0% found this document useful (0 votes)

90 views

Module 11 - Examen Test C

This document contains 9 multiple choice questions that appear to be from an AWS certification exam practice test. The questions cover various AWS services and concepts including IAM, DynamoDB, S3, Elastic Beanstalk, CloudFormation, VPC and more. For each question there are typically 4 possible answer choices listed and the questions focus on configurations, best practices and troubleshooting related to the AWS services.

Uploaded by

Tuan Anh

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

90 views

Module 11 - Examen Test C

Uploaded by

Tuan Anh

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 132

Examen Test C

65 QUESTIONS, 130 MINUTES

Question C.1
In AWS, which security aspects are the customer's responsibility? (Choose FOUR.)

A. Life-cycle management of IAM credentials

B. Decommissioning storage devices
C. Security Group and ACL (Access Control List) settings
D. Encryption of EBS (Elastic Block Storage) volumes
E. Controlling physical access to compute resources
F. Patch management on the EC2 instance's operating system

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2
Question C.1
In AWS, which security aspects are the customer's responsibility? (Choose FOUR.)

A. Life-cycle management of IAM credentials

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3
Question C.2
When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of
a scan on a table's provisioned throughput?

A. Set a smaller page size for the scan

B. Use parallel scans
C. Define a range index on the table
D. Prewarm the table by updating all items

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 4
Question C.2
When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of
a scan on a table's provisioned throughput?

A. Set a smaller page size for the scan

B. Use parallel scans
C. Define a range index on the table
D. Prewarm the table by updating all items

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 5
Question C.3
Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com.
Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint
https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized
the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

A. Enable versioning on the cdfonts bucket for each web font

B. Create a policy on the cdfonts bucket to enable access to everyone
C. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket
from the website
D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS
configuration

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6
Question C.3
Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com.
Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint
https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized
the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

A. Enable versioning on the cdfonts bucket for each web font

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 7
Question C.4
Which of the following platforms are supported by Elastic Beanstalk? (Choose TWO.)

A. Apache Tomcat
B. .NET
C. IBM WebSphere
D. Oracle JBoss
E. Jetty

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
Question C.4
Which of the following platforms are supported by Elastic Beanstalk? (Choose TWO.)

A. Apache Tomcat
B. .NET
C. IBM WebSphere
D. Oracle JBoss
E. Jetty

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 9
Question C.5
Which code snippet below returns the URL of a load balanced web site created in CloudFormation with
an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?

A. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]

B. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","Url"]}]]
C. "Fn::Join" : ["". [ "http://", {"Ref" : "ElasticLoadBalancerUrl"}]]
D. "Fn::Join" : [".", [ "http://", {"Ref" : "ElasticLoadBalancerDNSName"}]]

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Question C.5
Which code snippet below returns the URL of a load balanced web site created in CloudFormation with
an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?

A. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11
Question C.6
Which features can be used to restrict access to data in S3? (Choose TWO.)

A. Use S3 Virtual Hosting

B. Set an S3 Bucket policy.
C. Enable IAM Identity Federation.
D. Set an S3 ACL on the bucket or the object.
E. Create a CloudFront distribution for the bucket

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
Question C.6
Which features can be used to restrict access to data in S3? (Choose TWO.)

A. Use S3 Virtual Hosting

B. Set an S3 Bucket policy.
C. Enable IAM Identity Federation.
D. Set an S3 ACL on the bucket or the object.
E. Create a CloudFront distribution for the bucket

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 13
Question C.7
What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

A. Previously-created resources are kept but the stack creation terminates.

B. Previously-created resources are deleted and the stack creation terminates.
C. The stack creation continues, and the final results indicate which steps failed.
D. CloudFormation templates are parsed in advance so stack creation is guaranteed
to succeed.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 14
Question C.7
What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

A. Previously-created resources are kept but the stack creation terminates.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 15
Question C.8
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access
Management? (Choose TWO.)

A. By default, all requests are denied

B. An explicit allow overrides an explicit deny
C. An explicit allow overrides default deny.
D. An explicit deny does not override an explicit allow
E. By default, all request are allowed

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 16
Question C.8
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access
Management? (Choose TWO.)

A. By default, all requests are denied

B. An explicit allow overrides an explicit deny
C. An explicit allow overrides default deny.
D. An explicit deny does not override an explicit allow
E. By default, all request are allowed

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 17
Question C.9
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are
running in this subnet. These three instances can successfully communicate with other hosts on the
Internet. You launch a fourth instance in the same subnet, using the same AMI and security group
configuration you used for the others, but find that this instance cannot be accessed from the Internet.
What should you do to enable internet access?

A. Deploy a NAT instance into the public subnet.

B. Modify the routing table for the public subnet
C. Configure a publicly routable IP Address In the host OS of the fourth instance.
D. Assign an Elastic IP address to the fourth instance.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18
Question C.9
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are
running in this subnet. These three instances can successfully communicate with other hosts on the
Internet. You launch a fourth instance in the same subnet, using the same AMI and security group
configuration you used for the others, but find that this instance cannot be accessed from the Internet.
What should you do to enable internet access?

A. Deploy a NAT instance into the public subnet.

B. Modify the routing table for the public subnet
C. Configure a publicly routable IP Address In the host OS of the fourth instance.
D. Assign an Elastic IP address to the fourth instance.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 19
Question C.10
If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other
users by default?

A. 0 seconds
B. 1 hour
C. 1 day
D. forever
E. 30 seconds

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20
Question C.10
If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other
users by default?

A. 0 seconds
B. 1 hour
C. 1 day
D. forever
E. 30 seconds

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 21
Question C.11
What is the format of structured notification messages sent by Amazon SNS?

A. An XML object containing MessageId, UnsubscribeURL, Subject, Message and

other values
B. An JSON object containing MessageId, DuplicateFlag, Message and other values
C. An XML object containing MessageId, DuplicateFlag, Message and other values
D. An JSON object containing MessageId, unsubscribeURL, Subject, Message and
other values

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
Question C.11
What is the format of structured notification messages sent by Amazon SNS?

A. An XML object containing MessageId, UnsubscribeURL, Subject, Message and

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 23
Question C.12
Which of the following services are key/value stores? (Choose THREE.)

A. Amazon ElastiCache
B. Simple Notification Service
C. DynamoDB
D. Simple Workflow Service
E. Simple Storage Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 24
Question C.12
Which of the following services are key/value stores? (Choose THREE.)

A. Amazon ElastiCache
B. Simple Notification Service
C. DynamoDB
D. Simple Workflow Service
E. Simple Storage Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 25
Question C.13
When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to
encrypt object data when saved on the server side?

A. x-amz-storage-class
B. Content-MD5
C. x-amz-security-token
D. x-amz-server-side-encryption

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 26
Question C.13
When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to
encrypt object data when saved on the server side?

