EMT Practice Test

1. Question Content...


Question List

Question1: A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?

Question2: A developer has created a REST API using Amazon API Gateway. The developer wants to log who and how each caller accesses the API. The developer also wants to control how long the logs are kept.
What should the developer do to meet these requirements?

Question3: What is web identity federation?

Question4: What is the data model of DynamoDB?

Question5: An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region.
Which AWS CloudFormation template key can be used to specify the correct AMI for each region?

Question6: An organization is hosting an application as part of the free usage tier. The organization wants to create IAM users for each of its 150 employees and they may access AWS as part of free usage tier. What will you advise the organization?

Question7: A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario?

Question8: A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB.
Why is the Lambda function not being invoked?

Question9: A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances.
The EC2 instances run behind a public Application Load Balancer (ALB).
An HTTP server runs on each of the EC2 instances, logging all requests to a log file.
The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB What must the developer do to capture the client public IP addresses in the log file?

Question10: You need to migrate 10 million records in one hour into DynamoDB. All records are 1.5KB in size.
The data is evenly distributed across the partition key. How many write capacity units should you provision during this batch load?

Question11: A user is trying to create a list of IAM users with the AWS console. When the IAM users are created which of the below mentioned credentials will be enabled by default for the user?

Question12: A development team uses AWS Elastic Beanstalk to deploy a Java-based web application. The team wants to ensure that the changes to the source code and the configuration are always deployed on new instances. The team configures the Elastic Beanstalk environment to use immutable updates. However, an error occurs the first time a change is deployed with the new update policy.
What is the MOST likely cause of this issue?

Question13: An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack. The Developer wants to run this application in AWS.
Which of the following sets of AWS services can be used to run this stack?

Question14: A company maintains an application responsible for processing several thousand external callbacks each day. The company's System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days.
The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds.
What is the MOST cost-effective way to address the need to track and alert on these statistics?

Question15: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?

Question16: A developer wants to secure sensitive configuration data such as passwords, database strings, and application license codes. Access to this sensitive information must be tracked for future audit purposes.
Where should the sensitive information be stored, adhering to security best practices and operational requirements?

Question17: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

Question18: A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read- heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries.
How can this objective be met?

Question19: A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A.
An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrators in Account A created an IAM role named AccessPII with privileges to access the PII table, and made account B a trusted entity.
Which combination of actional steps should Developers take to access the table? (Select TWO )

Question20: A developer is setting up Amazon API gateway for their company's products. The API will be registered developers to query and update their environments. The company wants to limit the amount of requests end users send for.bot cost and security reason management wants to offer registered the option of buying larger packages that allow for more requests.

Question21: A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function. When calling the API, the developer receives the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502
What should the developer do to resolve the error?

Question22: Given the source code for an AWS Lambda function in the local store.py containing a handler function called get_store and the following AWS CloudFormation template:

What should be done to prepare the template so that it can be deployed using the AWS CLI command aws ?
cloudformation deploy

Question23: A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking.
Which AWS service should the Developer use?

Question24: A Developer has created a Lambda function and is finding that the function is taking longer to complete than expected. After some debugging, the Developer has discovered that increasing compute capacity would improve performance.
How can the Developer increase the Lambda compute resources?

Question25: A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket. Which policy must the developer modify to allow the instances to write these objects?

Question26: A developer is creating an event handling system. To handle messages asynchronously, the developer created a standard Amazon SQS queue. Quality assurance testing reveals that some events were processed multiple times.
What is the recommended way to ensure the events are not processed more than once?

Question27: A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found.
What is causing the duplicate entries?

Question28: A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value?

Question29: An application is experiencing performance issues based on increased demand. This increased demand is on read-only historical records pulled from an Amazon RDS-hosted database with custom views and queries. A Developer must improve performance without changing the database structure.
Which approach will improve performance and MINIMIZE management overhead?

Question30: Pass4test (with AWS account ID 111122223333) has created 50 IAM users for its organization's employees. Pass4test wants to make the AWS console login URL for all IAM users as: https://pass4test.signin.aws.amazon.com/console/. How can this be configured?

Question31: A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance.
The company has decided to migrate the database from the EC2 instance to MySQL on Amazon EDS.
What should the Developer do to update the application to support data storage in Amazon RDS?

Question32: Can you SSH to your private machines that reside in a VPC from outside without elastic IP?

