0% found this document useful (0 votes)

54 views132 pages

Module 10 - Examen Test B

The document contains questions and answers from an exam about AWS services. Question B.1 asks about distributing firmware updates worldwide securely and at low cost, with the best option being Amazon S3 signed URLs with CloudFront. Question B.2 asks how to improve Lambda performance when downloading a large file, with caching in S3 being best. Question B.3 asks how to handle throttling errors writing to DynamoDB from thousands of instances, with adding exponential backoff being best.

Uploaded by

Tuan Anh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

54 views132 pages

Module 10 - Examen Test B

Uploaded by

Tuan Anh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 132

Examen Test B

65 QUESTIONS, 130 MINUTES

Question B.1
A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

A. Use Amazon CloudFront with signed URLs for Amazon S3

B. Create a dedicated Amazon CloudFront Distribution for each customer
C. Use Amazon CloudFront with AWS Lambda@Edge
D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2
Question B.1
A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

A. Use Amazon CloudFront with signed URLs for Amazon S3

B. Create a dedicated Amazon CloudFront Distribution for each customer
C. Use Amazon CloudFront with AWS Lambda@Edge
D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3
Question B.2
A company is running an application built on AWS Lambda functions. One Lambda function has
performance issues when it has to download a 50MB file from the Internet in every execution. This
function is called multiple times a second.
What solution would give the BEST performance increase?

A. Cache the file in the /tmp directory

B. Increase the Lambda maximum execution time
C. Put an Elastic Load Balancer in front of the Lambda function
D. Cache the file in Amazon S3

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 4
Question B.2
A company is running an application built on AWS Lambda functions. One Lambda function has
performance issues when it has to download a 50MB file from the Internet in every execution. This
function is called multiple times a second.
What solution would give the BEST performance increase?

A. Cache the file in the /tmp directory

B. Increase the Lambda maximum execution time
C. Put an Elastic Load Balancer in front of the Lambda function
D. Cache the file in Amazon S3

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 5
Question B.3
An application writes items to an Amazon DynamoDB table. As the application scales to thousands of
instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is
coded in a language incompatible with the AWS SDK.
How should the error be handled?

A. Add exponential backoff to the application logic

B. Use Amazon SQS as an API message bus
C. Pass API calls through Amazon API Gateway
D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6
Question B.3
An application writes items to an Amazon DynamoDB table. As the application scales to thousands of
instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is
coded in a language incompatible with the AWS SDK.
How should the error be handled?

A. Add exponential backoff to the application logic

B. Use Amazon SQS as an API message bus
C. Pass API calls through Amazon API Gateway
D. Send the items to DynamoDB through Amazon Kinesis Data Firehose

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 7
Question B.4
An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments
of new application versions, resulting in service degradation for users. The Development team believes
that this is because of the reduction in capacity during the deployment steps. The team would like to
change the deployment policy configuration of the environment to an option that maintains full capacity
during deployment while using the existing instances.
Which deployment policy will meet these requirements while using the existing instances?

A. All at once
B. Rolling
C. Rolling with additional batch
D. Immutable

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
Question B.4
An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments
of new application versions, resulting in service degradation for users. The Development team believes
that this is because of the reduction in capacity during the deployment steps. The team would like to
change the deployment policy configuration of the environment to an option that maintains full capacity
during deployment while using the existing instances.
Which deployment policy will meet these requirements while using the existing instances?

A. All at once
B. Rolling
C. Rolling with additional batch
D. Immutable

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 9
Question B.5
A Developer is working on an application that handles 10MB documents that contain highly-sensitive
data. The application will use AWS KMS to perform client- side encryption.
What steps must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then
reference the customer managed key ARN in the KeyId parameter
B. Invoke the GenerateRandom API to get a data encryption key, then use the data
encryption key to encrypt the data
C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data
encryption key to encrypt the data
D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data
encryption key to encrypt the data

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Question B.5
A Developer is working on an application that handles 10MB documents that contain highly-sensitive
data. The application will use AWS KMS to perform client- side encryption.
What steps must be followed?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11
Question B.6
A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda
function to process requests from clients. During testing, the Developer notices that the API Gateway
times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer
troubleshoot the issue? (Choose TWO.)

A. CacheHitCount
B. IntegrationLatency
C. CacheMissCount
D. Latency
E. Count AD

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
Question B.6
A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda
function to process requests from clients. During testing, the Developer notices that the API Gateway
times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer
troubleshoot the issue? (Choose TWO.)

A. CacheHitCount
B. IntegrationLatency
C. CacheMissCount
D. Latency
E. Count AD

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 13
Question B.7
An AWS Lambda function must access an external site by using a regularly rotated user name and
password. These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose TWO.)

A. AWS Certificate Manager (ACM)

B. AWS Systems Manager Parameter Store
C. AWS Trusted Advisor
D. AWS KMS
E. Amazon GuardDuty

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 14
Question B.7
An AWS Lambda function must access an external site by using a regularly rotated user name and
password. These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose TWO.)

A. AWS Certificate Manager (ACM)

B. AWS Systems Manager Parameter Store
C. AWS Trusted Advisor
D. AWS KMS
E. Amazon GuardDuty

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 15
Question B.8
A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was
updated and needs to be redeployed.
What file does the Developer need to update to push that change through CodeDeploy?

A. dockerrun.aws.json
B. buildspec.yml
C. appspec.yml
D. ebextensions.config

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 16
Question B.8
A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was
updated and needs to be redeployed.
What file does the Developer need to update to push that change through CodeDeploy?

A. dockerrun.aws.json
B. buildspec.yml
C. appspec.yml
D. ebextensions.config

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 17
Question B.9
A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.
Which of the following solutions will accomplish this task? (Choose TWO.)

A. Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint
B. Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key
C. Set up Server-Side Encryption with AWS KMS-Managed Keys
D. Transfer the data over an SSL connection
E. Set up Server-Side Encryption with S3-Managed Keys

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18
Question B.9
A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.
Which of the following solutions will accomplish this task? (Choose TWO.)

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 19
Question B.10
A company is running a Docker application on Amazon ECS. The application must scale based on user
load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?

A. Create a high-resolution custom Amazon CloudWatch metric for user activity

data, then publish data every 30 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity
data, then publish data every 5 seconds
C. Create a standard-resolution custom Amazon CloudWatch metric for user activity
data, then publish data every 30 seconds
D. Create a standard-resolution custom Amazon CloudWatch metric for user activity
data, then publish data every 5 seconds

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20
Question B.10
A company is running a Docker application on Amazon ECS. The application must scale based on user
load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?