A. x-amz-storage-class
B. Content-MD5
C. x-amz-security-token
D. x-amz-server-side-encryption

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 27
Question C.14
What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

A. GetItem
B. BatchGetItem
C. GetMultipleItems
D. GetItemRange

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 28
Question C.14
What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

A. GetItem
B. BatchGetItem
C. GetMultipleItems
D. GetItemRange

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 29
Question C.15
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a
public subnet you modify your route tables to have the
NAT device be the target of internet bound traffic of your private subnet. When you try and make an
outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

A. Attaching a second Elastic Network interface (ENI) to the NAT instance, and
placing it in the private subnet
B. Attaching a second Elastic Network Interface (ENI) to the instance in the private
subnet, and placing it in the public subnet
C. Disabling the Source/Destination Check attribute on the NAT instance
D. Attaching an Elastic IP address to the instance in the private subnet

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 30
Question C.15
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a
public subnet you modify your route tables to have the
NAT device be the target of internet bound traffic of your private subnet. When you try and make an
outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
Question C.16
You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation
that it has been successfully stored. You then immediately make another API call and attempt to read this
object. S3 tells you that the object does not exist.
What could explain this behavior?

A. US-STANDARD uses eventual consistency and it can take time for an object to be
readable in a bucket
B. Objects in Amazon S3 do not become visible until they are replicated to a second
region.
C. US-STANDARD imposes a 1 second delay before new objects are readable.
D. You exceeded the bucket object limit, and once this limit is raised the object will
be visible.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Question C.16
You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation
that it has been successfully stored. You then immediately make another API call and attempt to read this
object. S3 tells you that the object does not exist.
What could explain this behavior?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 33
Question C.17
What is the maximum number of S3 Buckets available per AWS account?

A. 100 per region

B. there is no limit
C. 100 per account
D. 500 per account
E. 100 per IAM user

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 34
Question C.17
What is the maximum number of S3 Buckets available per AWS account?

A. 100 per region

B. there is no limit
C. 100 per account
D. 500 per account
E. 100 per IAM user

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 35
Question C.18
Which of the following items are required to allow an application deployed on an EC2 instance to write
data to a DynamoDB table?
Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose TWO.)

A. Create an IAM User that allows write access to the DynamoDB table.
B. Add an IAM Role to a running EC2 instance.
C. Add an IAM User to a running EC2 Instance.
D. Launch an EC2 Instance with the IAM Role included in the launch configuration.
E. Create an IAM Role that allows write access to the DynamoDB table.
F. Launch an EC2 Instance with the IAM User included in the launch configuration.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
Question C.18
Which of the following items are required to allow an application deployed on an EC2 instance to write
data to a DynamoDB table?
Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose TWO.)

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 37
Question C.19
A Developer is trying to make API calls using SDK. The IAM user credentials used by the application
require multi-factor authentication for all API calls.
Which method the Developer use to access the multi-factor authentication protected API?

A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 38
Question C.19
A Developer is trying to make API calls using SDK. The IAM user credentials used by the application
require multi-factor authentication for all API calls.
Which method the Developer use to access the multi-factor authentication protected API?

A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 39
Question C.20
A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the
application is causing order processing to take too long. The application processes Amazon SQS queues.
The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which
cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within
limits.
What can the Developer implement to improve performance while keeping costs low?

A. Target tracking scaling policy

B. Docker Swarm
C. Service scheduler
D. Step scaling policy

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 40
Question C.20
A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the
application is causing order processing to take too long. The application processes Amazon SQS queues.
The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which
cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within
limits.
What can the Developer implement to improve performance while keeping costs low?

A. Target tracking scaling policy

B. Docker Swarm
C. Service scheduler
D. Step scaling policy

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 41
Question C.21
A Developer wants to build an application that will allow new users to register and create new user
accounts. The application must also allow users with social media accounts to log in using their social
media credentials.
Which AWS service or feature can be used to meet these requirements?

A. AWS IAM
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. AWS Directory Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 42
Question C.21
A Developer wants to build an application that will allow new users to register and create new user
accounts. The application must also allow users with social media accounts to log in using their social
media credentials.
Which AWS service or feature can be used to meet these requirements?

A. AWS IAM
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. AWS Directory Service

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 43
Question C.22
A company is developing a web application that allows its employees to upload a profile picture to a
private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every
time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario?

A. Generate a presigned URL when a picture is uploaded. Save the URL in an

Amazon DynamoDB table. Return the URL to the browser when the employee
logs in.
B. Save the picture's S3 key in an Amazon DynamoDB table. Create an Amazon S3
VPC endpoint to allow the employees to download pictures once they log in.
C. Encode a picture using base64. Save the base64 string in an Amazon DB table.
Allow the browser to retrieve the string and convert it to a picture.
D. Save the picture's S3 key in an Amazon DynamoDB table. Use a function to
generate a presigned URL every time an employee logs in. Return the URL to the
browser.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 44
Question C.22
A company is developing a web application that allows its employees to upload a profile picture to a
private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every
time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario?

A. Generate a presigned URL when a picture is uploaded. Save the URL in an

A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?

A. Deploy the function into multiple AWS Regions.

B. Deploy the function into multiple Availability Zones.
C. Deploy the function using Lambda layers.
D. Deploy the function with its memory allocation set to the maximum amount.

A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?

A. Deploy the function into multiple AWS Regions.

B. Deploy the function into multiple Availability Zones.
C. Deploy the function using Lambda layers.
D. Deploy the function with its memory allocation set to the maximum amount.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 47
Question C.24
A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The
application stores data in a MySQL database that is currently installed on a single EC2 instance. The
company has decided to migrate the database from the EC2 instance to MySQL on Amazon EDS.
What should the Developer do to update the application to support data storage in Amazon RDS?

A. Update the database connection parameters in the application to point to the

new RDS instance.
B. Add a script to the EC2 instance that implements an AWS SDK for requesting
database credentials.
C. Create a new EC2 instance with an IAM role that allows access to the new RDS
database.
D. Create an AWS Lambda function that will route traffic, from the EC2 instance to
the RDS database.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 48
Question C.24
A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The
application stores data in a MySQL database that is currently installed on a single EC2 instance. The
company has decided to migrate the database from the EC2 instance to MySQL on Amazon EDS.
What should the Developer do to update the application to support data storage in Amazon RDS?

A. Update the database connection parameters in the application to point to the

new RDS instance.
B. Add a script to the EC2 instance that implements an AWS SDK for requesting
database credentials.
C. Create a new EC2 instance with an IAM role that allows access to the new RDS
database.
D. Create an AWS Lambda function that will route traffic, from the EC2 instance to
the RDS database.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 49
Question C.25
A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda
function must retrieve an item and update some of its attributes, or create the item if it does not exist. The
Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this
functionality?

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 50
Question C.25
A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda
function must retrieve an item and update some of its attributes, or create the item if it does not exist. The
Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this
functionality?

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 51
Question C.26
A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to
encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by
whom.
Which encryption option will meet these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. Server-side encryption with customer-provided keys (SSE-C)
D. Server-side encryption with self-managed keys

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 52
Question C.26
A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to
encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by
whom.
Which encryption option will meet these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. Server-side encryption with customer-provided keys (SSE-C)
D. Server-side encryption with self-managed keys

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 53
Question C.27
A company's website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment
during peak times. Website users across the world are experiencing high latency due to static content on
the EC2 instance, even during non-peak hours.
Which combination of steps will resolve the latency issue? (Choose TWO.)

