Select the correct answers for each question, including multiple-choice options when applicable, and click Submit to view your results. The quiz calculates your score and percentage, highlighting any incorrect questions to help you identify areas for improvement.

Click on the Answer button for the correct answer and its explanation.

If this practice exam has been helpful to you please share it with others and react to this below.

Practice Exam 3

  1. A developer is using AWS CodeDeploy to deploy an application running on Amazon EC2. The developer wants to change the file permissions for a specific deployment file. Which lifecycle event should a developer use to meet this requirement?

    • A. AfterInstall.
    • B. DownloadBundle.
    • C. BeforeInstall.
    • D. ValidateService.
    Answer

    Correct Answer: A

  2. A developer is using Amazon DynamoDB to store application data. The developer wants to further improve application performance by reducing response times for read and write operations. Which DynamoDB feature should be used to meet these requirements?

    • A. Amazon DynamoDB Streams.
    • B. Amazon DynamoDB Accelerator.
    • C. Amazon DynamoDB global tables.
    • D. Amazon DynamoDB transactions.
    Answer

    Correct Answer: B

  3. A developer is creating a script to automate the deployment process for a serverless application. The developer wants to use an existing AWS Serverless Application Model (AWS SAM) template for the application. What should the developer use for the project? (Choose TWO)

    • A. Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward.
    • B. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward.
    • C. Call aws s3 cp to upload the AWS SAM template to Amazon S3. Call aws lambda update-function-code to create the application.
    • D. Create a ZIP package locally and call aws serverlessrepo create-application to create the application.
    • E. Create a ZIP package and upload it to Amazon S3. Call aws cloudformation create-stack to create the application.
    Answer

    Correct Answer: AB

  4. A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose TWO)

    • A. Use Amazon Cognito to create a user pool and create users in the user pool.
    • B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.
    • C. Enable multi-factor authentication for the Amazon Cognito user pool.
    • D. Use AWS IAM to create IAM users.
    • E. Enable multi-factor authentication for the users created in AWS IAM.
    Answer

    Correct Answer: AC

  5. Two containerized microservices are hosted on Amazon EC2 ECS. The first microservice reads an Amazon RDS Aurora database instance, and the second microservice reads an Amazon DynamoDB table. How can each microservice be granted the minimum privileges?

    • A. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS agent configuration file. Run the first microservice with an IAM role for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only access to DynamoDB.
    • B. Set ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB.
    • C. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Run the first microservice with an IAM role for ECS tasks with read-only access for the Aurora database. Run the secondmicroservice with an IAM role for ECS tasks with read-only access to DynamoDB.
    • D. Set ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB.
    Answer

    Correct Answer: C

  6. A developer has written an AWS Lambda function using Java as the runtime environment. The developer wants to isolate a performance bottleneck in the code. Which steps should be taken to reveal the bottleneck?

    • A. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the CloudWatch console to analyze the resulting data.
    • B. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the Amazon CloudWatch console to analyze the resulting data.
    • C. Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the X-Ray console to analyze the resulting data.
    • D. Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the AWS X-Ray console to analyze the resulting data.
    Answer

    Correct Answer: C

  7. A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS. After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch, the developer found that on average one message per minute is posted on this queue. What can be done to reduce Amazon SQS costs for this application?

    • A. Increase the Amazon SQS queue polling timeout.
    • B. Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
    • C. Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue.
    • D. Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
    Answer

    Correct Answer: A

  8. A developer is building an application using an Amazon API Gateway REST API backend by an AWS Lambda function that interacts with an Amazon DynamoDB table. During testing, the developer observes high latency when making requests to the API. How can the developer evaluate the end-to-end latency and identify performance bottlenecks?

    • A. Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck.
    • B. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests.
    • C. Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs.
    • D. Enable VPC Flow Logs to capture and analyze network traffic within the VPC.
    Answer

    Correct Answer: B

  9. An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access. Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

    • A. The EC2 instance will only be able to list the S3 buckets.
    • B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
    • C. The EC2 instance will be able to perform all actions on any S3 bucket.
    • D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.
    Answer

    Correct Answer: D

  10. A development team uses AWS Elastic Beanstalk for application deployment. The team has configured the application version lifecycle policy to limit the number of application versions to 25. However, even with the lifecycle policy, the source bundle is deleted from the Amazon S3 source bucket. What should a developer do in the Elastic Beanstalk application version lifecycle settings to retain the source code in the S3 bucket?

