EMT Practice Test

1. Question Content...


Question List

Question1: A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.
How can the Developer achieve this with MINIMAL impact on users?

Question2: A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC
Which logs can the developer use to verify whether the traffic is reaching subnet B?

Question3: A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway.
How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?

Question4: The Marketing Director in your company asked you to create a mobile app that lets users post sightings of good deeds known as random acts of kindness in 80-character summaries. You decided to write the application in JavaScript so that it would run on the broadest range of phones, browsers, and tablets. Your application should provide access to Amazon DynamoDB to store the good deed summaries. Initial testing of a prototype shows that there aren't large spikes in usage. Which option provides the most cost-effective and scalable architecture for this application?

Question5: A company needs a version control system for collaborative software development. Features of the system must include the following:
* Support for batches of changes across multiple files
* Parallel branching
* Version tracking
Which AWS service will meet these requirements?

Question6: According to best practice, how should access keys be managed in AWS? (Choose two.)

Question7: A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript How would the developer securely call the API without exposing the access or secret keys?

Question8: A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario?

Question9: A user has created a new raw EBS volume. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume?

Question10: An application running on an Amazon Linux EC2 instance needs to manage the AWS infrastructure.
How can the EC2 instance be configured to make AWS API calls securely?

Question11: Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product"
DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size
to display in the online store. Due to customer demand, they want to include an image for each bicycle
along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

Question12: An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the region-specific website endpoint?

Question13: A user has setup Multi AZ with the MS SQL RDS instance.
Which of the below mentioned functionalities can be achieved by the user?

Question14: A company's fleet of Amazon EC2 instances receives data from millions of users through an API.
The servers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensure high access rates. The object attributes are Customer ID, Server ID, TS-Server (TimeStamp and Server ID), the size of the object, and a timestamp. A Developer wants to find all the objects for a given user collected during a specified time range.
After creating an S3 object created event, how can the Developer achieve this requirement?

Question15: A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint.
http://www.supplierdomain.com/status/customerID
Which of the following application designs meet the requirements? (Choose two.)

Question16: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Question17: A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test account users only. What is the MOST secure way to restrict API access to users of this particular AWS account?

Question18: A user has created an EBS instance in the US-East-1a AZ. The user has a volume of 30 GB in the US-East-1b zone. How can the user attach the volume to an instance?

Question19: A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

Question20: A company requires that AWS Lambda functions written by Developers log errors so System Administrators can more effectively troubleshoot issues.
What should the Developers implement to meet this need?

Question21: A developer is creating a role to access Amazon S3 buckets To create the role, the developer uses the AWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service to assume the role?

Question22: A Developer executed a AWS CLI command and received the error shown below:

What action should the Developer perform to make this error human-readable?

Question23: A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table:

Which field, when used as the partition key, would result in the MOST consistent performance using DynamoDB?

Question24: You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?

Question25: A Developer is working on an application that handles 10MB documents that contain highly-sensitive data.
The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question26: A company wants to make sure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource There should be no changes in the existing policy under the Admin group What should a developer use to meet these requirements?

Question27: A Developer has created a new AWS IAM user that has s3 putObject permission to write to a specific Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed (SSE-KMS) as the default encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.
How can this issue be resolved?

Question28: A developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method What needs to be defined to meet this requirement*? (Select TWO )

Question29: The user has created multiple AutoScaling groups. The user is trying to create a new AS group but it fails.
How can the user know that he has reached the AS group limit specified by AutoScaling in that region?

Question30: A group of researchers is studying the migration pattern of a beetle that eats and destroys gram. The researchers must process massive amounts of data and run statistics. Which one of the following options provides the high performance computing for this purpose?

Question31: A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation.
Which configuration would allow the Development team to meet these requirements MOST securely?

Question32: A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages.
What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?

Question33: The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done within AWS?

Question34: In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

Question35: A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template. How can the application stack refer to the VPC created from the infrastructure template?

Question36: A company maintains an application responsible for processing several thousand external callbacks each day.
The company's System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days. The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds.
What is the MOST cost-effective way to address the need to track and alert on these statistics?

Question37: A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device.
Which of the below mentioned AWS services can help achieve this functionality?

