A company has hundreds of AWS Lambda functions that the company's QA team needs to test by using the Lambda function URLs. A developer needs to configure the authentication of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda functions by using the public URLs.
Which solution will meet these requirements?

A. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to create an IAM identity-based policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.

B. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.

C. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to loop on the Lambda functions to create an IAM identity-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group’s Amazon Resource Name (ARN).

D. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to loop on the Lambda functions to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group’s Amazon Resource Name (ARN).

A company has a website that displays a daily newsletter. When a user visits the website, an AWS Lambda function processes the browser's request and queries the company's on-premises database to obtain the current newsletter. The newsletters are stored in English. The Lambda function uses the Amazon Translate
TranslateText API operation to translate the newsletters, and the translation is displayed to the user.
Due to an increase in popularity, the website's response time has slowed. The database is overloaded. The company cannot change the database and needs a solution that improves the response time of the Lambda function.
Which solution meets these requirements?

A. Change to asynchronous Lambda function invocation.

B. Cache the translated newsletters in the Lambda /tmp directory.

C. Enable TranslateText API caching.

D. Change the Lambda function to use parallel processing.

A developer is creating a new application that will be accessed by users through an API created using Amazon API Gateway. The users need to be authenticated by a third-party Security Assertion Markup Language (SAML) identity provider. Once authenticated, users will need access to other AWS services, such as Amazon S3 and Amazon DynamoDB.
How can these requirements be met?

A. Use an Amazon Cognito user pool with SAML as the resource server.

B. Use Amazon Cognito identity pools with a SAML identity provider as one of the authentication providers.

C. Use the AWS IAM service to provide the sign-up and sign-in functionality.

D. Use Amazon CloudFront signed URLs to connect with the SAML identity provider.

A company is using Amazon OpenSearch Service to implement an audit monitoring system. A developer needs to create an AWS CloudFormation custom resource that is associated with an AWS Lambda function to configure the OpenSearch Service domain. The Lambda function must access the OpenSearch Service domain by using OpenSearch Service internal master user credentials.
What is the MOST secure way to pass these credentials to the Lambda function?

A. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and the Lambda function’s environment variable. Set the NoEcho attribute to true.

B. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and to create a parameter in AWS Systems Manager Parameter Store. Set the NoEcho attribute to true. Create an IAM role that has the ssm GetParameter permission. Assign the role to the Lambda function. Store the parameter name as the Lambda function’s environment variable. Resolve the parameter’s value at runtime

C. Use a CloudFormation parameter to pass the master user credentials at deployment to the OpenSearch Service domain’s MasterUserOptions and the Lambda function’s environment variable. Encrypt the parameter’s value by using the AWS Key Management Service (AWS KMS) encrypt command.

D. Use CloudFormation to create an AWS Secrets Manager secret. Use a CloudFormation dynamic reference to retrieve the secret’s value for the OpenSearch Service domain’s MasterUserOptions. Create an IAM role that has the secretsmanager:GetSecretValue permission. Assign the role to the Lambda function. Store the secret’s name as the Lambda function’s environment variable. Resolve the secret’s value at runtime.

A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:
 
The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?

A. “codecommit:CreateBranch”“codecommit:DeleteBranch”

B. “codecommit:Put*”

C. “codecommit:Update*”

D. “codecommit:*”

A company is hosting an Amazon API Gateway REST API that calls a single AWS Lambda function. The function is infrequently invoked by multiple clients at the same time. The code performance is optimal, but the company wants to optimize the startup time of the function.
What can a developer do to optimize the initialization of the function?

A. Enable API Gateway caching for the REST API.

B. Configure provisioned concurrency for the Lambda function.

C. Use Lambda proxy integration for the REST API.

D. Configure AWS Global Accelerator for the Lambda function.

An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application tier. To process orders during checkout, the application calls a POST API from the frontend. The POST API invokes the Lambda function asynchronously. In rare situations, the application has not processed orders. The Lambda application logs show no errors or failures.
What should a developer do to solve this problem?

