Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

A company is building an ecommerce application. The company stores the application ' s static content in an Amazon S3 bucket. The application stores data that includes personally identifiable information (PII). The application makes dynamic requests in JSON format through an Amazon CloudFront distribution to an Amazon API Gateway REST API. The REST API invokes an AWS Lambda function that stores and queries data in Amazon DynamoDB.

The company must ensure that all PII data is encrypted at rest in DynamoDB. The company must also protect specific data fields more granularly. The company must ensure that the specified fields are encrypted at the edge. The specified fields must remain encrypted throughout the full stack of the application.

Which solution will meet these requirements?

A.

Configure a Lambda@Edge function to identify and encrypt the sensitive fields. Associate the function with the CloudFront distribution.

B.

Create an RSA key pair. Configure the CloudFront distribution to use field-level encryption directly.

C.

Create an AWS KMS key. Update the Lambda function to encrypt the data before inserting the data into DynamoDB. Configure the function to decrypt the data after retrieval.

D.

Create a new resource on the existing REST API and add a new POST method to the new resource. Configure the POST method to invoke the Lambda function and an AWS KMS key to encrypt the sensitive data fields.

A developer is testing an AWS Lambda function by using the AWS SAM local CLI. The application that is implemented by the Lambda function makes several AWS API calls by using the AWS SDK. The developer wants to allow the function to make AWS API calls in a test AWS account from the developer’s laptop.

What should the developer do to meet these requirements?

A.

Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.

B.

Add a test profile by using the aws configure command with the --profile option. Run AWS SAM by using sam local invoke with the --profile option.

C.

Edit the template.yml file. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.

D.

Run the function by using sam local invoke. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the --parameter-overrides option.

An application runs on multiple EC2 instances behind an ELB.

Where is the session data best written so that it can be served reliably across multiple requests?

A.

Write data to Amazon ElastiCache

B.

Write data to Amazon Elastic Block Store

C.

Write data to Amazon EC2 instance Store

D.

Wide data to the root filesystem

A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed tor analysis in a nightly batch. The system analysts do not want to wait until the next day to view the processed data and have asked to have it available in near-real time.

Which application architecture pattern would enable the data to be processed as it is received?

A.

Event driven

B.

Client-server d riven

C.

Fan-out driven

D.

Schedule driven

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

A.

Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.

B.

Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.

C.

Define a role-based policy on the other accounts ' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

D.

Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

A developer has deployed an AWS Lambda function that is subscribed to an Amazon Simple Notification Service {Amazon SNS) topic. The developer must implement a solution to add a record of each Lambda function invocation to an Amazon Simple Queue Service {Amazon SQS) queue.

Which solution will meet this requirement?

A.

Configure the SQS queue as a dead-letter queue for the Lambda function.

B.

Create code that uses the AWS SDK to call the SQS SendMessage operation to add the invocation details to the SQS queue. Add the code to the end of the Lambda function.

C.

Add two asynchronous invocation destinations to the Lambda function: one destination for successful invocations and one destination for failed invocations. Configure the SQS queue as the destination for each type. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.

D.

Add a single asynchronous invocation destination to the Lambda function to capture successful invocations. Configure the SQS queue as the destination. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.

A developer creates an Amazon API Gateway REST API that has a usage plan. The REST API sits in front of an AWS Lambda function. The Lambda function calls a third-party fulfillment service that returns standard HTTP status codes. The developer enables API Gateway and Lambda logging in Amazon CloudWatch. CloudWatch metrics for API Gateway show the occurrence of 5XX errors but do not show the occurrence of 4XX errors. The Lambda execution log also states: “ERROR: Rate limit exceeded from fulfillment service.” The developer needs to resolve the errors. Which solution will meet these requirements?

A.

Increase the throttling limits in the API Gateway usage plan.

B.

Enable provisioned concurrency for the Lambda function.

C.

Increase the memory of the Lambda function.

D.

Implement exponential backoff and retry logic in the Lambda function.

A company has three AWS Lambda functions written in Node.js. The Lambda functions include a mix of custom code and open source modules. When bugs are occasionally detected in the open source modules, all three Lambda functions must be patched.

What is the MOST operationally efficient solution to deploy a patched open source library for all three Lambda functions?

A.

Create a custom AWS CloudFormation public registry extension. Reference a GitHub repository that hosts the open source modules in the extension. Configure CloudFormation to scan the repository once each day. Write an AWS SAM template to redeploy the three Lambda functions upon a scan notification change.

B.

Create an Amazon CloudFront distribution with an Amazon S3 bucket as the origin. Upload the patched modules to Amazon S3 when needed. Modify each Lambda function to download the patched modules from the CloudFront distribution during cold starts.

C.

Launch an Amazon EC2 instance. Host a private open source module registry on the EC2 instance. Upload the modified open source modules to the private registry when needed. Modify each Lambda function deployment script to download the modules from the private registry. Redeploy the three Lambda functions.

D.