    • A. Change the Set the application versions limit by total count setting to zero.
    • B. Disable the Lifecycle policy setting.
    • C. Change the Set the application version limit by age setting to zero.
    • D. Set Retention to Retain source bundle in S3.
    Answer

    Correct Answer: D

  11. A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing. What could be causing this issue?

    • A. The cache is not being invalidated when the price of the item is changed.
    • B. The price of the item is being retrieved using a write-through ElastiCache cluster.
    • C. The DynamoDB table was provisioned with insufficient read capacity.
    • D. The DynamoDB table was provisioned with insufficient write capacity.
    Answer

    Correct Answer: A

  12. A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository. What needs to be configured before cloning this repository?

    • A. Use AWS KMS to set up public and private keys for use with AWS CodeCommit.
    • B. Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories.
    • C. Use AWS Certificate Manager to provision public and private SSL/TLS certificates.
    • D. Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommit.
    Answer

    Correct Answer: B

  13. What is required to trace Lambda-based applications with AWS X-Ray?

    • A. Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray.
    • B. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray.
    • C. Use an IAM execution role to give the Lambda function permissions and enable tracing.
    • D. Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace.
    Answer

    Correct Answer: C

  14. A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group. The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB. Which AWS IAM changes are needed when creating an instance role to provide this functionality?

    • A. Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and iam:PassRole permissions for the role.
    • B. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
    • C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
    • D. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole permission for the role.
    Answer

    Correct Answer: B

  15. A developer converted an existing program to an AWS Lambda function in the console. The program runs properly on a local laptop, but shows an Unable to import module error when tested in the Lambda console. Which of the following can fix the error?

    • A. Install the missing module and specify the current directory as the target. Create a ZIP file to include all files under the current directory, and upload the ZIP file.
    • B. Install the missing module in a lib directory. Create a ZIP file to include all files under the lib directory, and upload the ZIP file as dependency file.
    • C. In the Lambda code, invoke a Linux command to install the missing modules under the /usr/lib directory.
    • D. In the Lambda console, create a LB_LIBRARY_PATH environment and specify the value for the system library plan.
    Answer

    Correct Answer: A

  16. A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript. How would the developer securely call the API without exposing the access or secret keys?

    • A. Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.
    • B. Run the web application in an Amazon EC2 instance with the instance profile configured.
    • C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.
    • D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.
    Answer

    Correct Answer: A

  17. A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical copies of the infrastructure, stage changes, and revert to previous versions. Which approach addresses these requirements?

    • A. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure.
    • B. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure.
    • C. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure.
    • D. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.
    Answer

    Correct Answer: D

  18. A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize. How should the environment variables be passed to the container?

    • A. Define an array that includes the environment variables under the environment parameter within the service definition.
    • B. Define an array that includes the environment variables under the environment parameter within the task definition.
    • C. Define an array that includes the environment variables under the entryPoint parameter within the task definition.
    • D. Define an array that includes the environment variables under the entryPoint parameter within the service definition.
    Answer

    Correct Answer: B

  19. A company’s fleet of Amazon EC2 instances receives data from millions of users through an API. The servers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensure high access rates. The object attributes are Customer ID, Server ID, TS-Server (TimeStamp and Server ID), the size of the object, and a timestamp. A Developer wants to find all the objects for a given user collected during a specified time range. After creating an S3 object created event, how can the Developer achieve this requirement?

    • A. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.
    • B. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.
    • C. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.
    • D. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.
    Answer

    Correct Answer: C

  20. A company is managing a NoSQL database on-premises to host a critical component of an application, which is starting to have scaling issues. The company wants to migrate the application to Amazon DynamoDB with the following considerations: Optimize frequent queries. Reduce read latencies. Plan for frequent queries on certain key attributes of the table. Which solution would help achieve these objectives?

    • A. Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes.
    • B. Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table.
    • C. Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table.
    • D. Create an AWS Auto Scaling policy for the DynamoDB table.
    Answer

    Correct Answer: A

  21. A developer is writing an application that will process data delivered into an Amazon S3 bucket. The data is delivered approximately 10 times a day, and the developer expects the data will be processed in less than 1 minute, on average. How can the developer deploy and invoke the application with the lowest cost and lowest latency?

    • A. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload.
    • B. Deploy the application as an AWS Lambda function and invoke it with an S3 event notification.
    • C. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event.
    • D. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects.
    Answer

    Correct Answer: B

  22. A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test account users only. What is the MOST secure way to restrict API access to users of this particular AWS account?

    • A. Client-side SSL certificates for authentication.
    • B. API Gateway resource policies.
    • C. Cross-origin resource sharing (CORS).
    • D. Usage plans.
    Answer

    Correct Answer: B

  23. A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services. Which solution should the Developer use to host MongoDB in AWS?

    • A. Install MongoDB on the same instance where the application is running.
    • B. Deploy Amazon DocumentDB in MongoDB compatibility mode.
    • C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB.
    • D. Replicate the existing MongoDB workload to Amazon DynamoDB.
    Answer

    Correct Answer: B

  24. A company requires that AWS Lambda functions written by Developers log errors so System Administrators can more effectively troubleshoot issues. What should the Developers implement to meet this need?

    • A. Publish errors to a dedicated Amazon SQS queue.
    • B. Create an Amazon CloudWatch Events event trigger based on certain Lambda events.
    • C. Report errors through logging statements in Lambda function code.
    • D. Set up an Amazon SNS topic that sends logging statements upon failure.
    Answer

    Correct Answer: C

  25. A Developer is writing an application that runs on Amazon EC2 instances in an Auto Scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent. How can the Developer accomplish this?

    • A. Set ConsistentRead to true when calling GetItem.
    • B. Create a new DynamoDB Accelerator (DAX) table.
    • C. Set Consistency to strong when calling UpdateTable.
    • D. Use the GetShardIterator command.
    Answer

    Correct Answer: A

  26. A Developer has an application that must accept a large amount of incoming data streams and process the data before sending it to many downstream users. Which serverless solution should the Developer use to meet these requirements?

    • A. Amazon RDS MySQL stored procedure with AWS Lambda.
    • B. AWS Direct Connect with AWS Lambda.
    • C. Amazon Kinesis Data Streams with AWS Lambda.
    • D. Amazon EC2 bash script with AWS Lambda.
    Answer

    Correct Answer: C

  27. An application is experiencing performance issues based on increased demand. This increased demand is on read-only historical records pulled from an Amazon RDS-hosted database with custom views and queries. A Developer must improve performance without changing the database structure. Which approach will improve performance and MINIMIZE management overhead?

    • A. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB.
    • B. Deploy Amazon ElastiCache for Redis and cache the data for the application.
    • C. Deploy Memcached on Amazon EC2 and cache the data for the application.
    • D. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance.
    Answer

    Correct Answer: B

  28. A Developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following: Average item size: 10 KB. Item reads each second: 10 strongly consistent. Item writes each second: 2 transactional. Which read and write capacity cost-effectively meets these requirements?

    • A. Read 10; write 2.
    • B. Read 30; write 40.
    • C. Use on-demand scaling.
    • D. Read 300; write 400.
    Answer

    Correct Answer: B

  29. A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities. Which approach would provide the BEST user experience?

    • A. Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster.
    • B. Create a session table in Amazon Redshift and save the session data in the database table.
    • C. Enable session stickiness in the existing Network Load Balancer and manage the session data in the container.
    • D. Use an Amazon S3 bucket as data store and save the session data in the bucket.
    Answer

    Correct Answer: A

  30. An application is using a single-node Amazon ElastiCache for Redis instance to improve read performance. Over time, demand for the application has increased exponentially, which has increased the load on the ElastiCache instance. It is critical that this cache layer handles the load and is resilient in case of node failures. What can the Developer do to address the load and resiliency requirements?

    • A. Add a read replica instance.
    • B. Migrate to a Memcached cluster.
    • C. Migrate to an Amazon Elasticsearch Service cluster.
    • D. Vertically scale the ElastiCache instance.
    Answer

    Correct Answer: A

  31. A Developer is investigating an application’s performance issues. The application consists of hundreds of microservices, and a single API call can potentially have a deep call stack. The Developer must isolate the component that is causing the issue. Which AWS service or feature should the Developer use to gather information about what is happening and isolate the fault?

    • A. AWS X-Ray.
    • B. VPC Flow Logs.
    • C. Amazon GuardDuty.
    • D. Amazon Macie.
    Answer

    Correct Answer: A

  32. A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing. How should the Developer incorporate unit tests as part of CI/CD pipelines?