A. Inspect the frontend logs for API failures. Call the POST API manually by using the requests from the log file.

B. Create and inspect the Lambda dead-letter queue. Troubleshoot the failed functions. Reprocess the events.

C. Inspect the Lambda logs in Amazon CloudWatch for possible errors. Fix the errors.

D. Make sure that caching is disabled for the POST API in API Gateway.

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket.
Which solution will meet this requirement with the LEAST application disruption?

A. Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.

B. Add the permission to the role so that the change will take effect automatically.

C. Add the permission to the role. Hibernate and restart the existing EC2 instance.

D. Add the permission to the S3 bucket. Restart the EC2 instance.

A company that manages movie reviews wants to make its movie review data available to its customers by calling a set of REST web service endpoints. The company will develop the retrieval functionality as AWS Lambda functions and will expose the functionality to customers as an Amazon API Gateway REST API.
The company needs to ensure that no consumer exceeds 100 requests a day to the API during the initial deployment. The company decides to use API Gateway API keys to restrict access. The company creates and issues API keys for each customer.
What should the company do next to meet these requirements with the LEAST administrative effort?

A. Create a usage plan that applies throttling at 100 requests a day. Associate the usage plan with the API keys of all customers.

B. Create an Amazon DynamoDB table to track all the requests that use a particular API key. For each request to the API, count the number of records in the DynamoDB table for that day for the API key. If the number of requests is 100 or greater, generate an exception.

C. Create a usage plan that applies a quota of 100 requests a day. Associate the usage plan with the API keys of all customers.

D. Create an Amazon Aurora table to track all the requests that use a particular API key. For each request to the API, count the number of records in the Aurora table for that day for the API key. If the number of requests is 100 or greater, generate an exception.

A developer is creating a photo website. Amazon Route 53 hosts the website’s domain. The developer wants to store the application code and images in an Amazon S3 bucket. The developer also wants to use Amazon CloudFront to deliver the images to users.
The developer has created the S3 bucket and a CloudFront distribution. The developer wants the images to be accessed only through the website’s domain. Users must not use the S3 URLs.
Which solution will meet these requirements?

A. Create a CloudFront origin access identity (OAI). Associate the OAI with the CloudFront distribution. Modify the S3 bucket policy to allow access from only the OAI. Create an alias in Route 53 that points the website domain to the S3 bucket.

B. Create a CloudFront origin access identity (OAI). Associate the OAI with the CloudFront distribution. Modify the S3 bucket policy to allow access from only the OAI. Update the Route 53 records to point the website domain to the CloudFront domain name.

C. Block public access in the S3 bucket policy. Configure CloudFront to use the S3 bucket endpoint. Create an alias in Route 53 that points the website domain to the S3 bucket.

D. Block public access in the S3 bucket policy. Configure CloudFront to use the S3 bucket endpoint. Create an alias in Route 53 that points the website domain to the CloudFront domain name.

An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The application calls the DynamoDB REST API. Periodically, the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table.
Which solutions will mitigate this error MOST cost-effectively? (Choose two.)

A. Modify the application code to perform exponential backoff when the error is received.

B. Modify the application to use the AWS SDKs for DynamoDB.

C. Increase the read and write throughput of the DynamoDB table.

D. Create a DynamoDB Accelerator (DAX) cluster for the DynamoDB table.

E. Create a second DynamoDB table. Distribute the reads and writes between the two tables.

A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?

A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds

D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds

A software engineer developed an AWS Lambda function in Node.js to do some CPU-intensive data processing. With the default settings, the Lambda function takes about 5 minutes to complete.
Which approach should a developer take to increase the speed of completion?

A. Instead of using Node.js. rewrite the Lambda function using Python.

B. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function.

C. Allocate the maximum available CPU units to the function.

D. Increase the available memory to the function.

An application running on Amazon EC2 opens connections to an Amazon RDS SQL Server database. The developer does not want to store the user name and password for the database in the code. The developer would also like to automatically rotate the credentials.
What is the MOST secure way to store and access the database credentials?

A. Create an IAM role that has permissions to access the database. Attach the role to the EC2 instance.

B. Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed.

C. Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance’s user data to download the credentials from Amazon S3 as the instance boots.

D. Store the user name and password credentials directly in the source code. No further action is needed because the source code is stored in a private repository.

A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations.
As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing.
What is the MOST secure approach?

A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.

B. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.

C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

A company is developing a publicly accessible single-page application. The application makes calls from a client web browser to backend services to provide a user interface to customers. The application depends on a third-party web service exposed as an HTTP API. The web client must provide an API key to the third-party web service by using the HTTP header as part of the HTTP request. The company’s API key must not be exposed to the users of the web application.
Which solution will meet these requirements MOST cost-effectively?

A. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Velocity Template Language (VTL).

B. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Embedded JavaScript (EJS).

C. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Velocity Template Language (VTL).

D. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Embedded JavaScript (EJS).

A developer has a stateful web server on-premises that is being migrated to AWS. The developer must have greater elasticity in the new design.
How should the developer re-factor the application to make it more elastic? (Choose two.)

A. Use pessimistic concurrency on Amazon DynamoDB.

B. Use Amazon CloudFront with an Auto Scaling group.

C. Use Amazon CloudFront with an AWS Web Application Firewall.

D. Store session state data in an Amazon DynamoDB table.

E. Use an ELB with an Auto Scaling group.

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application.
Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

A.

B.

C.

D.

A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function. When calling the API. the developer receives the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502
What should the developer do to resolve the error?

A. Change the HTTP endpoint of the API to an HTTPS endpoint.

B. Change the format of the payload sent to the API Gateway.

C. Change the format of the Lambda function response to the API call.

D. Change the authorization header in the API call to access the Lambda function.

A company needs to develop a proof of concept for a web service application. The application will show the weather forecast for one of the company's office locations. The application will provide a REST endpoint that clients can call. Where possible, the application should use caching features provided by AWS to limit the number of requests to the backend service. The application backend will receive a small amount of traffic only during testing.
Which approach should the developer take to provide the REST endpoint MOST cost-effectively?

A. Create a container image. Deploy the container image by using Amazon Elastic Kubernetes Service (Amazon EKS). Expose the functionality by using Amazon API Gateway.

B. Create an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM). Expose the Lambda functionality by using Amazon API Gateway.

C. Create a container image. Deploy the container image by using Amazon Elastic Container Service (Amazon ECS). Expose the functionality by using Amazon API Gateway.

D. Create a microservices application in a preferred programming language. Deploy the application to AWS Elastic Beanstalk. Expose the AWS Lambda functionality by using an Application Load Balancer.

A company is using AWS Elastic Beanstalk to manage web applications that are running on Amazon EC2 instances. A developer needs to make configuration changes. The developer must deploy the changes to new instances only.
Which types of deployment can the developer use to meet this requirement? (Choose two.)

A. All at once

B. Immutable

C. Rolling

D. Blue/green

E. Rolling with additional batch

A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.
Which solution will enable the search and retrieval of each employee's individual details and high-resolution photos using AWS APIs?

A. Encode each employee s contact information and photos using Base64 Store the information in an Amazon DynamoDB table using a sort key.

B. Store each employee’s contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

C. Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

D. Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).

A developer uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to store data in Amazon S3. The developer needs to decrypt and download the encrypted objects by using the GetObject API call.
What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

A. The S3 object key only

B. The S3 object key and the encryption key

C. The S3 object key and the Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) key

D. The S3 object key and a randomly salted Hash-based Message Authentication Code (HMAC) value of the encryption key

A developer is building a three-tier application with an Application Load Balancer (ALB), Amazon EC2 instances, and Amazon RDS. There is an alias record in Amazon Route 53 that points to the ALB. When the developer tries to access the ALB from a laptop, the request times out.
Which logs should the developer investigate to verify that the request is reaching the AWS network?