A. Create a high-resolution custom Amazon CloudWatch metric for user activity

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 21
Question B.11
A company needs to ingest terabytes of data each hour from thousands of sources that are delivered
almost continually throughout the day. The volume of messages generated varies over the course of the
day. Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

A. Send the messages to an Amazon SQS queue, then process the messages by
using a fleet of Amazon EC2 instances
B. Use the Amazon S3 API to write messages to an S3 bucket, then process the
messages by using Amazon Redshift
C. Use AWS Data Pipeline to automate the movement and transformation of data
D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver
messages

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
Question B.11
A company needs to ingest terabytes of data each hour from thousands of sources that are delivered
almost continually throughout the day. The volume of messages generated varies over the course of the
day. Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 23
Question B.12
A Developer accesses AWS CodeCommit over SSH. The SSH keys
configured to access AWS CodeCommit are tied to a user with the
following permissions. The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the
principle of least privilege?

A. "codecommit:CreateBranch" "codecommit:DeleteBranch"
B. "codecommit:Put*"
C. "codecommit:Update*"
D. "codecommit:*"

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 24
Question B.12
A Developer accesses AWS CodeCommit over SSH. The SSH keys
configured to access AWS CodeCommit are tied to a user with the
following permissions. The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the
principle of least privilege?

A. "codecommit:CreateBranch" "codecommit:DeleteBranch"
B. "codecommit:Put*"
C. "codecommit:Update*"
D. "codecommit:*"

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 25
Question B.13
A Developer has been asked to create an AWS Lambda function that is triggered any time updates are
made to items in an Amazon DynamoDB table. The function has been created, and appropriate
permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been
enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the

DynamoDB table
B. Configure event source mapping for the Lambda function
C. Map an Amazon SNS topic to the DynamoDB streams
D. increase the maximum execution time (timeout) setting of the Lambda function

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 26
Question B.13
A Developer has been asked to create an AWS Lambda function that is triggered any time updates are
made to items in an Amazon DynamoDB table. The function has been created, and appropriate
permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been
enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 27
Question B.14
An application is being developed to audit several AWS accounts. The application will run in Account A
and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?

A. Configure cross-account roles in each audited account. Write code in Account a

that assumes those roles
B. Use S3 cross-region replication to communicate among accounts, with Amazon
S3 event notifications to trigger Lambda functions
C. Deploy an application in each audited account with its own role. Have Account A
authenticate with the application
D. Create an IAM user with an access key in each audited account. Write code in
Account A that uses those access keys

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 28
Question B.14
An application is being developed to audit several AWS accounts. The application will run in Account A
and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?

A. Configure cross-account roles in each audited account. Write code in Account a

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 29
Question B.15
A Developer is building a three-tier web application that should be able to handle a minimum of 5000
requests per minute. Requirements state that the web tier should be completely stateless while the
application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

A. Create an Amazon RDS instance, then implement session handling at the

application level to leverage a database inside the RDS database instance for
session data storage
B. Implement a shared file system solution across the underlying Amazon EC2
instances, then implement session handling at the application level to leverage
the shared file system for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session
handling at the application level to leverage the cluster for session data storage
D. Create an Amazon DynamoDB table, then implement session handling at the
application level to leverage the table for session data storage
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 30
Question B.15
A Developer is building a three-tier web application that should be able to handle a minimum of 5000
requests per minute. Requirements state that the web tier should be completely stateless while the
application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

A. Create an Amazon RDS instance, then implement session handling at the

application level to leverage a database inside the RDS database instance for
session data storage
B. Implement a shared file system solution across the underlying Amazon EC2
instances, then implement session handling at the application level to leverage
the shared file system for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session
handling at the application level to leverage the cluster for session data storage
D. Create an Amazon DynamoDB table, then implement session handling at the
application level to leverage the table for session data storage
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
Question B.16
An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary
table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch
metrics, the Developer notices that write operations to the primary table are throttled frequently under
heavy write activity. However, write capacity units to the primary table are available and not fully
consumed.
Why is the table being throttled?

A. The GSI write capacity units are underprovisioned

B. There are not enough read capacity units on the primary table
C. Amazon DynamoDB Streams is not enabled on the table
D. A large write operation is being performed against another table

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Question B.16
An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary
table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch
metrics, the Developer notices that write operations to the primary table are throttled frequently under
heavy write activity. However, write capacity units to the primary table are available and not fully
consumed.
Why is the table being throttled?

A. The GSI write capacity units are underprovisioned

B. There are not enough read capacity units on the primary table
C. Amazon DynamoDB Streams is not enabled on the table
D. A large write operation is being performed against another table

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 33
Question B.17
A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is
dynamically updated in real time. At any given time, multiple updates may occur simultaneously for
pricing information on a particular product. This is causing the original editor's changes to be overwritten
without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?

A. Concurrent writes
B. Conditional writes
C. Atomic writes
D. Batch writes

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 34
Question B.17
A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is
dynamically updated in real time. At any given time, multiple updates may occur simultaneously for
pricing information on a particular product. This is causing the original editor's changes to be overwritten
without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?

A. Concurrent writes
B. Conditional writes
C. Atomic writes
D. Batch writes

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 35
Question B.18
A company needs a version control system for collaborative software development. Features of the
system must include the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking
Which AWS service will meet these requirements?

A. AWS CodePipeline
B. Amazon S3
C. AWS Code Build
D. AWS CodeCommit

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
Question B.18
A company needs a version control system for collaborative software development. Features of the
system must include the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking
Which AWS service will meet these requirements?

A. AWS CodePipeline
B. Amazon S3
C. AWS Code Build
D. AWS CodeCommit

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 37
Question B.19
A company is using continuous integration and continuous delivery systems. A Developer now needs to
automate a software package deployment to both Amazon EC2 instances and virtual servers running on-
premises.
Which AWS service should be used to accomplish this?

A. AWS CodePipeline
B. AWS CodeBuild
C. AWS Elastic Beanstalk
D. AWS CodeDeploy

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 38
Question B.19
A company is using continuous integration and continuous delivery systems. A Developer now needs to
automate a software package deployment to both Amazon EC2 instances and virtual servers running on-
premises.
Which AWS service should be used to accomplish this?

A. AWS CodePipeline
B. AWS CodeBuild
C. AWS Elastic Beanstalk
D. AWS CodeDeploy

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 39
Question B.20
A Developer created a new AWS account and must create a scalable AWS Lambda function that meets
the following requirements for concurrent execution:
✑ Average execution time of 100 seconds
✑ 50 requests per second
Which step must be taken prior to deployment to prevent errors?

