An ecommerce company is launching a new application that will be publicly accessible. The company deployed the application on Amazon EC2 instances behind an Application Load Balancer (ALB) in the us-east-1 Region. The EC2 instances are in an Auto Scaling group.
A developer needs to make the application secure by using TLS/SSL certificates provisioned by AWS. The developer also needs to configure the existing domain www.example.com in Amazon Route 53.
Which combination of steps should the developer take to meet these requirements? (Choose two.)

A. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in IAM server certificates.

B. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in AWS Certificate Manager (ACM).

C. Add the www.example.com certificate to the HTTP listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.

D. Configure an A record in Route 53 with the ALB as the target. Request the www.example.com TLS/SSL certificate in Route 53.

E. Create an HTTPS listener in the ALB. Add the www.example.com certificate to the listener. Add a rule with www.example.com as the host. Forward the traffic to a target group that contains the Auto Scaling group.

A company is using Amazon Cognito user pools for sign-up and login functionality for a web application. The company is using Amazon RDS for the application’s data persistence and is using Amazon API Gateway and AWS Lambda for the application’s API functionality. Users must provide their first name, last name, email address, and phone number to sign up. All API endpoints have a Cognito user pool authorizer to guard against unauthenticated requests.
A developer wants to show a personalized welcome screen to users after they log in. The welcome screen needs to show the user’s first name and the user’s previous login date. According to company policy, developers who work on the web application cannot store any personally identifiable information in RDS instances.
Which solution should the developer implement to meet these requirements?

A. After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user’s universally unique identifier (UUID) from the sub claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.

B. After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given_name claim and the user’s universally unique identifier (UUID) from the sub claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.

C. After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user’s universally unique identifier (UUID) from the iss claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.

D. After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given_name claim and the user’s universally unique identifier (UUID) from the iss claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway. Amazon DynamoDB, and AWS Lambda.
Which AWS service or tool should the developer use to define serverless resources in YAML?

A. CloudFormation serverless intrinsic functions

B. AWS Elastic Beanstalk

C. AWS Serverless Application Model (AWS SAM)

D. AWS Cloud Development Kit (AWS CDK)

A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Choose two.)

A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.

B. Use S3 bucket policies to restrict read access to specific IAM users.

C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.

D. Create a new IAM user for each user and grant read access.

E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.

A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI). The company uses AWS CloudFormation to provision the application. The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region.
An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational overhead.
Which solution meets these requirements?

A. Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AMI. Relaunch the stack for both Regions.

B. Copy the custom AMI from us-east-1 to us-west-1. Update the AWS CloudFormation template for us-west-1 to refer to AMI ID for the copied AMI. Relaunch the stack.

C. Build the custom AMI in us-west-1. Create a new AWS CloudFormation template to launch the stack in us-west-1 with the new AMI ID.

D. Manually deploy the application outside AWS CloudFormation in us-west-1.

A developer supports an application that accesses data in an Amazon DynamoDB table. One of the item attributes is expiration Date in the timestamp format. The application uses this attribute to find items, archive them, and remove them from the table based on the timestamp value.
The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.
Which solution will meet these requirements?

A. Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda function.

B. Create two AWS Lambda functions: one to delete the items and one to process the items. Create a DynamoDB stream. Use the DeleteItem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB stream and process them.

C. Create two AWS Lambda functions: one to delete the items and one to process the items. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to invoke the Lambda functions. Use the DeleteItem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB table and process them.

D. Enable TTL on the expirationDate attribute in the table. Specify an Amazon Simple Queue Service (Amazon SQS) dead-letter queue as the target to delete the items. Create an AWS Lambda function to process the items.

A developer creates a customer managed key for multiple AWS users to encrypt data in Amazon S3. The developer configures Amazon Simple Notification
Service (Amazon SNS) to publish a message if key deletion is scheduled. The developer needs to preserve any SNS messages that cannot be delivered so that those messages can be reprocessed.
Which AWS service or feature should the developer use to meet this requirement?

