EMT Practice Test

1. Question Content...


Question List

Question1: A developer wants to migrate a Windows .NET application that is running on IIS with a Microsoft SQL Server database to AWS. The developer does not want to think about provisioning and managing the infrastructure.
What should the developer do to migrate the application with the LEAST amount of effort?

Question2: A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository.
What needs to be configured before cloning this repository?

Question3: A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance. How can the application find this information?

Question4: A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

Question5: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

Question6: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question7: A Developer is building a mobile application and needs any update to user profile data to be pushed to all devices accessing the specific identity. The Developer does not want to manage a back end to maintain the user profile data.
What is the MOST efficient way for the Developer to achieve these requirements using Amazon Cognito?

Question8: An application ingests a large number of small messages and stores them in a database. The application uses AWS Lambd a. A development team is making changes to the application's processing logic. In testing, it is taking more than 15 minutes to process each message. The team is concerned the current backend may time out.
Which changes should be made to the backend system to ensure each message is processed in the MOST scalable way1?

Question9: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB.
What is the MOST likely cause of this situation?

Question10: A developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway AWS Lambd a. The site is showing an error that reads
"No ' Access-Control-Allow Origin' header is present on the requested resource Origin 'null' is therefore not allowed access " What should the developer do to resolve this issue?

Question11: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:
(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question12: A Developer is working on an application that handles 10MB documents that contain highly-sensitive dat
a. The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question13: The Lambda function below is being called through an API using Amazon API Gateway. The average execution time for the Lambda function is about 1 second. The pseudocode for the Lambda function is as shown in the exhibit.

What two actions can be taken to improve the performance of this Lambda function without increasing the cost of the solution? (Select two.)

Question14: A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch.
Which method would be the MOST secure way to authenticate a CloudWatch PUT request?

Question15: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Question16: A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts).
Which combination of services should the Developer use to create the website?

Question17: A Developer must build an application that uses Amazon DynamoDB. The requirements state that items being stored in the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 items per second.
How should the Developer size the DynamoDB table to meet these requirements?

Question18: An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch.
What is the best practice for implementing this requirement?

Question19: A company provides APIs as a service and commits to a service level agreement (SLA) with all its users.
To comply with each SLA, what should the company do?

Question20: A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application.
There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.
Which type of encryption meets these requirements?

Question21: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user.
When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

Question22: A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible.
What deployment method should be used?

Question23: The Developer for a retail company must integrate a fraud detection solution into the order processing solution. The fraud detection solution takes between ten and thirty minutes to verify an order. At peak, the web site can receive one hundred orders per minute.
What is the most scalable method to add the fraud detection solution to the order processing pipeline?

Question24: A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day.
Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?

Question25: A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application.
Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

Question26: A developer has built an application running on AWS Lambda using AWS Serverless Application Model (AWS SAM).
What is the correct sequence of steps to successfully deploy the application?

Question27: A developer implemented a static website hosted in Amazon S3 that makes web service requests in Amazon API Gateway and AWS Lambd a. The site is showing an error that reads.
''No 'Access Control-Allow-Origin'header' header is present on the requested resource. Origin 'null is therefore not allowed access '' What should the Developer do to resolve this issue?

Question28: An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue.
Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update.
What technique provides the shortest delay in updating the dashboard?

Question29: A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

Question30: A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job.
Which is the MOST efficient and cost-effective method to provide an empty table?

Question31: The release process workflow of an application requires a manual approval before the code is deployed into the production environment.
What is the BEST way to achieve this using AWS CodePipeline?

Question32: An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update.
What technique provides the shortest delay in updating the dashboard?

Question33: A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question34: A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible.
What deployment method should be used?

Question35: A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages.
What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?

Question36: A developer is building an application that needs to store date in Amazon S3. Management requires that the data be encrypted before is it sent to Amazon S3 for storage. The encryption keys need to be managed by the security team.
Which approach should the developer take to meet these requirements?

Question37: A company is migrating from a monolithic architecture to a microservices-based architecture. The Developers need to refactor the application so that the many microservices can asynchronously communicate with each other without impacting performance.
Use of which managed AWS services will enable asynchronous message passing? (Choose two.)

Question38: A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete.
What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements?

Question39: A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

Question40: A banking application processes thousands of transactions each second. Each transaction payload must have end-to-end encryption. The application encrypts each transaction locally by using the AWS Key Management Service (AWS KMS) GenerateDataKey operation. A developer is testing the application and receives a Throttling Except ion error.
Which actions are best practices to resolve this error? (Select TWO.)

Question41: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
* Average execution time of 100 seconds
* 50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question42: A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

Question43: Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.
How can DynamoDB costs be minimized while maximizing application performance?

Question44: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Question45: A company wants to make sure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource There should be no changes in the existing policy under the Admin group What should a developer use to meet these requirements?

Question46: A developer is building an application that runs behind an application Load Balancer (ALB). The application is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application using their social media accounts.
How can the developer authenticate and authorize users?

Question47: A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes user_id, user_name, user_score, and user_rank. The users are allowed to update their names only A user is authenticated by web identity federation.
Which set of conditions should be added in the policy attached to the role for the dynamodb Putltem API call?
A)
B)

C)

D)

Question48: A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? Choose 2 answers

Question49: What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

Question50: A company has a large number of documents that are stored securely in Amazon S3 The company is creating an application that occasionally will read these documents The application will be deployed on Amazon EC2 instances.
The company's security requirements mandate that no long-term credentials can be stored on the EC2 instances and that only the needed documents can be accessed Only authorized users and applications can access the documents access must be logged by Amazon S3, and each document must follow S3 Lifecycle policies for archival and destruction What should a developer do to meet these requirements?

Question51: A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username "TeamMemberX", the snippet of the IAM policy looks like this:

Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?

Question52: In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

Question53: A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account.
How can the Developer address this issue?

Question54: A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table named Pll in Account A. An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table1? (Select TWO )

Question55: A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline.
How can these requirements be met?