A. Implement dead-letter queues to capture invocation errors

B. Add an event source from Amazon API Gateway to the Lambda function
C. Implement error handling within the application code
D. Contact AWS Support to increase the concurrent execution limits

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 40
Question B.20
A Developer created a new AWS account and must create a scalable AWS Lambda function that meets
the following requirements for concurrent execution:
✑ Average execution time of 100 seconds
✑ 50 requests per second
Which step must be taken prior to deployment to prevent errors?

A. Implement dead-letter queues to capture invocation errors

B. Add an event source from Amazon API Gateway to the Lambda function
C. Implement error handling within the application code
D. Contact AWS Support to increase the concurrent execution limits

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 41
Question B.21
A Development team wants to instrument their code to provide more detailed information to AWS X-Ray
than simple outgoing and incoming requests. This will generate large amounts of data, so the
Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

A. Add annotations to the segment document and the code

B. Add metadata to the segment document and the code
C. Configure the necessary X-Ray environment variables
D. Install required plugins for the appropriate AWS SDK

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 42
Question B.21
A Development team wants to instrument their code to provide more detailed information to AWS X-Ray
than simple outgoing and incoming requests. This will generate large amounts of data, so the
Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

A. Add annotations to the segment document and the code

B. Add metadata to the segment document and the code
C. Configure the necessary X-Ray environment variables
D. Install required plugins for the appropriate AWS SDK

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 43
Question B.22
A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment
from a Classic Load Balancer to an Application Load Balancer.
Which steps should be taken to accomplish the task using the AWS Management Console?

A. 1. Update the application code in the existing deployment. 2. Select a new load balancer
type before running the deployment. 3. Deploy the new version of the application code to
the environment.
B. 1. Create a new environment with the same configurations except for the load balancer
type. 2. Deploy the same application version as used in the original environment. 3. Run
the swap-environment-cnames action.
C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy
the same application version as used in the original environment. 3. Run the swap-
environment-cnames action.
D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated
load balancer type according to the requirements. 3. Rebuild the environment with the
new load balancer type.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 44
Question B.22
A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment
from a Classic Load Balancer to an Application Load Balancer.
Which steps should be taken to accomplish the task using the AWS Management Console?

A. 1. Update the application code in the existing deployment. 2. Select a new load balancer
type before running the deployment. 3. Deploy the new version of the application code to
the environment.
B. 1. Create a new environment with the same configurations except for the load balancer
type. 2. Deploy the same application version as used in the original environment. 3. Run
the swap-environment-cnames action.
C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy
the same application version as used in the original environment. 3. Run the swap-
environment-cnames action.
D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated
load balancer type according to the requirements. 3. Rebuild the environment with the
new load balancer type.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 45
Question B.23
A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a
customer master key (CMK)
B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a
customer master key (CMK) with imported key material
C. Make an GenerateDataKey API call that returns a plaintext key and an encrypted
copy of a data key. Use a plaintext key to encrypt the data
D. Make an GenerateDataKeyWithoutPlaintext API call that returns an encrypted
copy of a data key. Use an encrypted key to encrypt the data

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 46
Question B.23
A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

A Development team would like to migrate their existing application code from a GitHub repository to
AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

A. A GitHub secure authentication token

B. A public and private SSH key file
C. A set of Git credentials generated from IAM
D. An Amazon EC2 IAM role with CodeCommit permissions

A. A GitHub secure authentication token

B. A public and private SSH key file
C. A set of Git credentials generated from IAM
D. An Amazon EC2 IAM role with CodeCommit permissions

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 49
Question B.25
A Developer is writing a REST service that will add items to a shopping list. The service is built on
Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string
parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?

A. Enable request validation

B. Include the Amazon Resource Name (ARN) of the Lambda function
C. Change the integration type
D. Create a mapping template

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 50
Question B.25
A Developer is writing a REST service that will add items to a shopping list. The service is built on
Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string
parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?

A. Enable request validation

B. Include the Amazon Resource Name (ARN) of the Lambda function
C. Change the integration type
D. Create a mapping template

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 51
Question B.26
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams,
Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?

A. Separate the Lambda handler from the core logic

B. Use Amazon CloudWatch Events to send the processed data
C. Publish the processed data to an Amazon SNS topic
D. Push the processed data to Amazon SQS

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 52
Question B.26
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams,
Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?

A. Separate the Lambda handler from the core logic

B. Use Amazon CloudWatch Events to send the processed data
C. Publish the processed data to an Amazon SNS topic
D. Push the processed data to Amazon SQS

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 53
Question B.27
A Developer is storing documents in Amazon S3 that will require encryption at rest. The encryption keys
must be rotated annually, at least.
What is the easiest way to achieve this?

A. Encrypt the data before sending it to Amazon S3

B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 54
Question B.27
A Developer is storing documents in Amazon S3 that will require encryption at rest. The encryption keys
must be rotated annually, at least.
What is the easiest way to achieve this?

A. Encrypt the data before sending it to Amazon S3

B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 55
Question B.28
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration.
The service run different versions for testing purposes.
What would be the BEST way to accomplish this?

A. Use an x-Version header to denote which version is being called and pass that
header to the Lambda function(s)
B. Create an API Gateway Lambda authorizer to route API clients to the correct API
version
C. Create an API Gateway resource policy to isolate versions and provide context to
the Lambda function(s)
D. Deploy the API versions as unique stages with unique endpoints and use stage
variables to provide further context

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 56
Question B.28
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration.
The service run different versions for testing purposes.
What would be the BEST way to accomplish this?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 57
Question B.29
A company wants to implement authentication for its new REST service using Amazon API Gateway. To
authenticate the calls, each request must include HTTP headers with a client ID and user ID. These
credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

A. Implement an AWS Lambda authorizer that references the DynamoDB

authentication table
B. Create a model that requires the credentials, then grant API Gateway access to
the authentication table
C. Modify the integration requests to require the credentials, then grant API
Gateway access to the authentication table
D. Implement an Amazon Cognito authorizer that references the DynamoDB
authentication table
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 58
Question B.29
A company wants to implement authentication for its new REST service using Amazon API Gateway. To
authenticate the calls, each request must include HTTP headers with a client ID and user ID. These
credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

A. Implement an AWS Lambda authorizer that references the DynamoDB

authentication table
B. Create a model that requires the credentials, then grant API Gateway access to
the authentication table
C. Modify the integration requests to require the credentials, then grant API
Gateway access to the authentication table
D. Implement an Amazon Cognito authorizer that references the DynamoDB
authentication table
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Question B.30
An Amazon RDS database instance is used by many applications to look up historical data. The query
rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows
the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write
traffic.
D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
Question B.30
An Amazon RDS database instance is used by many applications to look up historical data. The query
rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows
the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 61
Question B.31
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting
enabled. Currently, when visitors go to http:// www.companyc.com the index.html page is returned.
Company C now would like a new page welcome.html to be returned when a visitor enters http://
www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? (Choose TWO.)