Question33: A developer is creating a new application that will be accessed by users through an API created using Amazon API Gateway. The users need to be authenticated by a third-party Security Assertion Markup Language (SAML) identity provider. Once authenticated, users will need access to other AWS services, such as Amazon S3 and Amazon DynamoDB.
How can these requirements be met?

Question34: Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers

Question35: A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an Amazon DynamoDB table.
How can the Developer create the solution?

Question36: Where can PortMapping be defined when launching containers in Amazon ECS?

Question37: A user has launched an EBS backed Linux instance. How can a user detach the root device and attach it to another instance as a secondary volume?

Question38: An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct IAM policy already exists.
What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

Question39: Can a user get a notification of each instance start / terminate configured with Auto Scaling?

Question40: A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB?

Question41: An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the region-specific website endpoint?

Question42: An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function.
How can the developer inspect the timing of the DynamoDB API calls?

Question43: Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select _______.

Question44: An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch.
What is the best practice for implementing this requirement?

Question45: Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers

Question46: A developer is building a WebSocket API using Amazon API Gateway. The payload sent to this API is JSON that includes an action key. This key can have three different values: create, update, and remove. The developer must integrate with different routes based on the value of the action key of the incoming JSON payload.
How can the developer accomplish this task with the LEAST amount of configuration?

Question47: A Developer is developing an application that manages financial transactions. To improve security, multi- factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?

Question48: A root account owner is trying to setup an additional level of security for all his IAM users. Which of the below mentioned options is a recommended solution for the account owner?

Question49: An AWS customer is deploying a web application that is composed of a front-end running on Amazon EC2 and of confidential data that is stored on Amazon S3. The customer security policy that all access operations to this sensitive data must be authenticated and authorized by a centralized access management system that is operated by a separate security team. In addition, the web application team that owns and administers the EC2 web front-end instances is prohibited from having any ability to access the data that circumvents this centralized access management system. Which of the following configurations will support these requirements?

Question50: A global company has an application running on Amazon EC2 instances that serves image files from Amazon S3. User requests from the browser are causing high traffic, which results in degraded performance.
Which optimization solution should a developer implement to increase application performance?

Question51: Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers

Question52: A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation.
Which of the following will help the developer accomplish this objective?

Question53: A developer tested an application locally and then deployed it to AWS Lambda.
While testing the application remotely the Lambda function fails with an access denied message How can this issue be addressed?

Question54: If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

Question55: EC2 instances are launched from Amazon Machine images (AMIS).
A given public AMI can:

Question56: A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load Balancer.
Which steps should be taken to accomplish the task using the AWS Management Console?

Question57: A developer is building a website that will be hosted in an Amazon S3 bucket with static website hosting enabled. The developer will use Amazon Route 53 for the DNS service and will use an alias record to point the company's domain to the bucket. The developer must redirect one S3 object to a different URL.
What should the developer use so that the redirect will work correctly from a page on the website?

Question58: A developer is monitoring an application running on an Amazon EC2 instance.
The application accesses an Amazon DynamoDB table and the developer has configured a custom Amazon CloudWatch metric with data granularity of 1 second.
If there are any issues, the developer wants to be notified within 30 seconds using Amazon SNS.
Which CloudWatch mechanism will satisfy this requirement?

Question59: A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

Question60: A developer supports an application that accesses data in an Amazon DynamoDB table One of the item attributes is expirationDate In the timestamp format. The application uses this attribute to find items archive them and remove them from the table based on the timestamp value The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.
Which solution will meet these requirements?

Question61: A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using its own master key.
Which of the following AWS service can be used to meet these requirements?

Question62: A developer Is working with a Docker application that needs to be quickly deployed using AWS without changing the infrastructure or configuring health checks. The application should be configured so that changes and updates can be made automatically without any downtime.
Which solution will meet these requirements?

Question63: A user is part of a group which has a policy allowing him just read only access to EC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance?

Question64: A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

Question65: A group of researchers is studying the migration pattern of a beetle that eats and destroys gram.
The researchers must process massive amounts of data and run statistics. Which one of the following options provides the high performance computing for this purpose?

Question66: _____________ can be used to bootstrap both the Chef Server and Chef Client software on your EC2 instances.

Question67: A developer wants to ensure the Amazon EC2 instances in AWS Elastic Beanstalk execute a certain set of commands before the application is ready to use.
Which Elastic Beanstalk feature will allow the developer to accomplish this?

