Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

A developer maintains a serverless application that uses AWS Lambda to process financial transaction files that have been uploaded to an Amazon S3 bucket. The developer has scheduled a Lambda function to run once each hour to process the files.

Over time, the frequency of file uploads to the S3 bucket increases. The increasing number of file uploads occasionally causes the Lambda function to exceed its 15-minute execution timeout.

The developer needs to modify the application ' s architecture to handle increased file uploads and decrease file processing time. The developer must also ensure that the application does not duplicate the processing of files.

Which solution will meet these requirements?

A.

Configure Amazon S3 events to invoke the Lambda function when each file is uploaded. Log processed transaction IDs to Amazon DynamoDB.

B.

Move the application logic to a single Amazon EC2 instance to handle processing more effectively.

C.

Use Amazon EventBridge Scheduler to run the Lambda function every 5 minutes to scan the S3 bucket.

D.

Poll the Amazon S3 bucket continuously by using the Lambda function and each object ' s LastModified timestamp.

A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon

Elastic Block Store (Amazon EBS) volumes for storing data. The Amazon EBS volumes will be created at time of initial deployment. The

application will process sensitive information. All of the data must be encrypted. The solution should not impact the application ' s performance.

Which solution will meet these requirements?

A.

Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.

B.

Configure the application to write all data to an encrypted Amazon S3 bucket.

C.

Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.

D.

Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.

A company runs an application that currently uploads content to an unencrypted Amazon S3 bucket. The S3 bucket contains millions of objects that total more than 2 TB in size. A new company policy requires all data to be encrypted. The company creates an AWS KMS key to use for encryption.

Which solution will meet this requirement MOST cost-effectively?

A.

Modify the properties of the S3 bucket. Enable default encryption, select SSE-KMS, and specify the Amazon Resource Name (ARN) of the provided KMS key.

B.

Create an S3 bucket policy that denies any PutObject requests that do not include the x-amz-server-side-encryption header that specifies the Amazon Resource Name (ARN) of the provided KMS key. Apply this policy to the bucket.

C.

Configure an Amazon S3 Batch Operations job. Choose the source bucket that contains the unencrypted objects. Select the COPY operation. Specify the source bucket as the destination. In the copy operation parameters, specify the Amazon Resource Name (ARN) of the provided KMS key.

D.

Develop a script by using the AWS SDK. Configure the script to iterate through all objects in the bucket and download each object locally. Ensure that the script then re-uploads each object to the same object key name and specifies server-side encryption with the KMS key during the re-upload.

Given the source code for an AWS Lambda function in the local file store.py containing a handler function called getstore and the following AWS CloudFormation template:

Transform: AWS::Serverless-2016-10-31

Resources:

StoreFunc:

Type: AWS::Serverless::Function

Properties:

Handler: store.getstore

Runtime: python3.13

What should be done to prepare the template so that it can be deployed using the AWS CLI command aws cloudformation deploy?

A.

Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.

B.

Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template.

C.

Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting .zip archive.

D.

Use aws serverless create-package to embed the source file directly into the existing CloudFormation template.

A developer is making changes to a custom application that uses AWS Elastic Beanstalk.

Which solutions will update the Elastic Beanstalk environment with the new application version after the developer completes the changes? (Select TWO.)

A.

Package the application code into a .zip file. Use the AWS Management Console to upload the .zip file and deploy the packaged application.

B.

Package the application code into a .tar file. Use the AWS Management Console to create a new application version from the .tar file. Update the environment by using the AWS CLI.

C.

Package the application code into a .tar file. Use the AWS Management Console to upload the .tar file and deploy the packaged application.

D.

Package the application code into a .zip file. Use the AWS CLI to create a new application version from the .zip file and to update the environment.

E.

Package the application code into a .zip file. Use the AWS Management Console to create a new application version from the .zip file. Rebuild the environment by using the AWS CLI.

A company hosts a stateless web application with low data storage in a single AWS Region. The company wants to increase the resiliency of the application to include a multi-Region presence. The company wants to set the recovery time objective (RTO) and recovery point objective (RPO) to hours. The company needs a low-cost and low-complexity disaster recovery (DR) strategy.

Which DR strategy should the company use?