A. Double the Auto Scaling group's maximum number of servers.

B. Host the application code on AWS Lambda.
C. Scale vertically by resizing the EC2 instances.
D. Create an Amazon CloudFront distribution to cache the static content.
E. Store the application's static content in Amazon S3.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 54
Question C.27
A company's website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment
during peak times. Website users across the world are experiencing high latency due to static content on
the EC2 instance, even during non-peak hours.
Which combination of steps will resolve the latency issue? (Choose TWO.)

A. Double the Auto Scaling group's maximum number of servers.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 55
Question C.28
A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect
from on-premises to Amazon EC2 instances in the Developer's account. The Developer is able to access
an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.
Which logs can the Developer use to verify whether the traffic is reaching subnet B?

A. VPN logs
B. BGP logs
C. VPC Flow Logs
D. AWS CloudTrail logs

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 56
Question C.28
A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect
from on-premises to Amazon EC2 instances in the Developer's account. The Developer is able to access
an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.
Which logs can the Developer use to verify whether the traffic is reaching subnet B?

A. VPN logs
B. BGP logs
C. VPC Flow Logs
D. AWS CloudTrail logs

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 57
Question C.29
A Developer has created a new AWS IAM user that has s3 putObject permission to write to a specific
Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed (SSE-KMS) as
the default encryption. Using the access key and secret key of the IAM user, the application received an
access denied error when calling the PutObject API.
How can this issue be resolved?

A. Update the policy of the IAM user to allow the s3 Encrypt action.
B. Update the bucket policy of the S3 bucket to allow the IAM user to upload
objects.
C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 58
Question C.29
A Developer has created a new AWS IAM user that has s3 putObject permission to write to a specific
Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed (SSE-KMS) as
the default encryption. Using the access key and secret key of the IAM user, the application received an
access denied error when calling the PutObject API.
How can this issue be resolved?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Question C.30
A company has a web application that uses an Amazon Cognito user pool for authentication. The
company wants to create a login page with the company logo.
What should a Developer do to meet these requirements?

A. Create a hosted user interface in Amazon Cognito and customize it with the
company logo.
B. Create a login page with the company logo and upload it to Amazon Cognito.
C. Create a login page in Amazon API Gateway with the logo and save the link in
Amazon Cognito.
D. Upload the logo to the Amazon Cognito app settings and point to the logo on a
custom login page.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
Question C.30
A company has a web application that uses an Amazon Cognito user pool for authentication. The
company wants to create a login page with the company logo.
What should a Developer do to meet these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 61
Question C.31
A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event
of errors caused by a new deployment.
How can the Developer achieve this with MINIMAL impact on users?
A. Change the application to use an alias that points to the current version. Deploy the new version
of the code. Update the alias to use the newly deployed version. If too many errors are
encountered, point the alias back to the previous version.
B. Change the application to use an alias that points to the current version. Deploy the new version
of the code. Update the alias to direct 10% of users to the newly deployed version. If too many
errors are encountered, send 100% of traffic to the previous version.
C. Do not make any changes to the application. Deploy the new version of the code. If too many
errors are encountered, point the application back to the previous version using the version
number in the Amazon Resource Name (ARN).
D. Create three aliases: new, existing, and router. Point the existing alias to the current version.
Have the router alias direct 100% of users to the existing alias. Update the application to use
the router alias. Deploy the new version of the code. Point the new alias to this version. Update
the router alias to direct 10% of users to the new alias. If too many errors are encountered, send
100% of traffic to the existing alias.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 62
Question C.31
A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event
of errors caused by a new deployment.
How can the Developer achieve this with MINIMAL impact on users?
A. Change the application to use an alias that points to the current version. Deploy the new version
of the code. Update the alias to use the newly deployed version. If too many errors are
encountered, point the alias back to the previous version.
B. Change the application to use an alias that points to the current version. Deploy the new
version of the code. Update the alias to direct 10% of users to the newly deployed version. If
too many errors are encountered, send 100% of traffic to the previous version.
C. Do not make any changes to the application. Deploy the new version of the code. If too many
errors are encountered, point the application back to the previous version using the version
number in the Amazon Resource Name (ARN).
D. Create three aliases: new, existing, and router. Point the existing alias to the current version.
Have the router alias direct 100% of users to the existing alias. Update the application to use
the router alias. Deploy the new version of the code. Point the new alias to this version. Update
the router alias to direct 10% of users to the new alias. If too many errors are encountered, send
100% of traffic to the existing alias.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63
Question C.32
A company is developing an application that will be accessed through the Amazon API Gateway REST
API. Registered users should be the only ones who can access certain resources of this API. The token
being used should expire automatically and needs to be refreshed periodically.
How can a Developer meet these requirements?

A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API
Gateway, and use the temporary credentials generated by the identity pool.
B. Create and maintain a database record for each user with a corresponding token and use
an AWS Lambda authorizer in API Gateway.
C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway,
and use the identity or access token.
D. Create an IAM user for each API user, attach an invoke permissions policy to the API, and
use an IAM authorizer in API Gateway.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 64
Question C.32
A company is developing an application that will be accessed through the Amazon API Gateway REST
API. Registered users should be the only ones who can access certain resources of this API. The token
being used should expire automatically and needs to be refreshed periodically.
How can a Developer meet these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
Question C.33
A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about
8 seconds on average for AWS Lambda functions.
What should the Developer do to reduce the cold start time? (Choose TWO.)

A. Add the Spring Framework to the project and enable dependency injection.
B. Reduce the deployment package by including only needed modules from the
AWS SDK for Java.
C. Increase the memory allocation setting for the Lambda function.
D. Increase the timeout setting for the Lambda function.
E. Change the Lambda invocation mode from synchronous to asynchronous.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 66
Question C.33
A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about
8 seconds on average for AWS Lambda functions.
What should the Developer do to reduce the cold start time? (Choose TWO.)

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
Question C.34
A company's ecommerce website is experiencing massive traffic spikes, which are causing performance
problems in the company database. Users are reporting that accessing the website takes a long time.
A Developer wants to implement a caching layer using Amazon ElastiCache. The website is required to
be responsive no matter which product a user views, and the updates to product information and prices
must be strongly consistent.
Which cache writing policy will satisfy these requirements?

A. Write to the cache directly and sync the backend at a later time
B. Write to the backend first and wait for the cache to expire
C. Write to the cache and the backend at the same time
D. Write to the backend first and invalidate the cache

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
Question C.34
A company's ecommerce website is experiencing massive traffic spikes, which are causing performance
problems in the company database. Users are reporting that accessing the website takes a long time.
A Developer wants to implement a caching layer using Amazon ElastiCache. The website is required to
be responsive no matter which product a user views, and the updates to product information and prices
must be strongly consistent.
Which cache writing policy will satisfy these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 69
Question C.35
An online retail company has deployed a serverless application with AWS Lambda, Amazon API
Gateway, Amazon S3, and Amazon DynamoDB using AWS CloudFormation. The company rolled out a
new release with major upgrades to the Lambda function and deployed the release to production.
Subsequently, the application stopped working.
Which solution should bring the application back up as quickly as possible?