Question68: When you create a table with a hash-and-range key, you must define one or more secondary indexes on that table.

Question69: Your manager has requested you to tag EC2 instances to organize and manage a load balancer.
Which of the following statements about tag restrictions is incorrect?

Question70: Can one instance be registered with two ELBs in the same region?

Question71: A user is planning to host data with RDS. Which of the below mentioned databases is not supported by RDS?

Question72: An organization has enabled a strict password policy for its IAM users. The organization is taking help from the IAM console to set the password policy. Which of the below mentioned rules cannot be specified by the user as a part of the policy?

Question73: A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?

Question74: An existing serverless application processes uploaded image files. The process currently uses a single Lambda function that takes an image file, performs the processing, and stores the file in Amazon S3. Users of the application now require thumbnail generation of the images. Users want to avoid any impact to the time it takes to perform the image uploads.
How can thumbnail generation be added to the application, meeting user requirements while minimizing changes to existing code?

Question75: An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

Question76: A Developer is creating a mobile application with a limited budget. The solution requires a scalable service that will enable customers to sign up and authenticate into the mobile application while using the organization's current SAML 2.0 identity provider.
Which AWS service should be used to meet these requirements?

Question77: A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?

Question78: Does AWS CloudFormation support Amazon EC2 tagging?

Question79: A user has developed an application which is required to send the data to a NoSQL database.
The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

Question80: Pass4test (with AWS account ID 111122223333) has created 50 IAM users for its organization's employees. Pass4test wants to make the AWS console login URL for all IAM users like:
https://pass4test.signin.aws.amazon.com/console/. How can this be configured?

Question81: A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS.
Which techniques will work? (Choose two.)

Question82: A developer is using Amazon DynamoDB to store application data. The developer wants to further improve application performance by reducing response times for read and write operations. Which DynamoDB feature should be used to meet these requirements?

Question83: Which statements about DynamoDB are true? Choose 2 answers

Question84: Which of the following statements about SQS is true?

Question85: You have been doing a lot of testing of your VPC Network by deliberately failing EC2 instances to test whether instances are failing over properly. Your customer who will be paying the AWS bill for all this asks you if he being charged for all these instances. You try to explain to him how the billing works on EC2 instances to the best of your knowledge. What would be an appropriate response to give to the customer in regards to this?

Question86: A user has an S3 object in the US Standard region with the content "color=red". The user updates the object with the content as "color="white". If the user tries to read the value 1 minute after it was uploaded, what will S3 return?

Question87: A company is planning to deploy an application on AWS behind an Elastic Load Balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses.
Which load-balancing solution meets these requirements?

Question88: A developer is building a new complex application on AWS. The application consists of multiple microservices hosted on Amazon EC2. The developer wants to determine which microservice adds the most latency while handling a request.
Which method should the developer use to make this determination?

Question89: For a deployment using AWS CodeDeploy, what is the run order of the hooks for in-place deployments?

Question90: What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Question91: A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people.
How can the developer securely provide temporary access to the objects that are stored in the S3 bucket?

Question92: A user has created a MySQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?

Question93: A Developer is publishing critical log data to a log group in Amazon CloudWatch Logs, which was created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key (CMK) so future data can be encrypted to comply with the company's security policy.
How can the Developer meet this requirement?

Question94: During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours.
How would the Developer optimize this scan?

Question95: A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?

Question96: Your supervisor has asked you to build a simple file synchronization service for your department.
He doesn't want to spend too much money and he wants to be notified of any changes to files by email. What do you think would be the best Amazon service to use for the email solution?

Question97: A developer is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.
How should the developer manage the deployment of the new version?

Question98: Which features can be used to restrict access to data in S3? Choose 2 answers

Question99: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name).
The table design is shown below:

(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question100: In DynamoDB, the default table size is:

Question101: A developer converted an existing program to an AWS Lambda function in the console. The program runs properly on a local laptop, but shows an "Unable to import module" error when tested in the Lambda console.
Which of the following can fix the error?

Question102: What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

Question103: A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method.
What needs to be defined to meet this requirement? (Choose two.)

Question104: An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The application calls the DynamoDB REST API. Periodically, the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table.
Which solutions will mitigate this error MOST cost-effectively? (Choose two.)

Question105: Can I encrypt connections between my application and my DB Instance using SSL?

