A.  

Use a multi-AZ Amazon RDS deployment. Increase the number of connections that the code makes to the database or increase the connection pool size if a connection pool is in use.

B.  

Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access the secondary RDS instance.

C.  

Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

D.  

Use open source replication software to create a copy of the MySQL database on an Amazon EC2 instance. Modify the application code so that queries use the IP address of the EC2 instance.

A.  

Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret

B.  

Store the Root CA Cert as a Secure Sting parameter in aws Systems Manager Parameter Store Create a resource-based policy. Add IAM users to allow access to the policy.

C.  

Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy to allow access to the bucket.

D.  

Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location. Modify the runtime trust store inside the Lambda function handler.

E.  

Refactor the Lambda code to load the Root CA Cert from the Root CA Cert's location. Modify the runtime trust store outside the Lambda function handler.

A.  

Write the files to Amazon S3 Glacier Deep Archive. Add the S3 location of the files to the SQS queue.

B.  

Write the files to Amazon S3 Standard. Add the S3 location of the files to the SQS queue.

C.  

Write the files to an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD volume. Add the EBS location of the files to the SQS queue.

D.  

Write messages that contain the contents of the uploaded files to the SQS queue.

A.  

Store the credentials in AWS Secrets Manager in the primary Region. Enable secret replication to the secondary Region Update the application to use the Amazon Resource Name (ARN) based on the Region.

B.  

Store credentials in AWS Systems Manager Parameter Store in the primary Region. Enable parameter replication to the secondary Region. Update the application to use the Amazon Resource Name (ARN) based on the Region.

C.  

Store credentials in a config file. Upload the config file to an S3 bucket in me primary Region. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region. Update the application to access the config file from the S3 bucket based on the Region.

D.  

Store credentials in a config file. Upload the config file to an Amazon Elastic File System (Amazon EFS) file system. Update the application to use the Amazon EFS file system Regional endpoints to access the config file in the primary and secondary Regions.

A.  

For each item add a new attribute of type String that has a timestamp that is set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are order than 48 hours by using the Balch Write ltem API operation. Schedule a cron job on an Amazon EC2 instance once an hour to start the script.

B.  

For each item add a new attribute of type. String that has a timestamp that its set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are Oder than 48 hours by using the Batch Write item API operating. Place the script in a container image. Schedule an Amazon Elastic Container Service (Amazon ECS) task on AWS Far gate that invokes the container every 5 minutes.

C.  

For each item, add a new attribute of type Date that has a timestamp that is set to 48 hours after the blog post creation time. Create a global secondary index (GSI) that uses the new attribute as a sort key. Create an AWS Lambda function that references the GSI and removes expired items by using the Batch Write item API operation Schedule me function with an Amazon CloudWatch event every minute.

D.  

For each item add a new attribute of type. Number that has timestamp that is set to 48 hours after the blog post. creation time Configure the DynamoDB table with a TTL that references the new attribute.

A.  

Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.

B.  

Update the CloudFormation stack policy to prevent updates to the database.

C.  

Modify the database to use a Multi-AZ deployment.

D.  

Create a CloudFormation stack set for the web application and database deployments.

E.  

Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

A.  

CacheHitCount

B.  

IntegrationLatency

C.  

CacheMissCount

D.  

Latency

E.  

Count

A.  

Use sticky sessions with an Elastic Load Balancer target group.

B.  

Use Amazon SOS to save session data.

C.  

Use Amazon DynamoDB to perform scalable session handling.

D.  

Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

A.  

All at once

B.  

Rolling with additional batch

C.  

Blue/green

D.  

Immutable

A.  

Deploy the API Gateway REST API to all the required AWS accounts. Use the same custom domain name for all the gateway endpoints so that a single SCM webhook can be used for all events from all accounts.

B.  

Deploy the API Gateway REST API to all the receiver AWS accounts. Create as many SCM webhooks as the number of AWS accounts.

C.  

Grant permission to the central AWS account for EventBridge to access the receiver AWS accounts. Add an EventBridge event bus on the receiver AWS accounts as the targets to the existing EventBridge rule.

D.  

Convert the API Gateway type from REST API to HTTP API.

A.  

Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

B.  

Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

C.  

Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

D.  

Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.

A.  

Query

B.  

Scan

C.  

BatchGetltem

D.  

Getltem

A.  

Create an AWS Lambda function that runs in the same VPC as the API application. Configure the function as an EventBridge target. Use the function to send events to the API.

B.  

Create an internet-facing Application Load Balancer (ALB) in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the ALB as an EventBridge target.

C.  

Create an internet-facing Network Load Balancer (NLB) in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the NLB as an EventBridge target.

D.  

Use the application API endpoint in the VPC as a target for EventBridge. Send events directly to the application API endpoint from EventBridge.

A.  

Create an AWS Lambda function to invoke the state machine.

B.  

Create an Amazon EventBridge rule on the default bus that matches on a detail type of CloudFormation stack status change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.

C.  

Create a pipe in Amazon EventBridge Pipes that has a source of the default event bus. Set the Lambda function as a target. Filter on a detail type of CloudFormation stack status change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.

D.  

Create a pipe in Amazon EventBridge Pipes that has a source of the EventBridge rule. Set the state machine as a target.

E.  

Add the state machine as a target of the EventBridge rule.

A.  

AWS Trusted Advisor

B.  

Amazon CloudWatch

C.  

AWS X-Ray

D.  

AWS CloudTrail

A.  

