Select the correct answers for each question, including multiple-choice options when applicable, and click Submit to view your results. The quiz calculates your score and percentage, highlighting any incorrect questions to help you identify areas for improvement.

Click on the Answer button for the correct answer and its explanation.

If this practice exam has been helpful to you please share it with others and react to this below.

Practice Exam 4

A Developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning. In case of any application errors, the Developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place. How can the Developer accomplish this?
- A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.
- B. Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for CloudWatch.
- C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.
- D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.
Answer

Correct Answer: B
A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically. How can a Developer meet these requirements?
- A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.
- B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.
- C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.
- D. Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.
Answer

Correct Answer: C
A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about 8 seconds on average for AWS Lambda functions. What should the Developer do to reduce the cold start time? (Choose TWO)
- A. Add the Spring Framework to the project and enable dependency injection.
- B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.
- C. Increase the memory allocation setting for the Lambda function.
- D. Increase the timeout setting for the Lambda function.
- E. Change the Lambda invocation mode from synchronous to asynchronous.
Answer

Correct Answer: BC
A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the Developer’s account. The Developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC. Which logs can the Developer use to verify whether the traffic is reaching subnet B?
- A. VPN logs.
- B. BGP logs
- C. VPC Flow Logs.
- D. AWS CloudTrail logs.
Answer

Correct Answer: C
A Developer has created a new AWS IAM user that has s3:putObject permission to write to a specific Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API. How can this issue be resolved?
- A. Update the policy of the IAM user to allow the s3:EncryptionConfiguration action.
- B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
- C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
- D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.
Answer

Correct Answer: C
A company has a web application that uses an Amazon Cognito user pool for authentication. The company wants to create a login page with the company logo. What should a Developer do to meet these requirements?
- A. Create a hosted user interface in Amazon Cognito and customize it with the company logo.
- B. Create a login page with the company logo and upload it to Amazon Cognito.
- C. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito.
- D. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.
Answer

Correct Answer: A
A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key. Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?
- A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem.
- B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable.
- C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable.
- D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem.
Answer

Correct Answer: D
A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom. Which encryption option will meet these requirements?
- A. Server-side encryption with Amazon S3 managed keys (SSE-S3).
- B. Server-side encryption with AWS KMS managed keys (SSE-KMS).
- C. Server-side encryption with customer-provided keys (SSE-C).
- D. Server-side encryption with self-managed keys.
Answer

Correct Answer: B
A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours. Which combination of steps will resolve the latency issue? (Choose TWO)
- A. Double the Auto Scaling group’s maximum number of servers.
- B. Host the application code on AWS Lambda.
- C. Scale vertically by resizing the EC2 instances.
- D. Create an Amazon CloudFront distribution to cache the static content.
- E. Store the application’s static content in Amazon S3.
Answer

Correct Answer: DE
A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible. What is a viable long-term solution for this scenario?
- A. Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in.
- B. Save the picture’s S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.
- C. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture.
- D. Save the picture’s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.
Answer

Correct Answer: B
A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization. Which approach will MINIMIZE the average runtime of the function?
- A. Deploy the function into multiple AWS Regions.
- B. Deploy the function into multiple Availability Zones.
- C. Deploy the function using Lambda layers.
- D. Deploy the function with its memory allocation set to the maximum amount.
Answer

Correct Answer: D
A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance. The company has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS. What should the Developer do to update the application to support data storage in Amazon RDS?
- A. Update the database connection parameters in the application to point to the new RDS instance.
- B. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.
- C. Create a new EC2 instance with an IAM role that allows access to the new RDS database.
- D. Create an AWS Lambda function that will route traffic, from the EC2 instance to the RDS database.
Answer

Correct Answer: A
A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits. What can the Developer implement to improve performance while keeping costs low?
- A. Target tracking scaling policy.
- B. Docker Swarm.
- C. Service scheduler.
- D. Step scaling policy.
Answer

Correct Answer: A
A Developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials. Which AWS service or feature can be used to meet these requirements?
- A. AWS IAM.
- B. Amazon Cognito identity pools.
- C. Amazon Cognito user pools.
- D. AWS Directory Service.
Answer

Correct Answer: C
A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?
- A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table.
- B. Create a model that requires the credentials, then grant API Gateway access to the authentication table.
- C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table.
- D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table.
Answer

Correct Answer: A
A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Which method the Developer use to access the multi-factor authentication protected API?
- A. GetFederationToken.
- B. GetCallerIdentity.
- C. GetSessionToken.
- D. DecodeAutherizationMessage.
Answer