A. Amazon Simple Email Service (Amazon SES)

B. AWS Lambda

C. Amazon Simple Queue Service (Amazon SQS)

D. Amazon CloudWatch alarm

A developer has created a Node.js web application on a local development machine. The developer wants to use AWS technology to host the website. The developer needs a solution that requires the least possible operational overhead and no code changes.
Which AWS service should the developer use to meet these requirements?

A. AWS Elastic Beanstalk

B. Amazon EC2

C. AWS Lambda

D. Amazon Elastic Kubernetes Service (Amazon EKS)

A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity. During peak times, the backend servers that process orders are overloaded with requests. This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Choose two.)

A. Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.

B. Implement an Amazon SQS queue to decouple the front-end and backend servers.

C. Use an Amazon SNS queue to decouple the front-end and backend servers.

D. Migrate the backend servers to on-premises and pull from an Amazon SNS queue.

E. Modify the backend servers to pull from an Amazon SQS queue.

A logistics company built an asset-tracking microservice by using the AWS Serverless Application Model (AWS SAM). One of the microservice’s AWS Lambda functions needs to import a large geospatial dataset from Amazon S3 before the function can process the requests. The import of the dataset requires significant time and is causing the function to take too long to finish running. The results are increased latency and cost.
A developer needs to optimize the function to process requests faster with the least possible cost.
Which solution will meet these requirements?

A. Store the geospatial dataset on Amazon Elastic File System (Amazon EFS) instead of on Amazon S3. Attach the EFS file system to the function. Retrieve the dataset by accessing the file system for every invocation.

B. Store the geospatial dataset on Amazon Elastic File System (Amazon EFS) instead of on Amazon S3. Attach the EFS file system to the function. Cache the data in the /tmp directory for use with every invocation.

C. Declare the Amazon S3 SDK and object request outside of the function handler. Configure provisioned concurrency for the function.

D. Declare the Amazon S3 SDK and object request outside of the function handler. Increase memory capacity of the function to 1,769 MB.

A company has an ecommerce application. To track product reviews, the company's development team uses an Amazon DynamoDB table.
Every record includes the following:
• A Review ID, a 16-digit universally unique identifier (UUID)
• A Product ID and User ID, 16-digit UUIDs that reference other tables
• A Product Rating on a scale of 1-5
• An optional comment from the user
The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product.
Which index will provide the FASTEST response for this query?

A. A global secondary index (GSI) with Product ID as the partition key and Product Rating as the sort key

B. A global secondary index (GSI) with Product ID as the partition key and Review ID as the sort key

C. A local secondary index (LSI) with Product ID as the partition key and Product Rating as the sort key

D. A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?

A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucket must be resized to a thumbnail image by the application.
Each thumbnail image is uploaded with a new name in the same S3 bucket.
Which AWS service can a developer configure to directly process each single S3 event for each S3 object upload?

A. Amazon EC2

B. Amazon Elastic Container Service (Amazon ECS)

C. AWS Elastic Beanstalk

D. AWS Lambda

A company's developer is building a static website to be deployed in Amazon S3 for a production environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda function. The website that is deployed to production will use a Lambda alias that points to a specific version of the Lambda function.
The company must rotate the database credentials every 2 weeks. Lambda functions that the company deployed previously must be able to use the most recent credentials.
Which solution will meet these requirements?

A. Store the database credentials in AWS Secrets Manager. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Secrets Manager.

B. Include the database credentials as part of the Lambda function code. Update the credentials periodically and deploy the new Lambda function.

C. Use Lambda environment variables. Update the environment variables when new credentials are available.

D. Store the database credentials in AWS Systems Manager Parameter Store Turn on rotation. Write code in the Lambda function to retrieve the credentials from Systems Manager Parameter Store.

A security review for a software company’s application infrastructure shows that there is no test coverage in any of the company’s deployment pipelines. A developer must fix this issue as soon as possible. The company has been integrating the AWS Cloud Development Kit (AWS CDK) into the deployment process. However, much of the pipeline still uses AWS CloudFormation templates. The developer needs to add test coverage to all the deployment code.
Which solution will meet these requirements with the LEAST amount of configuration?

