Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

A developer deployed an application to an Amazon EC2 instance The application needs to know the public IPv4 address of the instance

How can the application find this information?

A.

Query the instance metadata from http./M69.254.169.254. latestmeta-data/.

B.

Query the instance user data from http ' 169 254.169 254. latest/user-data/

C.

Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/meta-data/ami/.

D.

Check the hosts file of the operating system

A developer creates an AWS Lambda function to publish messages to an Amazon SNS topic. All message content must be encrypted in transit and at rest between AWS Lambda and Amazon SNS.

A portion of the Lambda execution role policy is shown:

" Effect " : " Allow " ,

" Action " : " sns:Publish " ,

" Resource " : " arn:aws:sns:us-east-1:1234567890:secure-topic "

Which combination of steps should the developer take to meet these requirements? (Select TWO.)

A.

Enable server-side encryption on the SNS topic.

B.

Add a Deny statement to the Lambda execution role with a condition of " aws:SecureTransport " : " true " .

C.

Create a VPC endpoint for Amazon SNS.

D.

Add a StringEquals condition of " sns:Protocol " : " https " to the Lambda execution role.

E.

Add a Deny statement to the Lambda execution role with a condition of " aws:SecureTransport " : " false " .

A developer has implemented an AWS Lambda function that inserts new customers into an Amazon RDS database. The function is expected to run hundreds of times each hour. The function and RDS database are in the same VPC. The function is configured to use 512 MB of RAM and is based on the following pseudocode:

def lambda_handler(event, context):

db = database.connect()

db.statement( " INSERT INTO Customers (CustomerName) VALUES (%s) " , event.name)

db.execute()

db.close()

After successfully testing the function multiple times, the developer notices that the execution time is longer than expected.

What should the developer do to improve performance?

A.

Increase the reserved concurrency of the Lambda function.

B.

Increase the size of the RDS database to facilitate an increased number of database connections each hour.

C.

Move the database connection and close statement out of the handler. Place the connection in the global space.

D.

Replace Amazon RDS with Amazon DynamoDB to implement control over the number of writes per second.

A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.

The developer needs to implement a solution to support the following use cases:

For a given title and release year, get all details about the movie that has that title and release year.

For a given title, get all details about all movies that have that title.

For a given genre, get all details about all movies in that genre.

Which data store configuration will meet these requirements?

A.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

B.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

C.

On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

D.

On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

A company needs to distribute firmware updates to its customers around the world.

Which service will allow easy and secure control of the access to the downloads at the lowest cost?

A.

Use Amazon CloudFront with signed URLs for Amazon S3.

B.

Create a dedicated Amazon CloudFront Distribution for each customer.

C.

Use Amazon CloudFront with AWS Lambda@Edge.

D.

Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.

A company has a serverless application that uses Amazon API Gateway and AWS Lambda functions to expose a RESTful API. The company uses a continuous integration and continuous delivery (CI/CD) workflow to deploy the application to multiple environments. The company wants to implement automated integration tests after deployment.

A developer needs to set up the necessary infrastructure and processes to automate the deployment and integration tests for the serverless application.

A.

Configure API Gateway stages to represent each application environment. Use AWS SAM templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

B.

Configure API Gateway stages to represent each application environment. Use AWS CloudFormation to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

C.

Use AWS CodePipeline to create a CI/CD pipeline. Configure API Gateway stages to represent each application environment. Use AWS CloudFormation templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

D.

Use AWS CloudFormation to create and deploy the application infrastructure in each application environment. Use the AWS CLI to invoke Lambda functions to perform deployment tests after each deployment.

A company has multiple Amazon VPC endpoints in the same VPC. A developer needs configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.

Which solution will meet these requirements?

A.

Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws SourceVpce value in the StringNotEquals condition.

B.

Create a single S3 bucket policy that has the aws SourceVpc value and in the StingNotEquals condition to use VPC ID.

C.

Create a single S3 bucket policy that the multiple aws SourceVpce value and in the SringNotEquals condton to use vpce.

D.

Create a single S3 bucket policy that has multiple aws sourceVpce value in the StingNotEquale condition. Repeat for all the VPC endpoint IDs.

A developer is building an application that needs to store an API key. An AWS Lambda function needs to use the API key. The developer ' s company requires secrets to be encrypted at rest by an AWS KMS key. The company must control key rotation.

Which solutions will meet these requirements? (Select TWO.)

A.

Store the API key as an AWS Secrets Manager secret. Encrypt the secret with an AWS managed KMS key.

B.

Store the API key as an AWS Systems Manager Parameter Store String parameter.

C.

Store the API key as an AWS Systems Manager Parameter Store SecureString parameter. Encrypt the parameter with a customer managed KMS key.

D.

Store the API key in a Lambda environment variable. Encrypt the environment variable with an AWS managed KMS key.

E.

Store the API key in a Lambda environment variable. Encrypt the environment variable with a customer managed KMS key.

A company uses two AWS accounts: production and development. The company stores data in an Amazon S3 bucket that is in the production account. The data is encrypted with an AWS KMS customer managed key. The company plans to copy the data to another S3 bucket that is in the development account.