Save the secrets in a text file and store the text file in Amazon S3 Provision a customer managed key Use the key for secret encryption in Amazon S3 Read the contents of the text file and read the export as environment variables Configure S3 Object Lambda to rotate the text file every month

B.  

Save the secrets as strings in AWS Systems Manager Parameter Store and use the default AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 user data script to retrieve the secrets during the startup and export as environment variables Configure an AWS Lambda function to rotate the secrets in Parameter Store every month.

C.  

Save the secrets as base64 encoded environment variables in the application properties. Retrieve the secrets during the application startup. Reference the secrets in the application code. Write a script to rotate the secrets saved as environment variables.

D.  

Store the secrets in AWS Secrets Manager Provision a new customer master key Use the key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 user data script to programmatically retrieve the secrets during the startup and export as environment variables

A.  

Amazon S3 with encrypted files prefixed with “config”

B.  

AWS Secrets Manager secrets with a tag that is named SecretString

C.  

AWS Systems Manager Parameter Store SecureString parameters

D.  

CloudFormation NoEcho parameters

A.  

Rotate the secret by using the alternating-users rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.

B.  

Use the PostgreSQL client to create a new database username and password. Include the new secret values by performing an immediate rotation. Use the AWS CLI to update the RDS database password. Perform an immediate rotation of the Secrets Manager secrets.

C.  

Rotate the secret by using multivalue answer rotation. Update the application with an appropriate retry strategy to handle authentication failures.

D.  

Rotate the secret by using the single-user rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.

A.  

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B.  

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C.  

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D.  

Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

A.  

The DynamoDB table storage size is larger than the provisioned size.

B.  

The application is exceeding capacity on a particular hash key.

C.  

The DynamoDB table is exceeding the provisioned scaling operations.

D.  

The application is exceeding capacity on a particular sort key.

A.  

Enable S3 Transfer Acceleration on the bucket. Use the appropriate endpoint.

B.  

Call the CreateMultipartUpload API in the Lambda functions to upload the files in pieces.

C.  

Implement the retry with a backoff pattern in the Lambda functions.

D.  

Set up an S3 Lifecycle policy to automatically move the media files to the S3 Intelligent-Tiering storage class.

A.  

Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to the Lambda package before deploying the package to Lambda.

B.  

Define the code signing configuration in the Lambda console. Use AWS Signer to digitally sign the Lambda package before deploying the package to Lambda.

C.  

Link Lambda to AWS KMS in the Lambda console. Use AWS KMS to digitally sign the Lambda package before deploying the package to Lambda.

D.  

Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of a trusted key before deploying the package to Lambda.

A.  

Use the AWS:.Region pseudo parameter

B.  

Require the Region as a CloudFormation parameter

C.  

Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic function

D.  

Dynamically import the Region by referencing the relevant parameter in AWS Systems Manager Parameter Store

A.  

Add an --enable-terminal ion-protection command line option to the create-stack command and the update-stack command.

B.  

Add a -disable-roll back command line option to the create-stack command and the update-stack command

C.  

Add a —parameters ParameterKey=P reserve Resources. ParameterVaIue=True command line option to the create-stack command and the update-stack command.

D.  

Add a -tags Key=PreserveResources.VaIue=True command line option to the create-stack command and the update-stack command.

A.  

Create an Amazon Simple Notification Service (Amazon SNS) topic Configure S3 event notifications with a destination of the SNS topic Subscribe the Lambda function to the SNS topic Create an email notification subscription to the SNS topic

B.  

Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure S3 event notifications with a destination of the SNS topic. Subscribe the Lambda function to the SNS topic. Create an Amazon Simple Queue Service (Amazon SQS) queue Subscribe the SQS queue to the SNS topic Create an email notification subscription to the SQS queue.

C.  

Create an Amazon Simple Queue Service (Amazon SQS) queue Configure S3 event notifications with a destination of the SQS queue Subscribe the Lambda function to the SQS queue Create an email notification subscription to the SQS queue.

D.  

Create an Amazon Simple Queue Service (Amazon SQS) queue. Send S3 event notifications to Amazon EventBridge. Create an EventBndge rule that runs the Lambda function when images are uploaded to the S3 bucket Create an EventBridge rule that sends notifications to the SQS queue Create an email notification subscription to the SQS queue

A.  

Encrypt the data by using a symmetric key. Provide the key to the external company.

B.  

Sign the data by using a symmetric key. Provide the key to the external company.

C.  

Sign the data by using the private key of an asymmetric key pair. Provide the public key to the external company.

D.  

Sign the data by using the public key of an asymmetric key pair. Provide the private key to the external company.

A.  

Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.

B.  

Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.

C.  

Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.

D.  

Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

A.  

Modify the application code to perform exponential back off when the error is received.

B.  

Modify the application to use the AWS SDKs for DynamoD

B.  

C.  

Increase the read and write throughput of the DynamoDB table.

D.  

Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.

E.  

Create a second DynamoDB table Distribute the reads and writes between the two tables.

A.  

Configure AWS CloudTrail logging to investigate the invocation failures.

B.  

Configure Dead Letter Queues by sending events to Amazon SQS for investigation.

C.  

Configure Amazon Simple Workflow Service to process any direct unprocessed events.

D.  

Configure AWS Config to process any direct unprocessed events.

A.  

AWS X-Ray

B.  

Amazon CloudWatch

C.  

Amazon VPC flow logs

D.  

Amazon OpenSearch Service

A.  

Build the application by using shell scripts to create .zip files for each Lambda function. Manually upload the .zip files to the AWS Management Console.

B.  