A. Redeploy the application on Amazon EC2 so the Lambda function can resolve
dependencies
B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function
C. Roll back the Lambda function to the previous version
D. Deploy the latest Lambda function in a different Region

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 70
Question C.35
An online retail company has deployed a serverless application with AWS Lambda, Amazon API
Gateway, Amazon S3, and Amazon DynamoDB using AWS CloudFormation. The company rolled out a
new release with major upgrades to the Lambda function and deployed the release to production.
Subsequently, the application stopped working.
Which solution should bring the application back up as quickly as possible?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 71
Question C.36
A Developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group.
The Developer wants to externalize session state to support the application.
Which services will meet these needs? (Choose TWO.)

A. Amazon DynamoDB
B. Amazon Cognito
C. Amazon ElastiCache
D. Amazon EBS
E. Amazon SQS

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 72
Question C.36
A Developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group.
The Developer wants to externalize session state to support the application.
Which services will meet these needs? (Choose TWO.)

A. Amazon DynamoDB
B. Amazon Cognito
C. Amazon ElastiCache
D. Amazon EBS
E. Amazon SQS

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 73
Question C.37
A Developer has a legacy application that is hosted on-premises. Other applications hosted on AWS
depend on the on-premises application for proper functioning.
In case of any application errors, the Developer wants to be able to use Amazon CloudWatch to monitor
and troubleshoot all applications from one place.
How can the Developer accomplish this?
A. Install an AWS SDK on the on-premises server to automatically send logs to
CloudWatch.
B. Download the CloudWatch agent to the on-premises server. Configure the agent
to use IAM user credentials with permissions for CloudWatch.
C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch
read the files.
D. Upload log files from the on-premises server to an Amazon EC2 instance and
have the instance forward the logs to CloudWatch.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
Question C.37
A Developer has a legacy application that is hosted on-premises. Other applications hosted on AWS
depend on the on-premises application for proper functioning.
In case of any application errors, the Developer wants to be able to use Amazon CloudWatch to monitor
and troubleshoot all applications from one place.
How can the Developer accomplish this?
A. Install an AWS SDK on the on-premises server to automatically send logs to
CloudWatch.
B. Download the CloudWatch agent to the on-premises server. Configure the agent
to use IAM user credentials with permissions for CloudWatch.
C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch
read the files.
D. Upload log files from the on-premises server to an Amazon EC2 instance and
have the instance forward the logs to CloudWatch.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 75
Question C.38
An application ingests a large number of small messages and stores them in a database. The application
uses AWS Lambda. A Development team is making change to the application's processing logic. In
testing, it is taking more than 15 minutes to process each message. The team is concerned the current
backend may time out.
Which changes should be made to the backend system to ensure each message is processed in the MOST
scalable way?
A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the
queue and process messages as they arrive.
B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto
Scaling group to poll the queue and process the messages as they arrive.
C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for
increased processing time.
D. Change the application to directly insert the body of the message into an Amazon RDS
database.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 76
Question C.38
An application ingests a large number of small messages and stores them in a database. The application
uses AWS Lambda. A Development team is making change to the application's processing logic. In
testing, it is taking more than 15 minutes to process each message. The team is concerned the current
backend may time out.
Which changes should be made to the backend system to ensure each message is processed in the MOST
scalable way?
A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the
queue and process messages as they arrive.
B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto
Scaling group to poll the queue and process the messages as they arrive.
C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for
increased processing time.
D. Change the application to directly insert the body of the message into an Amazon RDS
database.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 77
Question C.39
An advertising company has a dynamic website with heavy traffic. The company wants to migrate the
website infrastructure to AWS to handle everything except website development.
Which solution BEST meets these requirements?

A. Use AWS VM Import to migrate a web server image to AWS. Launch the image on
a compute-optimized Amazon EC2 instance.
B. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the
website on those instances.
C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto
Scaling to scale the numbers of instances.
D. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the
content at scale.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 78
Question C.39
An advertising company has a dynamic website with heavy traffic. The company wants to migrate the
website infrastructure to AWS to handle everything except website development.
Which solution BEST meets these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 79
Question C.40
A Software Engineer developed an AWS Lambda function in Node.js to do some CPU-intensive data
processing. With the default settings, the Lambda function takes about 5 minutes to complete.
Which approach should a Developer take to increase the speed of completion?

A. Instead of using Node.js, rewrite the Lambda function using Python.

B. Instead of packaging the libraries in the ZIP file with the function, move them to
a Lambda layer and use the layer with the function.
C. Allocate the maximum available CPU units to the function.
D. Increase the available memory to the function.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 80
Question C.40
A Software Engineer developed an AWS Lambda function in Node.js to do some CPU-intensive data
processing. With the default settings, the Lambda function takes about 5 minutes to complete.
Which approach should a Developer take to increase the speed of completion?

A. Instead of using Node.js, rewrite the Lambda function using Python.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 81
Question C.41
A company has implemented AWS CodePipeline to automate its release pipelines. The Development
team is writing an AWS Lambda function what will send notifications for state changes of each of the
actions in the stages.
Which steps must be taken to associate the Lambda function with the event source?

A. Create a trigger that invokes the Lambda function from the Lambda console by
selecting CodePipeline as the event source.
B. Create an event trigger and specify the Lambda function from the CodePipeline
console.
C. Create an Amazon CloudWatch alarm that monitors status changes in Code
Pipeline and triggers the Lambda function.
D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event
source.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 82
Question C.41
A company has implemented AWS CodePipeline to automate its release pipelines. The Development
team is writing an AWS Lambda function what will send notifications for state changes of each of the
actions in the stages.
Which steps must be taken to associate the Lambda function with the event source?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 83
Question C.42
A Developer has built an application running on AWS Lambda using AWS Serverless Application Model
(AWS SAM).
What is the correct order of execution to successfully deploy the application?

A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to
Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS.
B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3.
3. Deploy the SAM template from Amazon S3.
C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3.
3. Package the SAM template for use.
D. 1. Build the SAM template locally. 2. Package the SAM template from AWS
CodeCommit. 3. Deploy the SAM template to CodeCommit.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 84
Question C.42
A Developer has built an application running on AWS Lambda using AWS Serverless Application Model
(AWS SAM).
What is the correct order of execution to successfully deploy the application?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 85
Question C.43
A company wants to migrate an imaging service to Amazon EC2 while following security best practices.
The images are sourced and read from a non-public
Amazon S3 bucket.
What should a Developer do to meet these requirements?