Question38: Which Amazon service is not used by Elastic Beanstalk?

Question39: How is provisioned throughput affected by the chosen consistency model when reading data from a
DynamoDB table?

Question40: You have to set up an AWS Direct Connect connection to connect your on-premises to an AWS VPC. Due
to budget requirements, you can only provision a single Direct Connect port. You have two border gateway
routers at your on-premises data center that can peer with the Direct Connect routers for redundancy.
Which two design methodologies, in combination, will achieve this connectivity? (Select two.)

Question41: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
- Average execution time of 100 seconds
- 50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question42: What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

Question43: A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? Choose 2 answers

Question44: A Developer is developing an application that manages financial transactions. To improve security, multi- factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?

Question45: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.
How can DynamoDB costs be minimized while maximizing application performance?

Question46: A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the IAM
administrator. Bob and John are not the superpower users, but users with some pre-defined policies.
John does not have access to modify his password. Thus, he asks Bob to change his password. How can
Bob change John's password?

Question47: A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages.
What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?

Question48: A user is running a MySQL RDS instance. The user will not use the DB for the next 3 months.
How can the user save costs?

Question49: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB.
What is the MOST likely cause of this situation?

Question50: A company has decided to use encryption in its AWS account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16,000 B to 5 MB. The requirements are as follows:
* The key material must be generated and stored in a certified Federal Information Processing Standard (FIPS) 140-2 Level 3 machine.
* The key material must be available in multiple Regions.
Which option meets these requirements?

Question51: A company has implemented AWS CodeDeploy as part of its cloud native CI/CD stack. The company enables automatic rollbacks while deploying a new version of a popular web application from in-place to Amazon EC2.
What occurs if the deployment of the new version fails due to code regression?

Question52: A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline.
How can these requirements be met?

Question53: A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

Question54: An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?

Question55: A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?

Question56: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question57: An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center and the encryption is handled by S3. Which type of encryption should be used?

Question58: A user is planning to host a scalable dynamic web application on AWS. Which of the services may not be required by the user to achieve automated scalability?

Question59: A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?

Question60: In regard to DynamoDB, for which one of the following parameters does Amazon not charge you?

Question61: A user has created an RDS instance with MySQL. The user is using the HeidiSQL client to connect with the RDS DB. The client is unable to connect to DB from his home machine. What is a possible reason for the failure?

Question62: A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found.
What is causing the duplicate entries?

Question63: A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?

Question64: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:

(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question65: A company wants to encrypt the private network between its on-premises environment and AWS. The company also wants a consistent network experience for its employees.
What should the company do to meet these requirements?

Question66: A development team uses AWS Elastic Beanstalk to deploy a Java-based web application. The team wants to ensure that the changes to the source code and the configuration are always deployed on new instances The team configures the Elastic Beanstalk environment to use immutable updates. However an error occurs the first time a change is deployed with the new update policy What is the MOST likely cause of this issue?

Question67: A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across platforms.
Which AWS service should the Developer use to support this authentication scenario?

Question68: A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

Question69: A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table named Pll in Account A.
An application running on Amazon EC2 instances in Account B requires access to the Pll table.
An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table1? (Select TWO )

Question70: A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards.
Which of the following actions should the Engineer perform to get further guidance?

Question71: A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour.
The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior.
How can the Security Engineer address the issue?

Question72: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?

Question73: A Security Engineer is looking for a way to control access to data that is being encrypted under a CMK. The Engineer is also looking to use additional authenticated data (AAD) to prevent tampering with ciphertext.
Which action would provide the required functionality?

Question74: A current architecture uses many Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks easily.
Which AWS Service can help refactor and manage the state machine?

Question75: A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account.
How can the Developer address this issue?

Question76: A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code:

After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?

Question77: A Developer executed a AWS CLI command and received the error shown below:

What action should the Developer perform to make this error human-readable?

Question78: A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?

Question79: Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com.
Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint
https://s3-us-west1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?

Question80: In relation to Amazon Simple Workflow Service (Amazon SWF),what is an "Activity Worker"?

Question81: What happens if your application performs more reads or writes than your provisioned capacity?