Build the application by using the AWS Serverless Application Model (AWS SAM). Use a continuous integration and continuous delivery (CI/CD) pipeline and the SAM CLI to deploy the Lambda functions.

C.  

Build the application by using shell scripts to create .zip files for each Lambda function. Upload the .zip files. Deploy the .zip files as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.

D.  

Build a container for each Lambda function. Store the container images in AWS CodeArtifact. Deploy the containers as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.

A.  

Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.

B.  

Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.

C.  

Use a cron daemon on the application s host to generate and rotate the password.

D.  

Use an AWS Secrets Manager resource to generate and rotate the password.

A.  

Write data to Amazon ElastiCache

B.  

Write data to Amazon Elastic Block Store

C.  

Write data to Amazon EC2 instance Store

D.  

Wide data to the root filesystem

A.  

Add an AWS Secrets Manager GenerateSecretString resource to the CloudFormation template. Set the value to reference new credentials to the Cloudformation resource.

B.  

Use the AWS SDK ssm PutParameter operation in the Lambda function from the existing, custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set ma parameter type to SecureString.

C.  

Add an AWS Systems Manager Parameter Store resource to the CloudFormation template. Set the CloudFormation resource value to reference the new credentials Set the resource NoEcho attribute to true.

D.  

Use the AWS SDK ssm PutParameter operation in the Lambda function from the existing custom resources to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter NoEcho attribute to true.

A.  

Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group

B.  

Create an IAM role that has permissions to the S3 bucket

C.  

Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

D.  

Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AM group

E.  

Store the credentials of the IAM user in the environment variables on the EC2 instance

A.  

Configure an Amazon SQS queue to contain messages about each step that a Lambda function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue.

B.  

Configure an Amazon SNS topic to contain notifications about each step that a Lambda function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step that each Lambda function must perform.

C.  

Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order.

D.  

Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order.

A.  

Implement retries with exponential backoff.

B.  

Use a PutRecord API instead of PutRecords.

C.  

Reduce the frequency and/or size of the requests.

D.  

Use Amazon SNS instead of Kinesis.

E.  

Reduce the number of KCL consumers.

A.  

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

B.  

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

C.  

On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

D.  

On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

A.  

Log instrumentation output into an Amazon SQS queue.

B.  

Use a visualization tool to view application traces.

C.  

Instrument application code using the AWS SDK.

D.  

Install the X-Ray agent on the application servers.

E.  

Create an Amazon DynamoDB table to store the trace logs.

A.  

Query the instance metadata from http./M69.254.169.254. latestmeta-data/.

B.  

Query the instance user data from http '169 254.169 254. latest/user-data/

C.  

Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/meta-data/ami/.

D.  

Check the hosts file of the operating system

A.  

Check whether the policy that is assigned to the JAM role that is attached to the EC2 instances grants access to Amazon S3.

B.  

Check the S3 bucket policy to validate the access permissions for the S3 bucket.

C.  

Check whether the policy that is assigned to the 1AM user that is attached to the EC2 instances grants access to Amazon S3.

D.  

Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3 bucket.

E.  

Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3.

A.  

The command is incorrect; it should be rewritten to use put-item with a string argument

B.  

The developer needs to log a ticket with AWS Support to enable access to the demoman-table

C.  

Amazon DynamoOB cannot be accessed from the AWS CLI and needs to called via the REST API

D.  

The IAM user needs an associated policy with read access to demoman-table

A.  

Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access me required S3 objects.

B.  

Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects.

C.  

Create a Lambda function execution role Attach a policy to the rote that grants access to specific objects in the S3 bucket.

D.  

Create a secret access key and access key ID with permission to access the S3 bucket Store the key and key ID as environment variables m Lambda. Use the environment variables to access the required S3 objects.

A.  

Amazon S3 managed keys

B.  

Symmetric customer managed keys with key material that is generated by AWS

C.  

Asymmetric customer managed keys with key material that generated by AWS

D.  

Symmetric customer managed keys with imported key material

A.  

Grant the CloudFormation service role the S3 ListBucket and GetObject permissions. Add a bucket policy to Amazon S3 with the principal of "AWS" (account numbers)

B.  

Grant the CloudFormation service row the S3 GetObfect permission. Add a Bucket policy to Amazon S3 with the principal of "'"

C.  

Use a service-based link to grant the Lambda function the S3 ListBucket and GetObject permissions by explicitly adding the S3 bucket's account number in the resource.

D.  

Use a service-based link to grant the Lambda function the S3 GetObject permission Add a resource of "** to allow access to the S3 bucket.

A.  

"Condition": { "ArnLike": { "aws:SourceArn":"urn:aws:states:ap-south-1:111111111111:stateMachine:myStateMachine" } }

B.  

"Condition": { "ArnLike": { "aws:SourceArn":"arn:aws:states:ap-south-1:*:stateMachine:myStateMachine" } }

C.  

"Condition": { "StringEquals": { "aws:SourceAccount": "111111111111" } }

D.  

"Condition": { "StringNotEquals": { "aws:SourceArn":"arn:aws:states:ap-south-1:111111111111:stateMachine:myStateMachine" } }

A.  

Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.

B.  

Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

C.  

Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

D.  

Create a users table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.<

A.  

Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances

B.  

Create an 1AM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances

C.  

Modify the application to use the S3 GeneratePresignedUrl API call

D.  

Modify the application to use the S3 GetObject API call and to return the object handle to the user

E.  

Modify the application to delegate requests to the S3 bucket.

A.  

Ask the customers to use AWS credentials to call the InvalidateCache API operation.