Correct Answer: C
An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error. Which combination of steps should be taken to prevent this failure? (Choose TWO) - A. Contact AWS Support to request an AWS KMS rate limit increase. - B. Perform error retries with exponential backoff in the application code. - C. Contact AWS Support to request a S3 rate limit increase. - D. Import a customer master key (CMK) with a larger key size. - E. Use more than one customer master key (CMK) to encrypt S3 data.
```
<details markdown=1><summary markdown="span">Answer</summary>

Correct Answer: AB

</details>
```
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data. How should the Developer write the function to send processed data to the Administrators?
- A. Separate the Lambda handler from the core logic.
- B. Use Amazon CloudWatch Events to send the processed data.
- C. Publish the processed data to an Amazon SNS topic.
- D. Push the processed data to Amazon SQS.
Answer

Correct Answer: C
A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?
- A. Encrypt the data before sending it to Amazon S3.
- B. Import a custom key into AWS KMS with annual rotation enabled.
- C. Use AWS KMS with automatic key rotation.
- D. Export a key from AWS KMS to encrypt the data.
Answer

Correct Answer: C
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes. What would be the BEST way to accomplish this?
- A. Use an x-Version header to denote which version is being called and pass that header to the Lambda function(s).
- B. Create an API Gateway Lambda authorizer to route API clients to the correct API version.
- C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s).
- D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context.
Answer

Correct Answer: D
A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?
- A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK).
- B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material.
- C. Make an GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data.
- D. Make an GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data.
Answer

Correct Answer: C
A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?
- A. A GitHub secure authentication token.
- B. A public and private SSH key file.
- C. A set of Git credentials generated from IAM.
- D. An Amazon EC2 IAM role with CodeCommit permissions.
Answer

Correct Answer: C
What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?
- A. GetItem.
- B. BatchGetItem.
- C. GetMultipleItems.
- D. GetItemRange.
Answer

Correct Answer: B
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful. NAT device be the target of internet bound traffic of your private subnet. Which of the following steps could resolve the issue?
- A. Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet.
- B. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet.
- C. Disabling the Source/Destination Check attribute on the NAT instance.
- D. Attaching an Elastic IP address to the instance in the private subnet.
Answer

Correct Answer: C
You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist. What could explain this behavior?
- A. US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket.
- B. Objects in Amazon S3 do not become visible until they are replicated to a second region.
- C. US-STANDARD imposes a 1 second delay before new objects are readable.
- D. ou exceeded the bucket object limit, and once this limit is raised the object will be visible.
Answer

Correct Answer: A
What is the maximum number of S3 Buckets available per AWS account?
- A. 100 per region.
- B. there is no limit.
- C. 1,000,000 per account.
- D. 500 per account.
- E. 100 per IAM user.
Answer

Correct Answer: C
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose TWO)
- A. Create an IAM User that allows write access to the DynamoDB table.
- B. Add an IAM Role to a running EC2 instance.
- C. Add an IAM User to a running EC2 Instance.
- D. Launch an EC2 Instance with the IAM Role included in the launch configuration.
- E. Create an IAM Role that allows write access to the DynamoDB table.
- F. Launch an EC2 Instance with the IAM User included in the launch configuration.
Answer

Correct Answer: DE
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? (Choose TWO)
- A. By default, all requests are denied.
- B. An explicit allow overrides an explicit deny.
- C. An explicit allow overrides default deny.
- D. An explicit deny does not override an explicit allow.
- E. By default, all request are allowed.
Answer

Correct Answer: AC
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access?
- A. Deploy a NAT instance into the public subnet.
- B. Modify the routing table for the public subnet.
- C. Configure a publically routable IP Address In the host OS of the fourth instance.
- D. Assign an Elastic IP address to the fourth instance.
Answer

Correct Answer: D
If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?
- A. 0 seconds.
- B. 1 hour.
- C. 1 day.
- D. forever.
- E. 30 seconds.
Answer

Correct Answer: E
What is the format of structured notification messages sent by Amazon SNS?
- A. An XML object containing Messageld, UnsubscribeURL, Subject, Message and other values.
- B. An JSON object containing Messageld, DuplicateFlag, Message and other values.
- C. An XML object containing Messageld, DuplicateFlag, Message and other values.
- D. An JSON object containing Messageld, unsubscribeURL, Subject, Message and other values.
Answer

Correct Answer: D
When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?
- A. x-amz-storage-class.
- B. Content-MD5.
- C. x-amz-security-token.
- D. x-amz-server-side-encryption.
Answer

Correct Answer: D
Which of the following platforms are supported by Elastic Beanstalk? (Choose TWO)
- A. Apache Tomcat.
- B. .NET.
- C. IBM Websphere.
- D. Oracle JBoss.
- E. Jetty.
Answer