A. VPC Flow Logs

B. Amazon Route 53 logs

C. AWS Systems Manager Agent logs

D. Amazon CloudWatch agent logs

A company is using AWS CodeDeploy for all production deployments. A developer has an Amazon Elastic Container Service (Amazon ECS) application that uses the CodeDeployDefault.ECSAIIAtOnce configuration. The developer needs to update the production environment in increments of 10% until the entire production environment is updated.
Which CodeDeploy configuration should the developer use to meet these requirements?

A. CodeDeployDefault.ECSCanary10Percent5Minutes

B. CodeDeployDefault.ECSLinear10PercentEvery3Minutes

C. CodeDeployDefault.OneAtATime

D. CodeDeployDefault.LambdaCanary10Percent5Minutes

A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI.
Which step should the developer complete prior to deploying the application?

A. Compress the application to a .zip file and upload it into AWS Lambda.

B. Test the new AWS Lambda function by first tracing it in AWS X-Ray.

C. Bundle the serverless application using a SAM package.

D. Create the application environment using the eb create my-env command.

A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning.
In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.
How can the developer accomplish this?

A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

B. Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for CloudWatch.

C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

A developer wants to use AWS Elastic Beanstalk to test a new version of on application in a test environment.
Which deployment method offers the FASTEST deployment?

A. Immutable

B. Rolling

C. Rolling with additional batch

D. All at once

A developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server-side encryption with AWS KMS keys (SSE-KMS). After creating this change, performance of the application is slower.
Which of the following is MOST likely the cause of the application latency?

A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using KMS keys.

B. The AWS KMS API calls limit is less than needed to achieve the desired performance.

C. The client encryption of the objects is using a poor algorithm.

D. KMS requires that an alias be used to create an independent display name that can be mapped to a KMS key.

A developer is designing a web application in which new users will use their email addresses to create accounts. Millions of users are expected to sign up. The application will store attributes for each user.
Which AWS service or feature should the developer implement to meet these requirements?

A. Amazon Cognito user pools

B. AWS Mobile Hub User File Storage

C. AWS AppSync

D. AWS Mobile Hub Cloud Logic

An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function.
How can the developer inspect the timing of the DynamoDB API calls?

A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics

B. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs

C. Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console.

D. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.

A developer deploys a custom application to three Amazon EC2 instances. The application processes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue with default settings. When the developer runs a load test on the Amazon SQS queue, the developer discovers that the application processes many messages multiple times.
How can the developer ensure that the application processes each message exactly once?

A. Modify the SQS standard queue to an SQS FIFO queue.

B. Process the messages on one EC2 instance instead of three instances.

C. Create a new SQS FIFO queue. Point the application to the new queue.

D. Increase the DelaySeconds value on the current SQS queue.

A developer is working on a web application that runs on Amazon Elastic Container Service (Amazon ECS) and uses an Amazon DynamoDB table to store data.
The application performs a large number of read requests against a small set of the table data.
How can the developer improve the performance of these requests? (Choose two.)

A. Create an Amazon ElastiCache cluster. Configure the application to cache data in the cluster.

B. Create a DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster for DynamoDB requests.

C. Configure the application to make strongly consistent read requests against the DynamoDB table.

D. Increase the read capacity of the DynamoDB table.

E. Enable DynamoDB adaptive capacity.

A gaming website gives users the ability to trade game items with each other on the platform. The platform requires both users' records to be updated and persisted in one transaction. If any update fails, the transaction must roll back.
Which AWS solution can provide the transactional capability that is required for this feature?

A. Amazon DynamoDB with operations made with the Consistent Read parameter set to true

B. Amazon ElastiCache for Memcached with operations made within a transaction block

C. Amazon DynamoDB with reads and writes made by using Transact* operations

D. Amazon Aurora MySQL with operations made within a transaction block

E. Amazon Athena with operations made within a transaction block

A company has a serverless application that uses AWS Lambda functions and AWS Systems Manager parameters to store configuration data. The company moves the Lambda functions inside the VPC and into private subnets. The Lambda functions are now producing errors in their attempts to access Systems Manager parameters.
Which solution will allow the Lambda functions to access Systems Manager parameters inside the VPC?