B.  

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to send a request that contains the HTTP header when they make an API call.

C.  

Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API operation.

D.  

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to add the INVALIDATE_CACHE query string parameter when they make an API call.

A.  

Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

B.  

Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

C.  

Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

D.  

Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

A.  

Add a global secondary index (GSI) to the DynamoDB table with customer_type as the partition key and email_address as the sort key Perform a query operation on the GSI by using the begvns_wth key condition expression With the emad_address property

B.  

Add a global secondary index (GSI) to the DynamoDB table With ernail_address as the partition key and customer_type as the sort key Perform a query operation on the GSI by using the begins_wtth key condition expression With the emal_address property.

C.  

Add a local secondary index (LSI) to the DynamoDB table With customer_type as the partition key and email_address as the sort key Perform a query operation on the LSI by using the begins_wlth key condition expression With the email_address property

D.  

Add a local secondary Index (LSI) to the DynamoDB table With job_tltle as the partition key and emad_address as the sort key Perform a query operation on the LSI by using the begins_wrth key condition expression With the email_address property

A.  

"Condition": { "ArnLike": { "aws":"arn:aws:states:ap-south-1:111111111111:stateMachine" } }

B.  

"Condition": { "ArnLike": { "aws":"arn:aws:states:ap-south-1:*:stateMachine" } }

A.  

Enable SSL connections to Kinesis.

B.  

Use Amazon Kinesis Consumer Library.

C.  

Encrypt the data once it is at rest with a Lambda function.

D.  

Enable server-side encryption in Kinesis Data Streams.

A.  

Configure the CloudFormation template to reference the API endpoint in the DefinitionSubstitutions property for the AWS StepFunctions StateMachme resource.

B.  

Configure the CloudFormation template to store the API endpoint in an environment variable for the AWS::StepFunctions::StateMachine resourc Configure the state machine to reference the environment variable

C.  

Configure the CloudFormation template to store the API endpoint in a standard AWS: SecretsManager Secret resource Configure the state machine to reference the resource

D.  

Configure the CloudFormation template to store the API endpoint in a standard AWS::AppConfig;:ConfigurationProfile resource Configure the state machine to referencethe resource.

A.  

Ensure that point-in-time recovery is enabled on the DynamoDB tables.

B.  

Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

C.  

Ensure that DynamoDB streaming is enabled for the tables.

D.  

Ensure that DynamoDB Accelerator (DAX) is enabled.

A.  

Change the application to use an alias that points to the current version. Deploy the new version of the code Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version.

B.  

Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version

C.  

Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN).

D.  

Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias.

A.  

The X-Forwarded-Proto header

B.  

The X-F Forwarded-Host header

C.  

The X-Forwarded-For header

D.  

The X-Forwarded-Port header

A.  

Modify the X-Ray Python agent configuration in each service to increase the sampling rate

B.  

Instrument the application by using the X-Ray SDK for Python. Install the X-Ray SDK for all the services that the application uses

C.  

Enable X-Ray data aggregation in Amazon CloudWatch Logs for all the services that the application uses

D.  

Increase the X-Ray service map timeout value in the X-Ray console

A.  

Add a global secondary index (GSI) to the DynamoDB table with customer-type input, as the partition key and email_address as the sort key. Perform a query operation on the GSI by using the begins with key condition expression with the email_address property.

B.  

Add a global secondary index (GSI) to the DynamoDB table with email_address as the partition key and customer_type as the sort key. Perform a query operation on the GSI by using the begine_with key condition expresses with the email. Address property.

C.  

Add a local secondary index (LSI) to the DynemoOB table with customer_type as the partition Key and email_address as the sort Key. Perform a quick operation on the LSI by using the begine_with Key condition expression with the email-address property.

D.  

Add a local secondary index (LSI) to the DynamoDB table with job-title as the partition key and email_address as the sort key. Perform a query operation on the LSI by using the begins_with key condition expression with the email_address property.

A.  

Add the export LC-_ALL" on _ US, tuft" command to the pre _ build section to ensure POSIX Localization.

B.  

Use Amazon Cognate to store key-value pairs for large numbers of environment variables

C.  

Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables

D.  

Use AWS Systems Manager Parameter Store to store large numbers ot environment variables

A.  

Create an 1AM role that has administrative access to AWS. Attach the role to the EC2 instance.

B.  

Create an 1AM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

C.  

Create an 1AM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

D.  

Create an 1AM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

A.  

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

B.  

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

C.  

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

D.  

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

A.  

Configure S3 Object Lock to update to the latest version of the files every time an S3 object is updated.

B.  

Configure the S3 bucket to clear all old objects from the bucket before new artifacts are uploaded.

C.  

Set CloudFront to invalidate the cache after the artifacts have been deployed to Amazon S3.

D.  

Set CloudFront to modify the distribution origin after the artifacts have been deployed to Amazon S3.

A.  

Increase the page size for each request by setting the Limit parameter to be higher than the default value Configure the application to retry any request that exceeds the provisioned throughput.

B.  

Create a global secondary index (GSI). Set query attribute to be the partition key of the index

C.  

Perform a parallel scan operation by issuing individual scan requests in the parameters specify the segment for the scan requests and the total number of segments for the parallel scan.

D.  

Turn on read capacity auto scaling for the DynamoDB table. Increase the maximum read capacity units (RCUs).

A.  

Use the AWS SAM CLI to package and deploy the SAM application to the pre-production AWS account. Specify the debug parameter.

B.  