Question82: A company has several workloads running on AWS. Employees are required to authenticate using on- premises ADFS and SSO to access the AWS Management Console. Developers migrated an existing legacy web application to an Amazon EC2 instance. Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.
How should the Security Engineer implement employee-only access to this system without changing the application?

Question83: A user is planning to host a scalable dynamic web application on AWS. Which of the services may not be
required by the user to achieve automated scalability?

Question84: A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website.
How should the Developer identify the cause of the failures?

Question85: A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?
dynamodb:DeleteItem

Question86: In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

Question87: A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using its own master key.
Which of the following AWS service can be used to meet these requirements?

Question88: An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucket must be resized to a thumbnail image by the application Each thumbnail image is uploaded with a new name in the same S3 bucket Which AWS service can a developer configure to directly process each single S3 event for each S3 object upload?

Question89: A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day.
Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

Question90: Which of the following statements about SQS is true?

Question91: A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?

Question92: A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity During peak times, the backend servers that process orders are overloaded with requests.
This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Select TWO.)

Question93: Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product" DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

Question94: An ecommerce startup is preparing for an annual sales event. As the traffic to the company's application increases, the development team wants to be notified when the Amazon EC2 instance's CPU utilization exceeds 80%.
Which solution will meet this requirement?

Question95: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question96: Where should the appspec.yml file be placed in order for AWS CodeDeploy to work?

Question97: A company became aware that one of its access keys was exposed on a code sharing website 11 days ago. A Security Engineer must review all use of the exposed keys to determine the extent of the exposure.
The company enabled AWS CloudTrail in all regions when it opened the account.
Which of the following will allow the Security Engineer to complete the task?

Question98: A company needs a version control system for collaborative software development. Features of the system must include the following:
Support for batches of changes across multiple files
Parallel branching
Which AWS service will meet these requirements?

Question99: A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the internet. What can be the possible reason for this failure?

Question100: TestAWS (with AWS account ID 111122223333) has created 50 IAM users for its organization's employees. TestAWS wants to make the AWS console login URL for all IAM users like:
https://TestAWS.signin.aws.amazon.com/console/. How can this be configured?

Question101: A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB. The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

Question102: A company recently experienced a DDoS attack that prevented its web server from serving content. The website is static and hosts only HTML, CSS, and PDF files that users download.
Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks while minimizing the ongoing operational overhead?

Question103: A developer implemented a static website hosted in amazon s3 that makes web service requests in amazon api gateway and aws lambda. The site is showing an error that reads.
''No 'access control-allow-origin'header' header is present on the requested resource. Origin 'null is therefore not allowed access ''
What should the developer do to resolve this issue?

Question104: A Developer is building a three-tier web application that should be able to handle a minimum of
5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

Question105: Which of the following are valid SNS delivery transports? Choose 2 answers

Question106: A developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication It must also allow access to AWS services, such as Amazon DynamoDB.
Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

Question107: A developer is creating a new application that will be accessed by users through an API created using Amazon API Gateway The users need to be authenticated by a third-party Security Assertion Markup Language (SAML) identity provider Once authenticated, users will need access to other AWS services such as Amazon S3 and Amazon DynamoDB
How can these requirements be met?

Question108: Your application is trying to upload a 6 GB file to Simple Storage Service and receive a "Your proposed upload exceeds the maximum allowed object size." error message.
What is a possible solution for this?

Question109: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.
How can DynamoDB costs be minimized while maximizing application performance?

Question110: According to best practice, how should access keys be managed in AWS? (Choose two.)

Question111: What does an Amazon SQS delay queue accomplish?

Question112: If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

Question113: A Security Engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.
Which solution meets these requirements?

Question114: A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source categories the subscription cannot be configured?

Question115: A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code:

After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?

Question116: You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site.
At some point you find out that other sites have been linking to the photos on your site, causing loss to your business.
What is an effective method to mitigate this?

Question117: An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region.
Which AWS CloudFormation template key can be used to specify the correct AMI for each region?

Question118: A gaming company is designing a mobile gaming app that will be accessed by many users across the globe.
The company wants to have replication and full support for multi-master writes. The company also wants to ensure low latency and consistent performance for app users.
Which solution meets these requirements?

Question119: The Lambda function below is being called through an API using Amazon API Gateway. The average execution time for the Lambda function is about 1 second. The pseudocode for the Lambda function is as shown in the exhibit.