    • A. Create a separate CodePipeline pipeline to run unit tests.
    • B. Update the AWS CodeBuild specification to include a phase for running unit tests.
    • C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.
    • D. Create a testing branch in AWS CodeCommit to run unit tests.
    Answer

    Correct Answer: B

  33. An application has the following requirements: Performance efficiency of seconds with up to a minute of latency. The data storage size may grow up to thousands of terabytes. Per-message sizes may vary between 100 KB and 100 MB. Data can be stored as key/value stores supporting eventual consistency. What is the MOST cost-effective AWS service to meet these requirements?

    • A. Amazon DynamoDB.
    • B. Amazon S3.
    • C. Amazon RDS (with a MySQL engine).
    • D. Amazon ElastiCache.
    Answer

    Correct Answer: A

  34. A Developer must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket. How should the Developer meet these requirements?

    • A. Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.
    • B. Create a new identity pool, enable access to unauthenticated identities, and grant access to AWS resources.
    • C. Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources.
    • D. Create a new user pool, disable authentication access, and grant access to AWS resources.
    Answer

    Correct Answer: B

  35. A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking. Which AWS service should the Developer use?

    • A. AWS CodeBuild.
    • B. Amazon S3.
    • C. AWS CodeCommit.
    • D. AWS Cloud9.
    Answer

    Correct Answer: C

  36. A Developer has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind. The application is capable of processing multiple messages in one execution, but is only receiving one message at a time. What should the Developer do to increase the number of messages the application receives?

    • A. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
    • B. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1.
    • C. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.
    • D. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
    Answer

    Correct Answer: C

  37. A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB. Why is the Lambda function not being invoked?

    • A. A Lambda function cannot be registered as a target for an ALB.
    • B. A Lambda function can be registered with an ALB using AWS Management Console only.
    • C. The permissions to invoke the Lambda function are missing.
    • D. Cross-zone is not enabled on the ALB.
    Answer

    Correct Answer: C

  38. A company provides APIs as a service and commits to a service level agreement (SLA) with all its users. To comply with each SLA, what should the company do?

    • A. Enable throttling limits for each method in Amazon API Gateway.
    • B. Create a usage plan for each user and request API keys to access the APIs.
    • C. Enable API rate limiting in Amazon Cognito for each user.
    • D. Enable default throttling limits for each stage after deploying the APIs.
    Answer

    Correct Answer: B

  39. A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template. How can the application stack refer to the VPC created from the infrastructure template?

    • A. Use the Ref function to import the VPC into the application stack from the infrastructure template.
    • B. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.
    • C. Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template.
    • D. Use the Fn::GetAtt function to include the attribute of the VPC in the application template.
    Answer

    Correct Answer: B

  40. A Developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication. It must also allow access to AWS services, such as Amazon DynamoDB. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

    • A. AWS AppSync.
    • B. Amazon Cognito identity pools.
    • C. Amazon Cognito user pools.
    • D. Amazon Lambda@Edge.
    Answer

    Correct Answer: B

  41. A Developer is trying to monitor an application’s status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console. What is causing this issue?

    • A. Sending custom metrics using the CLI is not supported.
    • B. The Developer needs to use the put-metric-data command.
    • C. The Developer must use a unified CloudWatch agent to publish custom metrics.
    • D. The code is not running on an Amazon EC2 instance.
    Answer

    Correct Answer: B

  42. A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time. Which approach should the Developer use to achieve this goal?

    • A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.
    • B. Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.
    • C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.
    • D. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.
    Answer

    Correct Answer: C

  43. A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production. How can the Development team add a manual approver to the CI/CD pipeline?

    • A. Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.
    • B. If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy approved commits without interruption.
    • C. Add an approval step to CodeCommit. Commits will not be saved until approved.
    • D. Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.
    Answer

    Correct Answer: D

  44. A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method. What needs to be defined to meet this requirement? (Choose TWO)

    • A. A Lambda@Edge function.
    • B. An Amazon API Gateway with a Lambda function.
    • C. An exposed GET method in an Amazon API Gateway.
    • D. An exposed GET method in the Lambda function.
    • E. An exposed GET method in Amazon Route 53.
    Answer

    Correct Answer: BC

  45. A Developer is writing an application in AWS Lambda. To simplify testing and deployments, the Developer needs the database connection string to be easily changed without modifying the Lambda code. How can this requirement be met?