Use the AWS SAM CLI to package and create a change set against the pre-production AWS account. Execute the change set in a new AWS account designated for a development environment.

C.  

Use the AWS SAM CLI to package and deploy the SAM application to a new AWS account designated for a development environment.

D.  

Update the CloudFormation stack in the pre-production account. Add a separate stage that points to a new AWS account designated for a development environment.

A.  

Change the CloudFront Viewer protocol policy from "HTTP and HTTPS" to "HTTPS only."

B.  

Add a Lambda function that uses the KMS key to decrypt the data fields before saving the data to the database.

C.  

Enable encryption on the DB cluster by using the same KMS key that is used in CloudFront.

D.  

Request and deploy a new SSL certificate to use with the CloudFront distribution.

A.  

Disable sampling for high-volume read-only requests. Sample at a lower rate for all requests that handle user interactions or transactions.

B.  

Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a higher rate.

C.  

Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a lower rate.

D.  

Disable sampling for high-volume read-only requests. Sample at a higher rate for all requests that handle user interactions or transactions.

A.  

"Condition": {"ForAllValues:StringEquals": {"dynamodb:LeadingKeys": ["${www.amazon.com:user_id} "],"dynamodb:Attributes": ["user_name"]}}

B.  

"Condition": {"ForAllValues:StringEquals": {"dynamodb:LeadingKeys": ["${www.amazon.com:user_name} "],"dynamodb:Attributes": ["user_id"]}}

C.  

"Condition": {"ForAllValues:StringEquals": {"dynamodb:LeadingKeys": ["${www.amazon.com:user_id} "],"dynamodb:Attributes": ["user_name", "user_id"]}}

D.  

"Condition": {"ForAllValues:StringEquals": {"dynamodb:LeadingKeys": ["${www.amazon.com:user_name} "],"dynamodb:Attributes": ["username", "userid"]}}

A.  

Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to standard output.

B.  

Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to a file.

C.  

Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to standard output.

D.  

Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to a file.

A.  

Load the S3 objects into Amazon Redshift by using a COPY command. Implement dynamic data masking. Refactor the analytics service to read from Amazon Redshift.

B.  

Set up an S3 Object Lambda function. Attach the function to an S3 Object Lambda Access Point. Program the function to call a PII redaction API.

C.  

Use AWS KMS to implement encryption in the S3 bucket. Re-upload all the existing S3 objects. Give the kms:Decrypt permission to the analytics service.

D.  

Create an Amazon SNS topic. Implement message data protection. Refactor the analytics service to publish data access requests to the SNS topic.

A.  

Create a separate CloudFormation template for each EC2 instance type in the list.

B.  

In the Resources section of the CloudFormation template, create resources for each EC2 instance type in the list.

C.  

In the CloudFormation template, create a separate parameter for each EC2 instance type in the list.

D.  

In the CloudFormation template, create a parameter with the list of EC2 instance types as AllowedValues.

A.  

Change the capacity mode from provisioned to on-demand.

B.  

Double the number of shards until the throttling errors stop occurring.

C.  

Change the partition key from service name to creation timestamp.

D.  

Use a separate Kinesis stream for each service to generate the logs.

A.  

Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response Document the test scripts for the other developers on the team Update the CI/CD pipeline to run the test scripts.

B.  

Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda Documentation Invoke the handler function by using a unit testing framework. Check the response Document how to run the unit testing framework for the other developers on the team. Update the OCD pipeline to run the unit testing framework.

C.  

Install the AWS Serverless Application Model (AWS SAW) CLI tool Use the Sam local generate-event command to generate sample events for me automated tests. Create automated test scripts that use the Sam local invoke command to invoke the Lambda functions. Check the response Document the test scripts tor the other developers on the team Update the CI/CD pipeline to run the test scripts.

D.  

Create sample events based on the Lambda documentation. Create a Docker container from the Node is base image to invoke the Lambda functions. Check the response Document how to run the Docker container for the more developers on the team update the CI/CD pipeline to run the Docker container.

A.  

Add the function code in the CloudFormation template inline as the code property

B.  

Add the function code in the CloudFormation template as the ZipFile property.

C.  

Find the S3 key for the Lambda function Add the S3 key as the ZipFile property in the CloudFormation template.

D.  

Add the relevant key and bucket to the S3Bucket and S3Key properties in the CloudFormation template

A.  

Create a new API by using the Amplify CLI's amplify import api command. Select REST as the service to use. Add the existing schema to the new API.

B.  

Create a new API in Amazon API Gateway by using the existing schema. Use the Amplify CLI's amplify add api command. Select the API as the application's backend environment.

C.  

Create a new API in AWS AppSync by using the existing schema. Use the Amplify CLI's amplify import api command. Select the API as the application's backend environment.

D.  

Create a new API by using the Amplify CLI's amplify add api command. Select GraphQL as the service to use. Add the existing schema to the new API.

A.  

Create an AWS Lambda function. Use API Gateway proxy integration to return constant HTTP responses.

B.  

Create an Amazon EC2 instance that serves the backend REST API by using an AWS CloudFormation template.

C.  

Customize the API Gateway stage to select a response type based on the request.

D.  

Use a request mapping template to select the mock integration response.

A.  

Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.

B.  

Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table

C.  

Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.

D.  

Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.

A.  

Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:Decrypt permissions to the Lambda function execution roles.

B.  

Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:Decrypt permission to the Lambda function execution roles.

C.  

Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.

D.  

Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.

A.  

Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B.  

Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C.  

Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D.  

Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

A.  

Switch to HTTP APIs in the backend service.

B.  

Switch to REST APIs in the backend service.