A. Write unit tests by using the AWS CDK assertions module. Create CloudFormation template instances by using the module’s Template class for the existing CloudFormation templates and the module’s Capture class for the CDK stacks.

B. Write unit tests by using the AWS CDK assertions module. Create CloudFormation template instances by using the module’s Template.fromString() method for the existing CloudFormation templates and the module’s Template.fromStack{} method for the CDK stacks.

C. Convert the CloudFormation templates into CDK stacks by using the AWS CDK CfnInciude construct. Write unit tests against the templates by using CloudFormation rule assertions.

D. Convert the CDK stacks into CloudFormation templates by using the AWS CDK CfnInclude construct. Write unit tests against the templates by using CloudFormation rule assertions.

A company has an application that generates large binary data outside of AWS. The company must encrypt the data before uploading the data to an Amazon S3 bucket.
Which solution will meet this requirement?

A. Use the AWS Key Management Service (AWS KMS) encrypt command in the AWS CLI.

B. Configure server-side encryption on the S3 bucket.

C. Use the AWS Encryption SDK to perform client-side encryption of the data.

D. Specify the x-amz-server-side-encryption header when uploading the data to the S3 bucket.

A developer is making changes to a custom application that uses AWS Elastic Beanstalk.
Which solutions will update the Elastic Beanstalk environment with the new application version after the developer completes the changes? (Choose two.)

A. Package the application code into a .zip file. Use the AWS Management Console to upload the zip file and deploy the packaged application.

B. Package the application code into a .tar file. Use the AWS Management Console to create a new application version from the .tar file. Update the environment by using the AWS CLI.

C. Package the application code into a .tar file. Use the AWS Management Console to upload the .tar file and deploy the packaged application.

D. Package the application code into a .zip file. Use the AWS CLI to create a new application version from the .zip file and to update the environment.

E. Package the application code into a .zip file. Use the AWS Management Console to create a new application version from the .zip file. Rebuild the environment by using the AWS CLI.

A company configures an Amazon S3 bucket to deliver S3 object events to Amazon EventBridge (Amazon CloudWatch Events). An EventBridge rule invokes an AWS Lambda function for each object event that is received from the S3 bucket.
A developer is working on a new version of the Lambda function. To ensure that the new Lambda function works as expected, the developer must run a repeatable test that uses realistic S3 bucket object events. The developer must minimize the amount of code and infrastructure that are required to support the test.
Which solution will meet these requirements?

A. Create another S3 bucket that can deliver object events to EventBridge. Add another EventBridge rule to deliver data events from the new S3 bucket to the new Lambda function Develop a tool to update objects in the new S3 bucket to produce the test S3 object events.

B. Add the new Lambda function as an additional target of the existing EventBridge rule. Deliver the S3 object events to the existing Lambda function and the new Lambda function simultaneously.

C. Use EventBridge to archive and replay production S3 object events. Set up a new EventBridge rule to deliver replayed S3 object events to the new Lambda function.

D. Develop a tool that uses the EventBridge PutEvents API operation to publish aws.s3 data events. Add a new EventBridge rule that delivers the aws.s3 events to the new Lambda function.

A developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server-side encryption with AWS KMS keys (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using KMS keys.

B. The AWS KMS API calls limit is less than needed to achieve the desired performance.

C. The client encryption of the objects is using a poor algorithm.

D. KMS requires that an alias be used to create an independent display name that can be mapped to a KMS key.

An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?