A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily
store the user credentials in the Amazon EBS volume of the EC2 instance.
B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily
store the user credentials in the user data of the EC2 instance.
C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach
the role to the EC2 instance.
D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the
role to the EC2 instance.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 86
Question C.43
A company wants to migrate an imaging service to Amazon EC2 while following security best practices.
The images are sourced and read from a non-public
Amazon S3 bucket.
What should a Developer do to meet these requirements?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 87
Question C.44
A Development team wants to immediately build and deploy an application whenever there is a change to
the source code.
Which approaches could be used to trigger the deployment? (Choose TWO.)
A. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to
start whenever a file in the bucket changes.
B. Store the source code in an encrypted Amazon EBS volume. Configure AWS
CodePipeline to start whenever a file in the volume changes.
C. Store the source code in an AWS CodeCommit repository. Configure AWS
CodePipeline to start whenever a change is committed to the repository.
D. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to
start every 15 minutes.
E. Store the source code in an Amazon EC2 instance's ephemeral storage. Configure
the instance to start AWS CodePipeline whenever there are changes to the source
code.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
Question C.44
A Development team wants to immediately build and deploy an application whenever there is a change to
the source code.
Which approaches could be used to trigger the deployment? (Choose TWO.)
A. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to
start whenever a file in the bucket changes.
B. Store the source code in an encrypted Amazon EBS volume. Configure AWS
CodePipeline to start whenever a file in the volume changes.
C. Store the source code in an AWS CodeCommit repository. Configure AWS
CodePipeline to start whenever a change is committed to the repository.
D. Store the source code in an Amazon S3 bucket. Configure AWS CodePipeline to
start every 15 minutes.
E. Store the source code in an Amazon EC2 instance's ephemeral storage. Configure
the instance to start AWS CodePipeline whenever there are changes to the source
code.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
Question C.45

A company has implemented AWS CodeDeploy as part of its cloud native CI/CD stack. The company
enables automatic rollbacks while deploying a new version of a popular web application from in-place to
Amazon EC2.
What occurs if the deployment of the new version fails due to code regression?

A. The last known good deployment is automatically restored using the snapshot
stored in Amazon S3.
B. CodeDeploy switches the Amazon Route 53 alias records back to the known good
green deployment and terminates the failed blue deployment.
C. A new deployment of the last known version of the application is deployed with a
new deployment ID.
D. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED
status to production.

A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The
documents must be encrypted at rest in Amazon S3.
The company does not want to manage the security infrastructure in-house, but the company still needs
extra protection to ensure it has control over its encryption keys due to industry regulations.
Which encryption strategy should a Developer use to meet these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with customer-provided encryption keys (SSE-C)
C. Server-side encryption with AWS KMS managed keys (SSE-KMS)
D. Client-side encryption

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with customer-provided encryption keys (SSE-C)
C. Server-side encryption with AWS KMS managed keys (SSE-KMS)
D. Client-side encryption

A Developer uses Amazon S3 buckets for static website hosting. The Developer creates one S3 bucket for
the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user
attempts to access the assets bucket from the code bucket, with the website application showing a 403
error.
How should the Developer solve this issue?

A. Create an IAM role and apply it to the assets bucket for the code bucket to be
granted access.
B. Edit the bucket policy of the assets bucket to open access to all principals.
C. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket
to allow any origin to access the assets.
D. Change the code bucket to use AWS Lambda functions instead of static website
hosting.

implemented an automated continuous integration/continuous improvement (CI/CD) process using a

blue/green deployment. The deployment provisions new Amazon EC2 instances in an Auto Scaling group
behind a new Application Load Balancer. After the migration was completed, the Developer began
receiving complaints from users getting booted out of the system. The system also requires users to log in
after every new deployment.
How can these issues be resolved?

A. Use rolling updates instead of a blue/green deployment

B. Externalize the user sessions to Amazon ElastiCache
C. Turn on sticky sessions in the Application Load Balancer
D. Use multicast to replicate session information

implemented an automated continuous integration/continuous improvement (CI/CD) process using a

A. Use rolling updates instead of a blue/green deployment

B. Externalize the user sessions to Amazon ElastiCache
C. Turn on sticky sessions in the Application Load Balancer
D. Use multicast to replicate session information

A Developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to
an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?

A. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket
and then insert the records into DynamoDB.
B. Configure an S3 event to invoke a Lambda function that inserts records into
DynamoDB.
C. Create a Lambda function that will poll the S3 bucket and then insert the records
into DynamoDB.
D. Create a cron job that will run at a scheduled time and insert the records into
DynamoDB.

A Developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to
an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?

A Developer is building an application that needs to store data in Amazon S3. Management requires that
the data be encrypted before it is sent to Amazon S3 for storage. The encryption keys need to be managed
by the Security team.
Which approach should the Developer take to meet these requirements?

A. Implement server-side encryption using customer-provided encryption keys

(SSE-C).
B. Implement server-side encryption by using a client-side master key.
C. Implement client-side encryption using an AWS KMS managed customer master
key (CMK).
D. Implement client-side encryption using Amazon S3 managed keys.

A. Implement server-side encryption using customer-provided encryption keys

A Developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic
increases over time, the application is regularly receiving ProvisionedThroughputExceededException
error messages.
Which steps should the Developer take to resolve the error? (Choose TWO.)

A. Use Auto Scaling to scale the stream for better performance

B. Increase the delay between the GetRecords call and the PutRecords call
C. Increase the number of shards in the data stream
D. Specify a shard iterator using the ShardIterator parameter
E. Implement exponential backoff on the GetRecords call and the PutRecords call

A. Use Auto Scaling to scale the stream for better performance

A Developer is publishing critical log data to a log group in Amazon CloudWatch Logs, which was
created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key
(CMK) so future data can be encrypted to comply with the company's security policy.
How can the Developer meet this requirement?

A. Use the CloudWatch Logs console and enable the encrypt feature on the log
group
B. Use the AWS CLI create-log-group command and specify the key Amazon
Resource Name (ARN)
C. Use the KMS console and associate the CMK with the log group
D. Use the AWS CLI associate-kms-key command and specify the key Amazon
Resource Name (ARN)

A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon
DynamoDB table.
What is the MOST secure approach the Developer should take to accomplish this task?

A. Create a user access key for each EC2 instance with read-only access to
DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.
B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the
EC2 instances.
C. Run all code with only AWS account root user access keys to ensure maximum
access to services.
D. Use an IAM role with Administrator access applied to the EC2 instance.

A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon
DynamoDB table.
What is the MOST secure approach the Developer should take to accomplish this task?

A Developer decides to store highly secure data in Amazon S3 and wants to implement server-side
encryption (SSE) with granular control of who can access the master key. Company policy requires that
the master key be created, rotated, and disabled easily when needed, all for security reasons.
Which solution should be used to meet these requirements?

A. SSE with Amazon S3 managed keys (SSE-S3)

B. SSE with AWS KMS managed keys (SSE-KMS)
C. SSE with AWS Secrets Manager
D. SSE with customer-provided encryption keys

A. SSE with Amazon S3 managed keys (SSE-S3)

B. SSE with AWS KMS managed keys (SSE-KMS)
C. SSE with AWS Secrets Manager
D. SSE with customer-provided encryption keys

A Developer is migrating an on-premises application to AWS. The application currently takes user
uploads and saves them to a local directory on the server. All uploads must be saved and made
immediately available to all instances in an Auto Scaling group.
Which approach will meet these requirements?