A. Upload an html page named welcome.html to their S3 bucket

B. Create a welcome subfolder in their S3 bucket
C. Set the Index Document property to welcome.html
D. Move the index.html page to a welcome subfolder
E. Set the Error Document property to welcome.html

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 62
Question B.31
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting
enabled. Currently, when visitors go to http:// www.companyc.com the index.html page is returned.
Company C now would like a new page welcome.html to be returned when a visitor enters http://
www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? (Choose TWO.)

A. Upload an html page named welcome.html to their S3 bucket

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63
Question B.32
What type of block cipher does Amazon S3 offer for server-side encryption?

A. Triple DES
B. Advanced Encryption Standard
C. Blowfish
D. RC5

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 64
Question B.32
What type of block cipher does Amazon S3 offer for server-side encryption?

A. Triple DES
B. Advanced Encryption Standard
C. Blowfish
D. RC5

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
Question B.33
If an application is storing hourly log files from thousands of instances from a high traffic web site,
which naming scheme would give optimal performance on S3?

A. Sequential
B. instanceID_log-HH-DD-MM-YYYY
C. instanceID_log-YYYY-MM-DD-HH
D. HH-DD-MM-YYYY-log_instanceID
E. YYYY-MM-DD-HH-log_instanceID

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 66
Question B.33
If an application is storing hourly log files from thousands of instances from a high traffic web site,
which naming scheme would give optimal performance on S3?

A. Sequential
B. instanceID_log-HH-DD-MM-YYYY
C. instanceID_log-YYYY-MM-DD-HH
D. HH-DD-MM-YYYY-log_instanceID
E. YYYY-MM-DD-HH-log_instanceID

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
Question B.34
Which of the following statements about SQS is true?

A. Messages will be delivered exactly once and messages will be delivered in First in,
First out order
B. Messages will be delivered exactly once and message delivery order is
indeterminate
C. Messages will be delivered one or more times and messages will be delivered in
First in, First out order
D. Messages will be delivered one or more times and message delivery order is
indeterminate

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
Question B.34
Which of the following statements about SQS is true?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 69
Question B.35
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via
IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in
users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? (Choose TWO.)
A. The application authenticates against LDAP. The application then calls the IAM Security Service to
login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to
access the appropriate S3 bucket.
B. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the
user. The application then calls the IAM Security Token Service to assume that IAM Role. The
application can use the temporary credentials to access the appropriate S3 bucket.
C. The application authenticates against IAM Security Token Service using the LDAP credentials. The
application uses those temporary AWS security credentials to access the appropriate S3 bucket.
D. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token
Service to get IAM federated user credentials. The application calls the identity broker to get IAM
federated user credentials with access to the appropriate S3 bucket.
E. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM
Role to get temporary AWS security credentials. The application calls the identity broker to get AWS
temporary security credentials with access to the appropriate S3 bucket.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 70
Question B.35
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via
IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in
users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? (Choose TWO.)
A. The application authenticates against LDAP. The application then calls the IAM Security Service to
login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to
access the appropriate S3 bucket.
B. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the
user. The application then calls the IAM Security Token Service to assume that IAM Role. The
application can use the temporary credentials to access the appropriate S3 bucket.
C. The application authenticates against IAM Security Token Service using the LDAP credentials. The
application uses those temporary AWS security credentials to access the appropriate S3 bucket.
D. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token
Service to get IAM federated user credentials. The application calls the identity broker to get IAM
federated user credentials with access to the appropriate S3 bucket.
E. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM
Role to get temporary AWS security credentials. The application calls the identity broker to get AWS
temporary security credentials with access to the appropriate S3 bucket.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 71
Question B.36
Company B provides an online image recognition service and utilizes SQS to decouple system
components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-
to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is
burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

A. Set the imaging queue visibility Timeout attribute to 20 seconds

B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
D. Set the DelaySeconds parameter of a message to 20 seconds

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 72
Question B.36
Company B provides an online image recognition service and utilizes SQS to decouple system
components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-
to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is
burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

A. Set the imaging queue visibility Timeout attribute to 20 seconds

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 73
Question B.37
An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the
region-specific website endpoint?

A. www.myawsbucket.ap-northeast-1.amazonaws.com
B. myawsbucket.s3-website-ap-northeast-1.amazonawscom
C. myawsbucket.amazonaws.com
D. myawsbucket.tokyo.amazonaws.com

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
Question B.37
An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the
region-specific website endpoint?

A. www.myawsbucket.ap-northeast-1.amazonaws.com
B. myawsbucket.s3-website-ap-northeast-1.amazonawscom
C. myawsbucket.amazonaws.com
D. myawsbucket.tokyo.amazonaws.com

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 75
Question B.38
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are
analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API
calls.
Given these requirements, what is the most efficient way to manage these Items after the analysis?

A. Retain the items in a single table

B. Delete items individually over a 24-hour period
C. Delete the table and create a new table per hour
D. Create a new table per hour

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 76
Question B.38
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are
analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API
calls.
Given these requirements, what is the most efficient way to manage these Items after the analysis?

A. Retain the items in a single table

B. Delete items individually over a 24-hour period
C. Delete the table and create a new table per hour
D. Create a new table per hour

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 77
Question B.39
You have written an application that uses the Elastic Load Balancing service to spread traffic to several
web servers. Your users complain that they are sometimes forced to login again in the middle of using
your application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?

A. Use instance memory to save session state.

B. Use instance storage to save session state.
C. Use EBS to save session state
D. Use ElastiCache to save session state.
E. Use Glacier to save session slate.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 78
Question B.39
You have written an application that uses the Elastic Load Balancing service to spread traffic to several
web servers. Your users complain that they are sometimes forced to login again in the middle of using
your application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?

A. Use instance memory to save session state.

B. Use instance storage to save session state.
C. Use EBS to save session state
D. Use ElastiCache to save session state.
E. Use Glacier to save session slate.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 79
Question B.40
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some
point you find out that other sites have been linking to the photos on your site, causing loss to your
business.
What is an effective method to mitigate this?

A. Store photos on an EBS volume of the web server

B. Remove public read access and use signed URLs with expiry dates.
C. Use CloudFront distributions for static content.
D. Block the IPs of the offending websites in Security Groups.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 80
Question B.40
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some
point you find out that other sites have been linking to the photos on your site, causing loss to your
business.
What is an effective method to mitigate this?

A. Store photos on an EBS volume of the web server

B. Remove public read access and use signed URLs with expiry dates.
C. Use CloudFront distributions for static content.
D. Block the IPs of the offending websites in Security Groups.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 81
Question B.41
Which statements about DynamoDB are true? (Choose TWO.)

