI Gateway endpoint is called, HTTP status code 200 is returned even though AWS Lambda isrecording a 4xx error.What change needs to be made to return a proper error code through the API Gateway?. Enable CORS in the API Gateway method settings. Use a Lambda proxy integration to return HTTP codes and headers. Enable API Gateway error pass-through. Return the value in the header X-Amzn-ErrorType. A developer is creating a web application that collects highly regulated and confidential user datathrough a POST request. The web application is served through Amazon CloudFront. User names andphone numbers must be encrypted at the edge and must remain encrypted throughout the entireapplication stack.What is the MOST secure way to meet these requirements?. Enforce Match Viewer with HTTPS Only on CloudFront. Use only the newest TLS security policy on CloudFront. Enforce a signed URL on CloudFront on the front end. Use field-level encryption on CloudFront. A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share anobject with a specific group of people. How can the deveioper securely provide temporary access tothe objects that are stored in the S3 bucket?. Set object retention on the files. Use the AWS software development kit (SDK) to restore theobject before subsequent requests. Provide the bucket's URL. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presignedURL. Set a bucket policy that restricts access after a period of time. Provide the bucket's S3 URL. Configure static web hosting on the S3 bucket. Provide the bucket's web URL. A company has an application that uses Amazon Cognito user pools as an identity provider. Thecompany must secure access to user records. The company I up multi-factor authentication (MFA).The company also wants to send a login activity notification by email every time a user logs in.What is the MOST operationally efficient solution that meets this requirement?. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send theemail notification. Add an Amazon API Gateway to invoke the function. Call the API from the clientside when login confirmation is received. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send theemail notification. Add an Amazon Cognito post authentication Lambda trigger for the function. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send theemail notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the functionbased on the login status. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWSLambda function to process the streamed logs and it send the email notification based on the loginstatus of each user. A company is using AWS Elastic Beanstalk to deploy a three-tier application. The application uses anAmazon RDS DB instance as the database tier. The com wants to decouple the DB instance from theElastic Beanstalk environment.Which combination of steps should a developer take to meet this requirement? (Select TWO.). Create a new Elastic Beanstalk environment that connects to the DB instance. Create a new DB instance from a snapshot of the previous DB instance. Use the Elastic Beanstalk CLI to decouple the DB instance. Use the AWS CLI to decouple the DB instance.E. Modify the current Elastic Beanstalk environment to connect to the DB instance. A developer deployed an application to an Amazon EC2 instance. The application needs to know thepublic IPv4 address of the instance. How can the application find this information?. Query the instance metadata from http://169.254.169.254/latest/meta-data/. Query the instance user data from http://169.254.169.254/latest/user-data/. Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/metadata/ami/. Check the hosts file of the operating system. A company has a serverless application that uses AWS Lambda functions and AWS Systems Managerparameters to store configuration data. The company ...... the Lambda functions inside the VPC and into private subnets. The Lambdafunctions are now producing errors in their attempts to access Systems Manager parameters.Which solution will allow the Lambda functions to access Systems Manager parameters inside theVPC?. Configure security groups to allow access to Systems Manager. Create an interface VPC endpoint for Systems Manager. Use an internet gateway from inside the VPC. Create a gateway VPC endpoint for Systems Manager. A developer is writing an AWS Lambda function. The Lambda function needs to access items that arestored in an Amazon DynamoDB table.What is the MOST secure way to configure this access for the Lambda function?. Create an IAM user that has permissions to access the DynamoDB table. Create an access key forthis user. Store the access key ID and secret ..... key in the Lambda function environment variables. Add a resource-based policy to the DynamoDB table to allow access from the Lambda function'sIAM role. Create an IAM policy that allows access to the DynamoDB table. Attach this policy to the Lambdafunction's 1AM role. Create a DynamoDB Accelerator (DAX) cluster. Configure the Lambda function to use the DAXcluster to access the DynamoDB table. A company that has multiple offices uses an Amazon DynamoDB table to store employee payrollinformation. Item attributes consist of employee names, office identifiers, and cumulative dailyhours worked. The most frequently used query extracts a report of an alphabetical subset ofemployees for a specific office.Which design of the DynamoDB table primary key will have the MINIMUM performance impact?. Partition key on the office identifier and sort key on the employee name. Partition key on the employee name and sort key on the office identifier. Partition key on the employee name. Partition key on the office identifier. A data-processing application includes an AWS Lambda function that processes data in several steps.Recently, the function has been reaching the Lambda tii A developer wants to use AWS X-Ray to findout how long each step is taking so that the developer can determine which step is causing thetimeout.Which combination of actions should the developer take to accomplish this goal? (Select TWO.). Modify the application to call the PutMetricData API operation after each processing step. Includethe time taken in milliseconds. Use the aws lambda update-function-configuration AWS CLI command to enable active tracing onthe Lambda function. Modify the application to record each processing step in an X-Ray subsegment by using the X-Raysoftware development kit (SDK). Add the xray:PutTraceSegments permission and the xray:PutTelemetryRecords permission to theLambda function's execution role.E. Modify the application to put each processing step in a separate Lambda layer. Include all thelayers in the Lambda function. A company has an online order website that uses Amazon DynamoDB to store item inventory. Asample of the inventory object is as follows:A developer needs to reduce all inventory prices by 100 as long as the resulting price would not beless than 500. What should the developer do to make this change with the LEAST number of calls toDynamoDB?. Perform a DynamoDB Query operation with the Id. If the price is >= 600, perform an Updateltemoperation to update the price. Perform a DynamoDB Updateltem operation with a condition expression of "Price >= 600". Perform a DynamoDB Updateltem operation with a condition expression of "ProductCategory IN<{"S": "Sporting Goods"}) and Price = 600". A company is expanding the compatibility of its photo-sharing mobile app to hundreds of additionaldevices with unique screen dimensions and resolutions. Ph are stored in Amazon S3 in their originalformat and resolution. The company uses an Amazon CloudFront distribution to serve the photos.The app includes th dimension and resolution of the display as GET parameters with every request.A developer needs to implement a solution that optimizes the photos that are served to each deviceto reduce load time and increase photo quality.Which solution will meet these requirements MOST cost-effectively?. Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photoswith the required dimensions and resolutions. Cr dynamic CloudFront origin that automaticallymaps the request of each device to the corresponding photo variant. Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photoswith the required dimensions and resolutions. Cre; Lambda@Edge function to route requests tothe corresponding photo variant by using request headers. Create a Lambda@Edge function that optimizes the photos upon request and returns the photosas a response. Change the CloudFront TTL cache policy to the maximum value possible. Create a Lambda@Edge function that optimizes the photos upon request and returns the photosas a response. In the same function, store a copy to processed photos on Amazon S3 for subsequentrequests. A developer at a company recently created a serverless application to process and show data frombusiness reports. The application's user interface (Ul) allow users to select and start processing thefiles. The Ul displays a message when the result is available to view. The application uses AWS StepFunctions with A Lambda functions "to process the files. The developer used Amazon API Gatewayand Lambda functions to create an API to support the Ul.The company's Ul team reports that the request to process a file is often returning timeout errorsbecause of the size or complexity of the files. The Ul team w< API to provide an immediate responseso that the Ul can display a message while the files are being processed. The backend process that isinvoked by the A needs to send an email message when the report processing is complete.What should the developer do to configure the API to meet these requirements?. Change the API Gateway route to add an X-Amz-lnvocation-Type header with a static value of'Event' in the integration request. Deploy the API Gatt stage to apply the changes. Change the configuration of the Lambda function that implements the request to process a file.Configure the maximum age of the event so that the Lambda function will run asynchronously. Change the API Gateway timeout value to match the Lambda function timeout value. Deploy theAPI Gateway stage to apply the changes. Change the API Gateway route to add an X-Amz-Target header with a static value of 'Async' in theintegration request. Deploy the API Gateway stag apply the changes. An application that is running on Amazon EC2 instances stores data in an Amazon S3 bucket. All thedata must be encrypted in transit. How can a developer ensure that all traffic to the S3 bucket isencrypted?. Install certificates on the EC2 instances. Create a private VPC endpoint. Configure the S3 bucket with server-side encryption with AWS KMS managed encryption keys(SSE-KMS). Create an S3 bucket policy that denies traffic when the value for the aws:SecureTransportcondition key is false. A developer needs to use Amazon DynamoDB to store customer orders. The developer's companyrequires all customer data to be encrypted at rest with a ke the company generates.What should the developer do to meet these requirements?. Create the DynamoDB table with encryption set to None. Code the application to use the key todecrypt the data when the application reads from the table. Code the application to use the key toencrypt the data when the application writes to the table. Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS customermanaged key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) ofthe AWS KMS key. Store the key by using AWS Key Management Service (AWS KMS). Create the DynamoDB tablewith default encryption. Include the kms:Encrypt parameter with the Amazon Resource Name (ARN)of the AWS KMS key when using the DynamoDB software development kit (SDK). Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS AWSmanaged key during creation of the DynamoDB table Provide the Amazon Resource Name (ARN) ofthe AWS KMS key. A developer notices timeouts from the AWS CLI when the developer runs list commands. Whatshould the developer do to avoid these timeouts?. Use the -page-size parameter to request a smaller number of items. Use shorthand syntax to separate the list by a single space. Use the yaml-stream output for faster viewing of large datasets. Use quotation marks around strings to enclose data structure. A developer implemented a static website hosted in amazon s3 that makes web service requests inamazon api gateway and aws lambda. The site is showing an error that reads.''No 'access control-allow-origin'header' header is present on the requested resource. Origin 'null istherefore not allowed access ''What should the developer do to resolve this issue?. Enable cross-origin resource sharing (cors) on the s3 bucket. Enable cross-origin resource sharing (cors) for the method in api gateway. Add the access control-request-method header to the request. Add the access-control inquest headers header to the request. |