A. Use Amazon EBS and configure the application AMI to use a snapshot of the same
EBS instance on boot.
B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.
C. Use instance storage and share it between instances launched from the same
Amazon Machine Image (AMI).
D. Use Amazon EBS and file synchronization software to achieve eventual
consistency among the Auto Scaling group.

A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted
in Amazon API Gateway and AWS Lambda. The site is showing an error that reads: "No "˜Access-
Control-Allow-Origin' header is present on the requested resource. Origin "˜null' is therefore not allowed
access."
What should the Developer do to resolve this issue?

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

B. Enable cross-origin resource sharing (CORS) for the method in API Gateway
C. Add the Access-Control-Request-Method header to the request
D. Add the Access-Control-Request-Headers header to the request

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

A Developer is writing an application in AWS Lambda. To simplify testing and deployments, the
Developer needs the database connections string to be easily changed without modifying the Lambda
code.
How can this requirement be met?

A. Store the connection string as a secret in AWS Secrets Manager.

B. Store the connection string in an IAM user account.
C. Store the connection string in AWS KMS.
D. Store the connection string as a Lambda layer.

A. Store the connection string as a secret in AWS Secrets Manager.

B. Store the connection string in an IAM user account.
C. Store the connection string in AWS KMS.
D. Store the connection string as a Lambda layer.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 115
Question C.58
A company is launching an ecommerce website and will host the static data in Amazon S3. The company
expects approximately 1,000 transactions per second (TPS) for GET and PUT requests in total. Logging
must be enabled to track all requests and must be retained for auditing purposes.
What is the MOST cost-effective solution?

A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90
days.
B. Enable S3 server access logging and create a lifecycle policy to expire the data in
90 days.
C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to expire the data in 90 days.
D. Enable S3 server access logging and create a lifecycle policy to move the data to
Amazon S3 Glacier in 90 days.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 116
Question C.58
A company is launching an ecommerce website and will host the static data in Amazon S3. The company
expects approximately 1,000 transactions per second (TPS) for GET and PUT requests in total. Logging
must be enabled to track all requests and must be retained for auditing purposes.
What is the MOST cost-effective solution?

A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90
days.
B. Enable S3 server access logging and create a lifecycle policy to expire the data in
90 days.
C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a
lifecycle policy to expire the data in 90 days.
D. Enable S3 server access logging and create a lifecycle policy to move the data to
Amazon S3 Glacier in 90 days.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 117
Question C.59
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances.
The application uses attached Amazon EBS disks for storing data. The application will process sensitive
information and all the data must be encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?

A. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for
storing data.
B. Add logic to write all data to an encrypted Amazon S3 bucket.
C. Add a custom encryption algorithm to the application that will encrypt and
decrypt all data.
D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and
store the data to ephemeral disks.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 118
Question C.59
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances.
The application uses attached Amazon EBS disks for storing data. The application will process sensitive
information and all the data must be encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 119
Question C.60
A Developer has written an application that runs on Amazon EC2 instances and generates a value every
minute. The Developer wants to monitor and graph the values generated over time without logging in to
the instance each time.
Which approach should the Developer use to achieve this goal?

A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances.
View each value from the CloudWatch console.
B. Develop the application to store each value in a file on Amazon S3 every minute
with the timestamp as the name.
C. Publish each generated value as a custom metric to Amazon CloudWatch using
available AWS SDKs.
D. Store each value as a variable and add the variable to the list of EC2 metrics that
should be reported to the Amazon CloudWatch console.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 120
Question C.60
A Developer has written an application that runs on Amazon EC2 instances and generates a value every
minute. The Developer wants to monitor and graph the values generated over time without logging in to
the instance each time.
Which approach should the Developer use to achieve this goal?

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 121
Question C.61
A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process
using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a
person to review and approve the code before it is deployed to production.
How can the Development team add a manual approver to the CI/CD pipeline?

A. Use AWS SES to send an email to approvers when their action is required. Develop a
simple application that allows approvers to accept or reject a build. Invoke an AWS
Lambda function to advance the pipeline when a build is accepted.
B. If approved, add an approved tag when pushing changes to the CodeCommit repository.
CodePipeline will proceed to build and deploy approved commits without interruption.
C. Add an approval step to CodeCommit. Commits will not be saved until approved.
D. Add an approval action to the pipeline. Configure the approval action to publish to an
Amazon SNS topic when approval is required. The pipeline execution will stop and wait for
an approval.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 122
Question C.61
A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process
using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a
person to review and approve the code before it is deployed to production.
How can the Development team add a manual approver to the CI/CD pipeline?

A. Use AWS SES to send an email to approvers when their action is required. Develop a
simple application that allows approvers to accept or reject a build. Invoke an AWS
Lambda function to advance the pipeline when a build is accepted.
B. If approved, add an approved tag when pushing changes to the CodeCommit repository.
CodePipeline will proceed to build and deploy approved commits without interruption.
C. Add an approval step to CodeCommit. Commits will not be saved until approved.
D. Add an approval action to the pipeline. Configure the approval action to publish to an
Amazon SNS topic when approval is required. The pipeline execution will stop and wait for
an approval.
© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 123
Question C.62
A Developer is building a serverless application using AWS Lambda and must create a REST API using
an HTTP GET method.
What needs to be defined to meet this requirement? (Choose TWO.)

A. A Lambda@Edge function
B. An Amazon API Gateway with a Lambda function
C. An exposed GET method in an Amazon API Gateway
D. An exposed GET method in the Lambda function
E. An exposed GET method in Amazon Route 53

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 124
Question C.62
A Developer is building a serverless application using AWS Lambda and must create a REST API using
an HTTP GET method.
What needs to be defined to meet this requirement? (Choose TWO.)

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 125
Question C.63
A Developer needs to create an application that supports Security Assertion Markup Language (SAML)
and Facebook authentication. It must also allow access to AWS services, such as Amazon DynamoDB.
Which AWS service or feature will meet these requirements with the LEAST amount of additional
coding?

A. AWS AppSync
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. Amazon Lambda@Edge

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 126
Question C.63
A Developer needs to create an application that supports Security Assertion Markup Language (SAML)
and Facebook authentication. It must also allow access to AWS services, such as Amazon DynamoDB.
Which AWS service or feature will meet these requirements with the LEAST amount of additional
coding?

A. AWS AppSync
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. Amazon Lambda@Edge

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 127
Question C.64
A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service
is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm
command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the
Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?

A. Sending custom metrics using the CLI is not supported.

B. The Developer needs to use the put-metric-data command.
C. The Developer must use a unified CloudWatch agent to publish custom metrics.
D. The code is not running on an Amazon EC2 instance.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 128
Question C.64
A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service
is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm
command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the
Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?