Question56: A current architecture uses many Lambda functions invoking one another as a large state machine. The coordination of this state machine is legacy custom code that breaks easily.
Which AWS Service can help refactor and manage the state machine?

Question57: An application is using a custom library to make HTTP calls directly to AWS service endpoints. The application is experiencing transient errors that are causing processes to stop when each error is first encountered A request has been made to make the application more resilient by adding error retries and exponential backoff.
How should a developer implement the changes with MINIMAL custom code?

Question58: A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.
Which procedures will deploy a Lambda function? (Select TWO.)

Question59: A developer is writing a new serverless application for a company. Several other developers must collaborate on the code for this application, and the company expects frequent changes to the code. The developer needs to deploy the code from source control to AWS Lambda with the fewest number of manual steps.
Which strategy for the build and deployment should the developer use to meet these requirements?

Question60: A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes.
What would be the BEST way to accomplish this?

Question61: Given the following AWS CloudFormation template:

What is the MOST efficient way to reference the new Amazon S3 bucket from another AWS CloudFormation template?

Question62: A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries.
How can this objective be met?

Question63: A company is using Amazon Cognito user pools for sign-up and login functionality for a web application. The company is using Amazon RDS for the application's data persistence and is using Amazon API Gateway and AWS Lambda for the application's API functionality. Users must provide their first name, last name, email address, and phone number to sign up. All API endpoints have a Cognito user pool authorizer to guard against unauthenticated requests.
A developer wants to show a personalized welcome screen to users after they log in. The welcome screen needs to show the user's first name and the user's previous login date. According to company policy. developers who work on the web application cannot store any personally identifiable information in RDS instances.
Which solution should the developer implement to meet these requirements?

Question64: You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist What could explain this behavior?

Question65: A Lambda function processes data before sending it to a downstream service Each piece of data is approximately 1 MB in size After a security audit, the function t]is now required to encrypt the data before sending it downstream Which API call is required to perform the encryption?

Question66: A developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error messages
Which steps should the developer take to resolve the error? (Select TWO.)

Question67: A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container tor the application to initialize How should the environment variables be passed to the container?

Question68: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:

(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question69: A developer wants to build an application that will allow new users to register and create new user accounts.
The application must also allow users with social media accounts to log in using their social media credentials.
Which AWS service or feature can be used to meet these requirements?

Question70: When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

Question71: A company has a large number of documents that are stored securely in Amazon S3 The company is creating an application that occasionally will read these documents The application will be deployed on Amazon EC2 instances.
The company's security requirements mandate that no long-term credentials can be stored on the EC2 instances and that only the needed documents can be accessed Only authorized users and applications can access the documents, access must be logged by Amazon S3 and each document must follow S3 Lifecycle policies for archival and destruction What should a developer do to meet these requirements?

Question72: A developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB.
Why is the Lambda function not being invoked?

Question73: An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose two.)

Question74: Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

Question75: A developer is building a web and mobile application for two types of users regular users and guest users Regular users are required to log in, but guest users do not log in Users should see only their data regardless of whether they authenticate Users need AWS credentials before they can access AWS resources What is the MOST secure solution that the developer can implement to allow access for guest users?

Question76: A developer uses Amazon S3 buckets for static website hosting. The developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error How should the developer solve this issue?

Question77: A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table:

Which field, when used as the partition key, would result in the MOST consistent performance using DynamoDB?

Question78: A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests.
Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?

Question79: A company wants to migrate an existing web application to AWS. The application consists of two web servers and a MySQL database The company wants the application to automatically scale in response to demand The company also wants to reduce its operational overhead for database backups and maintenance The company needs the ability to deploy multiple versions of the application concurrently What is the MOST operationally efficient solution that meets these requirements'?

Question80: A company has a web application that uses an Amazon Cognito user pool for authentication. The company wants to create a login page with the company logo. What should a developer do to meet these requirements?

Question81: A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.
What is the reason that no filtered results are being returned?

Question82: A company wants to migrate an imaging service to Amazon EC2 while following security best practices. The images are sourced and read from a non-public Amazon S3 bucket.
What should a developer do to meet these requirements?

Question83: An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application?

Question84: A developer is changing the configuration for a CPU-intensive AWS Lambda function that runs once an hour.
The function usually takes 45 seconds to run, but sometimes the run time is up to 1 minute. The timeout parameter is set to 3 minutes, and all other parameters are set to default.
The developer needs to optimize the run time of this function.
Which solution will meet this requirement?

Question85: A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks What can the company do to find out how the changes will impact the resources that are running?

Question86: A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebook and/or Google accounts.
How can the Developer provide this authentication functionality?

Question87: A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto scaling group.
Which approach will meet these requirements?

Question88: A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following:

After the application launches, the health check is not being run on the correct path, event though it is valid.
What can be done to correct this configuration file?

Question89: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit.
How can the Developer ensure that all traffic to the S3 bucket is encrypted?

Question90: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit.
How can the Developer ensure that all traffic to the S3 bucket is encrypted?

Question91: Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers

Question92: A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes user_id, user_name, user_score, and user_rank. The users are allowed to update their names only A user is authenticated by web identity federation.
Which set of conditions should be added in the policy attached to the role for the dynamodb Putltem API call?
A)
B)

C)

D)

Question93: You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:

Question94: Which of the following is chosen as the default region when making an API call with an AWS SDK?

Question95: An application running on Amazon EC2 instances must access objects within an Amaon S3 busket that are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the customer master key (CMK) to decrypt the objects.
Which combination of steps will grant the application access? (Select TWO.)

Question96: A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company I up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?

Question97: A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function.
When calling the API, the developer receives the following error. Wed Nov 03 01:13:00 UTC 2017 : Method completed with status: 502 What should the developer do to resolve the error?

Question98: A developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials.
Which AWS service or feature can be used to meet these requirements?