A. Write data to Amazon ElastiCache.

B. Write data to Amazon Elastic Block Store.

C. Write data to Amazon EC2 Instance Store.

D. Write data to the root filesystem.

A developer is creating a web application for a guitar store where customers can look for instruments in a catalog. The developer chooses Amazon DynamoDB in provisioned mode for the database. The database must contain a catalog for the instruments that are displayed in the application. The required information includes category (for example, acoustic guitar, electric guitar, bass guitar), part number, model, brand, country of fabrication, color, orientation (left-handed, right-handed), and price.
The application must give customers the ability to look for instruments by browsing category, then brand, and finally model. Customers must also be able to search by part number. Based on these requirements, the developer must choose the proper partition key, sort key, and indexes that will minimize the number of read capacity units (RCUs) that the queries consume. All query results must return all attributes.
Which combination of steps should the developer use in the table design to meet these requirements? (Choose two.)

A. Set part number as the partition key. Do not set a sort key.

B. Set brand as the partition key. Set category as the sort key.

C. Create a global secondary index (GSI) with category as the partition key and brand+model as the sort key. Select ALL for attribute projections.

D. Create a global secondary index (GSI) with category as the partition key and brand as the sort key. Use filter expression by model when necessary. Select ALL for attribute projections.

E. Create a global secondary index (GSI) with category+brand as the partition key and model as the sort key. Select INCLUDE for attribute projections.

A developer is building an application that runs behind an Application Load Balancer (ALB). The ALB is configured as the origin for an Amazon CloudFront distribution. Users will log in to the application by using their social media accounts.
How can the developer authenticate users?

A. Validate the users by inspecting the tokens in an AWS Lambda authorizer on the ALB.

B. Configure the ALB to use Amazon Cognito as one of the authentication providers.

C. Configure CloudFront to use Amazon Cognito as one of the authentication providers.

D. Validate the users by calling the Amazon Cognito API in an AWS Lambda authorizer on the ALB.

A company uses AWS CloudFormation to deploy an application that uses an Amazon API Gateway REST API with AWS Lambda function integration. The application uses Amazon DynamoDB for data persistence. The application has three stages: development, testing, and production. Each stage uses its own DynamoDB table.
The company has encountered unexpected issues when promoting changes to the production stage. The changes were successful in the development and testing stages. A developer needs to route 20% of the traffic to the new production stage API with the next production release. The developer needs to route the remaining 80% of the traffic to the existing production stage. The solution must minimize the number of errors that any single customer experiences.
Which approach should the developer take to meet these requirements?

A. Update 20% of the planned changes to the production stage. Deploy the new production stage. Monitor the results. Repeat this process five times to test all planned changes.

B. Update the Amazon Route 53 DNS record entry for the production stage API to use a weighted routing policy. Set the weight to a value of 80. Add a second record for the production domain name. Change the second routing policy to a weighted routing policy. Set the weight of the second policy to a value of 20. Change the alias of the second policy to use the testing stage API.

C. Deploy an Application Load Balancer (ALB) in front of the REST API. Change the production API Amazon Route 53 record to point traffic to the ALB. Register the production and testing stages as targets of the ALB with weights of 80% and 20%, respectively.

D. Configure canary settings for the production stage API. Change the percentage of traffic directed to canary deployment to 20%. Make the planned updates to the production stage. Deploy the changes.

A developer is trying to determine which IAM user is calling several AWS APIs from an application.
Which service would provide this information?

A. AWS Config

B. AWS CloudTrail

C. Amazon CloudWatch

D. Amazon VPC Flow Logs

A developer is debugging an AWS Lambda function behind an Amazon API Gateway. Whenever the API Gateway endpoint is called, HTTP status code 200 is returned even though AWS Lambda is recording a 4xx error.
What change needs to be made to return a proper error code through the API Gateway?

A. Enable CORS in the API Gateway method settings

B. Use a Lambda proxy integration to return HTTP codes and headers

C. Enable API Gateway error pass-through.

D. Return the value in the header x-Amzn-ErrorType.

A company has a multi-tier application that uses Amazon API Gateway, AWS Lambda, and Amazon RDS. The company wants to investigate a slow response time to calls that come from the API Gateway API.
What is the MOST operationally efficient way for the company to determine which internal call is causing the slow response times?