A. Configure security groups to allow access to Systems Manager.

B. Create an interface VPC endpoint for Systems Manager.

C. Use an Internet gateway from inside the VPC.

D. Create a gateway VPC endpoint for Systems Manager.

A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Choose two.)

A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.

B. Use S3 bucket policies to restrict read access to specific IAM users.

C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.

D. Create a new IAM user for each user and grant read access.

E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.

A developer needs to use Amazon DynamoDB to store customer orders. The developer's company requires all customer data to be encrypted at rest with a key that the company generates.
What should the developer do to meet these requirements?

A. Create the DynamoDB table with encryption set to None. Code the application to use the key to decrypt the data when the application reads from the table. Code the application to use the key to encrypt the data when the application writes to the table.

B. Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS customer managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

C. Store the key by using AWS Key Management Service (AWS KMS). Create the DynamoDB table with default encryption. Include the kms:Encrypt parameter with the Amazon Resource Name (ARN) of the AWS KMS key when using the DynamoDB software development kit (SDK).

D. Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS AWS managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

A developer is deploying an application on Amazon EC2 instances that run in Account A. The application needs to read data from an existing Amazon Kinesis data stream in Account B.
Which actions should the developer take to provide the application with access to the stream? (Choose two.)

A. Update the instance profile role in Account A with stream read permissions.

B. Create an IAM role with stream read permissions in Account B.

C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.

D. Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.

E. Add a resource-based policy in Account B to allow read access from the instance profile role.

A developer is exposing an API by using Amazon API Gateway and AWS Lambda as the backend for an application. The developer wants to add validation rules for a POST method to ensure that the data from the frontend web form is valid. The validation rules must include mandatory fields, data type, length, and regular expressions.
Which solution will meet these requirements?

A. Create an API Gateway model with schema for data validation.

B. Create API Gateway HTTP request headers for data validation.

C. Create API Gateway URL query string parameters for data validation.

D. Create API Gateway URL path parameters for data validation.

A company has migrated an application to Amazon EC2 instances. Automatic scaling is working well for the application user interface. However, the process to deliver shipping requests to the company's warehouse staff is encountering issues. Duplicate shipping requests are arriving, and some requests are lost or arrive out of order.
The company must avoid duplicate shipping requests and must process the requests in the order that the requests arrive. Requests are never more than 250 KB in size and take 5-10 minutes to process. A developer needs to rearchitect the application to improve the reliability of the delivery and processing of the requests.
What should the developer do to meet these requirements?

A. Create an Amazon Kinesis Data Firehose delivery stream to process the requests. Create an Amazon Kinesis data stream. Modify the application to write the requests to the Kinesis data stream.

B. Create an AWS Lambda function to process the requests. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the Lambda function to the SNS topic. Modify the application to write the requests to the SNS topic.

C. Create an AWS Lambda function to process the requests. Create an Amazon Simple Queue Service (Amazon SQS) standard queue. Set the SQS queue as an event source for the Lambda function. Modify the application to write the requests to the SQS queue.

D. Create an AWS Lambda function to process the requests. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the SQS queue as an event source for the Lambda function. Modify the application to write the requests to the SQS queue.

A research company has a website that is used once each day to perform scientific calculations based on inputs that are submitted through a webpage. The calculations are CPU intensive. An AWS Lambda function performs the calculations once each day. Users occasionally receive errors because of Lambda function timeouts.
Which change will reduce the Lambda function's runtime duration?

A. Configure Lambda to run the function on an Amazon EC2 burstable instance type.

B. Configure Lambda to run the function on an Amazon EC2 instance type that is recommended for high performance computing (HPC) workloads.

C. Configure Lambda to run the function with a larger reserved concurrency value.

D. Configure Lambda to run the function with a larger memory value.

A team of developers is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process.
Which solution will meet this requirement with the LEAST operational effort?

A. Write a Git pre-commit hook that runs the tests before every commit. Ensure that each developer who is working on the project has the pre-commit hook installed locally. Review the test report and resolve any issues before pushing changes to AWS CodeCommit.

B. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage after the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues.

C. Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage before the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in CodeBuild. Resolve any issues.