A. Sending custom metrics using the CLI is not supported.

B. The Developer needs to use the put-metric-data command.
C. The Developer must use a unified CloudWatch agent to publish custom metrics.
D. The code is not running on an Amazon EC2 instance.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 129
Question C.65
A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB)
using a CLI command. However, the Lambda function is not being invoked when the client sends
requests through the ALB.
Why is the Lambda function not being invoked?

A. A Lambda function cannot be registered as a target for an ALB.

B. A Lambda function can be registered with an ALB using AWS Management
Console only.
C. The permissions to invoke the Lambda function are missing.
D. Cross-zone is not enabled on the ALB.

© 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 130
Question C.65
A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB)
using a CLI command. However, the Lambda function is not being invoked when the client sends
requests through the ALB.
Why is the Lambda function not being invoked?

A. A Lambda function cannot be registered as a target for an ALB.

B. A Lambda function can be registered with an ALB using AWS Management
Console only.
C. The permissions to invoke the Lambda function are missing.
D. Cross-zone is not enabled on the ALB.

AWS Architect Professional SAP-C02 Exam - PREGUNTAS
No ratings yet
AWS Architect Professional SAP-C02 Exam - PREGUNTAS
152 pages
Aws-Soa-C02 2024 New II
100% (2)
Aws-Soa-C02 2024 New II
73 pages
Amazon - SOA-C02.vMay-2024.by .Isac .132q
No ratings yet
Amazon - SOA-C02.vMay-2024.by .Isac .132q
53 pages
AWS Solution Architect Certification Exam Practice Paper 2019
From Everand
AWS Solution Architect Certification Exam Practice Paper 2019
Tech Interviews
3.5/5 (3)
AWS DA With Answers
No ratings yet
AWS DA With Answers
161 pages
Aws-Devops Sreeja
100% (1)
Aws-Devops Sreeja
5 pages
AWS S3 Interview Questions
No ratings yet
AWS S3 Interview Questions
23 pages
AWS DevOps Engineer Professional Master Cheat Sheet
No ratings yet
AWS DevOps Engineer Professional Master Cheat Sheet
47 pages
Build A Static Website With Amazon S3 Activity
No ratings yet
Build A Static Website With Amazon S3 Activity
7 pages
Extra Checks in Prowler
No ratings yet
Extra Checks in Prowler
2 pages
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
From Everand
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
Exam OG
No ratings yet
AWS PartnerCast - SAA Study Hall - 20210702
No ratings yet
AWS PartnerCast - SAA Study Hall - 20210702
37 pages
Module 10 - Examen Test B
No ratings yet
Module 10 - Examen Test B
132 pages
Module 12 - Examen Test D
No ratings yet
Module 12 - Examen Test D
132 pages
SAP_C02_AWS_Certified_Solutions_Architect___Professional_Updated_Questions.pdf
No ratings yet
SAP_C02_AWS_Certified_Solutions_Architect___Professional_Updated_Questions.pdf
33 pages
SAA-C03-demo_ans
No ratings yet
SAA-C03-demo_ans
13 pages
AWS-Developer-Associate-Test01
No ratings yet
AWS-Developer-Associate-Test01
8 pages
QnA - CC - IT 4090
No ratings yet
QnA - CC - IT 4090
29 pages
AWS Certified Advanced Networking Specialty - Sample Questions c01
No ratings yet
AWS Certified Advanced Networking Specialty - Sample Questions c01
8 pages
Aws Test Paper 2
No ratings yet
Aws Test Paper 2
17 pages
AWS Solutions Architect - Associate
No ratings yet
AWS Solutions Architect - Associate
5 pages
saa-c03_0
No ratings yet
saa-c03_0
11 pages
Ee Draindumps 2023-Aug-16 by Nicholas 93q Vce
100% (1)
Ee Draindumps 2023-Aug-16 by Nicholas 93q Vce
24 pages
AWS Network engineer
No ratings yet
AWS Network engineer
62 pages
Amazon Premium DVA-C02 65q-DEMO
No ratings yet
Amazon Premium DVA-C02 65q-DEMO
28 pages
soa-c02_2
No ratings yet
soa-c02_2
29 pages
Cloud Architecture Viva
No ratings yet
Cloud Architecture Viva
7 pages
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
From Everand
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
SUJAN
No ratings yet
AWS Advanced Networking - Specialty Sample Exam Questions
No ratings yet
AWS Advanced Networking - Specialty Sample Exam Questions
4 pages
Ee PDF 2020-Mar-30 by Rodney 138q Vce
No ratings yet
Ee PDF 2020-Mar-30 by Rodney 138q Vce
8 pages
AWS Certified Solutions Architect Associate Practice Test 05
No ratings yet
AWS Certified Solutions Architect Associate Practice Test 05
78 pages
Awsques 3
No ratings yet
Awsques 3
3 pages
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
vivian njoroge
No ratings yet
quizlet-SAAC03 359
No ratings yet
quizlet-SAAC03 359
253 pages
AWS Solution Architect
No ratings yet
AWS Solution Architect
12 pages
soa-c02_0
No ratings yet
soa-c02_0
28 pages
ans-c01_2
0% (1)
ans-c01_2
13 pages
Qb2 Latest Merged
No ratings yet
Qb2 Latest Merged
507 pages
soa-c02_9
No ratings yet
soa-c02_9
25 pages
AWS Cloud Practitioner Study Guide & Practice Tests
From Everand
AWS Cloud Practitioner Study Guide & Practice Tests
SUJAN
No ratings yet
Aws Solutions Architect Professional
No ratings yet
Aws Solutions Architect Professional
10 pages
SAA-C02-passleader-sep2021
No ratings yet
SAA-C02-passleader-sep2021
6 pages
PDF 2
No ratings yet
PDF 2
8 pages
AWS-DevOps-Engineer-Professional-DOP-C01-demo
No ratings yet
AWS-DevOps-Engineer-Professional-DOP-C01-demo
12 pages
Aws Csa 1
No ratings yet
Aws Csa 1
13 pages
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
vivian njoroge
No ratings yet
AWS Associate architect part 2
No ratings yet
AWS Associate architect part 2
100 pages
ans-c01_7
No ratings yet
ans-c01_7
17 pages
AWS Solutions Associate
No ratings yet
AWS Solutions Associate
7 pages
AWS Practice Questions
No ratings yet
AWS Practice Questions
17 pages
SAA-C01 V14.35
No ratings yet
SAA-C01 V14.35
112 pages
Amazon Web Services-SAP-C01 8 June
100% (2)
Amazon Web Services-SAP-C01 8 June
66 pages
ans-c01_4
No ratings yet
ans-c01_4
16 pages
Aws Test Paper 1
No ratings yet
Aws Test Paper 1
16 pages
Aws Certified Sysops Administrator - Associate (Soa-C01) Sample Exam Questions
No ratings yet
Aws Certified Sysops Administrator - Associate (Soa-C01) Sample Exam Questions
5 pages
Aindumps 2023-Aug-08 by Taylor 151q Vce
No ratings yet
Aindumps 2023-Aug-08 by Taylor 151q Vce
25 pages
Révision Exam AWS ACF
No ratings yet
Révision Exam AWS ACF
9 pages
AWS SAA C03 121-160 Hung
No ratings yet
AWS SAA C03 121-160 Hung
24 pages
Amazon: Exam Questions AWS-Certified-Solutions-Architect-Professional
No ratings yet
Amazon: Exam Questions AWS-Certified-Solutions-Architect-Professional
27 pages
Amazon AWS Certified Advanced Networking
No ratings yet
Amazon AWS Certified Advanced Networking
21 pages
Domain Wise
No ratings yet
Domain Wise
32 pages
AWS Dumps
No ratings yet
AWS Dumps
18 pages
AWS_Examtoics
No ratings yet
AWS_Examtoics
95 pages
Azure Fundamentals Success Kit
From Everand
Azure Fundamentals Success Kit
PRIYANKA
No ratings yet
AWS Certified Advanced Networking - Specialty (ANS-C00) Sample Exam Questions
No ratings yet
AWS Certified Advanced Networking - Specialty (ANS-C00) Sample Exam Questions
5 pages
Amazonwebservices Pass4sure Sap-C01 Exam Question 2020-Jan-06 by Burgess 175q Vce
No ratings yet
Amazonwebservices Pass4sure Sap-C01 Exam Question 2020-Jan-06 by Burgess 175q Vce
8 pages
Amazon S3: An Storage Service
No ratings yet
Amazon S3: An Storage Service
14 pages
Aws Certified Solutions Architect Associate Saa c03 Updated Nov 2024
No ratings yet
Aws Certified Solutions Architect Associate Saa c03 Updated Nov 2024
488 pages
Datalakes
No ratings yet
Datalakes
18 pages
Brkarc 2749
No ratings yet
Brkarc 2749
97 pages
Backup Exec - Installation and Configuration Guide For OpenDedupe OST Connector
No ratings yet
Backup Exec - Installation and Configuration Guide For OpenDedupe OST Connector
37 pages
ECS Administration - Lab Guide
100% (1)
ECS Administration - Lab Guide
249 pages
Mcookbook PDF
No ratings yet
Mcookbook PDF
271 pages
Braindumpscollection Dva c02 Aws Certified Developer Associate Verified Questions Answers by Gamble 15 04 2024 6qa
No ratings yet
Braindumpscollection Dva c02 Aws Certified Developer Associate Verified Questions Answers by Gamble 15 04 2024 6qa
13 pages
TEST3 - AWS Certified Solutions Architect Associate Practice Exams
No ratings yet
TEST3 - AWS Certified Solutions Architect Associate Practice Exams
124 pages
The Context Is Around Un Predictable + Cost Effective ..Store The Images Using The S3 Intelligent
No ratings yet
The Context Is Around Un Predictable + Cost Effective ..Store The Images Using The S3 Intelligent
78 pages
Veritas Netbackup ™ Enterprise Server and Server 8.2 - 8.X.X Hardware and Cloud Storage Compatibility List (HCL)
No ratings yet
Veritas Netbackup ™ Enterprise Server and Server 8.2 - 8.X.X Hardware and Cloud Storage Compatibility List (HCL)
325 pages
ML Certificate Preparation (Last Version)
No ratings yet
ML Certificate Preparation (Last Version)
288 pages
Amazon Web Services: Aws Developer: Building On Aws
No ratings yet
Amazon Web Services: Aws Developer: Building On Aws
36 pages
AWS Interview Questions (2021)
No ratings yet
AWS Interview Questions (2021)
12 pages
Aws QCM
No ratings yet
Aws QCM
35 pages
AWS Notes
No ratings yet
AWS Notes
29 pages
Rule Details - Config - Us-West-2
No ratings yet
Rule Details - Config - Us-West-2
2 pages
Slideset 03
No ratings yet
Slideset 03
79 pages
Unit-3-AWS Solution
No ratings yet
Unit-3-AWS Solution
51 pages
SAP HANA On AWS Implementation and Operations Guide
No ratings yet
SAP HANA On AWS Implementation and Operations Guide
39 pages
Aws The Final
No ratings yet
Aws The Final
20 pages
4 Edge and Hybrid Storage
No ratings yet
4 Edge and Hybrid Storage
31 pages
Birst Appliance v5.21 Quick Start Guide PDF
No ratings yet
Birst Appliance v5.21 Quick Start Guide PDF
22 pages
Aws Glossary
No ratings yet
Aws Glossary
184 pages