Correct Answer: AB
Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name ElasticLoad Balancer?
- A. "Fn::Join":[ "".["http://", {Fn::GetAtt": [ "ElasticLoadBalancer","DNSName"]}]].
- B. "Fn::Join":[ "".["http://", {Fn::GetAtt": [ "ElasticLoadBalancer","Url"]}]].
- C. "Fn::Join":[ "".["http://", {"Ref : "ElasticLoadBalancerUrl"}]].
- D. "Fn::Join":[ "".["http://", {"Ref : "ElasticLoadBalancer","DNSName"}]].
Answer

Correct Answer: A
Which features can be used to restrict access to data in S3? (Choose TWO)
- A. Use S3 Virtual Hosting.
- B. Set an S3 Bucket policy.
- C. Enable IAM Identity Federation.
- D. Set an S3 ACL on the bucket or the object.
- E. Create a CloudFront distribution for the bucket.
Answer

Correct Answer: BD
What happens, by default, when one of the resources in a CloudFormation stack cannot be created?
- A. Previously-created resources are kept but the stack creation terminates.
- B. Previously-created resources are deleted and the stack creation terminates.
- C. The stack creation continues, and the final results indicate which steps failed.
- D. CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed.
Answer

Correct Answer: B
Which of the following are valid arguments for an SNS Publish request? (Choose THREE)
- A. TopicArn.
- B. Subject.
- C. Destination.
- D. Format.
- E. Message.
- F. Language.
Answer

Correct Answer: ABE
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?
- A. Query the appropriate Amazon CloudWatch metric.
- B. Use ipconfig or ifconfig command.
- C. Query the local instance userdata.
- D. Query the local instance metadata.
Answer

Correct Answer: D
EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:
- A. Be used to launch EC2 Instances in any AWS region.
- B. Only be used to launch EC2 instances in the same country as the AMI is stored.
- C. Only be used to launch EC2 instances in the same AWS region as the AMI is stored.
- D. Only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored.
Answer

Correct Answer: C
Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?
- A. DescribeInstances.
- B. DescribeAMIs.
- C. DescribeImages.
- D. GetAMIs.
- E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs.
Answer

Correct Answer: C
In AWS, which security aspects are the customer’s responsibility? (Choose FOUR)
- A. Life-cycle management of IAM credentials.
- B. Decommissioning storage devices.
- C. Security Group and ACL (Access Control List) settings.
- D. Encryption of EBS (Elastic Block Storage) volumes.
- E. Controlling physical access to compute resources.
- F. Patch management on the EC2 instance’s operating system.
Answer

Correct Answer: ACDF
When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table’s provisioned throughput?
- A. Set a smaller page size for the scan.
- B. Use parallel scans.
- C. Define a range index on the table.
- D. Prewarm the table by updating all items.
Answer

Correct Answer: A
How can you secure data at rest on an EBS volume?
- A. Attach the volume to an instance using EC2’s SSL interface.
- B. Write the data randomly instead of sequentially.
- C. Use an encrypted file system on top of the EBS volume.
- D. Encrypt the volume using the S3 server-side encryption service.
- E. Create an IAM policy that restricts read and write access to the volume.
Answer

Correct Answer: C
Which of the following is chosen as the default region when making an API call with an AWS SDK?
- A. ap-northeast-1.
- B. us-west-2.
- C. us-east-1.
- D. eu-west-1.
- E. us-central-1.
Answer

Correct Answer: C
Which of the following statements about SWF are true? (Choose THREE)
- A. SWF tasks are assigned once and never duplicated.
- B. SWF requires an S3 bucket for workflow storage.
- C. SWF workflow executions can last up to a year.
- D. SWF triggers SNS notifications on task assignment.
- E. SWF uses deciders and workers to complete tasks.
- F. SWF requires at least 1 EC2 instance per domain.
Answer

Correct Answer: ACE
A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4, The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2. After 60 minutes of load-testing, the webserver logs show. Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? (Choose TWO)
- A. Launch and run the load-tester EC2 instance from us-east-1 instead.
- B. Re-configure the load-testing software to re-resolve DNS for each web request.
- C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
- D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c. - E. Configure ELB session stickiness to use the app-specific session cookie.
Answer
```
Correct Answer: BC
```
Which of the following are valid SNS delivery transports? (Choose TWO)
- A. HTTP.
- B. UDP.
- C. SMS.
- D. DynamoDB.
- E. Named Pipes.
Answer

Correct Answer: AC
Company C has recently launched an online commerce site for bicycles on AWS. They have a Product DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details. Which approach below provides the least impact to provisioned throughput on the Product table?
- A. Serialize the image and store it in multiple DynamoDB tables.
- B. Create an Images DynamoDB table to store the Image with a foreign key constraint to the Product table.
- C. Add an image data type to the Product table to store the images in binary format.
- D. Store the images in Amazon S3 and add an S3 URL pointer to the Product table item for each image.
Answer

Correct Answer: D
Which DynamoDB limits can be raised by contacting AWS support? (Choose TWO)
- A. The number of hash keys per account.
- B. The maximum storage used per account.
- C. The number of tables per account.
- D. The number of local secondary indexes per account.
- E. The number of provisioned throughput units per account.
Answer