Question99: A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3 bucket wills server more than 300 GET requests per second. What should be done to optimize performance? (Select TWO.)

Question100: A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A.
An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrators in Account A created an IAM role named AccessPII with privileges to access the PII table, and made account B a trusted entity.
Which combination of actional steps should Developers take to access the table? (Select TWO )

Question101: An application is using single -node Amazon ElastiCache for Redis instance to improve read performance. Over time, demand for the application has increased exponentially, which has increased the load on the ElastiCache instance. It is critical that this cache layer handles the load and is resilient in case of node failures.
What can the Developer do to address the load and resiliency requirements?

Question102: A company has a front-end application that runs on four Amazon EC2 instances behind an Elastic Load Balancer (ELB) in a production environment that is provisioned by AWS Elastic Beanstalk. A developer needs to deploy and test new application code while updating the Elastic Beanstalk platform from the current version to a newer version of Node.js. The solution must result in zero downtime for the application.
Which solution meets these requirements?

Question103: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Question104: An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the Developer code the application?

Question105: Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?

Question106: If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?

Question107: A developer Is designing an AWS Lambda function that create temporary files that are less than 10 MB during execution. The temporary files will be accessed and modified multiple times during execution. The developer has no need to save or retrieve these files in the future.
Where should the temporary file be stored?

Question108: An open-source map application gathers data from several geolocation APIs. The application's source code repository is public and can be used by anyone, but the geolocation APIs must not be directly accessible.
A developer must implement a solution to prevent the credentials that are used to access the APIs from becoming public. The solution also must ensure that the application still functions properly.
Which solution will meet these requirements MOST cost-effectively?

Question109: A development team wants to run their container workloads on Amazon ECS Each application container needs to share data with another container to collect logs and metrics.
What should the development team do to meet these requirements?

Question110: A developer is creating a script to automate the deployment process for a serverless application. The developer wants to use an existing AWS Serverless Application Model (AWS SAM) template for the application What should the developer use for the project? (Select TWO)

Question111: A developer has a legacy application that is hosted on-premises Other applications hosted on AWS depend on the on-premises application for proper functioning In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.
How can the developer accomplish this?

Question112: A developer is monitoring an application that runs on an Amazon EC2 instance. The developer has configured a custom Amazon CloudWatch metric with d#ta granularity of 1 second. If any issues occur, the developer wants to be notified within 30 seconds by Amazon Simple Notification Service (Amazon SNS).
What should the developer do to meet this requirement?

Question113: A business intelligence application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. Application-level audits require a searchable log of all API calls from users to the application. The application's developers must store the logs centrally on AWS.
Which solution will meet these requirements?

Question114: A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.
What step will allow Kinesis to accommodate the traffic during peak hours?

Question115: A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out.
What can be done to avoid this time-out?

Question116: A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications.
How should the Developer identify and troubleshoot the root cause of the performance issues in production?

Question117: Which features can be used to restrict access to data in S3? Choose 2 answers

Question118: A company is migrating a legacy application to a serverless application on AWS. The legacy application consists of a set of web services that are exposed by a Amazon API Gateway API. A developer needs to replace the existing implementation of web services with AWS Lambda functions. The developer needs to test new version of the" API that uses the functions in production. The developer must minimize the impact of the testing on the application's users.
Which solution will meet these requirements?

Question119: A company wants to migrate its web application to AWS and leverage Auto Scaling to handle pear workloads.
The Solutions Architect determined that the best metric for an Auto Scaling event is the number of concurrent users.
Based on this information, what should the Developer use to autoscale based on concurrent users?

Question120: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

Question121: Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

Question122: A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account.
How can the Developer address this issue?

Question123: A Developer will be using the AWS CLI on a local development server to manage AWS services.
What can be done to ensure that the CLI uses the Developer's IAM permissions when making commands?

Question124: A developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.
How can the developer achieve this with MINIMAL impact on users?

Question125: A developer is creating a web application that collects highly regulated and confidential user data through a POST request. The web application is served through Amazon CloudFront. User names and phone numbers must be encrypted at the edge and must remain encrypted throughout the entire application stack.
What is the MOST secure way to meet these requirements?

Question126: A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC Which logs can the developer use to verify whether the traffic is reaching subnet B?

Question127: An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region.
Which AWS CloudFormation template key can be used to specify the correct AMI for each region?

Question128: A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

Question129: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:
(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question130: An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender's messages must be processed in the order they are received.
Which SQS feature should be implemented by the Developer?

Question131: A Developer wants access to make the log data of an application running on an EC2 instance available to systems administrators.
Which of the following enables monitoring of this metric in Amazon CloudWatch?

Question132: A Lambda function is packaged for deployment to multiple environments, including development, test, production, etc. Each environment has unique set of resources such as databases, etc.
How can the Lambda function use the resources for the current environment?

Question133: An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances.
Which deployment policy will meet these requirements while using the existing instances?

Question134: An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the chnages in the rate of data flow, the "hot" shard is resharded.
Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

Question135: A developer has created a new AWS IAM user that has s3 putobject permission to write to a specific Amazon bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SEE-KMS) as the encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.
How can this issue be resolved?

Question136: A company is using AWS Elastic Beanstalk to deploy a three-tier application. The application uses an Amazon RDS DB instance as the database tier. The com wants to decouple the DB instance from the Elastic Beanstalk environment.
Which combination of steps should a developer take to meet this requirement? (Select TWO.)

Question137: A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket Which policy must the developer modify to allow the instances to write these objects?

Question138: An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours.
Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E".
Which table configuration will result in the lowest impact on provisioned throughput for this query?

Question139: A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data.
What step will allow Kinesis to accommodate the traffic during peak hours?

Question140: A company has 25:000 employees and is growing The company is creating an application that will be accessible to its employees only A developer is using Amazon S3 to store images and Amazon RDS to store application data. The company requires that all employee information remain in the legacy Security Assertion Markup Language (SAML) employee directory only and is not interested in mirroring any employee information on AWS.
How can the developer provide authorized access for the employees who will be using this application so each employee can access their own application data only?

Question141: A developer is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.
How should the developer manage the deployment of the new version?

Question142: A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?

Question143: A developer supports an application that accesses data in an Amazon DynamoDB table One of the item attributes is expirationDate In the timestamp format The application uses this attribute to find items archive them and remove them from the table based on the timestamp value The application will be decommissioned soon, and the developer must find another way to implement this functionality The developer needs a solution that will require the least amount of code to write.
Which solution will meet these requirements?

Question144: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket.
After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?

Question145: A developer is creating a role to access Amazon S3 buckets To create the role, the developer uses the AWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service to assume the role?

Question146: n on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, "LimitExceeded" errors are being logged.
What should be changed to fix this error?

Question147: A development team is creating a new application designed to run on AWS. While the test and production environments will run on Amazon EC2 instances, developers will each run their own environment on their laptops.
Which of the following is the simplest and MOST secure way to access AWS services from the local development machines?

Question148: You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an for this?

Question149: A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway.
How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?

Question150: A company requires that AWS Lambda functions written by developers log errors so system administrators can more effectively troubleshoot issues What should the developers implement to meet this need?

Question151: A developer wants to modify the following AWS Cloud Formation template to embed another CloudFormation stack:

Which syntax should the developer add to the blank line of the CloudFormation template to meet this requirement?

Question152: A developer is working on an application that is deployed on an Amazon EC2 instance. The application needs to transfer a file to an Amazon S3 bucket. What should the developer do to authenticate the application's access to the S3 bucket in the MOST secure way?

Question153: An application running on multiple Amazon EC2 instances pulls messages ...SQS queue. A requirement for the application is that all messages must be encrypted at rest.
Developers are instructed to use methods that allow for centralized .. possible support requirements whenever possible.
Which of the following solution supports these requirements?

Question154: What type of block cipher does Amazon S3 offer for server side encryption?

Question155: A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

Question156: What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Question157: After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

Question158: After installing the AWS CLI, a Developer tries to run the command aws configure but receives the following error:
Error: aws: command not found
What is the most likely cause of this error?

Question159: A developer is receiving an intermittent ProvisionedThroughputExceededException error from an application that is based on Amazon DynamoDB. According to the Amazon CloudWatch metrics for the table, the application is not exceeding the provisioned throughput What could be the cause of the issue?

Question160: Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product" DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

Question161: An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 seconds, the application receives multiple ProvisionedThroughputExceeded errors.
How should this exception be handled?

Question162: An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose two.)

Question163: The upload of a 15 GB object to Amazon S3 fails. The error message reads: "Your proposed upload exceeds the maximum allowed object size." What technique will allow the Developer to upload this object?

Question164: A developer is creating a Java application that will store sensitive data in an Amazon DynamoDB table. The data must be encrypted at all times.
How can the developer meet this requirement?

Question165: A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2
a. After 60 minutes of load-testing, the webserver logs show:
Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? Choose 2 answers

Question166: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

Question167: An on-premises legacy application is caching data files locally and writing shared images to local disks.
What is necessary to allow for horizontal scaling when migrating the application to AWS?

Question168: A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

Question169: Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers

Question170: Which of the following statements about SQS is true?

Question171: A developer has written an Amazon kinesis Data streams application. As usage grows and traffic over time, the application is regularly receiving provisionedThroughputExceededException error messages.
Which steps should the Developer take to resolve the error? (Select Two.)

Question172: In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configure container instances in the environment?

Question173: A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs.
What action can be taken to allow API customers to invalidate the API Cache?

Question174: Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

Question175: A developer created a web API that receives requests by using an internet-facing Application Load Balancer (ALB) with an HTTPS listener. The developer configures an Amazon Cognito user pool and wants to ensure that every request to the API is authenticated through Amazon Cognito.
What should the developer do to meet this requirement?

Question176: A developer has an AWS CodePipelme pipeline that invokes AWS CodeBuild in the build stage The developer wants to pass in a variable from CodePipeline so that the variable can be read in the CodeBuild buiidspec yml file How can the developer accomplish this goal?

Question177: A company is using an Amazon API Gateway REST API endpoint as a webhook lo publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment m a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts How can a developer meet these requirements without changing the configuration of the SCM system?

Question178: A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

Question179: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket.
After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?

Question180: An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances.
Which deployment policy will meet these requirements while using the existing instances?

Question181: A developer needs temporary access to resources in a second account
What is the MOST secure way to achieve this?

Question182: A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWS Lambda function. What can a developer do to ensure that only trusted code is deployed to Lambda?

Question183: An application is processing clickslream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below.

Which techniques will help mitigate this exception? (Select TWO.)

Question184: A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function. When calling the API, the developer receives the following error. Wed Nov 03 01:13:00 UTC 2017 : Method completed with status: 502 What should the developer do to resolve the error?

Question185: A company provides APIs as a service and commits to a service level agreement (SLA) with all its users.
To comply with each SLA, what should the company do?

Question186: A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table:

Which field, when used as the partition key, would result in the MOST consistent performance using DynamoDB?

Question187: Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records.
What is the reason for the duplicates?

Question188: A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario''

Question189: A developer needs to deploy a new version to an AWS Elastic Beanstalk application How can the developer accomplish this task?

Question190: A company has an application where reading objects from Amazon S3 is based on the type of user The user types are registered user and guest user The company has 25.000 users and is growing Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Select TWO.)

Question191: \ developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that un behind an Amazon API Gateway HTTP API.
rhe developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities.
Which solution will meet these requirements?

Question192: A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

Question193: A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation
Which of the following will help the developer accomplish this objective?

Question194: According to best practice, how should access keys be managed in AWS? (Choose two.)

Question195: A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

Question196: A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2a. After 60 minutes of load-testing, the webserver logs show:
Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? Choose 2 answers

Question197: A developer wants to implement authentication using Amazon Cognito user pools for an existing API in Amazon API Gateway. After creating the Amazon Cognito user pool, the developer tests the GET request to the API. Unauthenticated requests to the API return a 200 OK status response.
Which combination of additional steps are required to complete the authentication implementation? (Select TWO.)

Question198: A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway.
How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?

Question199: An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below:

An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized.
Which of the following techniques will resolve this issue? (Select Two.)

Question200: A developer is building a new application that uses an Amazon DynamoDB table. The specification states that all items that are older than 48 hours must be removed Which solution will meet this requirement?

Question201: An application takes 40 seconds to process instructions received in an Amazon SQS message.
Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?

Question202: An existing serverless application processes uploaded image files. The process currently uses a single Lambda function that takes an image file, performs the processing, and stores the file in Amazon S3. Users of the application now require thumbnail generation of the images. Users want to avoid any impact to the time it takes to perform the image uploads.
How can thumbnail generation be added to the application, meeting user requirements while minimizing changes to existing code?

Question203: A Developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

Question204: A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old dat a. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the developer accomplish this?

Question205: A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical copies of the infrastructure, stage changes, and revert to previous versions.
Which approach addresses these requirements?

Question206: A company has a REST application comprised of an Amazon API Gateway and several AWS Lambda functions. A developer is responding to an alert that the API Gateway's HTTP response error rate has unexpectedly increased. The developer must determine must which Lambda function is malfunctioning.
Which method would help the developer make this determination while minimizing delays?

Question207: A Developer decides lo store highly secure data in Amazon S3 and wants to implement server-side encryption (SSF) with granular control of who can access the master key Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons.
Which solution should be used to moot these requirements?

Question208: How should custom libraries be utilized in AWS Lambda?

Question209: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question210: A Developer is working on an application that handles 10MB documents that contain highly-sensitive data.
The application will use AWS KMS to perform client-side encryption.
What steps must be followed?

Question211: A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?

Question212: A developer is using Amazon DynamoDB to store application data . The developer wants to further improve application performance by reducing response limes for read and write operations.
Which DynamoDB feature should be used to meet these requirement?

Question213: After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

Question214: A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to
12 hours.
How can the Developer implement encryption at rest for data within the Kinesis Streams?

Question215: A development team is using AWS Elastic Beanstalk to deploy a two-tier application that consists of a load-balanced web tier and an Amazon RDS database tier in production. The team would like to separate the RDS instance from the Elastic Beanstalk.
How can this be accomplished?

Question216: A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket. These images are not displayed when users browse the site.
What is the possible cause for the issue?

Question217: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:
(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question218: A developer has designed a customer, facing application that is running on an Amazon EC2 instance. The application logs every request made to it. The application usually runs seamlessly, but a spike in traffic generates several logs that cause the disk to fill up and eventually run out of memory Company policy requires old to be centralized for analysis.
Which long-term solution should the developer employ to prevent the issue from reoccurring?

Question219: A company runs its APIs using Amazon API Gateway in front of AWS Lambda functions The company wants to add logging at the API level Each API must have production and development environments The developer wants to enable different logging levels in both environments.
How can these requirements be met?

Question220: An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is coded in a language incompatible with the AWS SDK.
How should the error be handled?

Question221: A Developer has been asked to make changes to the source code of an AWS Lambda function. The function is managed using an AWS CloudFormation template. The template is configured to load the source code from an Amazon S3 bucket. The Developer manually created a .ZIP file deployment package containing the changes and put the file into the correct location on Amazon S3. When the function is invoked, the code changes have not been applied.
What step is required to update the function with the changes?

Question222: An application is expected to process many files. Each file takes four minutes to process each AWS Lambda invocation. The Lambda function does not return any important data.
What is the fastest way to process all the files?

Question223: An application contains two components one component to handle HI IP requests, and another component to handle background processing tasks Bach component must scale independently The developer wants to deploy this application using AWS Elastic Beanstalk.
How should this application be deployed, based on these requirements?

Question224: A Developer wants to debug an application by searching and filtering log dat
a. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.
What is the reason that no filtered results are being returned?

Question225: An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below:

An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized.
Which of the following techniques will resolve this issue? (Select Two.)

Question226: A developer is working on an AWS Lambda function that accesses Amazon DynamoDB The Lambda function must retrieve an item and update some of its attributes. or create the item if it does not exist The Lambda function has access to the primary key.
Which IAM permissions should the developer request for the Lambda function to achieve this functionality'?

Question227: When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput?

Question228: In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

Question229: You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist What could explain this behavior?

Question230: A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A. An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrators in Account A created an IAM role named AccessPII with privileges to access the PII table, and made account B a trusted entity.
Which combination of actional steps should Developers take to access the table? (Select TWO )

Question231: A developer uses Amazon S3 buckets for static website hosting. The developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error How should the developer solve this issue?

Question232: A company runs continuous integration/continuous delivery (CI/CD) pipeline for its application on AWS CodePipeline. A developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipeline?

Question233: A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

Question234: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

Question235: A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch. the developer found that on average one message per minute is posted on this queue.
What can be done to reduce Amazon SQS costs for this application?

Question236: Company
C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled.
Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers

Question237: A developer uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to store data in Amazon S3. The developer needs to decrypt and download the encrypted objects by using the GetObject API call.
What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

Question238: An application is processing clickslream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below.

Which techniques will help mitigate this exception? (Select TWO.)

Question239: A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB.
The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

Question240: A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation Which of the following will help the developer accomplish this objective?

Question241: A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB.
The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

Question242: The development team is working on an API that will be served from Amazon API gateway. The API will be served from three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all three stages.
Which is the MOST cost-efficient deployment strategy?

Question243: A company needs a version control system for collaborative software development. Features of the system must include the following:
Support for batches of changes across multiple files
Parallel branching
Which AWS service will meet these requirements?

Question244: A developer is refactoring a monolithic application. The application takes a POST request and performs several operations. Some of the operations are in parallel while others run sequentially. These operations have been refactored into individual AWS Lambda functions. The POST request will be processed by Amazon API Gateway.
How should the developer invoke the Lambda functions in the same sequence using API Gateway*?

Question245: A development team is using AWS Elastic Beanstalk to deploy a two-tier application that consists of a load-balanced web tier and an Amazon RDS database tier in production. The team would like to separate the RDS instance from the Elastic Beanstalk.
How can this be accomplished?

Question246: A company is adding stored value for gift card) capability to its highly popular casual gaming website. Users need to be able to trade this value for other users' items on the platform. This would require both users' records be updated as a single transaction, or both users' records to be completely rolled back.
Which AWS database options can provide the transactional capability required for this new feature? (Select TWO )

Question247: A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table named Pll in Account A.
An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table1? (Select TWO )

Question248: A developer is using Amazon S3 as the event source that invokes a Lambda function when new objects are created in the bucket The event source mapping Information Is stored in the bucket notification configuration The developer is working with different versions of the Lambda function, and has a constant need to update notification configuration so that Amazon S3 invokes the correct version What is the MOST efficient and effective way to achieve mapping Between the S3 event and Lambda?

Question249: A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

Question250: When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?

Question251: A developer is creating a photo website. Amazon Route 53 hosts the website's domain. The developer wants to store the application code and images in an Amazon S3 bucket. The developer also wants to jse Amazon CloudFront to deliver the images to users.
the developer has created the S3 bucket and a CloudFront distribution. The developer wants the images to be accessed only through the website's domain. Users must not use the S3 URLs.
Which solution will meet these requirements?

Question252: A developer has created an AWS Lambda function that is written in Python The Lambda function reads data from objects in Amazon S3 and writes data to an Amazon DynamoDB table The function is successfully invoked from an S3 event notification when an object is created However, the function fails when if attempts to write to the DynamoDB table What is the MOST likely cause of this issue?

Question253: A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template.
Which procedures will deploy a Lambda function? (Select TWO.)

Question254: A company needs a version control system for collaborative software development. Features of the system must include the following:
* Support for batches of changes across multiple files
* Parallel branching
* Version tracking
Which AWS service will meet these requirements?

Question255: In a move toward using microservices, a company's Management team has asked all Development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.
What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

Question256: A developer is migrating to Amazon Cognito from a custom user management solution that stores user information in a database. The developer has created a...... Amazon Cognito user pool. The developer needs to migrate the existing user information to the user pool without forcing users to change their passwords.
Which solution will meet these requirements?

Question257: A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration''

Question258: A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the .ebextensions/directory of their application source bundle. The file contains the following:

After the application launches, the health check is not being run on the correct path, event though it is valid.
What can be done to correct this configuration file?

Question259: What does an Amazon SQS delay queue accomplish?

Question260: A company is using continuous integration/continuous deliver (CI/CD) system. A developer must automate the deployment of an application software package to Amazon EC2 instances and virtual servers that run on premises.
Which AWS services should the developer use to meet these requirements?

Question261: A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?

Question262: A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete.
What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements?

Question263: A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

Question264: A developer is writing a new web application that will be deployed and managed with AWS Elastic Beanstalk. The application will include an Amazon RDS DB instance. What steps should the developer take to access the RDS DB instance from the code? (Select TWO.)

Question265: An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application.
Which HTTP header should the developer use for this analysis?

Question266: A developer has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error messages Which steps should the developer take to resolve the error? (Select TWO.)

Question267: An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity.
However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?

Question268: A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the developer accomplish this?

Question269: What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Question270: A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing What could be causing this issue?

Question271: An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 seconds, the application receives multiple ProvisionedThroughputExceeded errors.
How should this exception be handled?

Question272: A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API The developer will have three distinct environments to manage development, test, and production. How should the application be deployed while minimizing the number of resources to manage?

Question273: A developer has created a Node js web application on a local development machine. The developer wants to use AWS technology to host the website. The developer needs a solution that requires the least possible operational overhead and no code changes.
Which AWS service should the developer use to meet these requirements?

Question274: What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

Question275: What does an Amazon SQS delay queue accomplish?

Question276: What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Question277: A developer is building a WebSocket API using Amazon API Gateway. The payload sent to this API is JSON that includes an action key This key can have three different values create, update, and remove The developer must integrate with different routes based on the value of the action key of the incoming JSON payload How can the developer accomplish this task with the LEAST amount of configuration?

Question278: A developer is migrating code to an AWS Lambda function that will access an Amazon Aurora MySQL database.
What is the MOST secure way to authenticate the function to the database?

Question279: A company maintains an application responsible for processing several thousand external callbacks each day.
The company's System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days. The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds.
What is the MOST cost-effective way to address the need to track and alert on these statistics?

Question280: A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table:

Which field, when used as the partition key, would result in the MOST consistent performance using
DynamoDB?

Question281: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit.
How can the Developer ensure that all traffic to the S3 bucket is encrypted?

Question282: A developer is deploying an application in the AWS Cloud by using AWS Cloud Formation The application will connect to an existing Amazon RDS database The hostname of the RDS database is stored in AWS Systems Manager Parameter Store as a plaintext value The developer needs to incorporate the database hostname into the Cloud Formation template to initialize the application when the stack is created How should the developer reference the parameter that contains the database hostname?

Question283: A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation.
Which configuration would allow the Development team to meet these requirements MOST securely?

Question284: A development team wants to immediately build and deploy an application whenever there is a change to the source code. Which approaches could be used to trigger the deployment? (Select TWO.)

Question285: A developer has written a serverless application and wants to deploy it to AWS Lambda to leverage the function's multi-threaded execution to improve performance. Which action should the developer take to achieve these requirements?

Question286: A developer creates an Amazon S3 bucket to store project status files that are uploaded hourly The developer also creates an AWS Lambda function'that will be used to process the project status files What should the developer do to invoke the function with the LEAST amount of AWS infrastructure?

Question287: A Developer has created an S3 bucket s3://mycoolapp and has enabled server across logging that points to the folder s3://mycoolapp/logs. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB.
What is the MOST likely cause of this situation?

Question288: An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata.
What AWS service should be used to accomplish this?

Question289: A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS.
Which techniques will work? (Choose two.)

Question290: A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes.
What is the SAFEST way to meet these requirements?

Question291: A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?

Question292: A company s website runs on an Amazon EC2 instance and uses Auto Scale the environment during peak times Website users across the world are experiencing high to sea latency due to static content on the EC2 instance, even during non-peak hours.
Which combination of steps will resolve the latency issue? (Select TWO )

Question293: Which of the following statements about SQS is true?

Question294: What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

Question295: You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist
What could explain this behavior?

Question296: A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow, and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk.
Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?

Question297: A developer has a legacy application that is hosted on-premises Other applications hosted on AWS depend on the on-premises application for proper functioning In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.
How can the developer accomplish this?

Question298: Which of the following platforms are supported by Elastic Beanstalk? Choose 2 answers

Question299: If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?

Question300: An application uses Amazon DynamoDB as its backend database The application experiences sudden spikes in traffic over the weekend and variable but predictable spikes during weekdays The capacity needs to be set to avoid throttling errors at all times How can this be accomplished cost-effectively?

Question301: A developer is writing a web application that allows users to sign in. The application will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances will run in an Auto Scaling group across multiple Availability Zones.
How can the developer ensure that users stay signed in when the Auto Scaling group is scaled down?

Question302: A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.
The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error.
The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure.
Which solution will meet these requirements?

Question303: A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository.
What needs to be configured before cloning this repository?

Question304: A developer is building a three-tier application with an Application Load Balancer (ALB). Amazon EC2 instances, and Amazon RDS. There is an alias record in Amazon Route 53 that points to the ALB. When Ihe developer tries to access the ALB from a laptop, the request times out.
Which logs should the developer investigate to verify that the request is reaching the AWS network?

Question305: An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit.
How can the Developer ensure that all traffic to the S3 bucket is encrypted?

Question306: Where can PortMapping be defined when launching containers in Amazon ECS?

Question307: A development team set up a pipeline to launch a test environment. The developers want to automate tests for their application. The team created an AWS CodePipeline stage to deploy the application to a test environment in batches using AWS Elastic Beanstalk. A later CodePipeline stage contains a single action that uses AWS CodeBuild to run numerous automated Selenium-based tests on the deployed application. The team must speed up the pipeline without removing any of the individual tests.
Which set of actions will MOST effectively speed up application deployment and testing?

Question308: A developer is creating an application to process a large number of requests Requests must be processed in order, and each request should be processed only once How should Amazon SQS be deployed to achieve this7

Question309: A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

Question310: A developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following:
* Average item size: 10 KB
* Item reads each second: 10 strongly consistent
* Item writes each second: 2 transactional
Which read and write capacity cost-effectively meets these requirements?

Question311: A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in a complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers.
Which AWS service should be used to refactor this architecture?

Question312: A development team wants to immediately build and deploy an application whenever there is a change to the source code. Which approaches could be used to trigger the deployment? (Select TWO.)

Question313: A company is using continuous integral ion/continuous delivery (CI/CD) systems. A that run on premises.
Which AWS service should the developer use to meet these requirements?

Question314: You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?

Question315: A developer receives the following error message when trying to launch or terminate an Amazon EC2 instance using a boto3 script.

What should the developer do to correct this error message?

Question316: A developer is writing a web application that must share secure documents with end users The documents are stored in a private Amazon S3 bucket The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes How can the developer meet these requirements?

Question317: A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities.
Which approach would provide the BEST user experience?

Question318: An application takes 40 seconds to process instructions received in an Amazon SQS message.
Assuming the SQS queue is configured with the default VisibilityTimeout value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?

Question319: EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

Question320: A developer has launched an application that calls an API by way of Amazon API Gateway. It offers information that changes several times a day, but is not updated in real time. The application has become so popular that the API endpoint is overloaded and that traffic to the endpoint must be reduced.
What can the developer do to address the performance issues?

Question321: Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad Balancer"?

Question322: A company is creating a continuous integration and continuous delivery (CI/CD) process by using AWS CodePipeline for its application on AWS The CI/CD process will pull code from an AWS CodeCommit repository, create the application infrastructure by using AWS Cloud Formation, deploy the frontend code to an Amazon S3 bucket that is configured for static website hosting, and deploy the application backend on an Amazon Elastic Container Service (Amazon ECS) cluster.
A developer needs to create a new CodePipeline stage that creates the application infrastructure.
Which solution will meet these requirements with the LEAST operational overhead?

Question323: A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old dat a. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the developer accomplish this?

Question324: An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?

Question325: You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?

Question326: You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:

Question327: An application needs to use the IP address of the client in its processing. The application has been moved into AWS and has been placed behind an Application Load Balancer (ALB). However, all the client IP addresses now appear to be the same. The application must maintain the ability to scale horizontally.
Based on this scenario, what is the MOST cost-effective solution to this problem?

Question328: A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job.
Which is the MOST efficient and cost-effective method to provide an empty table?

Question329: A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer The developers all have assigned 1AM user accounts in the same 1AM group The developers currently can launch EC2 instances and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB
Which AWS I AM changes are needed when creating an instance role to provide this functionality^

Question330: A Developer needs temporary access to resources in a second account.
What is the MOST secure way to achieve this?

Question331: A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
How much write throughput is required for the target table?

Question332: A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing dat
a. The application will process sensitive information and all the data must be encrypted.
What should a developer do to ensure the data is encrypted on disk without impacting performance?

Question333: An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the chnages in the rate of data flow, the "hot" shard is resharded.
Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

Question334: A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?

Question335: A developer needs to secure the static assets in a company's Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company has an Amazon CtoudFront distribution that serves the S3 bucket's assets to the public. The developer has already created the origin access identity (OAI) and has associated the OAI with the distribution. The developer must write a bucket policy that allows only the CloudFront distribution to access the S3 bucket Which policy will meet this requirement MOST securely?
A)

B)

C)

D)

Question336: A development team decides to adopt a continuous integration/continuous delivery (CI/CD) process using AWS CodePipehne and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production How can the development team add a manual approver to the CI/CD pipeline?

Question337: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question338: A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (user_id) and a sort key (sport_name). The table design is shown below:

(Note: Not all table attributes are shown)
A Developer is asked to write a leaderboard application to display the top performers (user_id) based on the score for each sport_name.
What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?

Question339: An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional ThrottlingException errors. The application is coded in a language incompatible with the AWS SDK.
How should the error be handled?

Question340: A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebook® and/or Google® accounts.
How can the Developer provide this authentication functionality?

Question341: A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
Average execution time of 100 seconds
50 requests per second
Which step must be taken prior to deployment to prevent errors?

Question342: A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage
How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration''

Question343: A developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication It must also allow access to AWS services, such as Amazon DynamoDB.
Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

Question344: An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below:

An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized.
Which of the following techniques will resolve this issue? (Select Two.)

Question345: A Developer is writing transactions into a DynamoDB table called "SystemUpdates" that has 5 write capacity units.
Which option has the highest read throughput?

Question346: What is required to trace Lambda-based applications with AWS X-Ray?

Question347: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

Question348: A developer is building a static, client-side rendered website that is powered by ReactJS The code has no server-side generated components and does not need to run any programming languages on the server However the code serves static HTML, CSS, and JavaScript to the client on each request The developer's solution to host the website must maximize performance and cost-effectiveness Which combination of AWS services or resources should the developer use to meet these requirements?

Question349: A developer is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm However the developer is unable to create an alarm as the custom metrics do not appear m the CloudWatch console What is causing this issue?

Question350: A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

Question351: Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Question352: An Amazon S3 bucket, "myawsbucket" is configured with website hosting in Tokyo region, what is the region-specific website endpoint?

Question353: A developer implemented a static website hosted in amazon s3 that makes web service requests in amazon api gateway and aws lambd a. The site is showing an error that reads.
''No 'access control-allow-origin'header' header is present on the requested resource. Origin 'null is therefore not allowed access '' What should the developer do to resolve this issue?

Question354: A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts).
Which combination of services should the Developer use to create the website?

Question355: A company is providing read access to objects in an Amazon S3 bucket for different customers The company uses 1AM permissions to restnct access to the S3 bucket The customers can access only their own files Due to a regulation requirement the company needs to enforce encryption in transit for interactions with Amazon S3 Which solution will meet these requirements?

Question356: A team of developers is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process.
Which solution will meet this requirement with the LEAST operational effort?

Question357: A developer has an AWS CodePipelme pipeline that invokes AWS CodeBuild in the build stage The developer wants to pass in a variable from CodePipelme so that the variable can be read in the CodeBuild buildspec yml file How can the developer accomplish this goal?

Question358: A Developer is writing an application that runs on Amazon EC2 instances in an Auto scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old dat
a. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the developer accomplish this?

Question359: A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline.
How can these requirements be met?

Question360: An AWS Lambda function must access an external site by using a regularly rotated user name and password.
These items must be kept securely and cannot be stored in the function code.
What combination of AWS services can be used to accomplish this? (Choose two.)

Question361: Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?

Question362: A developer has an application that is composed of many different AWS Lambda functions. The Lambda functions all use some of the same dependencies. To avoid security issues, the developer is constantly updating the dependencies of all of the Lambda functions. The result is duplicated effort for each function.
Now can the developer keep the dependencies of the Lambda functions up to date with the LEAST additional complexity?

Question363: EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

Question364: A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?

Question365: A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an Amazon DynamoDB table.
How can the Developer create the solution?

Question366: A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table.
Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

Question367: A company has an internal website that gives users the ability to access contract data that is stored in an Amazon RDS DB instance The number of contracts has increased, and several users have reported slow retrieval of the contract data.
The company wants to set up a cache to improve the latency A developer must create a solution that ensures data resiliency. The data must be encrypted and must be partitioned by department Which solution will meet these requirements?

Question368: To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to Resources, what section MUST be included in the document root?

Question369: Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product" DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

Question370: A company is developing an application that will be accessed through the Amazon API Gateway REST API Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.
How can a developer meet these requirements'?

Question371: The release process workflow of an application requires a manual approval before the code is deployed into the production environment.
What is the BEST way to achieve this using AWS CodePipeline?

Question372: A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

Question373: A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to
12 hours.
How can the Developer implement encryption at rest for data within the Kinesis Streams?

Question374: A company is running its website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. A developer needs to secure the internet-facing connection with HTTPS. The developer uses AWS Certificate Manager (ACM) to issue an X.509 certificate.
What should the developer do to secure the connection?

Question375: A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB.
The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?

Question376: An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.
How can these requirements be met? (Choose two.)

Question377: Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

Question378: A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation.
Which configuration would allow the Development team to meet these requirements MOST securely?

Question379: A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket.
After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account.
What is the MOST likely cause of this situation?

Question380: A company has a three-tier application that is deployed in Amazon Elastic Container Service (Amazon ECS). The application is using an Amazon RDS for MySQL DB Instance The application performs more database reads than writes.
During times of peak usage. the application's performance degrades. When this performance degradation occurs, the DB instance's ReadLatency metric in Amazon CloudWatch increases suddenly How should a developer modify the application to improve performance?

Question381: An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size.
To what value should the table's provisioned read throughput be set?

Question382: A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?

Question383: A Developer is building a mobile application and needs any update to user profile data to be pushed to all devices accessing the specific identity. The Developer does not want to manage a back end to maintain the user profile data.
What is the MOST efficient way for the Developer to achieve these requirements using Amazon Cognito?