Module 11 - Examen Test C

Uploaded by

Module 11 - Examen Test C

Uploaded by

Examen Test C

65 QUESTIONS, 130 MINUTES

A. Life-cycle management of IAM credentials

A. Life-cycle management of IAM credentials

A. Set a smaller page size for the scan

A. Set a smaller page size for the scan

A. Enable versioning on the cdfonts bucket for each web font

A. Enable versioning on the cdfonts bucket for each web font

A. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]

A. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]

A. Use S3 Virtual Hosting

A. Use S3 Virtual Hosting

A. Previously-created resources are kept but the stack creation terminates.

A. Previously-created resources are kept but the stack creation terminates.

A. By default, all requests are denied

A. By default, all requests are denied

A. Deploy a NAT instance into the public subnet.

A. Deploy a NAT instance into the public subnet.

A. An XML object containing MessageId, UnsubscribeURL, Subject, Message and

A. An XML object containing MessageId, UnsubscribeURL, Subject, Message and

A. 100 per region

A. 100 per region

A. Target tracking scaling policy

A. Target tracking scaling policy

A. Generate a presigned URL when a picture is uploaded. Save the URL in an

A. Generate a presigned URL when a picture is uploaded. Save the URL in an

A. Deploy the function into multiple AWS Regions.

A. Deploy the function into multiple AWS Regions.

A. Update the database connection parameters in the application to point to the

A. Update the database connection parameters in the application to point to the

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

A. Double the Auto Scaling group's maximum number of servers.

A. Double the Auto Scaling group's maximum number of servers.

A. Instead of using Node.js, rewrite the Lambda function using Python.

A. Instead of using Node.js, rewrite the Lambda function using Python.

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

implemented an automated continuous integration/continuous improvement (CI/CD) process using a

A. Use rolling updates instead of a blue/green deployment

implemented an automated continuous integration/continuous improvement (CI/CD) process using a

A. Use rolling updates instead of a blue/green deployment

A. Implement server-side encryption using customer-provided encryption keys

A. Implement server-side encryption using customer-provided encryption keys

A. Use Auto Scaling to scale the stream for better performance

A. Use Auto Scaling to scale the stream for better performance

A. SSE with Amazon S3 managed keys (SSE-S3)

A. SSE with Amazon S3 managed keys (SSE-S3)

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

A. Enable cross-origin resource sharing (CORS) on the S3 bucket.

A. Store the connection string as a secret in AWS Secrets Manager.

A. Store the connection string as a secret in AWS Secrets Manager.

A. Sending custom metrics using the CLI is not supported.

A. Sending custom metrics using the CLI is not supported.

A. A Lambda function cannot be registered as a target for an ALB.

A. A Lambda function cannot be registered as a target for an ALB.

You might also like