A developer needs to use a KMS key to encrypt the data in the S3 bucket that is in the development account. The KMS key in the development account must be accessible from the production account.

Which solution will meet these requirements?

A.

Replicate the customer managed KMS key from the production account to the development account. Specify the production account in the key policy.

B.

Create a new customer managed KMS key in the development account. Specify the production account in the key policy.

C.

Create a new AWS managed KMS key for Amazon S3 in the development account. Specify the production account in the key policy.

D.

Replicate the default AWS managed KMS key for Amazon S3 from the production account to the development account. Specify the production account in the key policy.

A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud based applications has hundreds of AWS Lambda functions that pull date from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambdas deployment bundle.

After 3 months of development the root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing and production environment. Each environment is managed in a separate AWS account.

When combination of steps Would the developer take to meet these environments MOST cost-effectively? (Select TWO)

A.

Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret

B.

Store the Root CA Cert as a Secure Sting parameter in aws Systems Manager Parameter Store Create a resource-based policy. Add IAM users to allow access to the policy.

C.

Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy to allow access to the bucket.

D.

Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location. Modify the runtime trust store inside the Lambda function handler.

E.

Refactor the Lambda code to load the Root CA Cert from the Root CA Cert ' s location. Modify the runtime trust store outside the Lambda function handler.

A company is developing a set of AWS Lambda functions to process data. The Lambda functions need to use a common third-party library as a dependency. The library is frequently updated with new features and bug fixes. The company wants to ensure that the Lambda functions always use the latest version of the library.

Which solution will meet these requirements in the MOST operationally efficient way?

A.

Store the dependency and the function code in an Amazon S3 bucket.

B.

Create a Lambda layer that includes the library. Attach the layer to each Lambda function.

C.

Install the dependency in an Amazon EFS file system. Attach the file system to each Lambda function.

D.

Create a new Lambda function to load the library. Configure the existing Lambda functions to invoke the new Lambda function when the existing functions need to use the library.

A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda function is configured in VPC mode and needs to connect to an existing Amazon RDS for SOL Server DB instance. The DB instance is deployed in a private subnet and accepts connections by using port 1433.

When the developer tests the function, the function reports an error when it tries to connect to the database.

Which combination of steps should the developer take to diagnose this issue? (Select TWO.)

A.

Check that the function ' s security group has outbound access on port 1433 to the DB instance ' s security group. Check that the DB instance ' s security group has inbound access on port 1433 from the function ' s security group.

B.

Check that the function ' s security group has Inbound access on port 1433 from the DB Instance ' s security group. Check that the DB instance ' s security group has outbound access on port 1433 to the function ' s security group.

C.

Check that the VPC is set up for a NAT gateway. Check that the DB instance has the public access option turned on.

D.

Check that the function ' s execution role permissions include rds:DescribeDBInstances, rds: ModifyDB Instance, and rds:DescribeDBSecurityGroups for the DB instance.

E.

Check that the function ' s execution rote permissions include ec2: CreateNetworklnterface. ec2: DescribeNetworklnterfaces. and ec2: DeleteNetworklnterface.

A company built an online event platform For each event the company organizes quizzes and generates leaderboards that are based on the quiz scores. The company stores the leaderboard data in Amazon DynamoDB and retains the data for 30 days after an event is complete The company then uses a scheduled job to delete the old leaderboard data

The DynamoDB table is configured with a fixed write capacity. During the months when many events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.

A developer must create a long-term solution that deletes the old leaderboard data and optimizes write throughput

Which solution meets these requirements?

A.

Configure a TTL attribute for the leaderboard data

B.

Use DynamoDB Streams to schedule and delete the leaderboard data

C.

Use AWS Step Functions to schedule and delete the leaderboard data.

D.

Set a higher write capacity when the scheduled delete job runs

A developer creates an Amazon S3 bucket to store project status files that are uploaded hourly. The developer also creates an AWS Lambda function that will be used to process the project status files. What should the developer do to invoke the function with the LEAST amount of AWS infrastructure?

A.

Create an Amazon EventBridge rule to invoke the function every 5 minutes and scan for new objects.

B.

Create an S3 event notification to invoke the function when a new object is created in the S3 bucket.

C.

Create an S3 event notification that publishes a message to an Amazon SNS topic. Subscribe the function to the SNS topic.

D.

Create an S3 event notification that adds a message to an Amazon SQS queue. Configure the function to poll the queue.

A social media application is experiencing high volumes of new user requests after a recent marketing campaign. The application is served by an Amazon RDS for MySQL instance. A solutions architect examines the database performance and notices high CPU usage and many " too many connections " errors that lead to failed requests on the database. The solutions architect needs to address the failed requests.

Which solution will meet this requirement?

A.

Deploy an Amazon DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster.

B.

Deploy an RDS Proxy. Configure the application to use the RDS Proxy.

C.

Migrate the database to an Amazon RDS for PostgreSQL instance.

D.

Deploy an Amazon ElastiCache (Redis OSS) cluster. Configure the application to use the ElastiCache cluster.