A. DynamoDB uses a pessimistic locking model

B. DynamoDB uses optimistic concurrency control
C. DynamoDB uses conditional writes for consistency
D. DynamoDB restricts item access during reads
E. DynamoDB restricts item access during writes

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 82
Question B.41
Which statements about DynamoDB are true? (Choose TWO.)

A. DynamoDB uses a pessimistic locking model

B. DynamoDB uses optimistic concurrency control
C. DynamoDB uses conditional writes for consistency
D. DynamoDB restricts item access during reads
E. DynamoDB restricts item access during writes

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 83
Question B.42
You are providing AWS consulting services for a company developing a new mobile application that will
be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification
messages to individual devices each device registration identifier or token needs to be registered with
SNS; however the developers are not sure of the best way to do this.
You advise them to:

A. Bulk upload the device tokens contained in a CSV file via the AWS Management
Console.
B. Let the push notification service (e.g. Amazon Device Messaging) handle the
registration.
C. Implement a token vending service to handle the registration.
D. Call the CreatePlatformEndPoint API function to register multiple device tokens.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 84
Question B.42
You are providing AWS consulting services for a company developing a new mobile application that will
be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification
messages to individual devices each device registration identifier or token needs to be registered with
SNS; however the developers are not sure of the best way to do this.
You advise them to:

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 85
Question B.43
You are writing to a DynamoDB table and receive the following exception:"
ProvisionedThroughputExceededException". though according to your CloudWatch metrics for the table,
you are not exceeding your provisioned throughput.
What could be an explanation for this?

A. You haven't provisioned enough DynamoDB storage instances

B. You're exceeding your capacity on a particular Range Key
C. You're exceeding your capacity on a particular Hash Key
D. You're exceeding your capacity on a particular Sort Key
E. You haven't configured DynamoDB Auto Scaling triggers

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 86
Question B.43
You are writing to a DynamoDB table and receive the following exception:"
ProvisionedThroughputExceededException". though according to your CloudWatch metrics for the table,
you are not exceeding your provisioned throughput.
What could be an explanation for this?

A. You haven't provisioned enough DynamoDB storage instances

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 87
Question B.44
Which of the following services are included at no additional cost with the use of the AWS platform?
(Choose TWO.)

A. Simple Storage Service

B. Elastic Compute Cloud
C. Auto Scaling
D. Elastic Load Balancing
E. CloudFormation
F. Simple Workflow Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
Question B.44
Which of the following services are included at no additional cost with the use of the AWS platform?
(Choose TWO.)

A. Simple Storage Service

B. Elastic Compute Cloud
C. Auto Scaling
D. Elastic Load Balancing
E. CloudFormation
F. Simple Workflow Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
Question B.45
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a "Your proposed
upload exceeds the maximum allowed object size." error message.
What is a possible solution for this?

A. None, Simple Storage Service objects are limited to 5 GB

B. Use the multi-part upload API for this object
C. Use the large object upload API for this object
D. Contact support to increase your object size limit
E. Upload to a different region

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 90
Question B.45
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a "Your proposed
upload exceeds the maximum allowed object size." error message.
What is a possible solution for this?

A. None, Simple Storage Service objects are limited to 5 GB

B. Use the multi-part upload API for this object
C. Use the large object upload API for this object
D. Contact support to increase your object size limit
E. Upload to a different region

A. Auto scaling groups

B. Route 53 hosted zones
C. Elastic Load Balancers
D. RDS Instances
E. Elastic IP addresses
F. SQS Queues

A. Auto scaling groups

B. Route 53 hosted zones
C. Elastic Load Balancers
D. RDS Instances
E. Elastic IP addresses
F. SQS Queues

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 93
Question B.47
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their
existing Facebook account and the game will record player data and scoring information directly to a
DynamoDB table.
What is the most secure approach for signing requests to the DynamoDB API?

A. Create an IAM user with access credentials that are distributed with the mobile
app to sign the requests
B. Distribute the AWS root account access credentials with the mobile app to sign
the requests
C. Request temporary security credentials using web identity federation to sign the
requests
D. Establish cross account access between the mobile app and the DynamoDB table
to sign the requests

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 94
Question B.47
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their
existing Facebook account and the game will record player data and scoring information directly to a
DynamoDB table.
What is the most secure approach for signing requests to the DynamoDB API?

A. Perl
B. PHP
C. Pascal
D. Java
E. SQL

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 97
Question B.49
A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute
and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes
are evenly distributed over time.
How much write throughput is required for the target table?

A. 1 write capacity unit

B. 10 write capacity units
C. 60 write capacity units
D. 600 write capacity units
E. 3600 write capacity units

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 98
Question B.49
A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute
and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes
are evenly distributed over time.
How much write throughput is required for the target table?

A. 1 write capacity unit

B. 10 write capacity units
C. 60 write capacity units
D. 600 write capacity units
E. 3600 write capacity units

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 99
Question B.50
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client
request sent to the service?

A. 5xx HTTP response code

B. 200 HTTP response code
C. 300 HTTP response code
D. 4xx HTTP response code

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 100
Question B.50
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client
request sent to the service?

A. 5xx HTTP response code

B. 200 HTTP response code
C. 300 HTTP response code
D. 4xx HTTP response code

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 101
Question B.51
Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product"
DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size
to display in the online store. Due to customer demand, they want to include an image for each bicycle
along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

A. Serialize the image and store it in multiple DynamoDB tables

B. Create an "Images" DynamoDB table to store the Image with a foreign key
constraint to the "Product" table
C. Add an image data type to the "Product" table to store the images in binary
format
D. Store the images in Amazon S3 and add an S3 URL pointer to the "Product" table
item for each image
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 102
Question B.51
Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product"
DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size
to display in the online store. Due to customer demand, they want to include an image for each bicycle
along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

A. Serialize the image and store it in multiple DynamoDB tables

A. The number of hash keys per account

B. The maximum storage used per account
C. The number of tables per account
D. The number of local secondary indexes per account
E. The number of provisioned throughput units per account

A. The number of hash keys per account

B. The maximum storage used per account
C. The number of tables per account
D. The number of local secondary indexes per account
E. The number of provisioned throughput units per account

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 105
Question B.53
When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process
below will result in successful processing of the message and remove it from the queue while minimizing
the chances of duplicate processing?