    • A. Store the connection string as a secret in AWS Secrets Manager.
    • B. Store the connection string in an IAM user account.
    • C. Store the connection string in AWS KMS.
    • D. Store the connection string as a Lambda layer.
    Answer

    Correct Answer: A

  46. A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1,000 transactions per second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes. What is the MOST cost-effective solution?

    • A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days.
    • B. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.
    • C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.
    • D. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
    Answer

    Correct Answer: D

  47. A Developer decides to store highly secure data in Amazon S3 and wants to implement server-side encryption (SSE) with granular control of who can access the master key. Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons. Which solution should be used to meet these requirements?

    • A. SSE with Amazon S3 managed keys (SSE-S3).
    • B. SSE with AWS KMS managed keys (SSE-KMS).
    • C. SSE with AWS Secrets Manager.
    • D. SSE with customer-provided encryption keys.
    Answer

    Correct Answer: B

  48. A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto Scaling group. Which approach will meet these requirements?

    • A. Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.
    • B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.
    • C. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).
    • D. Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.
    Answer

    Correct Answer: B

  49. A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway and AWS Lambda. The site is showing an error that reads: No Access-Control-Allow-Origin header is present on the requested resource. Origin null is therefore not allowed access.’ What should the Developer do to resolve this issue?

    • A. Enable cross-origin resource sharing (CORS) on the S3 bucket.
    • B. Enable cross-origin resource sharing (CORS) for the method in API Gateway.
    • C. Add the Access-Control-Request-Method header to the request.
    • D. Add the Access-Control-Request-Headers header to the request.
    Answer

    Correct Answer: B

  50. A Developer is building an application that needs to store data in Amazon S3. Management requires that the data be encrypted before it is sent to Amazon S3 for storage. The encryption keys need to be managed by the Security team. Which approach should the Developer take to meet these requirements?

    • A. Implement server-side encryption using customer-provided encryption keys (SSE-C).
    • B. Implement server-side encryption by using a client-side master key.
    • C. Implement client-side encryption using an AWS KMS managed customer master key (CMK).
    • D. Implement client-side encryption using Amazon S3 managed keys.
    Answer

    Correct Answer: C

  51. A Developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error messages. Which steps should the Developer take to resolve the error? (Choose TWO)

    • A. Use Auto Scaling to scale the stream for better performance.
    • B. Increase the delay between the GetRecords call and the PutRecords call.
    • C. Increase the number of shards in the data stream.
    • D. Specify a shard iterator using the ShardIterator parameter.
    • E. Implement exponential backoff on the GetRecords call and the PutRecords call.
    Answer

    Correct Answer: CE

  52. A Developer is publishing critical log data to a log group in Amazon CloudWatch Logs, which was created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key (CMK) so future data can be encrypted to comply with the company’s security policy. How can the Developer meet this requirement?

    • A. Use the CloudWatch Logs console and enable the encrypt feature on the log group.
    • B. Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN).
    • C. Use the KMS console and associate the CMK with the log group.
    • D. Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)
    Answer

    Correct Answer: D

  53. A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table. What is the MOST secure approach the Developer should take to accomplish this task?

    • A. Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.
    • B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.
    • C. Run all code with only AWS account root user access keys to ensure maximum access to services.
    • D. Use an IAM role with Administrator access applied to the EC2 instance.
    Answer

    Correct Answer: B

  54. A Developer migrated a web application to AWS. As part of the migration, the Developer implemented an automated continuous integration/continuous improvement (CI/CD) process using a blue/green deployment. The deployment provisions new Amazon EC2 instances in an Auto Scaling group behind a new Application Load Balancer. After the migration was completed, the Developer began receiving complaints from users getting booted out of the system. The system also requires users to log in after every new deployment. How can these issues be resolved?

    • A. Use rolling updates instead of a blue/green deployment.
    • B. Externalize the user sessions to Amazon ElastiCache.
    • C. Turn on sticky sessions in the Application Load Balancer.
    • D. Use multicast to replicate session information.
    Answer

    Correct Answer: B

  55. A Developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket. Which set of steps would be necessary to achieve this?

    • A. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insert the records into DynamoDB.
    • B. Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB.
    • C. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.
    • D. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.
    Answer

    Correct Answer: B

  56. A company has implemented AWS CodeDeploy as part of its cloud native CI/CD stack. The company enables automatic rollbacks while deploying a new version of a popular web application from in-place to Amazon EC2. What occurs if the deployment of the new version fails due to code regression?