D. Add a new stage to the pipeline. Use Jenkins as the provider. Configure CodePipeline to use Jenkins to run the unit tests. Write a Jenkinsfile that fails the stage if any test does not pass. Use the test report plugin for Jenkins to integrate the report with the Jenkins dashboard. View the test results in Jenkins. Resolve any issues.

A developer is writing an application to encrypt files outside of AWS before uploading the files to an Amazon S3 bucket. The encryption must be symmetric and must be performed inside the application.
How can the developer implement the encryption in the application to meet these requirements?

A. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.

B. Create a Hash-Based Message Authentication Code (HMAC) key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.

C. Create a data key pair in AWS Key Management Service (AWS KMS). Use the AWS CL to encrypt the files.

D. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.

A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application.
The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices.
Which solution will meet these requirements MOST cost-effectively?

A. Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.

B. Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.

C. Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.

D. Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.

A developer is storing many objects in a single Amazon S3 bucket. The developer needs to optimize the S3 bucket for high request rates.
How should the developer store the objects to meet this requirement?

A. Store the objects by using S3 Intelligent-Tiering.

B. Store the objects at the root of the S3 bucket.

C. Store the objects by using object key names distributed across multiple prefixes.

D. Store each object with an object tag named “prefix” that contains a unique value.

A company experienced partial downtime during the last deployment of a new application. AWS Elastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a new version one batch at a time after taking them out of service. Therefore, full capacity was not maintained during deployment.
The developer plans to release a new version of the application, and is looking for a policy that will maintain full capacity and minimize the impact of the failed deployment.
Which deployment policy should the developer use?

A. Immutable

B. All at Once

C. Rolling

D. Rolling with an Additional Batch

A company’s social media application stores image files in an Amazon S3 bucket. All the images are stored in S3 Standard storage. Users access images frequently during the first week after images are uploaded. Users rarely access images that were uploaded more than 1 week ago.
The company needs a solution to reduce the application’s storage cost. Users must be able to access all images in the same amount of time, regardless of when the images were uploaded.
Which solution will meet these requirements with the LEAST amount of effort?

A. Modify the application to use S3 Intelligent-Tiering for all the images.

B. Modify the application to use S3 One Zone-Infrequent Access (S3 One Zone-IA) for all the images.

C. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Deep Archive.

D. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Flexible Retrieval.

A developer needs to deploy an application to AWS Elastic Beanstalk for a company. The application consists of a single Docker image. The company's automated continuous integration and continuous delivery (CI/CD) process builds the Docker image and pushes the image to a public Docker registry.
How should the developer deploy the application to Elastic Beanstalk?

A. Create a Dockerfile. Configure Elastic Beanstalk to build the application as a Docker image.

B. Create a docker-compose.yml file. Use the Elastic Beanstalk CLI to deploy the application.

C. Create a .zip file that contains the Docker image. Upload the .zip file to Elastic Beanstalk.

D. Create a Dockerfile. Run the Elastic Beanstalk CLI eb local run command in the same directory.

An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center, and the encryption is handled by
S3.
Which type of encryption should be used?

A. Use server-side encryption with Amazon S3-managed keys.

B. Use server-side encryption with AWS KMS-managed keys.

C. Use client-side encryption with AWS KMS-managed keys.

D. Use server-side encryption with customer-provided keys.

A developer uses a single AWS CloudFormation template to configure the test environment and the production environment for an application. The developer handles environment-specific requirements in the CloudFormation template.
The developer decides to update the Amazon EC2 Auto Scaling launch template with new Amazon Machine Images (AMIs) for each environment. The
CloudFormation update for the new AMIs is successful in the test environment, but the update fails in the production environment.
What are the possible causes of the CloudFormation update failure in the production environment? (Choose two.)

A. The new AMIs do not fulfill the specified conditions in the CloudFormation template.

B. The service quota for the number of EC2 vCPUs in the AWS Region has been exceeded.

C. The security group that is specified in the CloudFormation template does not exist.

D. CloudFormation does not recognize the template change as an update.

E. CloudFormation does not have sufficient IAM permissions to make the changes.