72. A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation.
Which configuration would allow the Development team to meet these requirements MOST securely? Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services, then associate that instance role with the underlying EC2 instances. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to reference the associated IAM role. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and configure the ECS cluster to reference that group. Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to reference the associated IAM role. 69. A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs.
What action can be taken to allow API customers to invalidate the API Cache? Ask customers to use AWS credentials to call the InvalidateCache API. Ask customers to invoke an AWS API endpoint which invalidates the cache. Ask customers to pass an HTTP header called Cache-Control:max-age=0. Ask customers to add a query string parameter called "INVALIDATE_CACHE" when making an API call. 68. A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS.
Which techniques will work? (Choose two.) Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file. Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file. Deploy a SAM template with an inline Swagger definition. Define a Swagger file. Deploy a SAM template that references the Swagger file. Define an inline Swagger definition in a Lambda function. Invoke the Lambda function. 66. A customer wants to deploy its source code on an AWS Elastic Beanstalk environment. The customer needs to perform deployment with minimal outage and should only use existing instances to retain application access log.
What deployment policy would satisfy these requirements? Rolling All at once Rolling with an additional batch Immutable. 65. A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete.
What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements? Use AWS Step Functions to execute parallel Lambda functions, and join the results. Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results. Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results. Use Amazon CloudWatch Events to orchestrate the Lambda functions. 62. The release process workflow of an application requires a manual approval before the code is deployed into the production environment.
What is the BEST way to achieve this using AWS CodePipeline? Use multiple pipelines to allow approval Use an approval action in a stage Disable the stage transition to allow manual approval Disable a stage just prior the deployment stage. 55. A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available.
Which of the following could create this situation? (Select two.) The traces are reaching X-Ray, but the Developer does not have access to view the records. The X-Ray daemon is not installed on the EC2 instance. The X-Ray endpoint specified in the application configuration is incorrect. The instance role does not have "xray:BatchGetTraces" and "xray:GetTraceGraph" permissions. The instance role does not have "xray:PutTraceSegments" and "xray:PutTelemetryRecords" permissions. 51. A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username "TeamMemberX", the snippet of the IAM policy looks like this: Use IAM policy condition Use IAM policy principal Use IAM policy variables Use IAM policy resource. 48. A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users' game data. How can this be accomplished? Encrypt the game data with individual user keys. Restrict access to specific items based on certain primary key values. Stage data in SQS queues to inject metadata before accessing DynamoDB. Read records from DynamoDB and discard irrelevant data client-side. 39. An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application? Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key. 37. A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries.
What action would minimize the Lambda compute time consumed? Install the dependencies and external libraries at the beginning of the Lambda function. Create a Lambda deployment package that includes the external libraries. Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location. Install the external libraries in Lambda to be available to all Lambda functions. 34. A Developer is writing transactions into a DynamoDB table called "SystemUpdates" that has 5 write capacity units.
Which option has the highest read throughput? Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size. 26. A company wants to migrate its web application to AWS and leverage Auto Scaling to handle pear workloads. The Solutions Architect determined that the best metric for an Auto Scaling event is the number of concurrent users.
Based on this information, what should the Developer use to autoscale based on concurrent users? An Amazon SNS topic to be triggered when a concurrent user threshold is met. An Amazon Cloudwatch Networkin metric. Amazon CloudFront to leverage AWS Edge Locations. A Custom Amazon CloudWatch metric for concurrent users. 22. A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles.
What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Select TWO.) Use the AWS CLI to retrieve the IAM group. Query Amazon EC2 metadata for in-line IAM policies. Request a token from AWS STS, and perform a describe action. Perform a get action using the ""-dry-run argument. Validate the IAM role policy with the IAM policy simulator. 20. A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline.
How can these requirements be met? Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of failure events. Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events. Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure events. Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification of failure events. 18. Given the source code for an AWS Lambda function in the local store.py containing a handler function called get_store and the following AWS
CloudFormation template: Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template. 13. A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3 bucket will server more than 300 GET requests per second.
What should be done to optimize performance? (Select TWO.) Integrate Amazon CloudFront with Amazon S3. Enable Amazon S3 cross-region replication. Delete expired Amazon S3 server log files. Configure Amazon S3 lifecycle rules. Randomize Amazon S3 key name prefixes. 11. A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime? Implement Amazon ElastiCache Redis in Cluster Mode. Install Redis on an Amazon EC2 instance. Implement Amazon ElastiCache Memcached. Migrate the database to Amazon Redshift. 9. A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code: Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use. Increase the size of the RDS database to allow for an increased number of database connections each hour. Move the database connection and close statement out of the handler. Place the connection in the global space. Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.