What two actions can be taken to improve the performance of this Lambda function without increasing the cost of the solution? (Select two.)

Question120: A company's ecommerce website is experiencing massive traffic spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time A developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent

Question121: An advertising company has a dynamic website with heavy traffic. The company wants to migrate the website infrastructure to AWS to handle everything except website development.
Which solution BEST meets these requirements?

Question122: An organization will be expanding its current network design. When fully built out, there will be 99 VPCs
spread across 11 AWS accounts (9 VPCs per account). There is currently an AWS Direct Connect
connection into one account with 9 VPCs, each with a virtual network interface (VIF) per VPC.
Which of the following designs will minimize cost while allowing the organization to expand?

Question123: An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update.
What technique provides the shortest delay in updating the dashboard?

Question124: A large company has its application components distributed across multiple AWS accounts. The company needs to collect and visualize trace data across these accounts.
What should be used to meet these requirements?

Question125: A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
How much write throughput is required for the target table?

Question126: A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API The developer will have three distinct environments to manage development, test, and production. How should the application be deployed while minimizing the number of resources to manage?

Question127: Which one of the following data types does Amazon DynamoDB not support?

Question128: A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3 bucket wills server more than 300 GET requests per second. What should be done to optimize performance? (Select TWO.)

Question129: A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Application requirements state that the application must maintain full capacity during updates while minimizing cost. Which type of Elastic Beanstalk deployment policy should the Developer specify for the environment?

Question130: Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

Question131: A Developer is writing transactions into a DynamoDB table called "SystemUpdates" that has 5 write capacity units.
Which option has the highest read throughput?

Question132: An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services.
What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

Question133: A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3.
How can the user decrypt it?

Question134: A user is trying to create a policy for an IAM user from the AWS console. Which of the below mentioned
options is not available to the user while configuring policy?

Question135: A company hosts a microservices application that uses Amazon API Gateway, AWS Lambda, Amazon Simple Queue Service (Amazon SOS), and Amazon DynamoDB, One of the Lambda functions adds messages to an SOS FIFO queue.
When a developer checks the application logs, the developer finds a few duplicated items in a DynamoDB table. The items were inserted by another polling function that processes messages from the queue.
What is the MOST likely cause of this issue?

Question136: A Developer is publishing critical log data to a log group in Amazon CloudWatch Lops, which was created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key (CMK) so future data can be encrypted to comply with me company's security policy How can the Developer meet this requirement?

Question137: An organization operates a web application that serves users globally. The application runs on Amazon EC2 instances behind an Application Load Balancer. There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF. The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.
The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp; ExampleGame/1.22; Mobile/1.0) What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?

Question138: A developer is automating a new application deployment with AWS Serverless Application Model (AWS SAM). The new application has one AWS Lambda function and one Amazon S3 bucket.
The Lambda function must access the S3 bucket to only read objects.
How should the developer configure AWS SAM to grant the necessary read privilege to the S3 bucket?

Question139: A developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time.
Which approach should the Developer use to achieve this goal?

Question140: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB.
What is the MOST likely cause of this situation?

Question141: A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint.
http://www.supplierdomain.com/status/customerID
Which of the following application designs meet the requirements? (Choose two.)

Question142: How do you configure SQS to support longer message retention?

Question143: A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about 8 seconds on average for AWS Lambda functions.
What should the Developer do to reduce the cold start time? (Choose two.)

Question144: A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application.
There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.
Which type of encryption meets these requirements?

Question145: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?

Question146: A company's ecommerce website is experiencing massive traffic spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time.
A Developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent.
Which cache writing policy will satisfy these requirements?

Question147: A company has an application hosted in an Amazon EC2 instance and wants the application to access secure strings stored in AWS Systems Manager Parameter Store. When the application tries to access the secure string key value, it fails.
Which factors could be the cause of this failure? (Choose two.)

Question148: In regard to DynamoDB, what is the Global secondary index?

Question149: A user is setting up an Elastic Load Balancer(ELB). Which of the below parameters should the user consider so as the instance gets registered with the ELB?

Question150: A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?

Question151: A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

Question152: A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
How much write throughput is required for the target table?