A. Retrieve the message with an increased visibility timeout, process the message,
delete the message from the queue
B. Retrieve the message with an increased visibility timeout, delete the message
from the queue, process the message
C. Retrieve the message with increased DelaySeconds, process the message, delete
the message from the queue
D. Retrieve the message with increased DelaySeconds, delete the message from the
queue, process the message

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 106
Question B.53
When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process
below will result in successful processing of the message and remove it from the queue while minimizing
the chances of duplicate processing?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 107
Question B.54
Company A has an S3 bucket containing premier content that they intend to make available to only paid
subscribers of their website. The S3 bucket currently has default permissions of all objects being private
to prevent inadvertent exposure of the premier content to non-paying website visitors.
How can Company A provide only paid subscribers the ability to download a premier content file in the
S3 bucket?

A. Apply a bucket policy that grants anonymous users to download the content from
the S3 bucket
B. Generate a pre-signed object URL for the premier content file when a paid
subscriber requests a download
C. Add a bucket policy that requires Multi-Factor Authentication for requests to
access the S3 bucket objects
D. Enable server-side encryption on the S3 bucket for data protection against the
non-paying website visitors
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 108
Question B.54
Company A has an S3 bucket containing premier content that they intend to make available to only paid
subscribers of their website. The S3 bucket currently has default permissions of all objects being private
to prevent inadvertent exposure of the premier content to non-paying website visitors.
How can Company A provide only paid subscribers the ability to download a premier content file in the
S3 bucket?

A. User ID, where the application has many different users.

B. Status Code where most status codes are the same
C. Device ID, where one is by far more popular than all the others.
D. Game Type, where there are three possible game types

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 110
Question B.55
Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput
efficiency?

A. User ID, where the application has many different users.

B. Status Code where most status codes are the same
C. Device ID, where one is by far more popular than all the others.
D. Game Type, where there are three possible game types

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 111
Question B.56
An application stores payroll information nightly in DynamoDB for a large number of employees across
hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily
hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items
in this office for names starting with A through E".
Which table configuration will result in the lowest impact on provisioned throughput for this query?

A. Configure the table to have a hash index on the name attribute, and a range
index on the office identifier
B. Configure the table to have a range index on the name attribute, and a hash
index on the office identifier
C. Configure a hash index on the name attribute and no range index
D. Configure a hash index on the office Identifier attribute and no range index

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 112
Question B.56
An application stores payroll information nightly in DynamoDB for a large number of employees across
hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily
hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items
in this office for names starting with A through E".
Which table configuration will result in the lowest impact on provisioned throughput for this query?

A. Virtual Private Cloud requires EBS backed instances

B. Amazon EBS-backed instances can be stopped and restarted
C. Auto scaling requires using Amazon EBS-backed instances.
D. Instance-store backed instances can be stopped and restarted.

A. Virtual Private Cloud requires EBS backed instances

B. Amazon EBS-backed instances can be stopped and restarted
C. Auto scaling requires using Amazon EBS-backed instances.
D. Instance-store backed instances can be stopped and restarted.

A. Attach the volume to an instance using EC2's SSL interface.

B. Write the data randomly instead of sequentially.
C. Use an encrypted file system on top of the EBS volume.
D. Encrypt the volume using the S3 server-side encryption service.
E. Create an IAM policy that restricts read and write access to the volume.

A. Attach the volume to an instance using EC2's SSL interface.

A. ap-northeast-1
B. us-west-2
C. us-east-1
D. eu-west-1
E. us-central-1

A. HTTP
B. UDP
C. SMS
D. DynamoDB
E. Named Pipes

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 121
Question B.61
How is provisioned throughput affected by the chosen consistency model when reading data from a
DynamoDB table?

A. Strongly consistent reads use the same amount of throughput as eventually

consistent reads
B. Strongly consistent reads use more throughput than eventually consistent reads
C. Strongly consistent reads use less throughput than eventually consistent reads
D. Strongly consistent reads use variable throughput depending on read activity

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 122
Question B.61
How is provisioned throughput affected by the chosen consistency model when reading data from a
DynamoDB table?

A. Strongly consistent reads use the same amount of throughput as eventually

A. TopicAm
B. Subject
C. Destination
D. Format
E. Message
F. Language

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 125
Question B.63
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is
running on?

A. Query the appropriate Amazon CloudWatch metric.

B. Use ipconfig or ifconfig command.
C. Query the local instance userdata.
D. Query the local instance metadata.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 126
Question B.63
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is
running on?

A. Query the appropriate Amazon CloudWatch metric.

B. Use ipconfig or ifconfig command.
C. Query the local instance userdata.
D. Query the local instance metadata.

EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

A. be used to launch EC2 Instances in any AWS region.

B. only be used to launch EC2 instances in the same country as the AMI is stored.
C. only be used to launch EC2 instances in the same AWS region as the AMI is
stored.
D. only be used to launch EC2 instances in the same AWS availability zone as the
AMI is stored

EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

A. be used to launch EC2 Instances in any AWS region.

Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

A. DescribeInstances
B. DescribeAMls
C. DescribeImages
D. GetAMls
E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs

Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

A. DescribeInstances
B. DescribeAMls
C. DescribeImages
D. GetAMls
E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs

PassLeader - aws.SAA C03.Dumps.196.Q&as
100% (1)
PassLeader - aws.SAA C03.Dumps.196.Q&as
94 pages
Aws Certified Developer Associate Dva c02
No ratings yet
Aws Certified Developer Associate Dva c02
209 pages
AWS DA With Answers
No ratings yet
AWS DA With Answers
161 pages
AWS Solution Architect Certification Exam Practice Paper 2019
From Everand
AWS Solution Architect Certification Exam Practice Paper 2019
Tech Interviews
3.5/5 (3)
Interpretation of Geophysical Logs Coal.
No ratings yet
Interpretation of Geophysical Logs Coal.
16 pages
Geneaid - GSYNC DNA Extraction Kit - Protocol
100% (1)
Geneaid - GSYNC DNA Extraction Kit - Protocol
16 pages
Jonathan Bennett Events and Their Names
No ratings yet
Jonathan Bennett Events and Their Names
239 pages
Module 12 - Examen Test D
No ratings yet
Module 12 - Examen Test D
132 pages
AWS Developer Associate MCQ
No ratings yet
AWS Developer Associate MCQ
5 pages
Certified Developer Associate Quiz
No ratings yet
Certified Developer Associate Quiz
12 pages
Amazon Premium DVA-C02 65q-DEMO
No ratings yet
Amazon Premium DVA-C02 65q-DEMO
28 pages
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
From Everand
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
Exam OG
No ratings yet
AWS Certified Developer Associate (DVA-C01) Practice Test
From Everand
AWS Certified Developer Associate (DVA-C01) Practice Test
iCertify Training
No ratings yet
SAP C02 AWS Certified Solutions Architect Professional Updated Questions PDF
No ratings yet
SAP C02 AWS Certified Solutions Architect Professional Updated Questions PDF
33 pages
Module 11 - Examen Test C
No ratings yet
Module 11 - Examen Test C
132 pages
Qb2 Latest Merged
No ratings yet
Qb2 Latest Merged
507 pages
Dva-C02 8
No ratings yet
Dva-C02 8
24 pages
AWS Certified Developer Associate - Sample Questions
No ratings yet
AWS Certified Developer Associate - Sample Questions
5 pages
Aws Developer Merged
No ratings yet
Aws Developer Merged
715 pages
Aws Certified Developer Associate PDF
No ratings yet
Aws Certified Developer Associate PDF
7 pages
SAP C02 Exam Dumps
No ratings yet
SAP C02 Exam Dumps
16 pages
Amazon Dva c02 Certscare Actual Questions by Sampson 29 01 2024 9qa
No ratings yet
Amazon Dva c02 Certscare Actual Questions by Sampson 29 01 2024 9qa
13 pages
AWS DevOps Engineer Professional DOP C01 Demo
No ratings yet
AWS DevOps Engineer Professional DOP C01 Demo
12 pages
AWS Developer Associate Test01
No ratings yet
AWS Developer Associate Test01
8 pages
AWS Certified Developer-Associate Sample Questions v2.0 FINAL
No ratings yet
AWS Certified Developer-Associate Sample Questions v2.0 FINAL
5 pages
Aws Solutions Architect Professional
No ratings yet
Aws Solutions Architect Professional
10 pages
Dva-C02 7
No ratings yet
Dva-C02 7
18 pages
Questions Devops
No ratings yet
Questions Devops
7 pages
Aws Saa c03 Part 5
No ratings yet
Aws Saa c03 Part 5
100 pages
SAA C03 Demo - Ans
No ratings yet
SAA C03 Demo - Ans
13 pages
AWS SAA C03 121-160 Hung
No ratings yet
AWS SAA C03 121-160 Hung
24 pages
File Viewer
No ratings yet
File Viewer
7 pages
AWS Certified Solutions Architect Associate Exam Insights : Q&A with Explanations
From Everand
AWS Certified Solutions Architect Associate Exam Insights : Q&A with Explanations
SUJAN
No ratings yet
Unlock Success With SAP-C02 Practice Tests - 20 - Discount Offer Inside! - PDF Room
No ratings yet
Unlock Success With SAP-C02 Practice Tests - 20 - Discount Offer Inside! - PDF Room
6 pages
SAP Adf
No ratings yet
SAP Adf
2 pages
AWS Cloud Practitioner Study Guide & Practice Tests
From Everand
AWS Cloud Practitioner Study Guide & Practice Tests
SUJAN
No ratings yet
AWS Cloud Practitioner Exam Success Kit
From Everand
AWS Cloud Practitioner Exam Success Kit
SUJAN
No ratings yet
Braindumpscollection Dva c02 Aws Certified Developer Associate Verified Questions Answers by Gamble 15 04 2024 6qa
No ratings yet
Braindumpscollection Dva c02 Aws Certified Developer Associate Verified Questions Answers by Gamble 15 04 2024 6qa
9 pages
Amazon - Pre.SAA-C03.30q - DEMO: Number: AWS SAA-C03 Passing Score: 800 Time Limit: 120 Min
No ratings yet
Amazon - Pre.SAA-C03.30q - DEMO: Number: AWS SAA-C03 Passing Score: 800 Time Limit: 120 Min
11 pages
AWS Certified Advanced Networking - Specialty ANS-C01 Exam Preparation
From Everand
AWS Certified Advanced Networking - Specialty ANS-C01 Exam Preparation
Georgio Daccache
No ratings yet
Amazon: Questions & Answers
No ratings yet
Amazon: Questions & Answers
279 pages
SAP-C02 Dumps (2024)
No ratings yet
SAP-C02 Dumps (2024)
7 pages
AWS Solutions Associate
No ratings yet
AWS Solutions Associate
7 pages
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
From Everand
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
SUJAN
No ratings yet
Sap Real 1
No ratings yet
Sap Real 1
2 pages
AWS DevOps Engineer Professional DOP C01 Demo
No ratings yet
AWS DevOps Engineer Professional DOP C01 Demo
12 pages
Ee PDF 2020-Mar-30 by Rodney 138q Vce
No ratings yet
Ee PDF 2020-Mar-30 by Rodney 138q Vce
8 pages
Amazonwebservices Pass4sure Sap-C01 Exam Question 2020-Jan-06 by Burgess 175q Vce
No ratings yet
Amazonwebservices Pass4sure Sap-C01 Exam Question 2020-Jan-06 by Burgess 175q Vce
8 pages
PT 1 - Results
No ratings yet
PT 1 - Results
80 pages
AWS PartnerCast - SAA Study Hall - 20210702
No ratings yet
AWS PartnerCast - SAA Study Hall - 20210702
37 pages
Domain Wise
No ratings yet
Domain Wise
32 pages
Dva C02
No ratings yet
Dva C02
10 pages
AWS - Certified Developer - Associate DVA-C02 - Lat45
No ratings yet
AWS - Certified Developer - Associate DVA-C02 - Lat45
45 pages
AWS Certified DevOps Engineer Professional - Sample Questions
No ratings yet
AWS Certified DevOps Engineer Professional - Sample Questions
9 pages
Amazon Dva c02 Dumps by Wilkerson 09 08 2024 9qa Certsinside
No ratings yet
Amazon Dva c02 Dumps by Wilkerson 09 08 2024 9qa Certsinside
12 pages
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
vivian njoroge
No ratings yet
Aws Saa c03 Part 6
No ratings yet
Aws Saa c03 Part 6
7 pages
SAP-C02 en
No ratings yet
SAP-C02 en
228 pages
AWS Network Engineer
No ratings yet
AWS Network Engineer
62 pages
AWS Practice Exam 2
No ratings yet
AWS Practice Exam 2
15 pages
AWS Associate Architect Part 2
No ratings yet
AWS Associate Architect Part 2
100 pages
Dva C01
No ratings yet
Dva C01
9 pages
SAA-C03 M Khóa
No ratings yet
SAA-C03 M Khóa
500 pages
Hydrocracking Technology
100% (1)
Hydrocracking Technology
12 pages
Complex Knowledgebase in Prolog
No ratings yet
Complex Knowledgebase in Prolog
28 pages
Nigerian Communications Commission Grant Presentation
No ratings yet
Nigerian Communications Commission Grant Presentation
69 pages
Module 9,10 & 11 - Bosh
No ratings yet
Module 9,10 & 11 - Bosh
8 pages
Soeg RT m18 Ps K GB
No ratings yet
Soeg RT m18 Ps K GB
5 pages
1516-Advanced Paper-2 Set-A PDF
No ratings yet
1516-Advanced Paper-2 Set-A PDF
21 pages
ENCOR - Chapter - 1 - Packet Forwarding
No ratings yet
ENCOR - Chapter - 1 - Packet Forwarding
57 pages
Objective: SQL Server 6.5
No ratings yet
Objective: SQL Server 6.5
24 pages
National Masonry VIC Brochure MDG Book 1 Structural Fire Acoustic v24
No ratings yet
National Masonry VIC Brochure MDG Book 1 Structural Fire Acoustic v24
38 pages
Head First Object-Oriented Analysis and Design A Brain Friendly Guide To OOA&D
100% (5)
Head First Object-Oriented Analysis and Design A Brain Friendly Guide To OOA&D
603 pages
Nmrws2: H O That Are Aldehydes
No ratings yet
Nmrws2: H O That Are Aldehydes
4 pages
Repeatability & Reproducibility of Determination of Nitrogen Content of Fishmeal by Combustion Dumas & Comparison With Kjeldahl
No ratings yet
Repeatability & Reproducibility of Determination of Nitrogen Content of Fishmeal by Combustion Dumas & Comparison With Kjeldahl
15 pages
Mechanisms of Degradation of The Hybrid Layer in Adhesive Dentistry and Therapeutic Agents To Improve Bond Durability 2016
No ratings yet
Mechanisms of Degradation of The Hybrid Layer in Adhesive Dentistry and Therapeutic Agents To Improve Bond Durability 2016
13 pages
2017 H2 Prelim (Maclaurin and Binomial Series)
No ratings yet
2017 H2 Prelim (Maclaurin and Binomial Series)
12 pages
I-V Curves Report - Template
No ratings yet
I-V Curves Report - Template
8 pages
Test2 QP VE Resit2
No ratings yet
Test2 QP VE Resit2
3 pages
DSPDF Formulae
No ratings yet
DSPDF Formulae
3 pages
Hi Ac 8011 Liquid Particle Counting System Manual
No ratings yet
Hi Ac 8011 Liquid Particle Counting System Manual
36 pages
JAROL Assumes The Promotion of Energy-Saving Technology As Its Own Task! 1. PREFACE NOTICE
50% (2)
JAROL Assumes The Promotion of Energy-Saving Technology As Its Own Task! 1. PREFACE NOTICE
182 pages
Avionics
100% (1)
Avionics
43 pages
Operations Research: Dr. Sarat K Jena
No ratings yet
Operations Research: Dr. Sarat K Jena
98 pages
Spinach 1
No ratings yet
Spinach 1
7 pages
Automated Learning of Interpretable Models With Quantified Uncertainty
No ratings yet
Automated Learning of Interpretable Models With Quantified Uncertainty
18 pages
Bbs For MNB@64+016
No ratings yet
Bbs For MNB@64+016
2 pages
CGL Tier-1 Mock - p12
No ratings yet
CGL Tier-1 Mock - p12
1 page
HTML Tags
No ratings yet
HTML Tags
14 pages
241 Galley
No ratings yet
241 Galley
7 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Module 10 - Examen Test B