Correct Answer: CE
When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?
- A. Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue.
- B. Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message.
- C. Retrieve the message with increased DelaySeconds, process the message, delete the message from the queue.
- D. Retrieve the message with increased DelaySeconds, delete the message from the queue, process the message.
Answer

Correct Answer: A
Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?
- A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket.
- B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.
- C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects.
- D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors.
Answer

Correct Answer: B
Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?
- A. User ID, where the application has many different users.
- B. Status Code where most status codes are the same.
- C. Device ID, where one is by far more popular than all the others.
- D. Game Type, where there are three possible game types.
Answer

Correct Answer: A
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is: Return all Items in this office for names starting with A through E. Which table configuration will result in the lowest impact on provisioned throughput for this query?
- A. Configure the table to have a hash index on the name attribute, and a range index on the office identifier.
- B. Configure the table to have a range index on the name attribute, and a hash index on the office identifier.
- C. Configure a hash index on the name attribute and no range index.
- D. Configure a hash index on the office identifier attribute and no range index.
Answer

Correct Answer: B
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
- A. Virtual Private Cloud requires EBS backed instances.
- B. Amazon EBS-backed instances can be stopped and restarted.
- C. Auto scaling requires using Amazon EBS-backed instances.
- D. Instance-store backed instances can be stopped and restarted.
Answer

Correct Answer: B
Which of the following services are included at no additional cost with the use of the AWS platform?
- A. Simple Storage Service.
- B. Elastic Compute Cloud.
- C. Auto Scaling.
- D. Elastic Load Balancing.
- E. CloudFormation.
- F. Simple Workflow Service.
Answer

Correct Answer: CE
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a Your proposed upload exceeds the maximum allowed object size. error message. What is a possible solution for this?
- A. None, Simple Storage Service objects are limited to 5 GB.
- B. Use the multi-part upload API for this object.
- C. Use the large object upload API for this object.
- D. Contact support to increase your object size limit.
- E. Upload to a different region.
Answer

Correct Answer: B
What AWS products and features can be deployed by Elastic Beanstalk? (Choose THREE)
- A. Auto scaling groups.
- B. Route 53 hosted zones.
- C. Elastic Load Balancers.
- D. RDS Instances.
- E. Elastic IP addresses.
- F. SQS Queues.
Answer

Correct Answer: ACD
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?
- A. Create an IAM user with access credentials that are distributed with the mobile app to sign the requests.
- B. Distribute the AWS root account access credentials with the mobile app to sign the requests.
- C. Request temporary security credentials using web identity federation to sign the requests.
- D. Establish cross account access between the mobile app and the DynamoDB table to sign the requests
Answer

Correct Answer: C
Which of the following programming languages have an officially supported AWS SDK? (Choose TWO)
- A. Perl.
- B. PHP.
- C. Pascal.
- D. Java.
- E. SQL.
Answer

Correct Answer: BD
A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table Each sample involves writing 1K of data and the writes are evenly distributed over time. How much write throughput is required for the target table?
- A. 1 write capacity unit.
- B. 10 write capacity units.
- C. 60 write capacity units.
- D. 600 write capacity units.
- E. 3600 write capacity units.
Answer

Correct Answer: B
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?
- A. 5xx HTTP response code.
- B. 200 HTTP response code.
- C. 306 HTTP response code.
- D. 4xx HTTP response code.
Answer

Correct Answer: D
Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?
- A. Set the imaging queue visibility Timeout attribute to 20 seconds.
- B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds.
- C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds.
- D. Set the DelaySeconds parameter of a message to 20 seconds.
Answer

Correct Answer: B
An Amazon S3 bucket, myawsbucket is configured with website hosting in Tokyo region, what is the region-specific website endpoint?
- A. www.myawsbucket.ap-northeast-1.amazonaws.com.
- B. myawsbucket.s3-website-ap-northeast-1.amazonaws.com.
- C. myawsbucket.amazonaws.com.
- D. myawsbucket.tokyo.amazonaws.com.
Answer

Correct Answer: B
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis?
- A. Retain the items in a single table.
- B. Delete items individually over a 24 hour period.
- C. Delete the table and create a new table per hour.
- D. Create a new table per hour.
Answer

Correct Answer: C
You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed. What is a possible solution to prevent this happening?
- A. Use instance memory to save session state.
- B. Use instance storage to save session state.
- C. Use EBS to save session state.
- D. Use ElastiCache to save session state.
- E. Use Glacier to save session slate.
Answer

Correct Answer: D

Practice Exam 4

If you are preparing for AWS Developer Associate Exam, this guide will help you with quick revision and practice before the exam.

Practice Exam 4

Your Score: