EMT Practice Test

1. Question Content...


Question List

Question1: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?
"codecommit:CreateBranch"

Question2: An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?

Question3: A developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway AWS Lambda. The site is showing an error that reads
"No ' Access-Control-Allow Origin' header is present on the requested resource Origin 'null' is therefore not allowed access " What should the developer do to resolve this issue?

Question4: Does AWS CloudFormation support Amazon EC2 tagging?

Question5: In relation to Amazon Simple Workflow Service (Amazon SWF),what is an "Activity Worker"?

Question6: A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB?

Question7: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:
(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question8: A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container tor the application to initialize How should the environment variables be passed to the container?

Question9: A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk.
After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose two.)

Question10: A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity During peak times, the backend servers that process orders are overloaded with requests.
This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Select TWO.)

Question11: A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.
What step will allow Kinesis to accommodate the traffic during peak hours?

Question12: A Developer migrated a web application to AWS. As part of the migration, the Developer implemented an automated continuous integration/continuous improvement (CI/CD) process using a blue/green deployment. The deployment provisions new Amazon EC2 instances in an Auto Scaling group behind a new Application Load Balancer. After the migration was completed, the Developer began receiving complaints from users getting booted out of the system. The system also requires users to log in after every new deployment.
How can these issues be resolved?

Question13: Which of the following platforms are supported by Elastic Beanstalk? Choose 2 answers

Question14: A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes.
What would be the BEST way to accomplish this?

Question15: n on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, "LimitExceeded" errors are being logged.
What should be changed to fix this error?

Question16: What does an Amazon SQS delay queue accomplish?

Question17: If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?

Question18: An application stores images in an S3 bucket. Amazon S3 event notifications are used to trigger a Lambda function that resizes the images. Processing each image takes less than a second.
How will AWS Lambda handle the additional traffic?

Question19: A user is having access to objects of an S3 bucket which is not owned by him. If he is trying to set the objects of that bucket public, which of the below mentioned options may be a right fit for this action?

Question20: A developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time.
Which approach should the Developer use to achieve this goal?

Question21: A Developer has a stateful web server on-premises that is being migrated to AWS. The Developer must have greater elasticity in the new design.
How should the Developer re-factor the application to make it more elastic? (Choose two.)

Question22: A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers. More than 95 percent of the Amazon DynamoDB requests are repeated read-requests.
How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?

Question23: A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using its own master key.
Which of the following AWS service can be used to meet these requirements?

Question24: A company requires that IP packet data be inspected for invalid or malicious content.
Which of the following approaches achieve this requirement? (Choose two.)

Question25: A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?

Question26: A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries.
How can this objective be met?

Question27: AutoScaling is configured with 3 AZs. Each zone has 5 instances running. If AutoScaling wants to
terminate an instance based on the policy action, which instance will it terminate first?

Question28: A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking.
Which AWS service should the Developer use?

Question29: A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services Which solution should the Developer use to host MongoDB in AWS?

Question30: A user plans to use RDS as a managed DB platform. Which of the below mentioned features is not supported by RDS?

Question31: When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput?

Question32: In AWS Elastic Beanstalk, you can update your deployed application even while it is part of a running environment. For a Java application, you can also use ___________ to update your deployed application.

Question33: A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

Question34: A developer tested an application locally and then deployed it to AWS Lambda. While testing the application remotely, the Lambda function fails with an access denied message.
How can this issue be addressed?

Question35: A bucket owner has allowed another account's IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B.
What will happen in this scenario?

Question36: A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebook and/or Google accounts.
How can the Developer provide this authentication functionality?

Question37: A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow, and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk.
Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?

Question38: A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances.
What steps have to be executed to perform the monitoring?

Question39: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

Question40: Which of these configuration or deployment practices is a security risk for RDS?

Question41: A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained.
What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Select TWO.)

Question42: An application takes 40 seconds to process instructions received in an Amazon SQS message.
Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?

Question43: A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

Question44: A user has created a MySQL RDS instance. Which of the below mentioned options is mandatory to configure while creating an instance?

Question45: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question46: Does DynamoDB support in-place atomic updates?

Question47: A developer is using AWS CodeDeploy to deploy an application running on Amazon EC2. The developer wants to change the file permissions for a specific deployment file. Which lifecycle event should a developer use to meet this requirement?

Question48: A Lambda function is packaged for deployment to multiple environments, including development, test, production, etc. Each environment has unique set of resources such as databases, etc.
How can the Lambda function use the resources for the current environment?

Question49: A Developer decides lo store highly secure data in Amazon S3 and wants to implement server- side encryption (SSF) with granular control of who can access the master key Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons. Which solution should be used to moot these requirements?

Question50: While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs.
Which AWS service can be used to securely store these logs?

Question51: A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes.
What is the SAFEST way to meet these requirements?

Question52: In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configure container instances in the environment?

Question53: A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table.
What is the simplest way to do this?

Question54: A Developer is receiving HTTP 400: ThrottlingException errors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved. What best practice should first be applied to address this issue?

Question55: An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack. The Developer wants to run this application in AWS.
Which of the following sets of AWS services can be used to run this stack?

Question56: A user is trying to create a policy for an IAM user from the AWS console. Which of the below mentioned options is not available to the user while configuring policy?

Question57: An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC. How can the organization achieve this with a single instance?

Question58: While securing the connection between a company's VPC and its on-premises data center, a Security Engineer sent a ping command from an on-premises host (IP address 203.0.113.12) to an Amazon EC2 instance (IP address 172.31.16.139). The ping command did not return a response. The flow log in the VPC showed the following:
2 123456789010 eni-1235b8ca 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK
2 123456789010 eni-1235b8ca 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK What action should be performed to allow the ping to work?

Question59: What is the format of structured notification messages sent by Amazon SNS?

Question60: If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?

Question61: A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.
Which procedures will deploy a Lambda function? (Select TWO.)

Question62: An application has the following requirements:
* Performance efficiency of seconds with up to a minute of latency.
* The data storage size may grow up to thousands of terabytes.
* Per-message sizes may vary between 100 KB and 100 MB.
* Data can be stored as key/value stores supporting eventual consistency.
What is the MOST cost-effective AWS service to meet these requirements?

Question63: A company is building a stock trading application that requires sub-millisecond latency in processing trading requests. Amazon DynamoDB is used to store all the trading data that is used to process each request. After load testing the application, the development team found that due to data retrieval times, the latency requirement is not satisfied. Because of sudden high spikes in the number of requests, DynamoDB read capacity has to be significantly over-provisioned to avoid throttling.
What steps should be taken to meet latency requirements and reduce the cost of running the application?

Question64: Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers

Question65: You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an explanation for this?

Question66: A user is trying to create a policy for an IAM user from the AWS console. Which of the below mentioned options is not available to the user while configuring policy?

Question67: What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?

Question68: A developer implemented a static website hosted in amazon s3 that makes web service requests in amazon api gateway and aws lambda. The site is showing an error that reads.
''No 'access control-allow-origin'header' header is present on the requested resource. Origin 'null is therefore not allowed access ''
What should the developer do to resolve this issue?

Question69: A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS. After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch, the developer found that on average one message per minute is posted on this queue.
What can be done to reduce Amazon SQS costs for this application?

Question70: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit.
How can the Developer ensure that all traffic to the S3 bucket is encrypted?

Question71: A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?

Question72: A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained.
What should be done to secure the website while not increasing the CPU load on the EC2 web servers?
(Choose two.)

Question73: A Developer is designing a fault-tolerant environment where client sessions will be saved.
How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?

Question74: A user has setup an application on EC2 which uses the IAM user access key and secret access key to make secure calls to S3. The user wants to temporarily stop the access to S3 for that IAM user. What should the root owner do?

Question75: A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services.
Review the following response:

Based on the response displayed what permissions are associated with the call from the application?

Question76: An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application?

Question77: A developer is building a backend system for the long-term storage of information from an inventory management system The information needs to be stored so that other teams can build tools to report and analyze the data How should the developer implement this solution to achieve the FASTEST running time?

Question78: A developer has written code for an application and wants to share it with other developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking.
Which AWS service should the developer use?

Question79: A Developer executed a AWS CLI command and received the error shown below:

What action should the Developer perform to make this error human-readable?

Question80: A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs.
What action can be taken to allow API customers to invalidate the API Cache?

Question81: A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

Question82: A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following:

After the application launches, the health check is not being run on the correct path, event though it is valid.
What can be done to correct this configuration file?

Question83: A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles.
What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Choose two.)

Question84: A user has created a new raw EBS volume. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume?

Question85: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
- Average execution time of 100 seconds
- 50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question86: A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found.
What is causing the duplicate entries?

Question87: Can you configure an RDS Read Replica using CloudFormation templates?

Question88: A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?

Question89: A developer must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket
How should the developer meet these requirements'?

Question90: A developer is preparing a deployment package using AWS Cloud Formation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template How can the application stack refer to the VPC created from the infrastructure template?

Question91: A user has attached one RDS security group with 5 RDS instances. The user has changed the ingress rule for the security group. What will be the initial status of the ingress rule?

Question92: Regarding Amazon SWF, the coordination logic in a workflow is contained in a software program called a ________.

Question93: A developer is building an application that needs to store date in Amazon S3. Management requires that the data be encrypted before is it sent to Amazon S3 for storage. The encryption keys need to be managed by the security team.
Which approach should the developer take to meet these requirements?

Question94: In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

Question95: A Developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

Question96: An application outputs logs to a text file. The logs must be continuously monitored for security incidents.
Which design will meet the requirements with MINIMUM effort?

Question97: An organization is replacing a tape backup system with a storage gateway. there is currently no
connectivity to AWS. Initial testing is needed.
What connection option should the organization use to get up and running at minimal cost?

Question98: A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications.
How should the Developer identify and troubleshoot the root cause of the performance issues in production?

Question99: You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet.
What should you do to enable internet access?

Question100: Regarding Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its _______.

Question101: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console.
How can the user achieve this?

Question102: A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket.
What is the MOST secure way to give the application the ability to write files to the S3 bucket?

Question103: A large company wants its Compliance team to audit its Amazon S3 buckets to identify if personally identifiable information (PII) is stored in them. The company has hundreds of S3 buckets and has asked the Security Engineers to scan every bucket.
How can this task be accomplished?

Question104: A user is planning to host data with RDS. Which of the below mentioned databases is not supported by
RDS?

Question105: An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

Question106: An application running on multiple Amazon EC2 instances pulls messages ...SQS queue. A requirement for the application is that all messages must be encrypted at rest.
Developers are instructed to use methods that allow for centralized .. possible support requirements whenever possible.
Which of the following solution supports these requirements?

Question107: A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API. The developer will have three distinct environments to manage: development, test, and production.
How should the application be deployed while minimizing the number of resources to manage?

Question108: An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?

Question109: A company runs online transaction processing (OLTP) workloads on an Amazon RDS for PostgreSQL Multi-AZ DB instance. Tests were run on the database after work hours, which generated additional database logs. The free storage of the RDS DB instance is low due to these additional logs.
What should the company do to address this space constraint issue?

Question110: A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket. Which policy must the developer modify to allow the instances to write these objects?

Question111: A user has configured an automated backup between 5 AM - 5:30 AM for the MySQL RDS DB. Will the performance of RDS get frozen momentarily during a backup?

Question112: An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours.
Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E".
Which table configuration will result in the lowest impact on provisioned throughput for this query?

Question113: A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries.
What action would minimize the Lambda compute time consumed?

Question114: A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

Question115: What does an Amazon SQS delay queue accomplish?

Question116: Which techniques will help mitigate this exception? (Choose two.)

Question117: When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?

Question118: A user is planning to use the AWS RDS with MySQL. Which of the below mentioned services the user is not going to pay?

Question119: When working with AWS CloudFormation Templates what is the maximum number of stacks that you can create?

Question120: How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

Question121: A gaming company wants to deploy a game in multiple Regions. The company plans to save local high scores in Amazon DynamoDB tables in each Region. A Database Specialist needs to design a solution to automate the deployment of the database with identical configurations in additional Regions, as needed. The solution should also automate configuration changes across all Regions.
Which solution would meet these requirements and deploy the DynamoDB tables?

Question122: A developer Is working with a Docker application that needs to be quickly deployed using AWS without changing the infrastructure or configuring health checks. The application should be configured so that changes and updates can be made automatically without any downtime Which solution will meet these requirements?

Question123: Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select _______.

Question124: When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput?

Question125: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.
How can DynamoDB costs be minimized while maximizing application performance?

Question126: A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles. What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Select TWO.)

Question127: A user wants to achieve High Availability with PostgreSQL DB. Which of the below mentioned functionalities helps achieve HA?

Question128: A company has a web application In an Amazon Elastic Container Service (Amazon ECS) cluster running hundreds of secure services in AWS Fargate containers. The services are in target groups routed by an Application Load Balancer (ALB) Application users log in to the website anonymously, but they must be authenticated using any OpenID Connect protocol-compatible identity provider (IdP) to access the secure services Which authentication approach would meet these requirements with the LEAST amount of effort?

Question129: A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes.
What is the SAFEST way to meet these requirements?

Question130: A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.
What step will allow Kinesis to accommodate the traffic during peak hours?

Question131: A Developer is working on an application that handles 10MB documents that contain highly- sensitive data. The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question132: A user is setting up an Elastic Load Balancer(ELB). Which of the below parameters should the user consider so as the instance gets registered with the ELB?

Question133: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.
How can DynamoDB costs be minimized while maximizing application performance?

Question134: Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI?

Question135: An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application?

Question136: A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code:

After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?

Question137: An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use.
Which of the following methods should be used to obtain unique identifiers?

Question138: In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

Question139: A company has an Amazon RDS Multi-AZ DB instances that is 200 GB in size with an RPO of 6 hours. To meet the company's disaster recovery policies, the database backup needs to be copied into another Region. The company requires the solution to be cost-effective and operationally efficient.
What should a Database Specialist do to copy the database backup into a different Region?

Question140: An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the
region-specific website endpoint?

Question141: What kind of service is provided by AWS DynamoDB?

Question142: A Developer must build an application that uses Amazon DynamoDB. The requirements state that items being stored in the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items per second, and the maximum write rate is
10 items per second.
How should the Developer size the DynamoDB table to meet these requirements?

Question143: A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.
Which of the following solutions will accomplish this task? (Choose two.)

Question144: A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function.
When calling the API, the developer receives the following error. Wed Nov 03 01:13:00 UTC 2017 : Method completed with status: 502 What should the developer do to resolve the error?

Question145: A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an Amazon DynamoDB table.
How can the Developer create the solution?

Question146: A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI.
Which step should the developer complete prior to deploying the application?

Question147: A bucket owner has allowed another account's IAM users to upload or access objects in his bucket.
The IAM user of Account A is trying to access an object created by the IAM user of account B.
What will happen in this scenario?

Question148: If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

Question149: A Developer will be using the AWS CLI on a local development server to manage AWS services.
What can be done to ensure that the CLI uses the Developer's IAM permissions when making commands?

Question150: A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following:

After the application launches, the health check is not being run on the correct path, event though it is valid.
What can be done to correct this configuration file?

Question151: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB.
What is the MOST likely cause of this situation?

Question152: When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

Question153: What kind of service is provided by AWS DynamoDB?

Question154: A Security Engineer must implement mutually authenticated TLS connections between containers that communicate inside a VPC.
Which solution would be MOST secure and easy to maintain?

Question155: An online gaming site asked you if you can deploy a database that is a fast, highly scalable NoSQL
database service in AWS for a new site that he wants to build. Which database should you recommend?

Question156: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question157: Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:

Question158: When you create a table with a hash-and-range key, you must define one or more secondary indexes on that table.

Question159: A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-to- peer. All users need to work productively even when not connected to a network.
Which source control service should be used?

Question160: Which Amazon service is not used by Elastic Beanstalk?

Question161: A company has a large number of documents that are stored securely in Amazon S3 The company is creating an application that occasionally will read these documents The application will be deployed on Amazon EC2 instances.
The company's security requirements mandate that no long-term credentials can be stored on the EC2 instances and that only the needed documents can be accessed Only authorized users and applications can access the documents, access must be logged by Amazon S3 and each document must follow S3 Lifecycle policies for archival and destruction What should a developer do to meet these requirements?

Question162: A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records.
In which order will these records be processed?

Question163: _____________ can be used to bootstrap both the Chef Server and Chef Client software on your EC2
instances.

Question164: A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.
Which actions should the developer take to increase the processing speed? (Choose two.)

Question165: An organization has created an application which is hosted on the AWS EC2 instance. The application
stores images to S3 when the end user uploads to it. The organization does not want to store the AWS
secure credentials required to access the S3 inside the instance. Which of the below mentioned options is
a possible solution to avoid any security threat?

Question166: An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center and the encryption is handled by S3. Which type of encryption should be used?

Question167: A Developer is receiving HTTP 400: ThrottlingExceptionerrors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved.
What best practice should first be applied to address this issue?

Question168: A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services Which solution should the Developer use to host MongoDB in AWS?

Question169: A developer is creating a script to automate the deployment process for a serverless application.
The developer wants to use an existing AWS Serverless Application Model (AWS SAM) template for the application.
What should the developer use for the project? (Choose two.)

Question170: An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

Question171: A developer is building a static, client-side rendered website that is powered by ReactJS The code has no server-side generated components and does not need to run any programming languages on the server However the code serves static HTML, CSS, and JavaScript to the client on each request The developer's solution to host the website must maximize performance and cost-effectiveness Which combination of AWS services or resources should the developer use to meet these requirements?

Question172: In regard to DynamoDB, can I modify the index once it is created?

Question173: A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?

Question174: An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data.
Which steps must be taken to allow the function to access both the RDS resource and the public endpoint?
(Choose two.)

Question175: A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users' game dat
a. How can this be accomplished?

Question176: Does DynamoDB support in-place atomic updates?

Question177: Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers

Question178: A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

Question179: A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk.
After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose two.)

Question180: An organization has three applications running on AWS, each accessing the same data on Amazon S3.
The data on Amazon S3 is server-side encrypted by using an AWS KMS Customer Master Key (CMK).
What is the recommended method to ensure that each application has its own programmatic access control permissions on the KMS CMK?

Question181: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

Question182: A developer Is designing an AWS Lambda function that create temporary files that are less than 10 MB during execution. The temporary files will be accessed and modified multiple times during execution. The developer has no need to save or retrieve these files in the future.
Where should the temporary file be stored?

Question183: A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster.
How should the application authenticate with AWS services in production?

Question184: A Database Specialist needs to define a database migration strategy to migrate an on-premises Oracle database to an Amazon Aurora MySQL DB cluster. The company requires near-zero downtime for the data migration. The solution must also be cost-effective.
Which approach should the Database Specialist take?

Question185: A user has created an application which sends data to a log file. The server hosting the log files can be unavailable due to any reason. The user wants to make it so that whenever the log server is up it should be receiving the messages. Which of the below mentioned AWS services helps achieve this functionality?

Question186: Which one of the following statements is NOT an advantage of DyanamoDB being built on Solid State Drives:

Question187: A Developer wants access to make the log data of an application running on an EC2 instance available to systems administrators.
Which of the following enables monitoring of this metric in Amazon CloudWatch?

Question188: A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC Which logs can the developer use to verify whether the traffic is reaching subnet B?

Question189: An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.
How can these requirements be met? (Choose two.)

Question190: You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep
packet inspection, looking for atypical patterns.
Which tool will enable you to look at this data?

Question191: You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application
is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data
transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection
with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your
connection to AWS and make sure that any additional connectivity does not share the same Direct
Connect routers at AWS. You need to provide the best levels of resilience to meet the application's needs.
Which two options should you consider? (Select two.)

Question192: Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that all employees would be granted access to use Amazon S3 for storage of their personal documents. Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)

Question193: A company experienced partial downtime during the last deployment of a new application AWS Elastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a new version one batch at a time after taking them out of service. Therefore, full capacity was not maintained during deployment.
The developer plans to release a new version of the application, and is looking for a policy that will maintain full capacity and minimize the impact of the failed deployment Which deployment policy should the developer use?

Question194: A user has created a new EBS volume from an existing snapshot.
The user mounts the volume on the instance to which it is attached.
Which of the below mentioned options is a required step before the user can mount the volume?

Question195: A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3.
How can the user decrypt it?

Question196: A company has a web application In an Amazon Elastic Container Service (Amazon ECS) cluster running hundreds of secure services in AWS Fargate containers. The services are in target groups routed by an Application Load Balancer (ALB) Application users log in to the website anonymously, but they must be authenticated using any OpenID Connect protocol-compatible identity provider (IdP) to access the secure services Which authentication approach would meet these requirements with the LEAST amount of effort?

Question197: In DynamoDB, if you create a table and request 10 units of write capacity and 200 units of read capacity of provisioned throughput, how much would you be charged in US East (Northern Virginia) Region?

Question198: A company has an AWS account and allows a third-party contractor, who uses another AWS account, to assume certain IAM roles. The company wants to ensure that IAM roles can be assumed by the contractor only if the contractor has multi-factor authentication enabled on their IAM user accounts.
What should the company do to accomplish this?

Question199: Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

Question200: How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?

Question201: A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day.
Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

Question202: An AWS Lambda function must access an external site by using a regularly rotated user name and password.
These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose two.)

Question203: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question204: A user is trying to share a video file with all his friends. Which of the below mentioned AWS services will be cheapest and easy to use?