A company is building an ecommerce application. The company stores the application ' s static content in an Amazon S3 bucket. The application stores data that includes personally identifiable information (PII). The application makes dynamic requests in JSON format through an Amazon CloudFront distribution to an Amazon API Gateway REST API. The REST API invokes an AWS Lambda function that stores and queries data in Amazon DynamoDB.
The company must ensure that all PII data is encrypted at rest in DynamoDB. The company must also protect specific data fields more granularly. The company must ensure that the specified fields are encrypted at the edge. The specified fields must remain encrypted throughout the full stack of the application.
Which solution will meet these requirements?
A developer is testing an AWS Lambda function by using the AWS SAM local CLI. The application that is implemented by the Lambda function makes several AWS API calls by using the AWS SDK. The developer wants to allow the function to make AWS API calls in a test AWS account from the developer’s laptop.
What should the developer do to meet these requirements?
An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?
A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed tor analysis in a nightly batch. The system analysts do not want to wait until the next day to view the processed data and have asked to have it available in near-real time.
Which application architecture pattern would enable the data to be processed as it is received?
A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?
A developer has deployed an AWS Lambda function that is subscribed to an Amazon Simple Notification Service {Amazon SNS) topic. The developer must implement a solution to add a record of each Lambda function invocation to an Amazon Simple Queue Service {Amazon SQS) queue.
Which solution will meet this requirement?
A developer creates an Amazon API Gateway REST API that has a usage plan. The REST API sits in front of an AWS Lambda function. The Lambda function calls a third-party fulfillment service that returns standard HTTP status codes. The developer enables API Gateway and Lambda logging in Amazon CloudWatch. CloudWatch metrics for API Gateway show the occurrence of 5XX errors but do not show the occurrence of 4XX errors. The Lambda execution log also states: “ERROR: Rate limit exceeded from fulfillment service.” The developer needs to resolve the errors. Which solution will meet these requirements?
A company has three AWS Lambda functions written in Node.js. The Lambda functions include a mix of custom code and open source modules. When bugs are occasionally detected in the open source modules, all three Lambda functions must be patched.
What is the MOST operationally efficient solution to deploy a patched open source library for all three Lambda functions?
A financial services company builds a credit card transaction processing application that uses an Amazon API Gateway HTTP API and AWS Lambda functions. The application logs all requests and request parameters to Amazon CloudWatch. The application makes the logs accessible to developer AWS accounts and a separate fraud detection AWS account by using a cross-account IAM role .
The company requires that only the fraud detection account be able to view customer credit card numbers that are associated with the transactions. Developers at the company must not be able to use the credit card numbers for testing or debugging.
The developers create the following data protection policy document snippet:
{
" Name " : " data-protection-policy " ,
" Description " : " Credit card redaction " ,
" Version " : " 2021-06-01 " ,
" Statement " : [{
" Sid " : " redact-policy " ,
" DataIdentifier " : [
" arn:aws:dataprotection::aws:data-identifier/CreditCardNumber "
],
" Operation " : {
" Deidentify " : {
" MaskConfig " : {}
}
}
}]
}
Which combination of actions must the developers take to comply with the new policy? (Select TWO.)
A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?
A developer at a company recently created a serverless application to process and show data from business reports. The application ' s user interface (UI) allows users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the UI.
The company ' s Ul team reports that the request to process a file is often returning timeout errors because of the see or complexity of the files. The Ul team wants the API to provide an immediate response so that the Ul can deploy a message while the files are being processed. The backend process that is invoked by the API needs to send an email message when the report processing is complete.
What should the developer do to configure the API to meet these requirements?
A company is creating an AWS Step Functions state machine to run a set of tests for an application. The tests need to run when a specific AWS Cloud Formation stack is deployed.
Which combination of steps will meet these requirements? (Select TWO.)
A developer used the AWS SDK to create an application that aggregates and produces log records for 10 services. The application delivers data to an Amazon Kinesis Data Streams stream.
Each record contains a log message with a service name, creation timestamp, and other log information. The stream has 15 shards in provisioned capacity mode. The stream uses service name as the partition key.
The developer notices that when all the services are producing logs, ProvisionedThroughputExceededException errors occur during PutRecord requests. The stream metrics show that the write capacity the applications use is below the provisioned capacity.
A company runs a highly available application in multiple AWS Regions. The application requires access to a secret value that is stored in AWS Secrets Manager. The secret value must be available in all Regions where the application operates. The secret value must remain consistent across the Regions.
Which solution will meet these requirements with the LEAST operational overhead?
A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.
Which solution will enable the search and retrieval of each employee ' s individual details and high-resolution photos using AWS APIs?