A. Use Amazon CloudWatch.

B. Use AWS X-Ray.

C. Use AWS CloudTrail.

D. Use VPC Flow Logs.

A microservices application is deployed across multiple containers in Amazon Elastic Container Service (Amazon ECS). To improve performance, a developer wants to capture trace information between the microservices and visualize the microservices architecture.
Which solution will meet these requirements?

A. Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application.

B. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the microservices.

C. Install the AWS X-Ray daemon on each of the ECS instances.

D. Configure AWS CloudTrail data events to capture the traffic between the microservices.

A company is using AWS CloudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application.
What is the MOST operationally efficient solution that meets these requirements?

A. Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.

B. Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.

C. Use a cron daemon on the application’s host to generate and relate the password.

D. Use an AWS Secrets Manager resource to generate and rotate the password.

A developer compiles an AWS Lambda function and packages the result as a .zip file. The developer uses the Functions page on the Lambda console to attempt to upload the local packaged .zip file. When pushing the package to Lambda, the console returns the following error:
An error occurred (RequestEntityTooLargeException) when calling the UpdateFunctionCode operation
Which solutions can the developer use to publish the code? (Choose two.)

A. Upload the package to Amazon S3. Use the Functions page on the Lambda console to upload the package from the S3 location.

B. Create an AWS Support ticket to increase the maximum package size.

C. Use the update-function-code AWS CLI command. Pass the –publish parameter.

D. Repackage the Lambda function as a Docker container image. Upload the image to Amazon Elastic Container Registry (Amazon ECR). Create a new Lambda function by using the Lambda console. Reference the image that is deployed to Amazon ECR.

E. Sign the .zip file digitally. Create a new Lambda function by using the Lambda console. Update the configuration of the new Lambda function to include the Amazon Resource Name (ARN) of the code signing configuration.

A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size to generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud-based applications has hundreds of AWS Lambda functions that pull data from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambda deployment bundle.
After 3 months of development, the Root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing, and production environments. Each environment is managed in a separate AWS account.
Which combination of steps should the developer take to meet these requirements MOST cost-effectively? (Choose two.)

A. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret.

B. Store the Root CA Cert as a SecureString parameter in AWS Systems Manager Parameter Store. Create a resource-based policy. Add IAM users to allow access to the policy.

C. Store the Root CA Cert in an Amazon S3 bucket. Create a resource-based policy to allow access to the bucket.

D. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store inside the Lambda function handler.

E. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store outside the Lambda function handler.

A developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

A. Use an identity provider to securely authenticate with the application.

B. Create an AWS Lambda function to create an IAM user when a user accesses the application.

C. Create credentials using AWS KMS and apply these credentials to users when using the application.

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.
Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?

A. Encode each employee s contact information and photos using Base64 Store the information in an Amazon DynamoDB table using a sort key.

B. Store each employee’s contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

C. Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

D. Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).

A developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records.
In which order will these records be processed?

A. Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method.

B. Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first-in, first-out) method.

C. Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards.

D. The developer can select FIFO (first-in, first-out), LIFO (last-in, first-out), random, or request specific record using the getRecords API.

A company has an online web application that includes a product catalog. The catalog is stored in an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The application must be able to list the objects in the S3 bucket and must be able to download objects through an IAM policy.
Which policy allows MINIMUM access to meet these requirements?

A.

B.

C.

D.

A software company is using AWS CodeBuild to build an application. The buildspec runs the application build and creates a Docker image that contains the application. The company needs to push the Docker image to Amazon Elastic Container Registry (Amazon ECR) only upon the completion of each successful build.
Which solution meets these requirements?

A. Change the buildspec by adding a post_build phase that uses the commands block to push the Docker image.

B. Change the buildspec by adding a post_build phase that uses the finally block to push the Docker image.

C. Specify the Docker image in the buildspec’s artifacts sequence with an action to push the image.

D. Use a batch build to define a build matrix. Use the batch build to push the Docker image.

A company’s mock data from development environments has been appearing in the production environment. The company wants a member of the Admin IAM user group to manually approve all promotions to production in the company’s AWS CodePipeline pipeline before the promotions can proceed.
Which combination of steps will meet these requirements? (Choose two.)