C.  

Use the callback URL to disconnect the client from the backend service.

D.  

Add code to track the client status in Amazon ElastiCache in the backend service.

E.  

Implement $connect and $disconnect routes in the backend service.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Store the files in an Amazon S3 bucket Use the S3 Glacier Instant Retrieval storage class Create an S3 Lifecycle policy to transition the files to the S3 Glacier Deep Archive storage class after 1 year

B.  

Store the files in an Amazon S3 bucket. Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Flexible Retrieval storage class after 1 year.

C.  

Store the files on an Amazon Elastic Block Store (Amazon EBS) volume Use Amazon Data Lifecycle Manager (Amazon DLM) to create snapshots of the EBS volumes and to store those snapshots in Amazon S3

D.  

Store the files on an Amazon Elastic File System (Amazon EFS) mount. Configure EFS lifecycle management to transition the files to the EFS Standard-Infrequent Access (Standard-IA) storage class after 1 year.

A.  

Retrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an AWS Lambda function to rotate the credentials.

B.  

Retrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store. Configure Parameter Store for automatic rotation.

C.  

Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret. Configure Secrets Manager for automatic rotation.

D.  

Retrieve the credentials from an environment variable that contains the connection string in plaintext. Configure an Amazon EventBridge event to rotate the credentials.

A.  

Use Amazon ElastiCache for Memcached to offload read requests from the main database.

B.  

Replicate the data to Amazon DynamoD

B.  

C.  

Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance. Offload read requests from the main database to the standby instance.

D.  

Use Amazon ElastiCache for Redis to offload read requests from the main database.

A.  

Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.

B.  

Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch. Integrate AWS CodePipeline to automate deployments from version control code merges.

C.  

Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control. Add an AWS CodeBuild stage to copy source code to Amazon S3.

D.  

Host each website on its own Amazon EC2 instance. Write a custom deployment script to bundle each website's static assets. Copy the assets to Amazon EC2. Set up a workflow to run the script when code is merged.

A.  

Attach an Amazon EBS volume that is larger than 1 GB to the Lambda function. Copy the files from the S3 bucket to the EBS volume.

B.  

Attach an Elastic Network Adapter (ENA) to the Lambda function. Use the ENA to read the video files from the S3 bucket.

C.  

Increase the ephemeral storage size to 2 GB. Copy the files from the S3 bucket to the /tmp directory of the Lambda function.

D.  

Configure the Lambda function code to read the video files directly from the S3 bucket.

A.  

Create an SOS FIFO queue. Enable message deduplication on the SOS FIFO queue.

B.  

Reduce the maximum Lambda concurrency that the SOS queue can invoke.

C.  

Use Lambda's temporary storage to keep track of processed message identifiers.

D.  

Configure a message group ID for every sent message. Enable message deduplication on the SQS standard queue.

A.  

Move the application to a larger EC2 instance.

B.  

Increase the number of read capacity units (RCUs) that are provisioned for the DynamoDB table.

C.  

Reduce the frequency of requests to DynamoDB by implementing exponential backoff.

D.  

Increase the frequency of requests to DynamoDB by decreasing the retry delay.

E.  

Change the capacity mode of the DynamoDB table from provisioned to on-demand.

A.  

Download the AWS X-Ray daemon. Install the daemon on an EC2 instance. Ensure that the EC2 instance allows UDP traffic on port 2000.

B.  

Configure an interface VPC endpoint to allow traffic to reach the global AWS X-Ray daemon on TCP port 2000.

C.  

Enable AWS X-Ray. Configure Amazon CloudWatch to push logs to X-Ray.

D.  

Add the AWS X-Ray software development kit (SDK) to the microservices. Use X-Ray to trace requests that each microservice makes.

E.  

Set up Amazon CloudWatch metric streams to collect streaming data from the microservices.

A.  

Create and store the secrets in AWS KMS. Configure AWS KMS to automatically rotate the secrets every 6 months.

B.  

Create and store the secrets in AWS Certificate Manager (ACM). Choose the appropriate certificate type. Set up the rotation period of the certificate to be every 6 months.

C.  

Create and store the secrets in Amazon EventBridge. Configure a RotateKey event in EventBridge to rotate the secrets every 6 months.

D.  

Create and store the secrets in AWS Secrets Manager. Choose the appropriate secret type. Turn on automatic rotation. Set the rotation schedule to every 6 months.

A.  

Configure the project to run on a CodeBuild reserved capacity fleet.

B.  

Select AWS Lambda as the compute mode for the CodeBuild project.

C.  

Configure the project to run on a CodeBuild on-demand fleet.

D.  

Set up Amazon S3 caching for the CodeBuild project.

A.  

Compress the application to a zip file and upload it into AWS Lambda.

B.  

Test the new AWS Lambda function by first tracing it m AWS X-Ray.

C.  

Bundle the serverless application using a SAM package.

D.  

Create the application environment using the eb create my-env command.

A.  

AWS Batch

B.  

AWS Step Functions

C.  

AWS Glue

D.  

AWS Lambda

A.  

The createDeploymer.t method must be called so the API can be redeployed to include the newly created API key.

B.  

The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key

C.  

The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D.  

The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

A.  

Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function.

B.  

Set up an AWS Direct Connect connection between the Lambda function and the DB instance.

C.  

Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance.

D.  

Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

A.  

Create an AWS KMS customer managed key. Use the KMS Encrypt operation to encrypt the PHI data before storing the PHI data in the database.

B.  