Question153: What type of block cipher does Amazon S3 offer for server side encryption?

Question154: A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances.
What steps have to be executed to perform the monitoring?

Question155: A company has written a Java AWS Lambda function to be triggered whenever a user uploads an image to an Amazon S3 bucket. The function converts the original image to several different formats and then copies the resulting images to another Amazon S3 bucket.
The Developers find that no images are being copied to the second Amazon S3 bucket. They have tested the code on an Amazon EC2 instance with 1GB of RAM, and it takes an average of 500 seconds to complete.
What is the MOST likely cause of the problem?

Question156: Your manager has requested you to tag EC2 instances to organize and manage a load balancer.
Which of the following statements about tag restrictions is incorrect?

Question157: A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to
12 hours.
How can the Developer implement encryption at rest for data within the Kinesis Streams?

Question158: You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

Question159: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question160: An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch.
What is the best practice for implementing this requirement?

Question161: A Developer is working on an application that handles 10MB documents that contain highly-sensitive data.
The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question162: A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code:

After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?

Question163: A user has launched a MySQL RDS. The user wants to plan for the DR and automate the snapshot. Which of the below mentioned functionality offers this option with RDS?

Question164: The release process workflow of an application requires a manual approval before the code is deployed into the production environment.
What is the BEST way to achieve this using AWS CodePipeline?

Question165: When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?

Question166: A Developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error messages.
Which steps should the Developer take to resolve the error? (Choose two.)

Question167: An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack. The Developer wants to run this application in AWS.
Which of the following sets of AWS services can be used to run this stack?

Question168: A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure that the EC2 instances accept requests only from ELB?

Question169: A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

Question170: A company has deployed a custom DNS server in AWS. The Security Engineer wants to ensure that Amazon EC2 instances cannot use the Amazon-provided DNS.
How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

Question171: What is the maximum size for messages stored in SQS?

Question172: A developer has written an Amazon kinesis Data streams application. As usage grows and traffic over time, the application is regularly receiving provisionedThroughputExceededException error messages.
Which steps should the Developer take to resolve the error? (Select Two.)

Question173: A company is creating an application that will require users to access AWS services and allow them to reset their own passwords.
Which of the following would allow the company to manage users and authorization while allowing users to reset their own passwords?

Question174: A web application is designed to allow new users to create accounts using their email addresses.
The application will store attributes for each user, and is expecting millions of user to sign up.
What should the Developer implement to achieve the design goals?

Question175: A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests.
Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?

Question176: A company is providing read access to objects in an Amazon S3 bucket for different customers The company uses 1AM permissions to restnct access to the S3 bucket The customers can access only their own files Due to a regulation requirement the company needs to enforce encryption in transit for interactions with Amazon S3 Which solution will meet these requirements?

Question177: A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles.
What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams?
(Select TWO.)

Question178: A company has Windows Amazon EC2 instances in a VPC that are joined to on-premises Active Directory servers for domain services. The security team has enabled Amazon GuardDuty on the AWS account to alert on issues with the instances.
During a weekly audit of network traffic, the Security Engineer notices that one of the EC2 instances is attempting to communicate with a known command-and-control server but failing. This alert does not show up in GuardDuty.
Why did GuardDuty fail to alert to this behavior?

Question179: A company caches session information for a web application in an Amazon DynamoDB table.
The company wants an automated way to delete old items from the table.
What is the simplest way to do this?

Question180: A photo sharing website gets millions of new images every week The images are stored in Amazon S3 under a formatted date prefix A developer wants to move images to a few S3 buckets for analysis and further processing Images are not required to be moved in real time What is the MOST efficient method for performing this task?

Question181: What is the maximum number of S3 Buckets available per AWS account?

Question182: An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data.
Which steps must be taken to allow the function to access both the RDS resource and the public endpoint?
(Select TWO.)

Question183: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

Question184: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
* Average execution time of 100 seconds
* 50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question185: A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?

Question186: A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username "TeamMemberX", the snippet of the IAM policy looks like this:

Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?

Question187: A Developer needs to design an application running on AWS that will be used to consume Amazon SQS messages that range from 1 KB up to 1GB in size.
How should the Amazon SQS messages be managed?

Question188: A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?