Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket. Which solution will meet this requirement with the LEAST application disruption?

A.

Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.

B.

Add the permission to the role so that the change will take effect automatically.

C.

Add the permission to the role. Hibernate and restart the existing EC2 instance.

D.

Add the permission to the S3 bucket. Restart the EC2 instance.

A company regularly receives route status updates from its delivery trucks as events in Amazon EventBridge. The company is building an API-based application in a VPC that will consume and process the events to create a delivery status dashboard. The API application must not be available by using public IP addresses because of security and compliance requirements.

How should the company send events from EventBridge to the API application?

A.

Create an AWS Lambda function that runs in the same VPC as the API application. Configure the function as an EventBridge target. Use the function to send events to the API.

B.

Create an internet-facing Application Load Balancer (ALB) in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the ALB as an EventBridge target.

C.

Create an internet-facing Network Load Balancer (NLB) in front of the API application. Associate a security group with rules that block access from all external sources except for EventBridge. Configure the NLB as an EventBridge target.

D.

Use the application API endpoint in the VPC as a target for EventBridge. Send events directly to the application API endpoint from EventBridge.

A developer has written a distributed application that uses micro services. The microservices are running on Amazon EC2 instances. Because of message volume, the developer is unable to match log output from each microservice to a specific transaction. The developer needs to analyze the message flow to debug the application.

Which combination of steps should the developer take to meet this requirement? (Select TWO.)

A.

Download the AWS X-Ray daemon. Install the daemon on an EC2 instance. Ensure that the EC2 instance allows UDP traffic on port 2000.

B.

Configure an interface VPC endpoint to allow traffic to reach the global AWS X-Ray daemon on TCP port 2000.

C.

Enable AWS X-Ray. Configure Amazon CloudWatch to push logs to X-Ray.

D.

Add the AWS X-Ray software development kit (SDK) to the microservices. Use X-Ray to trace requests that each microservice makes.

E.

Set up Amazon CloudWatch metric streams to collect streaming data from the microservices.

A developer is building an application on AWS. The application has an Amazon API Gateway API that sends requests to an AWS Lambda function. The API is experiencing increased latency because the Lambda function has limited available CPU to fulfill the requests.

Before the developer deploys the API into production, the developer must configure the Lambda function to have more CPU.

Which solution will meet this requirement?

A.

Increase the virtual CPU (vCPU) cores quota of the Lambda function.

B.

Increase the amount of memory that is allocated to the Lambda function.

C.

Increase the ephemeral storage size of the Lambda function.

D.

Increase the timeout value of the Lambda function.

A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS KMS keys, which can be rotated on demand.

Which combination of steps will meet these requirements? (Select TWO.)

A.

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.

B.

Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key

C.

Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.

D.

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.

E.

Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.

A company has a web application that is hosted on Amazon EC2 instances The EC2 instances are configured to stream logs to Amazon CloudWatch Logs The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification when the number of application error messages exceeds a defined threshold within a 5-minute period

Which solution will meet these requirements?

A.

Rewrite the application code to stream application logs to Amazon SNS Configure an SNS topic to send a notification when the number of errors exceeds the defined threshold within a 5-minute period

B.

Configure a subscription filter on the CloudWatch Logs log group. Configure the filter to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

C.

Install and configure the Amazon Inspector agent on the EC2 instances to monitor for errors Configure Amazon Inspector to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period

D.

Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

A company uses more than 100 AWS Lambda functions to handle application services. One Lambda function is critical and must always run successfully. The company notices that occasionally, the critical Lambda function does not initiate. The company investigates the issue and discovers instances of the Lambda TooManyRequestsException: Rate Exceeded error in Amazon CloudWatch logs. Upon further review of the logs, the company notices that some of the non-critical functions run properly while the critical function fails. A developer must resolve the errors and ensure that the critical Lambda function runs successfully. Which solution will meet these requirements with the LEAST operational overhead?

A.

Configure reserved concurrency for the critical Lambda function. Set reserved concurrent executions to the appropriate level.

B.

Configure provisioned concurrency for the critical Lambda function. Set provisioned concurrent executions to the appropriate level.

C.

Configure CloudWatch alarms for TooManyRequestsException errors. Add the critical Lambda function as an alarm state change action to invoke the critical function again after a failure.

D.

Configure CloudWatch alarms for TooManyRequestsException errors. Add Amazon EventBridge as an action for the alarm state change. Use EventBridge to invoke the critical function again after a failure.

A developer is creating an application that uses an Amazon DynamoDB table. The developer needs to develop code that reads all records that were added to the table during the previous day. creates HTML reports, and pushes the reports into third-party storage. The item size varies from 1 KB to 4 KB, and the index structure is defined with the date. The developer needs to minimize the read capacity that the application requires from the DynamoDB table.

Which DynamoDB API operation should the developer use in the code to meet these requirements?

A.

Query

B.

Scan

C.

BatchGetltem

D.

Getltem

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS KMS key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

A.