Generate a 256-bit AES encryption key. Store the key in base64-encoded format in the application source code. Use the encryption key to encrypt the PHI data before storing the PHI data in the database.

C.  

Configure the database to use an AWS KMS managed key for encryption.

D.  

Create an AWS KMS customer managed key. Use envelope encryption to encrypt the PHI data. Store the encrypted key in the same database record that stores the PHI data.

A.  

Rewrite the application code to stream application logs to Amazon SNS Configure an SNS topic to send a notification when the number of errors exceeds the defined threshold within a 5-minute period

B.  

Configure a subscription filter on the CloudWatch Logs log group. Configure the filter to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

C.  

Install and configure the Amazon Inspector agent on the EC2 instances to monitor for errors Configure Amazon Inspector to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period

D.  

Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

A.  

The file must be a JSON-formatted file named appspec.json.

B.  

The file must be a YAML-formatted file named appspec.yml.

C.  

The file must be stored in AWS CodeBuild and referenced from the application's source code.

D.  

The file must be placed in the root of the directory structure of the application's source code.

E.  

The file must be stored in Amazon S3 and referenced from the application's source code.

A.  

Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule that has remediation actions to track changes in the application and to roll back any bad configuration changes.

B.  

Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule. Attach a custom AWS Systems Manager document to the rule that automatically rolls back any bad configuration changes.

C.  

Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up an alarm to automatically roll back any bad configuration changes.

D.  

Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up CloudWatch Application Signals to roll back any bad configuration changes.

A.  

Configure an Amazon Cognito identity pool for the application. Use the identity pool identities within the application to manage user permissions.

B.  

Configure the application to check user permissions upon request. Configure the application logic to manage user permissions.

C.  

Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions.

D.  

Set up an IAM role for each user group. Assign users appropriate IAM roles. Configure the application to determine appropriate permissions for each user based on the user's IAM role.

A.  

Define an array that includes the environment variables under the environment parameter within the service definition.

B.  

Define an array that includes the environment variables under the environment parameter within the task definition.

C.  

Define an array that includes the environment variables under the entryPoint parameter within the task definition.

D.  

Define an array that includes the environment variables under the entryPoint parameter within the service definition.

A.  

Add a Host header to the HTTP server log configuration file.

B.  

Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file.

C.  

Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file.

D.  

Add an X-Forwarded-For header to the HTTP server log configuration file.

A.  

Put the sensitive data into a CloudFormation parameter. Encrypt the CloudFormation templates by using an AWS Key Management Service (AWS KMS) key.

B.  

Put the sensitive data into an Amazon S3 bucket Update the CloudFormation templates to download the object from Amazon S3 during bootslrap.

C.  

Put the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter. Update the CloudFormation templates to use dynamic references to specify template values.

D.  

Put the sensitive data into Amazon Elastic File System (Amazon EPS) Enforce EFS encryption after file system creation. Update the CloudFormation templates to retrieve data from Amazon EFS.

A.  

Encode each employee's contact information and photos using Base64. Store the information in an Amazon DynamoDB table using a sort key.

B.  

Store each employee's contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

C.  

Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

D.  

Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).

A.  

Use an identity provider to securely authenticate with the application.

B.  

Create an AWS Lambda function to create an 1AM user when a user accesses the application.

C.  

Create credentials using AWS KMS and apply these credentials to users when using the application.

D.  

Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

A.  

Create a read replica for the DB instance Query the replica DB instance instead of the primary DB instance.

B.  

Migrate the data lo an Amazon DynamoDB database.

C.  

Configure the Amazon Aurora MySQL DB instance tor Multi-AZ deployment.

D.  

Create a proxy in Amazon RDS Proxy Query the proxy instead of the DB instance.

A.  

Retrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an AWS Lambda function to rotate the credentials.

B.  

Retrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store. Configure Parameter Store for automatic rotation.

C.  

Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret. Configure Secrets Manager for automaticrotation.

D.  

Retrieve the credentials from an environment variable that contains the connection string in plaintext. Configure an Amazon EventBridge event to rotate the credentials.

A.  

Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.

B.  

Create and launch a Lambda function in a new public subnet that is in a new VPC named VPC2. Create a peering connection between VPC1 and VPC2.

C.  

Create the Lambda function. Configure VPC1 access for the function. Assign a security group named SG1 to the Lambda function. Assign a second security group named SG2 to the database. Add an inbound rule to SG1 to allow TCP traffic from Port 3306.

D.  

Export the data from the Aurora database to Amazon S3. Create and launch a Lambda function in VPC1. Configure the Lambda function query the data from Amazon S3.

A.  

Create a Lambda environment variable to store the table name. Use the standard method for the programming language to retrieve the variable.

B.  

Store the table name in a file. Store the file in the /tmp folder. Use the SDK for the programming language to retrieve the table name.

C.  

Create a file to store the table name. Zip the file and upload the file to the Lambda layer. Use the SDK for the programming language to retrieve the table name.

D.  

Create a global variable that is outside the handler in the Lambda function to store the table name.

A.  

Use Amazon Kinesis Data Streams to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 300.

B.  

Use Amazon SQS to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 0.

C.  

Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to stream the orders. Use an Amazon EC2 instance to process the orders. Configure an event source mapping for the EC2 instance, and increase the payload size limit to 36 MB.

D.  

Use Amazon DynamoDB Streams to stream the orders. Use an Amazon ECS cluster on AWS Fargate to process the orders. Configure an event source mapping for the cluster, and set the BatchSize setting to 1.

A.  

Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws SourceVpce value in the StringNotEquals condition.