Question106: A bucket owner has allowed another account's IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B.
What will happen in this scenario?

Question107: A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles. What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Select TWO.)

Question108: A company uses a third-party tool to build, bundle, and package its applications on-premises, and store them locally. The company uses Amazon EC2 instances to run its front-end applications.
How can an application be deployed from the source control system onto the EC2 instances?

Question109: An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below:

Which techniques will help mitigate this exception? (Choose two.)

Question110: The release process workflow of an application requires a manual approval before the code is deployed into the production environment.
What is the BEST way to achieve this using AWS CodePipeline?

Question111: A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?

Question112: An application is using a single-node Amazon ElastiCache for Redis instance to improve read performance. Over time, demand for the application has increased exponentially, which has increased the load on the ElastiCache instance. It is critical that this cache layer handles the load and is resilient in case of node failures.
What can the Developer do to address the load and resiliency requirements?

Question113: A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipelines?

Question114: A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

Question115: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
- Average execution time of 100 seconds
- 50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question116: Company D is running their corporate website on Amazon S3 accessed from
http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?

Question117: Which of the following groups is AWS Elastic Beanstalk best suited for?

Question118: An organization has created 10 IAM users. The organization wants those users to work independently and access AWS. Which of the below mentioned options is not a possible solution?

Question119: Which of the following solutions is not supported by DynamoDB:

Question120: Will I be charged if the DB instance is idle?

Question121: A Development team has pushed out 10 applications running on several Amazon EC2 instances.
The Operations team is asking for a graphical representation of one key performance metric for each application. These metrics should be available on one screen for easy monitoring. Which steps should the Developer take to accomplish this using Amazon CloudWatch?

Question122: A user has enabled the automated backup, but not specified the backup window. What will RDS do in this case?

Question123: A user has created a snapshot of an EBS volume. Which of the below mentioned usage cases is not possible with respect to a snapshot?

Question124: An organization is having an application which can start and stop an EC2 instance as per schedule. The organization needs the MAC address of the instance to be registered with its software. The instance is launched in EC2-CLASSIC.
How can the organization update the MAC registration every time an instance is booted?

Question125: A user is planning to use the AWS RDS with MySQL. Which of the below mentioned services the user is not going to pay?

Question126: A developer is writing an application that will process data delivered into an Amazon S3 bucket.
The data is delivered approximately 10 times a day, and the developer expects the data will be processed in less than 1 minute, on average.
How can the developer deploy and invoke the application with the lowest cost and lowest latency?

Question127: How long are the messages kept on an SQS queue by default?

Question128: A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records.
In which order will these records be processed?

Question129: An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.
Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

Question130: An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:

Which combination of steps should be taken to prevent this failure? (Choose two.)

Question131: A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process Hadoop Map reduce jobs, which can run between 50 ?600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?

Question132: A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline.
How can these requirements be met?

Question133: A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.
Which procedures will deploy a Lambda function? (Select TWO.)

Question134: Which of these is not a Pseudo Parameter in AWS CloudFormation?

Question135: A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours.
How can the Developer implement encryption at rest for data within the Kinesis Streams?

Question136: Which one of the following operations is NOT a DynamoDB operation?

Question137: Where should the appspec.yml file be placed in order for AWS CodeDeploy to work?

Question138: A user is creating multiple IAM users. What advice should be given to him to enhance the security?

Question139: A developer is building an application that runs behind an application Load Balancer (ALB).
The application is configured as the origin for an Amazon CloudFront distribution.
Users will log in to the application using their social media accounts.
How can the developer authenticate and authorize users?

Question140: A user plans to use RDS as a managed DB platform. Which of the below mentioned features is not supported by RDS?

Question141: An organization is using Amazon API Gateway to provide a public API called "Survey" for collecting user feedback posts about its products. The survey API has "DEV" and "PROD" stages and consists of one resource "/feedback" which allows users to retrieve/create/update single feedback posts.
A version-controlled Swagger file is used to define a new API that retrieves multiple feedback posts. To add the new API resource "/listFeedbackForProduct" the developer makes changes to the Swagger file defining an API, uploads the file to the organization's version control system, and uses the API Gateway Import API feature to apply the changes to the Survey API. After successful import, the developer runs the tests against the DEV stage and finds that resource
"/listFeedbackForProduct" is not available.
What is MOST likely the reason for resource not being available?

Question142: A user had defined an IAM policy similar to the one given below on a bucket:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12112112:user/test"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::pass4test"
]
}
]
}
What will this do?

Question143: Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

Question144: An organization has created an application which is hosted on the AWS EC2 instance. The application stores images to S3 when the end user uploads to it. The organization does not want to store the AWS secure credentials required to access the S3 inside the instance. Which of the below mentioned options is a possible solution to avoid any security threat?

Question145: A Developer is designing a new application that uses Amazon S3. To satisfy compliance requirements, the Developer must encrypt the data at rest.
How can the Developer accomplish this?

Question146: When thinking of DynamoDB, what are true of Global Secondary Key properties?

Question147: A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?

Question148: A user has not enabled versioning on an S3 bucket. What will be the version ID of the object inside that bucket?

Question149: A developer is working on an ecommerce website. The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available.
How can the developer update the application to meet these requirements with MINIMUM changes?

Question150: A user has enabled automated backup for an RDS instance. What is the longest duration for which the user can retain the automated backup?

Question151: A company has implemented AWS CodePipeline to automate its release pipelines. The Development team is writing an AWS Lambda function what will send notifications for state changes of each of the actions in the stages.
Which steps must be taken to associate the Lambda function with the event source?

Question152: A user has created an RDS instance with MySQL. The user is using the HeidiSQL client to connect with the RDS DB. The client is unable to connect to DB from his home machine. What is a possible reason for the failure?

Question153: You have been given a scope to deploy some AWS infrastructure for a large organisation. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fleet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this?

Question154: A developer wants to use React to build a web and mobile application. The application will be hosted on AWS. The application must authenticate users and then allow users to store and retrieve files that they own. The developer wants to use Facebook for authentication.
Which CLI will MOST accelerate the development and deployment of this application on AWS?

Question155: An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update.
What technique provides the shortest delay in updating the dashboard?

Question156: A developer has created an AWS Lambda function that is written in Python. The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table. The function is successfully invoked from an S3 event notification when an object is created However, the function fails when if attempts to write to the DynamoDB table. What is the MOST likely cause of this issue?

Question157: An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?

Question158: A developer is refactoring a monolithic application. The application takes a POST request and performs several operations. Some of the operations are in parallel while others run sequentially.
These operations have been refactored into individual AWS Lambda functions. The POST request will be processed by Amazon API Gateway.
How should the developer invoke the Lambda functions in the same sequence using API Gateway?

Question159: A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3.
How can the user decrypt it?

Question160: A user has launched an RDS instance. The user has created 3 databases on the same server.
What can the maximum size be for each database?

Question161: A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete.
What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements?

Question162: A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

Question163: A Developer decides lo store highly secure data in Amazon S3 and wants to implement server- side encryption (SSF) with granular control of who can access the master key Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons. Which solution should be used to moot these requirements?

Question164: Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI?

Question165: A developer must build a mobile application that allows users to read and write data from an Amazon DynamoDB table to store user state for each unique user.
The solution needs to limit data access to allow users access only to heir own data.
Which solution below is the most secure?

Question166: An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket.
Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

Question167: An on-premises legacy application is caching data files locally and writing shared images to local disks.
What is necessary to allow for horizontal scaling when migrating the application to AWS?

Question168: In DynamoDB, if you create a table and request 10 units of write capacity and 200 units of read capacity of provisioned throughput, how much would you be charged in US East (Northern Virginia) Region?

Question169: A Developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

Question170: An online retail company has deployed a serverless application with AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB using AWS CloudFormation. The company rolled out a new release with major upgrades to the Lambda function and deployed the release to production. Subsequently, the application stopped working.
Which solution should bring the application back up as quickly as possible?

Question171: A user has configured an automated backup between 5 AM ?5:30 AM for the MySQL RDS DB.
Will the performance of RDS get frozen momentarily during a backup?

Question172: A development team is designing a mobile app that requires multi-factor authentication.
Which steps should be taken to achieve this? (Choose two.)

Question173: A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

Question174: An organization has 10 departments. The organization wants to track the AWS usage of each department. Which of the below mentioned options meets the requirement?

Question175: What is the maximum size for messages stored in SQS?

Question176: A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function.
How should the developer encrypt this data?

Question177: A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object?

Question178: Can a user associate and use his own DNS with ELB instead of the DNS provided by AWS ELB?

Question179: A company wants to migrate an imaging service to Amazon EC2 while following security best practices. The images are sourced and read from a non-public Amazon S3 bucket.
What should a Developer do to meet these requirements?

Question180: In regard to AWS CloudFormation, what is a stack?

Question181: How can a developer use a debugger for AWS Lambda code that is deployed with AWS Serverless Application Model (AWS SAM)?

Question182: When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

Question183: A Developer is writing transactions into a DynamoDB table called "SystemUpdates" that has 5 write capacity units.
Which option has the highest read throughput?

Question184: A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template. How can the application stack refer to the VPC created from the infrastructure template?

Question185: A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure that the EC2 instances accept requests only from ELB?

Question186: You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CloudFormation can both help as a deployment mechanism for a broad range of AWS resources. Which of the following statements best describes the differences between Elastic Beanstalk and CloudFormation?

Question187: A developer is troubleshooting the permissions of an application that needs to make changes to an Amazon RDS database. The developer has access to the IAM role that the application is using.
Which command structure should the developer use to test the role permissions?

Question188: A developer must extend an existing application that is based on the AWS Services Application Model (AWS SAM).
The developer has used the AWS SAM CLI to create the project. The project contains different AWS Lambda functions.
Which combination of commands must the developer use to redeploy the AWS SAM application (Select TWO.)

Question189: What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

Question190: An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services.
What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

Question191: The user has configured AutoScaling based on the dynamic policy. Which of the following is not the right command to specify a change in capacity as a part of the policy?

Question192: Which header received at the EC2 instance identifies the port used by the client while requesting ELB?

Question193: Which OS does the current version of AWS Elastic Beanstalk use?

Question194: A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put- metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?

Question195: A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing
/MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account.
How can the Developer address this issue?

Question196: A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?

Question197: A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet. How can the user attach the EBS volume to a running instance?

Question198: Company B provides an online image recognition service and utilizes SOS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

Question199: An application is real-time processing millions of events that are received through an API.
What service could be used to allow multiple consumers to process the data concurrently and MOST cost- effectively?

Question200: A developer is troubleshooting connectivity issues between an AWS Lambda function and an Amazon EC2 instance that runs Amazon Linux 2. The Lambda function and the EC2 instance cannot communicate with each other even though the Lambda function is configured to access resources in the EC2 instance's subnet.
How can the developer inspect the network traffic between the Lambda function and the EC2 instance?

Question201: A microservices application is deployed across multiple containers in Amazon Elastic Container Service (Amazon ECS). To improve performance, a developer wants to capture trace information between the microservices and visualize the microservices architecture.
Which solution will meet these requirements?

Question202: AutoScaling is configured with 3 AZs. Each zone has 5 instances running. If AutoScaling wants to terminate an instance based on the policy action, which instance will it terminate first?

Question203: A developer has written an application hosted on Amazon EC2 instances. The application generates and uploads thousands of new objects to an Amazon S3 bucket located in the same AWS region. The size of each object is less than 1 MB. The application is taking too long to run.
How can the performance of the application be improved?

Question204: Which of the following services are key/value stores? Choose 3 answers

Question205: A developer is creating a role to access Amazon S3 buckets. To create the role, the developer uses the AWS CLI create-role command.
Which policy should be added to allow the Amazon EC2 service to assume the role?

Question206: A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will help the admin setup notifications?

Question207: A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table. Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

Question208: A customer wants to deploy its source code on an AWS Elastic Beanstalk environment. The customer needs to perform deployment with minimal outage and should only use existing instances to retain application access log.
What deployment policy would satisfy these requirements?

Question209: A user has created a MySQL RDS instance. Which of the below mentioned options is mandatory to configure while creating an instance?

Question210: You want to have multiple versions of your application running at the same time, with all versions launched via AWS Elastic Beanstalk. Is this possible?

Question211: A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out.
What can be done to avoid this time-out?

Question212: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question213: When a Developer tries to run an AWS CodeBuild project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters.
What is the recommended solution?

Question214: What is the format of structured notification messages sent by Amazon SNS?

Question215: A company has an AWS CloudFormation template that is stored as a single file. The template is able to launch and create a full infrastructure stack.
Which best practice would increase the maintainability of the template?

Question216: An application takes 40 seconds to process instructions received in an Amazon SQS message.
Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?

Question217: An ELB is diverting traffic across 5 instances. One of the instances was unhealthy only for 20 minutes. What will happen after 20 minutes when the instance becomes healthy?