Define a resource-based policy on the S3 bucket to deny access when a request meets the condition " aws:SecureTransport " : " false " .

B.

Define a resource-based policy on the S3 bucket to allow access when a request meets the condition " aws:SecureTransport " : " false " .

C.

Define a role-based policy on the other accounts ' roles to deny access when a request meets the condition " aws:SecureTransport " : " false " .

D.

Define a resource-based policy on the KMS key to deny access when a request meets the condition " aws:SecureTransport " : " false " .

A developer created an AWS Lambda function that performs a series of operations that involve multiple AWS services. The function ' s duration time is higher than normal. To determine the cause of the issue, the developer must investigate traffic between the services without changing the function code

Which solution will meet these requirements?

A.

Enable AWS X-Ray active tracing in the Lambda function Review the logs in X-Ray

B.

Configure AWS CloudTrail View the trail logs that are associated with the Lambda function.

C.

Review the AWS Config logs in Amazon Cloud Watch.

D.

Review the Amazon CloudWatch logs that are associated with the Lambda function.

A developer supports an application that accesses data in an Amazon DynamoDB table. One of the item attributes is expirationDate in the timestamp format. The application uses this attribute to find items, archive them, and remove them from the table based on the timestamp value

The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.

Which solution will meet these requirements?

A.

Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda function.

B.

Create two AWS Lambda functions one to delete the items and one to process the items Create a DynamoDB stream Use the Deleteltem API operation to delete the items based on the expirationDate attribute Use the GetRecords API operation to get the items from the DynamoDB stream and process them

C.

Create two AWS Lambda functions, one to delete the items and one to process the items. Create an Amazon EventBndge scheduled rule to invoke the Lambda Functions Use the Deleteltem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB table and process them.

D.

Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue Service (Amazon SQS > dead-letter queue as the target to delete the items Create an AWS Lambda function to process the items

A company operates a web-based loan processing application. The application ' s UI is implemented in JavaScript. The frontend transmits application data securely by using HTTPS to Amazon API Gateway, which invokes an AWS Lambda function in private subnets. The Lambda function interacts with third-party credit check APIs that require persistent API keys. The company enforces strict policies to ensure that personally identifiable information (PII) and sensitive credentials are never exposed in client code, request paths, headers, or logs. The company needs a solution to manage the API keys that the Lambda function must use. Which solution will meet this requirement in the MOST secure way?

A.

Store the API keys as encrypted environment variables by using an AWS KMS key. Configure the execution role of the Lambda function to have permissions to securely decrypt the environment variables at runtime.

B.

Pass the API keys to the Lambda function by including the keys as URL query parameters in each HTTPS request. Rely on TLS for encryption of the payload and response. Use API Gateway logging controls to manage what query parameters are logged.

C.

Bundle the API keys inside the minified client-side JavaScript. Configure the web application to call the Lambda function by using an API Gateway HTTP API, cross-origin resource sharing (CORS) restrictions, domain allowlists, and frequent rotation.

D.

Store the API keys as resource metadata tags on the Lambda function. Configure the Lambda function to read its own tags at startup by using the AWS SDK. Use IAM conditions to control access to the keys when the function retrieves the tags.

An application adds a processing date to each transaction that it receives. The application writes each transaction to an Amazon DynamoDB table by using the PutItem operation. Each transaction has a unique ID (transactionID). Sometimes the application receives transactions more than once. A developer notices that duplicate transactions in DynamoDB have the latest processing date instead of the date when the transaction was first received. Duplicate records happen infrequently, and most transactions are unique. What is the MOST cost-effective solution that the developer can implement to ensure that PutItem does not update an existing record?

A.

Call the GetItem operation first to confirm that the record does not exist. Then call PutItem.

B.

Enable the TTL attribute on the DynamoDB table.

C.

Implement a conditional put by using the attribute_exists(transactionID) condition expression.

D.

Implement a conditional put by using the attribute_not_exists(transactionID) condition expression.

A developer is implementing a serverless application by using AWS CloudFormation to provision Amazon S3 web hosting. Amazon API Gateway, and AWS Lambda functions. The Lambda function source code is zipped and uploaded to an S3 bucket. The S3 object key of the zipped source code is specified in the Lambda resource in the CloudFormation template.

The developer notices that there are no changes in the Lambda function every time the CloudFormation stack is updated.

How can the developer resolve this issue?

A.

Create a new Lambda function alias before updating the CloudFormation stack.

B.

Change the S3 object key or the S3 version in the CloudFormation template before updating the CloudFormation stack.

C.

Upload the zipped source code to another S3 bucket before updating the CloudFormation stack.

D.

Associate a code signing configuration with the Lambda function before updating the CloudFormation stack.

A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3.000 MB file is uploaded, the Lambda function does not launch.

Which of the following Is a possible reason for the Lambda function ' s inability to launch?

A.

The S3 event notification does not activate for files that are larger than 1.000 MB.

B.

The resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3.

C.

Lambda functions cannot be invoked directly from an S3 event.

D.

The S3 bucket needs to be made public.