B.  

Create a single S3 bucket policy that has the aws SourceVpc value and in the StingNotEquals condition to use VPC ID.

C.  

Create a single S3 bucket policy that the multiple aws SourceVpce value and in the SringNotEquals condton to use vpce.

D.  

Create a single S3 bucket policy that has multiple aws sourceVpce value in the StingNotEquale condition. Repeat for all the VPC endpoint IDs.

A.  

Perform a Scan operation on the Orders table. Provide a QueryFilter condition to filter to only the items where the OrderSource attribute is equal to the MobileApp value.

B.  

Create a local secondary index (LSI) with OrderSource as the partition key. Perform a Query operation by using MobileApp as the key.

C.  

Create a global secondary index (GSI) with OrderSource as the sort key. Perform a Query operation by using MobileApp as the key.

D.  

Create a global secondary index (GSI) with OrderSource as the partition key. Perform a Query operation by using MobileApp as the key.

A.  

Configure reserved concurrency for the critical Lambda function. Set reserved concurrent executions to the appropriate level.

B.  

Configure provisioned concurrency for the critical Lambda function. Set provisioned concurrent executions to the appropriate level.

C.  

Configure CloudWatch alarms for TooManyRequestsException errors. Add the critical Lambda function as an alarm state change action to invoke the critical function again after a failure.

D.  

Configure CloudWatch alarms for TooManyRequestsException errors. Add Amazon EventBridge as an action for the alarm state change. Use EventBridge to invoke the critical function again after a failure.

A.  

Use the TestState API to invoke only the HTTP Task. Set the inspection level to TRACE.

B.  

Use the TestState API to invoke the state machine. Set the inspection level to DEBUG.

C.  

Use the data flow simulator to invoke only the HTTP Task. View the request and response data.

D.  

Change the log level of the state machine to ALL. Run the state machine.

A.  

Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.

B.  

Configure the application to write all data to an encrypted Amazon S3 bucket.

C.  

Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.

D.  

Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.

A.  

Configure managed rotation with the single user rotation strategy.

B.  

Configure managed rotation with the alternating users rotation strategy.

C.  

Configure automatic rotation with the single user rotation strategy.

D.  

Configure automatic rotation with the alternating users rotation strategy.

A.  

Create an AWS Lambda function to generate findings. Program the Lambda function to send the findings to another S3 bucket in eu-west-2.

B.  

Configure Amazon Made to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.

C.  

Configure Amazon Inspector to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.

D.  

Configure Amazon Macie to generate findings and to publish the findings to AWS CloudTrail. Use a CloudTrail trail to copy the results to eu-west-2.

A.  

Add local secondary indexes (LSis) for the trading data.

B.  

Store the trading data m Amazon S3 and use S3 Transfer Acceleration.

C.  

Add retries with exponential back off for DynamoDB queries.

D.  

Use DynamoDB Accelerator (DAX) to cache the trading data.

A.  

Configure the Redis client to use an exponential backoff retry strategy to establish cache connections.

B.  

Store the scores in the application's memory. Perform bulk set operations on the scores that are stored in memory.

C.  

Configure the Redis client in the application to persist connections to the cluster by implementing a connection pool.

D.  

Deploy more nodes in the ElastiCache cluster. Update the Redis client to discover the new nodes.

A.  

Use the AWS:lnclude transform in CloudFormation to provide the log group's name to the application

B.  

Pass the log group's name to the application in the user data section of the CloudFormation template.

C.  

Use the CloudFormation template's Mappings section to specify the log group's name for the application.

D.  

Pass the log group's Amazon Resource Name (ARN) as an environment variable to the Lambda function

A.  

Increase the cooldown period of the Auto Scaling group from its default value.

B.  

Update the lifecycle hook to wait for the application to install.

C.  

Update the Auto Scaling group’s health check from Amazon EC2 to Elastic Load Balancing (ELB).

D.  

Set the health check grace period for the Auto Scaling group.

A.  

HTTP 401

B.  

HTTP 404

C.  

HTTP 503

D.  

HTTP 505

A.  

Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Create a dynamic CloudFront origin that automatically maps the request of each device to the corresponding photo variant.

B.  

Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Create a Lambda@Edge function to route requests to the corresponding photo vacant by using request headers.

C.  

Create a Lambda@Edge function that optimizes the photos upon request and returns the photos as a response. Change the CloudFront TTL cache policy to the maximum value possible.

D.  

Create a Lambda@Edge function that optimizes the photos upon request and returns the photos as a response. In the same function store a copy of the processed photos on Amazon S3 for subsequent requests.

A.  

Configure DynamoDB Accelerator (DAX) lo query for expired items based on the TTL Save the results to Amazon S3.

B.  

Configure DynamoDB Streams to invoke an AWS Lambda function. Program the Lambda function to process the items and to store the expired items in Amazon S3.

C.  

Deploy a custom application on an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2 instances. Program the custom application to process the items and to store the expired items in Amazon S3.

D.  

Create an Amazon EventBridge rule to invoke an AWS Lambda function. Program the Lambda function to process The items and to store the expired items in Amazon S3.

A.  

Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.

B.  

Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.

C.  

Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.

D.  

Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic-splitting mechanism in the application code.

A.  

Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.

B.  

Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.

C.  

Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.

D.  

Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.

A.  

Implement a TTL strategy for every item that is saved in the cache.

B.  

Implement a write-through strategy for every item that is created and updated.

C.  

Implement a lazy loading strategy for every item that is loaded.

D.  

Implement a read-through strategy for every item that is loaded.