A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size to generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud-based applications has hundreds of AWS Lambda functions that pull data from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambda deployment bundle.
After 3 months of development, the Root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing, and production environments. Each environment is managed in a separate AWS account.
Which combination of steps should the developer take to meet these requirements MOST cost-effectively? (Choose two.)

A. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret.

B. Store the Root CA Cert as a SecureString parameter in AWS Systems Manager Parameter Store. Create a resource-based policy. Add IAM users to allow access to the policy.

C. Store the Root CA Cert in an Amazon S3 bucket. Create a resource-based policy to allow access to the bucket.

D. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store inside the Lambda function handler.

E. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store outside the Lambda function handler.

A developer is writing an application to encrypt files outside of AWS before uploading the files to an Amazon S3 bucket. The encryption must be symmetric and must be performed inside the application.
How can the developer implement the encryption in the application to meet these requirements?

A. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.

B. Create a Hash-Based Message Authentication Code (HMAC) key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.

C. Create a data key pair in AWS Key Management Service (AWS KMS). Use the AWS CL to encrypt the files.

D. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.

An AWS Lambda function that Is running in a test environment is not working property. However, there is no error associated with the Lambda function in the Amazon CloudWatch logs for the account. The Lambda function's permissions do not include a resource-based policy. The Lambda function's execution role has properly configured trust relationships and has no permissions policies attached.
Which action should a developer take to allow logs for the Lambda function to appear in CloudWatch?

A. Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.

B. Set the AWSLambdaBasicExecutionRole managed policy as the Lambda function’s resource-based policy.

C. Attach the CloudWatchLambdaInsightsExecutionRolePolicy managed policy to the Lambda function’s execution role.

D. Set the CloudWatchLambdaInsightsExecutionRolePolicy managed policy as the Lambda function’s resource-based policy.

A company has an application that provides blog hosting services to its customers. The application includes an Amazon DynamoDB table with a primary key. The primary key consists of the customers’ UserName as a partition key and the NumberOfBlogs as a sort key. The application stores the TotalReactionsOnBlogs as an attribute on the same DynamoDB table.
A developer needs to implement an operation to retrieve the top 10 customers based on the greatest number of reactions on their blogs. This operation must not consume the DynamoDB table’s existing read capacity.
What should the developer do to meet these requirements in the MOST operationally efficient manner?

A. For the existing DynamoDB table, create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key.

B. For the existing DynamoDB table, create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key.

C. Back up and restore the DynamoDB table to a new DynamoDB table. Create a new global secondary index (GSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. Delete the old DynamoDB table.

D. Back up and restore the DynamoDB table to a new DynamoDB table. Create a new local secondary index (LSI) that has the UserName as a partition key and the TotalReactionsOnBlogs as a sort key. Delete the old DynamoDB table.

A company is using AWS CodePipeline pipelines to deploy development Amazon EC2 instances for multiple teams. All the pipelines are using the same AWS CloudFormation template to deploy the EC2 instances and create dedicated CloudFormation stacks for each team. Each pipeline passes a parameter that is named TeamName to the CloudFormation stack to tag resources with the appropriate team’s name.
The company discovers that each team's usage of EC2 instances is not consistent with the type of EC2 instances that the teams are deploying. The company needs to allow the teams to deploy different types of EC2 instances.
Which solution will meet this requirement with the LEAST change to the pipelines?

A. For each team, use a dedicated CloudFormation template that includes different types of EC2 instances. Update CodePipeline to use the dedicated template for each team.

B. For each team, use a dedicated CloudFormation template that includes an InstanceType parameter and a value that is specific to the team’s requirement. Update CodePipeline to use the dedicated template for each team

C. Update the CloudFormation template by creating an InstanceType parameter. Update CodePipeline to pass the InstanceType parameter value that is specific to the team’s requirement.

D. Update the CloudFormation template by adding a map for the instance types to the Mappings section. Create a list of all the teams. Configure the required instance type for each team in the map.

A developer needs to secure the static assets in a company’s Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company has an Amazon CloudFront distribution that serves the S3 bucket’s assets to the public. The developer has already created the origin access identity (OAI) and has associated the OAI with the distribution. The developer must write a bucket policy that allows only the CloudFront distribution to access the S3 bucket.
Which policy will meet this requirement MOST securely?

A.

B.

C.

D.

A calendar application gives users the ability to schedule and share events. The application stores its data in several Amazon DynamoDB tables. The Events table stores all events for the application. The Events table has a primary key in which the partition key is the date of the event and the sort key is the user’s unique ID number.
A developer is working on a dashboard that will show each user all the details for all their events scheduled on a single day. The developer needs to get the data from the Events table.
What should the developer do to get the relevant data MOST efficiently?

A. Perform a scan on the Events table by using the partition key and the sort key as filter expressions.

B. Perform a query on the Events table by using the partition key and the sort key as filter expressions.

C. Perform a scan on the Events table by using the partition key and the sort key in a key condition expression.

D. Perform a query on the Events table by using the partition key and the sort key in a key condition expression.

A developer manages an application that interacts with Amazon RDS. After observing slow performance with read queries, the developer implements Amazon
ElastiCache to update the cache immediately following the primary database update.
What will be the result of this approach to caching?

A. Caching will increase the load on the database instance because the cache is updated for every database update.

B. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data.

C. The cache will become large and expensive because the infrequently requested data is also written to the cache.

D. Overhead will be added to the initial response time because the cache is updated only after a cache miss.

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:’ permission for the S3 bucket.

B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.

C. Update the developer’s user permissions to include the S3:ListBucket permission for the S3 bucket.

D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

A developer creates a customer managed key for multiple AWS users to encrypt data in Amazon S3. The developer configures Amazon Simple Notification
Service (Amazon SNS) to publish a message if key deletion is scheduled. The developer needs to preserve any SNS messages that cannot be delivered so that those messages can be reprocessed.
Which AWS service or feature should the developer use to meet this requirement?

A. Amazon Simple Email Service (Amazon SES)

B. AWS Lambda

C. Amazon Simple Queue Service (Amazon SQS)

D. Amazon CloudWatch alarm

A developer has created a REST API using Amazon API Gateway. The developer wants to log who and how each caller accesses the API. The developer also wants to control how long the logs are kept.
What should the developer do to meet these requirements?

A. Enable API Gateway execution logging. Delete old logs using API Gateway retention settings.

B. Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs.

C. Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring AWS Lambda function.

D. Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function.

A 3D printing company has developed a proof-of-concept application that is running on AWS Elastic Beanstalk. The application displays a list of products that are available for 3D printing, in addition to any available customizations. When the company deploys new versions of the application, the company wants to ensure that there is no application downtime. Additionally, the application must remain at the same level of server capacity throughout the deployment.
Which deployment strategies will meet these requirements? (Choose two.)

A. All-at-once

B. Rolling

C. Rolling with additional batch

D. Immutable

E. All-at-once with additional batch

A company is using AWS Elastic Beanstalk to manage web applications that are running on Amazon EC2 instances. A developer needs to make configuration changes. The developer must deploy the changes to new instances only.
Which types of deployment can the developer use to meet this requirement? (Choose two.)

A. All at once

B. Immutable

C. Rolling

D. Blue/green

E. Rolling with additional batch

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway. Amazon DynamoDB, and AWS Lambda.
Which AWS service or tool should the developer use to define serverless resources in YAML?

A. CloudFormation serverless intrinsic functions

B. AWS Elastic Beanstalk

C. AWS Serverless Application Model (AWS SAM)

D. AWS Cloud Development Kit (AWS CDK)

A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function. When calling the API. the developer receives the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502
What should the developer do to resolve the error?

A. Change the HTTP endpoint of the API to an HTTPS endpoint.

B. Change the format of the payload sent to the API Gateway.

C. Change the format of the Lambda function response to the API call.

D. Change the authorization header in the API call to access the Lambda function.

A team of developers is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process.
Which solution will meet this requirement with the LEAST operational effort?

A. Write a Git pre-commit hook that runs the tests before every commit. Ensure that each developer who is working on the project has the pre-commit hook installed locally. Review the test report and resolve any issues before pushing changes to AWS CodeCommit.

B. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage after the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues.

C. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage before the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues.

D. Add a new stage to the pipeline. Use Jenkins as the provider. Configure CodePipeline to use Jenkins to run the unit tests. Write a Jenkinsfile that fails the stage if any test does not pass. Use the test report plugin for Jenkins to integrate the report with the Jenkins dashboard. View the test results in Jenkins. Resolve any issues.

A company has a virtual reality (VR) game. The game has a serverless backend that consists of Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. Recently, the company noticed a sudden increase of new users globally. The company also noticed delays in the retrieval of user data.
Which AWS service or feature can the company use to reduce the database response time to microseconds?

A. Amazon ElastiCache

B. DynamoDB Accelerator (DAX)

C. DynamoDB auto scaling

D. Amazon CloudFront

A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing.
What could be causing this issue?

A. The cache is not being invalidated when the price of the item is changed

B. The price of the item is being retrieved using a write-through ElastiCache cluster

C. The DynamoDB table was provisioned with insufficient read capacity

D. The DynamoDB table was provisioned with insufficient write capacity

A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?

A. Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.

B. Configure the ALB to use Amazon Cognito as one of the authentication providers.

C. Configure CloudFront to use Amazon Cognito as one of the authentication providers.

D. Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.

An application development team decides to use AWS X-Ray to monitor application code to analyze performance and perform root cause analysis.
What does the team need to do to begin using X-Ray? (Choose two.)

A. Log instrumentation output into an Amazon SQS queue.

B. Use a visualization tool to view application traces.

C. Instrument application code using the AWS SDK.

D. Install the X-Ray agent on the application servers.

E. Create an Amazon DynamoDB table to store the trace logs.

A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.
Which solution will meet these requirements?

A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

C. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

D. Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

A developer has created a Java application that runs on AWS Elastic Beanstalk with the default Elastic Beanstalk instance profile. The developer needs to visualize a map of the application’s interactions with AWS services to help identify and debug issues with the application.
Which combination of steps should the developer take to meet this requirement with the LEAST operational effort? (Choose two.)

A. Instrument the code by using the AWS X-Ray software development kit (SDK) for Java.

B. Create an Elastic Beanstalk configuration file to download and install the AWS X-Ray daemon on the underlying Amazon EC2 instances.

C. Enable the AWS X-Ray daemon in the Elastic Beanstalk console.

D. Enable Elastic Beanstalk enhanced health reporting.

E. Configure AWS CloudTrail to visualize the services map.

A company is creating a continuous integration and continuous delivery (CI/CD) process by using AWS CodePipeline for its application on AWS. The CI/CD process will pull code from an AWS CodeCommit repository, create the application infrastructure by using AWS CloudFormation, deploy the frontend code to an Amazon S3 bucket that is configured for static website hosting, and deploy the application backend on an Amazon Elastic Container Service (Amazon ECS) cluster.
A developer needs to create a new CodePipeline stage that creates the application infrastructure.
Which solution will meet these requirements with the LEAST operational overhead?

A. Create a new action with AWS Lambda as the action provider. Create a Lambda function that makes an AWS SDK API call to create the CloudFormation stack.

B. Create a new action with CloudFormation as the action provider. Set the action mode to CREATE_UPDATE. Target the CloudFormation stack to be launched.

C. Create a new action with Jenkins as the action provider. Create and configure a Jenkins job to make an API call by using the AWS CLI to create the CloudFormation sack.

D. Create a new action with AWS CodeBuild as the action provider. Configure the buildspec to make an API call by using the AWS CLI to create the CloudFormation stack.

A software company must ensure that documents that are uploaded by users are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company wants to avoid client-side encryption and does not want to manage the security infrastructure. In addition, the company wants control over the keys that are used for encryption at rest.
Which solution for encryption keys should a developer use to meet these requirements?

A. Amazon S3 managed keys

B. Application-level encryption with customer-provided encryption keys that are stored in an on-premises hardware security module (HSM)

C. AWS Key Management Service (AWS KMS) customer managed keys

D. IAM access keys

A company is running its website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. A developer needs to secure the internet-facing connection with HTTPS. The developer uses AWS Certificate Manager (ACM) to issue an X.509 certificate.
What should the developer do to secure the connection?

A. Configure the ALB to use the X.509 certificate by using the AWS Management Console.

B. Configure each EC2 instance to use the same X.509 certificate by using the AWS Management Console.

C. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure each EC2 instance to use the same X.509 certificate from the S3 bucket.

D. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure the ALB to use the X.509 certificate from the S3 bucket.

A social media application stores millions of video clips in Amazon S3 and serves them to users across the world. The traffic to the application varies, but access often increases suddenly to more than 10,000 PUT requests and GET requests each second. As the application has grown in popularity, users report poor quality of video streaming.
Which solution will provide the LARGEST improvement in performance?

A. Create an Amazon Route 53 geolocation routing policy.

B. Duplicate content in multiple AWS Regions by using S3 Cross Region-Replication.

C. Use S3 Intelligent-Tiering to move data based on access patterns.

D. Create an Amazon CloudFront distribution with Amazon S3 as an origin.

A developer is testing an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM) local CLI. The application that is implemented by the
Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop.
What should the developer do to meet these requirements?

A. Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.

B. Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the -profile option.

C. Edit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.

D. Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the –parameter-overrides option.

A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries.
How can this objective be met?

A. Add database retries to effectively use RDS with vertical scaling.

B. Use RDS with multi-AZ deployment.

C. Add a connection string to use an RDS read replica for read queries.

D. Add a connection string to use a read replica on an EC2 instance.

A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.
Which solution will meet these requirements?

A. Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

B. Create an Amazon ElastiCache for Memcached instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

C. Create an Amazon RDS for MySQL read replica. Connect to the read replica by using SSL. Configure the read replica to store frequently accessed data.

D. Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table. Store frequently accessed data in the DynamoDB table.

A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket.
Which policy must the developer modify to allow the instances to write these objects?

A. The IAM policy that is attached to the EC2 instance profile role.

B. The session policy that is applied to the EC2 instance role session.

C. The AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instance profile role.

D. The Amazon VPC endpoint policy.

A developer is creating an Amazon DynamoDB table. The entire table must be encrypted at rest.
Which solution will meet this requirement MOST cost-effectively?

A. Create the DynamoDB table by using default encryption settings.

B. Encrypt the data by using the DynamoDB Encryption Client.

C. During creation of the DynamoDB table, configure encryption at rest with an AWS Key Management Service (AWS KMS) AWS managed key.

D. During creation of the DynamoDB table, configure encryption at rest with an AWS Key Management Service (AWS KMS) customer managed key.

A company built an online event platform. For each event, the company organizes quizzes and generates leaderboards that are based on the quiz scores. The company stores the leaderboard data in Amazon DynamoDB and retains the data for 30 days after an event is complete. The company then uses a scheduled job to delete the old leaderboard data
The DynamoDB table is configured with a fixed write capacity. During the months when many events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.
A developer must create a long-term solution that deletes the old leaderboard data and optimizes write throughput.
Which solution meets these requirements?

A. Configure a TTL attribute for the leaderboard data.

B. Use DynamoDB Streams to schedule and delete the leaderboard data

C. Use AWS Step Functions to schedule and delete the leaderboard data.

D. Set a higher write capacity when the scheduled delete job runs.

A company manages a microservices application on Amazon EC2 instances. A developer has integrated the AWS X-Ray SDK with the application. The developer also has an IAM role that is associated with the EC2 instances. The role includes the AWSXRayDaemonWriteAccess managed IAM policy.
When the developer queries the X-Ray traces by using the GetServiceGraph API operation, no errors and no trace data are returned.
What could be the reason that no X-Ray trace data is being returned? (Choose two.)

A. The X-Ray daemon is not installed on each EC2 instance.

B. The GetServiceGraph API operation is providing a StartTime value and an EndTime value that are older than 30 days.

C. X-Ray trace data is not available for querying for 30 minutes after it is captured.

D. The developer’s IAM policy contains the AWSXRayReadOnlyAccess managed policy.

E. The GetServiceGraph API operation does not include an EndTime value.

A developer is creating a command line script to launch an Amazon EC2 instance at a preset time with a cron job. The developer will provide a user data script to start a task and then terminate the instance. The task cannot be interrupted and must run to completion.
How should the developer launch the EC2 instance?

A. Use the ec2 start-instances command.

B. Use the ec2 request-spot-instances command.

C. Use the ec2 run-instances command.

D. Use the ec2 purchase-scheduled-instances command.

A developer is setting up the deployment of application stacks to new test environments by using the AWS Cloud Development Kit (AWS CDK). The application contains the code for several AWS Lambda functions that will be deployed as assets. Each Lambda function is defined by using the AWS CDK Lambda construct library.
The developer has already successfully deployed the application stacks to the alpha environment in the first account by using the AWS CDK CLI’s cdk deploy command. The developer is preparing to deploy to the beta environment in a second account for the first time. The developer makes no significant changes to the CDK code between deployments, but the initial deployment in the second account is unsuccessful and returns a NoSuchBucket error.
Which command should the developer run before redeployment to resolve this error?

A. cdk synth

B. cdk bootstrap

C. cdk init

D. cdk destroy

A company is developing a publicly accessible single-page application. The application makes calls from a client web browser to backend services to provide a user interface to customers. The application depends on a third-party web service exposed as an HTTP API. The web client must provide an API key to the third-party web service by using the HTTP header as part of the HTTP request. The company’s API key must not be exposed to the users of the web application.
Which solution will meet these requirements MOST cost-effectively?

A. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Velocity Template Language (VTL).

B. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Embedded JavaScript (EJS).

C. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Velocity Template Language (VTL).

D. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Embedded JavaScript (EJS).

A company has point-of-sale devices across thousands of retail shops that synchronize sales transactions with a centralized system. The system includes an
Amazon API Gateway API that exposes an AWS Lambda function. The Lambda function processes the transactions and stores the transactions in Amazon RDS for MySQL. The number of transactions increases rapidly during the day and is near zero at night.
How can a developer increase the elasticity of the system MOST cost-effectively?

A. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale road replicas based on CPU consumption.

B. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale read replicas based on the number of database connections.

C. Create an Amazon Simple Queue Service (Amazon SQS) queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Turn on enhanced fanout for the Lambda function.

D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Set the reserved concurrency of the Lambda function to be less than the number of database connections.

A developer is deploying an AWS Lambda function. The developer wants the ability to return to older versions of the function quickly and seamlessly.
How can the developer achieve this goal with the LEAST operational overhead?

A. Use AWS OpsWorks to perform blue/green deployments.

B. Use a function alias with different versions.

C. Maintain deployment packages for older versions in Amazon S3.

D. Use AWS CodePipeline for deployments and rollbacks.

A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people.
How can the developer securely provide temporary access to the objects that are stored in the S3 bucket?

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket’s S3 URL.

B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.

C. Set a bucket policy that restricts access after a period of time. Provide the bucket’s S3 URL.

D. Configure static web hosting on the S3 bucket. Provide the bucket’s web URL.

A company is developing a microservice that will manage customer account data in an Amazon DynamoDB table. Insert, update, and delete requests will be rare. Read traffic will be heavy. The company must have the ability to access customer data quickly by using a customer ID. The microservice can tolerate stale data.
Which solution will meet these requirements with the FEWEST possible read capacity units (RCUs)?

A. Read the table by using eventually consistent reads.

B. Read the table by using strongly consistent reads.

C. Read the table by using transactional reads.

D. Read the table by using strongly consistent PartiQL queries.

A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in a complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers.
Which AWS service should be used to refactor this architecture?

A. AWS Lambda

B. AWS X-Ray

C. Amazon SQS

D. Amazon API Gateway

A company is developing a serverless ecommerce web application. The application needs to make coordinated, all-or-nothing changes to multiple items in the company's inventory table in Amazon DynamoDB.
Which solution will meet these requirements?

A. Enable transactions for the DynamoDB table. Use the BatchWriteItem operation to update the items.

B. Use the TransactWriteItems operation to group the changes. Update the items in the table.

C. Set up a FIFO queue using Amazon SOS. Group the changes in the queue. Update the table based on the grouped changes.

D. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions. Write a backend process to sync the Aurora DB table and the DynamoDB table.

An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the
`hot` shard is resharded.
Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

A. 12

B. 6

C. 4

D. 1

A developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as supported social media accounts.
How can the developer provide this authentication functionality?

A. Use Amazon Cognito with web identity federation.

B. Use Amazon Cognito with SAML-based identity federation.

C. Use IAM access keys and secret keys in the application code to allow Get* on the S3 bucket.

D. Use AWS STS AssumeRole in the application code and assume a role with Get* permissions on the S3 bucket.

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.

B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.

C. Define a role-based policy on the other accounts’ roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

A developer has created an AWS Lambda function that interacts with an Amazon Aurora MySQL database. The Lambda function makes queries to the database. After a performance test for the Lambda function, the database starts to show an error for too many connections.
Which solution will solve this problem with the LEAST operational effort?

A. Create a road replica for the database. Query the replica database instead of the primary database.

B. Migrate the data to an Amazon DynamoDB database.

C. Sot a limit to the Lambda function’s concurrency.

D. Create a proxy in Amazon RDS Proxy. Query the proxy instead of the database.

A developer wants to run a PHP website with an NGINX proxy and package them as Docker containers in one environment. The developer wants a managed environment with automated provisioning and load balancing. The developer cannot change the configuration and must minimize operational overhead.
How should the developer build the website to meet these requirements?

A. Create a new application in AWS Elastic Beanstalk that is preconfigured for a multicontainer Docker environment. Upload the code, and deploy it to a web server environment.

B. Deploy the code on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.

C. Construct an AWS CloudFormation template that launches Amazon EC2 instances. Install and configure the PHP code by using cfn helper scripts.

D. Upload the code for the PHP website into an Amazon S3 bucket. Host the website from the S3 bucket.

A developer is deploying an application on Amazon EC2 instances that run in Account A. The application needs to read data from an existing Amazon Kinesis data stream in Account B.
Which actions should the developer take to provide the application with access to the stream? (Choose two.)

A. Update the instance profile role in Account A with stream read permissions.

B. Create an IAM role with stream read permissions in Account B.

C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.

D. Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.

E. Add a resource-based policy in Account B to allow read access from the instance profile role.

A developer is creating a serverless application that uses an AWS Lambda function The developer will use AWS CloudFormation to deploy the application The application will write logs to Amazon CloudWatch Logs. The developer has created a log group in a CloudFormation template for the application to use. The developer needs to modify the CloudFormation template to make the name of the log group available to the application at runtime.
Which solution will meet this requirement?

A. Use the AWS::Include transform in CloudFormation to provide the log group’s name to the application.

B. Pass the log group’s name to the application in the user data section of the CloudFormation template

C. Use the CloudFormation template’s Mappings section to specify the log group’s name for the application.

D. Pass the log group’s Amazon Resource Name (ARN) as an environment variable to the Lambda function.

A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks.
What can the company do to find out how the changes will impact the resources that are running?

A. Investigate the change sets.

B. Investigate the stack policies.

C. Investigate the Metadata section.

D. Investigate the Resources section.