    • A. The last known good deployment is automatically restored using the snapshot stored in Amazon S3.
    • B. CodeDeploy switches the Amazon Route 53 alias records back to the known good green deployment and terminates the failed blue deployment.
    • C. A new deployment of the last known version of the application is deployed with a new deployment ID.
    • D. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production.
    Answer

    Correct Answer: C

  57. A Developer uses Amazon S3 buckets for static website hosting. The Developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error. How should the Developer solve this issue?

    • A. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access.
    • B. Edit the bucket policy of the assets bucket to allow access from the code bucket.
    • C. Edit the bucket policy of the assets bucket to open access to all principals.
    • D. Change the code bucket to use AWS Lambda functions instead of static website hosting.
    Answer

    Correct Answer: B

  58. A company has implemented AWS CodePipeline to automate its release pipelines. The Development team is writing an AWS Lambda function what will send notifications for state changes of each of the actions in the stages. Which steps must be taken to associate the Lambda function with the event source?

    • A. Create a trigger that invokes the Lambda function from the Lambda console by selecting CodePipeline as the event source.
    • B. Create an event trigger and specify the Lambda function from the CodePipeline console.
    • C. Create an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function.
    • D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.
    Answer

    Correct Answer: B

  59. A Developer has built an application running on AWS Lambda using AWS Serverless Application Model (AWS SAM). What is the correct order of execution to successfully deploy the application?

    • A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS.
    • B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3.
    • C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use.
    • D. 1. Build the SAM template locally. 2. Package the SAM template from AWS CodeCommit. 3. Deploy the SAM template to CodeCommit.
    Answer

    Correct Answer: B

  60. A company wants to migrate an imaging service to Amazon EC2 while following security best practices. The images are sourced and read from a non-public Amazon S3 bucket. What should a Developer do to meet these requirements?

    • A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the Amazon EBS volume of the EC2 instance.
    • B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2 instance.
    • C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
    • D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
    Answer

    Correct Answer: C

  61. A Development team wants to immediately build and deploy an application whenever there is a change to the source code. Which approaches could be used to trigger the deployment? (Choose TWO)

    • A. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start whenever a file in the bucket changes.
    • B. Store the source code in an encrypted Amazon EBS volume. Configure AWS CodePipeline to start whenever a file in the volume changes.
    • C. Store the source code in an AWS CodeCommit repository. Configure AWS CodePipeline to start whenever a change is committed to the repository.
    • D. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to start every 15 minutes.
    • E. Store the source code in an Amazon EC2 instance’s ephemeral storage. Configure the instance to start AWS CodePipeline whenever there are changes to the source code.
    Answer

    Correct Answer: AC

  62. An application ingests a large number of small messages and stores them in a database. The application uses AWS Lambda. A Development team is making changes to the application’s processing logic. In testing, it is taking more than 15 minutes to process each message. The team is concerned the current backend may time out. Which changes should be made to the backend system to ensure each message is processed in the MOST scalable way?

    • A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the queue and process messages as they arrive.
    • B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the messages as they arrive.
    • C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increased processing time.
    • D. Change the application to directly insert the body of the message into an Amazon RDS database.
    Answer

    Correct Answer: B

  63. A Software Engineer developed an AWS Lambda function in Node.js to do some CPU-intensive data processing. With the default settings, the Lambda function takes about 5 minutes to complete. Which approach should a Developer take to increase the speed of completion?

    • A. Instead of using Node.js, rewrite the Lambda function using Python.
    • B. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function.
    • C. Allocate the maximum available CPU units to the function.
    • D. Increase the available memory to the function.
    Answer

    Correct Answer: D

  64. An online retail company has deployed a serverless application with AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB using AWS CloudFormation. The company rolled out a new release with major upgrades to the Lambda function and deployed the release to production. Subsequently, the application stopped working. Which solution should bring the application back up as quickly as possible?

    • A. Redeploy the application on Amazon EC2 so the Lambda function can resolve dependencies.
    • B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function.
    • C. Roll back the Lambda function to the previous version.
    • D. Deploy the latest Lambda function in a different Region.
    Answer

    Correct Answer: C

  65. A Developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group. The Developer wants to externalize session state to support the application. Which services will meet these needs? (Choose TWO)

    • A. Amazon DynamoDB.
    • B. Amazon Cognito.
    • C. Amazon ElastiCache.
    • D. Amazon EBS.
    • E. Amazon SQS.
    Answer

    Correct Answer: AC