A.

Warm standby

B.

Pilot light

C.

Backup and restore

D.

Multi-site active-active

A company has an ecommerce application. To track product reviews, the company ' s development team uses an Amazon DynamoDB table.

Every record includes the following

• A Review ID a 16-digrt universally unique identifier (UUID)

• A Product ID and User ID 16 digit UUlDs that reference other tables

• A Product Rating on a scale of 1-5

• An optional comment from the user

The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query " ?

A.

A global secondary index (GSl) with Product ID as the partition key and Product Rating as the sort key

B.

A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort key

C.

A local secondary index (LSI) with Product ID as the partition key and Product Rating as the sort key

D.

A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

A company wants to ensure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource. The company must not modify the existing Admin group policy .

What should a developer use to meet these requirements?

A.

AWS managed policy

B.

Inline policy

C.

IAM trust relationship

D.

AWS STS

A developer is writing a web application that will run on AWS Lambda. The application will give users the ability to log in to view private documents. All pages in the application must be designed to match the company ' s branding.

How can the developer host the sign-in pages with the LEAST amount of custom code?

A.

Upload files for the sign-in pages with the required branding to an Amazon S3 bucket. Configure static website hosting for the S3 bucket.

B.

Create a Lambda function to serve the sign-in pages with the required branding. Configure Amazon API Gateway to route traffic to the function.

C.

Create a Lambda@Edge function to serve the sign-in pages with the required branding. Configure Amazon CloudFront to invoke the function in response to user requests.

D.

Configure an Amazon Cognito user pool with an Amazon Cognito hosted UI for the sign-in pages. Customize the pages with the required branding.

A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning. In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.

How can the developer accomplish this?

A.

Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

B.

Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for CloudWatch.

C.

Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D.

Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.

Which solution will meet these requirements?

A.

Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

B.

Create an Amazon ElastiCache for Memcached instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

C.

Create an Amazon RDS for MySQL read replica. Connect to the read replica by using SSL. Configure the read replica to store frequently accessed data.

D.

Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table. Store frequently accessed data in the DynamoDB table.

A company is building a content authoring application. The application has multiple user groups, such as content creator, reviewer, approver, and administrator. The company needs to assign users fine-grained permissions for specific parts of the application.

The company needs a solution to configure, maintain, and analyze user permissions. The company wants a solution that can be easily adapted to work with newer applications in the future. The company must use a third-party OpenID Connect (OIDC) identity provider (IdP) to authenticate users.

A.

Configure an Amazon Cognito identity pool for the application. Use the identity pool identities within the application to manage user permissions.

B.

Configure the application to check user permissions upon request. Configure the application logic to manage user permissions.

C.

Use Amazon Verified Permissions to set up user permissions. Integrate Verified Permissions with a third-party IdP. Configure the application to request authorization decisions from Verified Permissions.

D.

Set up an IAM role for each user group. Assign users appropriate IAM roles. Configure the application to determine appropriate permissions for each user based on the user ' s IAM role.

A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).

Which solution will meet this requirement?

A.

Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.

B.

Set the x-amz-server-side-encryption header when invoking the PutObject API operation.

C.

Provide the encryption key in the HTTP header of every request.

D.

Apply TLS to encrypt the traffic to the S3 bucket.

A developer is working on an ecommerce application that stores data in an Amazon RDS for MySQL cluster The developer needs to implement a caching layer for the application to retrieve information about the most viewed products.

Which solution will meet these requirements?

A.

Edit the RDS for MySQL cluster by adding a cache node. Configure the cache endpoint instead of the duster endpoint in the application.

B.

Create an Amazon ElastiCache (Redis OSS) cluster. Update the application code to use the ElastiCache (Redis OSS) cluster endpoint.

C.

Create an Amazon DynamoDB Accelerator (DAX) cluster in front of the RDS for MySQL cluster. Configure the application to connect to the DAX endpoint instead of the RDS endpoint.

D.

Configure the RDS for MySQL cluster to add a standby instance in a different Availability Zone. Configure the application to read the data from the standby instance.

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

A.

Attach the existing 1AM policy to the Lambda function.

B.

Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function

C.

Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.

D.

Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function