Uploaded by

Module 10 - Examen Test B

Uploaded by

Examen Test B

65 QUESTIONS, 130 MINUTES

A. Use Amazon CloudFront with signed URLs for Amazon S3

A. Use Amazon CloudFront with signed URLs for Amazon S3

A. Cache the file in the /tmp directory

A. Cache the file in the /tmp directory

A. Add exponential backoff to the application logic

A. Add exponential backoff to the application logic

A. AWS Certificate Manager (ACM)

A. AWS Certificate Manager (ACM)

A. Create a high-resolution custom Amazon CloudWatch metric for user activity

A. Create a high-resolution custom Amazon CloudWatch metric for user activity

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the

A. Configure cross-account roles in each audited account. Write code in Account a

A. Configure cross-account roles in each audited account. Write code in Account a

A. Create an Amazon RDS instance, then implement session handling at the

A. Create an Amazon RDS instance, then implement session handling at the

A. The GSI write capacity units are underprovisioned

A. The GSI write capacity units are underprovisioned

A. Implement dead-letter queues to capture invocation errors

A. Implement dead-letter queues to capture invocation errors

A. Add annotations to the segment document and the code

A. Add annotations to the segment document and the code

A. A GitHub secure authentication token

A. A GitHub secure authentication token

A. Enable request validation

A. Enable request validation

A. Separate the Lambda handler from the core logic

A. Separate the Lambda handler from the core logic

A. Encrypt the data before sending it to Amazon S3

A. Encrypt the data before sending it to Amazon S3

A. Implement an AWS Lambda authorizer that references the DynamoDB

A. Implement an AWS Lambda authorizer that references the DynamoDB

A. Upload an html page named welcome.html to their S3 bucket

A. Upload an html page named welcome.html to their S3 bucket

A. Set the imaging queue visibility Timeout attribute to 20 seconds

A. Set the imaging queue visibility Timeout attribute to 20 seconds

A. Retain the items in a single table

A. Retain the items in a single table

A. Use instance memory to save session state.

A. Use instance memory to save session state.

A. Store photos on an EBS volume of the web server

A. Store photos on an EBS volume of the web server

A. DynamoDB uses a pessimistic locking model

A. DynamoDB uses a pessimistic locking model

A. You haven't provisioned enough DynamoDB storage instances

A. You haven't provisioned enough DynamoDB storage instances

A. Simple Storage Service

A. Simple Storage Service

A. None, Simple Storage Service objects are limited to 5 GB

A. None, Simple Storage Service objects are limited to 5 GB

A. Auto scaling groups

A. Auto scaling groups

A. 1 write capacity unit

A. 1 write capacity unit

A. 5xx HTTP response code

A. 5xx HTTP response code

A. Serialize the image and store it in multiple DynamoDB tables

A. Serialize the image and store it in multiple DynamoDB tables

A. The number of hash keys per account

A. The number of hash keys per account

A. User ID, where the application has many different users.

A. User ID, where the application has many different users.

A. Virtual Private Cloud requires EBS backed instances

A. Virtual Private Cloud requires EBS backed instances

A. Attach the volume to an instance using EC2's SSL interface.

A. Attach the volume to an instance using EC2's SSL interface.

A. Strongly consistent reads use the same amount of throughput as eventually

A. Strongly consistent reads use the same amount of throughput as eventually

A. Query the appropriate Amazon CloudWatch metric.

A. Query the appropriate Amazon CloudWatch metric.

A. be used to launch EC2 Instances in any AWS region.

A. be used to launch EC2 Instances in any AWS region.

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.