Question218: A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company does not want to manage the security infrastructure in-house, but the company still needs extra protection to ensure it has control over its encryption keys due to industry regulations.
Which encryption strategy should a Developer use to meet these requirements?

Question219: A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes:
user_id, user_name, user_score, and user_rank. The users are allowed to update their names only.
A user is authenticated by web identity federation.
Which set of conditions should be added in the policy attached to the role for the dynamodb:
PutItem API call?

Question220: A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained.
What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Select TWO.)

Question221: Two containerized microservices are hosted on Amazon EC2 ECS. The first microservice reads an Amazon RDS Aurora database instance, and the second microservice reads an Amazon DynamoDB table.
How can each microservice be granted the minimum privileges?

Question222: A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time.
Which approach should the Developer use to achieve this goal?

Question223: A Developer executed a AWS CLI command and received the error shown below:

What action should the Developer perform to make this error human-readable?

Question224: The development team is working on an API that will be served from Amazon API gateway. The API will be served from three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all three stages.
Which is the MOST cost-efficient deployment strategy?

Question225: What happens when you create a topic on Amazon SNS?

Question226: A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32.
Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?

Question227: A development team uses AWS Elastic Beanstalk for application deployment. The team has configured the application version lifecycle policy to limit the number of application versions to 25.
However, even with the lifecycle policy, the source bundle is deleted from the Amazon S3 source bucket.
What should a developer do in the Elastic Beanstalk application version lifecycle settings to retain the source code in the S3 bucket?

Question228: An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same AZ?

Question229: Which of the following device names is reserved for the root device for Linux instances of Amazon EC2?

Question230: A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?

Question231: A Developer is working on an application that handles 10MB documents that contain highly- sensitive data. The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question232: ___________ is a task coordination and state management service for cloud applications.

Question233: How should custom libraries be utilized in AWS Lambda?

Question234: An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the Developer wants to examine the logs of the Lambda function code for errors.
Based on this system configuration, where would the Developer find the logs?

Question235: An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on- premises data center, and the encryption is handled by S3.
Which type of encryption should be used?

Question236: A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests.
Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?

Question237: A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job.
Which is the MOST efficient and cost-effective method to provide an empty table?

Question238: An application stops working with the following error: The specified bucket does not exist. Where is the BEST place to start the root cause analysis?

Question239: A user is enabling logging on a particular bucket. Which of the below mentioned options may be best suitable to allow access to the log bucket?

Question240: In the Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?

Question241: You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?

Question242: A Developer has developed a web application and wants to deploy it quickly on a Tomcat server on AWS. The Developer wants to avoid having to manage the underlying infrastructure.
What is the easiest way to deploy the application, based on these requirements?

Question243: AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when:

Question244: A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A.
An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrator in Account A created an IAM role named AccessPII with privileges to access the PII table, and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table? (Choose two.)

Question245: A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services.
Which solution should the Developer use to host MongoDB in AWS?

Question246: How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

Question247: What is the scope of AWS IAM?

Question248: A Developer has published an update to an application that is served to a global user base using Amazon CloudFront. After deploying the application, users are not able to see the updated changes.
How can the Developer resolve this issue?

Question249: A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model.
Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?

Question250: A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances.
What steps have to be executed to perform the monitoring?

Question251: A developer must ensure that the IAM credentials used by an application in Amazon EC2 are not misused or compromised.
What should the developer use to keep user credentials secure?

Question252: When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?

Question253: Regarding Amazon SQS, are there restrictions on the names of Amazon SQS queues?

Question254: Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:

Question255: In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

Question256: An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?

Question257: A Developer uses Amazon S3 buckets for static website hosting. The Developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error.
How should the Developer solve this issue?

Question258: A company has a web application In an Amazon Elastic Container Service (Amazon ECS) cluster running hundreds of secure services in AWS Fargate containers.
The services are in target groups routed by an Application Load Balancer (ALB) Application users log in to the website anonymously, but they must be authenticated using any OpenID Connect protocol-compatible identity provider (IdP) to access the secure services Which authentication approach would meet hese requirements with the LEAST amount of effort?

Question259: In regards to Amazon SQS how many times will you receive each message?

Question260: A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

Question261: An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data.
Which steps must be taken to allow the function to access both the RDS resource and the public endpoint? (Select TWO.)