A. Add an approval action to the pipeline. Set the Provider field to Group and the Owner field to the name of the IAM user group. Set the approval action to run before the production deploy action.

B. Add an approval action to the pipeline. Set the Provider field to Manual and the Owner field to AWS. Set the approval action to run before the production deploy action.

C. Add an approval action to the pipeline. Set the Provider field to Manual and the Owner field to the name of the IAM user group. Set the approval action to run before the production deploy action.

D. Add an inline policy to the Admin IAM user group to allow the codepipeline:GetPipeline* action and the codepipeline:PutApprovalResult action. Set the pipeline as the resource for the policy.

E. Add an inline policy to the Admin IAM user group to allow the codepipeline:GetPipeline* action. Set the pipeline as the resource for the policy. Add a second inline policy to allow the codepipeline:PutApprovalResult action. Set the approval action as the resource for the policy.

A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?

A. Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

B. Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

C. Recreate the CloudFront distribution in the same Region as the certificate.

D. Specify the ACM certificate name as the default root object of the CloudFront distribution.

A developer tests an application that a company developed by using AWS Lambda. The Lambda functions are behind an AmazonAPI Gateway API. The timeout for the API method is set to the same timeout as the Lambda functions. When a request is sent to the API, the responses are timing out.
Which action would help the developer troubleshoot this issue?

A. Check the IntegrationLatency metric of the API in Amazon CloudWatch

B. Check the Duration metric for the Lambda functions in Amazon CloudWatch

C. Check the Count metric of the API in Amazon CloudWatch

D. Check the Errors metric for the Lambda functions in Amazon CloudWatch

A developer at a company needs to create a small application that makes the same API call once each day at a designated time. The company does not have infrastructure in the AWS Cloud yet, but the company wants to implement this functionality on AWS.
Which solution meets these requirements in the MOST operationally efficient manner?

A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS).

B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2.

C. Use an AWS Lambda function that is invoked by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.

D. Use an AWS Batch job that is submitted to an AWS Batch job queue.

A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?

A. Concurrent writes

B. Conditional writes

C. Atomic writes

D. Batch writes

A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.
Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to 5 MB.
Which solution will meet these requirements with the LEAST operational overhead?

A. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.

B. Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

C. Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

D. Create a user’s table in DynamoDB. Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the API. Use the Lambda function to store the photos in Amazon S3. Store the object’s S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

A company created an application to consume and process data. The application uses Amazon Simple Queue Service (Amazon SQS) and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly. The company needs to clear these messages to prevent the queue from becoming blocked.
A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis.
What is the MOST operationally efficient solution that meets these requirements?

A. Configure Amazon CloudWatch Logs to save the error messages to a separate log stream.

B. Create a new SQS queue. Set the new queue as a dead-letter queue for the application queue. Configure the Maximum Receives setting.

C. Change the SQS queue to a FIFO queue. Configure the message retention period to 0 seconds.

D. Configure an Amazon CloudWatch alarm for Lambda function errors. Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrator users.

A company stores the photographs in an Amazon S3 bucket. The company wants to resize the photographs automatically after writing the photographs to the S3 bucket. The company creates an AWS Lambda function to resize the photographs.
Which solution will meet these requirements?

A. Configure S3 Event Notifications to invoke the Lambda function

B. Configure an S3 Lifecycle rule to invoke the Lambda function.

C. Configure S3 Select on a schedule to invoke the Lambda function.

D. Configure S3 Storage Lens to invoke the Lambda function.

A developer is creating an AWS Lambda function to process streaming data from an Amazon Kinesis data stream. When the Lambda function parses the data and encounters a malformed record from the stream, the Lambda function exits with an error.
The developer is observing duplicate records downstream from the function. When the developer uses a different client to examine the Kinesis data stream output, no duplicate records are visible in the stream.
What is the reason for the duplicate records?

A. The Lambda function did not advance the Kinesis data stream pointer to the next record after the error.

B. The Lambda event source used asynchronous invocation.

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

D. The Lambda function did not keep up with the amount of data that was coming from the Kinesis data stream.

A developer is troubleshooting an Amazon API Gateway API. Clients are receiving HTTP 400 response errors when the clients try to access an endpoint of the API.
How can the developer determine the cause of these errors?

A. Create an Amazon Kinesis Data Firehose delivery stream to receive API call logs from API Gateway. Configure Amazon CloudWatch Logs as the delivery stream’s destination.

B. Turn on AWS CloudTrail Insights and create a trail. Specify the Amazon Resource Name (ARN) of the trail for the stage of the API.

C. Turn on AWS X-Ray for the API stage. Create an Amazon CloudWatch Logs log group. Specify the Amazon Resource Name (ARN) of the log group for the API stage.

D. Turn on execution logging and access logging in Amazon CloudWatch Logs for the API stage Create a CloudWatch Logs log group. Specify the Amazon Resource Name (ARN) of the log group for the API stage.

A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users' game data.
How can this be accomplished?

A. Encrypt the game data with individual user keys.

B. Restrict access to specific items based on certain primary key values.

C. Stage data in SQS queues to inject metadata before accessing DynamoDB.

D. Read records from DynamoDB and discard irrelevant data client-side.

A developer is deploying a company's application to Amazon EC2 instances. The application generates gigabytes of data files each day. The files are rarely accessed, but the files must be available to the application’s users within minutes of a request during the first year of storage. The company must retain the files for 7 years.
How can the developer implement the application to meet these requirements MOST cost-effectively?

A. Store the files in an Amazon S3 bucket Use the S3 Glacier Instant Retrieval storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Deep Archive storage class after 1 year.

B. Store the files in an Amazon S3 bucket. Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Flexible Retrieval storage class after 1 year.

C. Store the files on an Amazon Elastic Block Store (Amazon EBS) volume. Use Amazon Data Lifecycle Manager (Amazon DLM) to create snapshots of the EBS volumes and to store those snapshots in Amazon S3.

D. Store the files on an Amazon Elastic File System (Amazon EFS) mount. Configure EFS lifecycle management to transition the files to the EFS Standard-Infrequent Access (Standard-IA) storage class after 1 year.

A developer has an application that asynchronously invokes an AWS Lambda function. The developer wants to store messages that resulted in failed invocations of the Lambda function so that the application can retry the call later.
What should the developer do to accomplish this goal with the LEAST operational overhead?

A. Set up Amazon CloudWatch Logs log groups to filter and store the messages in an Amazon S3 bucket. Import the messages in Lambda. Run the Lambda function again.

B. Configure Amazon EventBridge (Amazon CloudWatch Events) to send the messages to Amazon Simple Notification Service (Amazon SNS) to initiate the Lambda function again.

C. Implement a dead-letter queue for discarded messages. Set the dead-letter queue as an event source for the Lambda function.

D. Send Amazon EventBridge (Amazon CloudWatch Events) events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the Lambda function to pull messages from the SQS queue. Run the Lambda function again.

A company experienced partial downtime during the last deployment of a new application. AWS Elastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a new version one batch at a time after taking them out of service. Therefore, full capacity was not maintained during deployment.
The developer plans to release a new version of the application, and is looking for a policy that will maintain full capacity and minimize the impact of the failed deployment.
Which deployment policy should the developer use?

A. Immutable

B. All at Once

C. Rolling

D. Rolling with an Additional Batch

A developer is writing an application in AWS Lambda. To simplify testing and deployments, the developer needs the database connection string to be easily changed without modifying the Lambda code.
How can this requirement be met?

A. Store the connection string as a secret in AWS Secrets Manager.

B. Store the connection string in an IAM user account.

C. Store the connection string in AWS KMS.

D. Store the connection string as a Lambda layer.