Create a Lambda layer with the open source modules. Modify all three Lambda functions to use the layer. Remove the open source modules from each Lambda function. Patch the Lambda layer with the modified open source modules when needed. Update the Lambda functions to reference the new layer version.

A financial services company builds a credit card transaction processing application that uses an Amazon API Gateway HTTP API and AWS Lambda functions. The application logs all requests and request parameters to Amazon CloudWatch. The application makes the logs accessible to developer AWS accounts and a separate fraud detection AWS account by using a cross-account IAM role .

The company requires that only the fraud detection account be able to view customer credit card numbers that are associated with the transactions. Developers at the company must not be able to use the credit card numbers for testing or debugging.

The developers create the following data protection policy document snippet:

{

" Name " : " data-protection-policy " ,

" Description " : " Credit card redaction " ,

" Version " : " 2021-06-01 " ,

" Statement " : [{

" Sid " : " redact-policy " ,

" DataIdentifier " : [

" arn:aws:dataprotection::aws:data-identifier/CreditCardNumber "

],

" Operation " : {

" Deidentify " : {

" MaskConfig " : {}

}

}

}]

}

Which combination of actions must the developers take to comply with the new policy? (Select TWO.)

A.

Add an UnmaskConfig property to the Operation property of the data protection policy. Specify the role that the fraud detection account must assume.

B.

Add the logs:Unmask permission to the IAM role that the fraud detection account must assume.

C.

Add the data protection policy to the CloudWatch log group that captures logs for the HTTP API.

D.

Add the data protection policy to the CloudWatch log group in the account that hosts the application.

E.

Add the data protection policy to the IAM role that the fraud detection account must assume.

A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.

Which set of steps would be necessary to achieve this?

A.

Create an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB.

B.

Configure an S3 event to invoke an AWS Lambda function that inserts records into DynamoDB.

C.

Create an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.

D.

Create a cron job that will run at a scheduled time and insert the records into DynamoDB.

A developer at a company recently created a serverless application to process and show data from business reports. The application ' s user interface (UI) allows users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the UI.

The company ' s Ul team reports that the request to process a file is often returning timeout errors because of the see or complexity of the files. The Ul team wants the API to provide an immediate response so that the Ul can deploy a message while the files are being processed. The backend process that is invoked by the API needs to send an email message when the report processing is complete.

What should the developer do to configure the API to meet these requirements?

A.

Change the API Gateway route to add an X-Amz-Invocation-Type header win a sialic value of ' Event ' in the integration request Deploy the API Gateway stage to apply the changes.

B.

Change the configuration of the Lambda function that implements the request to process a file. Configure the maximum age of the event so that the Lambda function will ion asynchronously.

C.

Change the API Gateway timeout value to match the Lambda function ominous value. Deploy the API Gateway stage to apply the changes.

D.

Change the API Gateway route to add an X-Amz-Target header with a static value of ' A sync ' in the integration request Deploy me API Gateway stage to apply the changes.

A company is creating an AWS Step Functions state machine to run a set of tests for an application. The tests need to run when a specific AWS Cloud Formation stack is deployed.

Which combination of steps will meet these requirements? (Select TWO.)

A.

Create an AWS Lambda function to invoke the state machine.

B.

Create an Amazon EventBridge rule on the default bus that matches on a detail type of CloudFormation stack status change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.

C.

Create a pipe in Amazon EventBridge Pipes that has a source of the default event bus. Set the Lambda function as a target. Filter on a detail type of CloudFormation stack status change, a status of UPDATE_IN_PROGRESS, and the stack ID of the CloudFormation stack.

D.

Create a pipe in Amazon EventBridge Pipes that has a source of the EventBridge rule. Set the state machine as a target.

E.

Add the state machine as a target of the EventBridge rule.

A developer used the AWS SDK to create an application that aggregates and produces log records for 10 services. The application delivers data to an Amazon Kinesis Data Streams stream.

Each record contains a log message with a service name, creation timestamp, and other log information. The stream has 15 shards in provisioned capacity mode. The stream uses service name as the partition key.

The developer notices that when all the services are producing logs, ProvisionedThroughputExceededException errors occur during PutRecord requests. The stream metrics show that the write capacity the applications use is below the provisioned capacity.

A.

Change the capacity mode from provisioned to on-demand.

B.

Double the number of shards until the throttling errors stop occurring.

C.

Change the partition key from service name to creation timestamp.

D.

Use a separate Kinesis stream for each service to generate the logs.

A company runs a highly available application in multiple AWS Regions. The application requires access to a secret value that is stored in AWS Secrets Manager. The secret value must be available in all Regions where the application operates. The secret value must remain consistent across the Regions.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Configure an AWS Lambda function to copy the secret to each Region. Configure Amazon EventBridge to trigger the Lambda function to update the copies of the secret when the primary secret is updated.

B.

Configure the application in all Regions to retrieve the secret value directly from the primary Region by using the secret ' s ARN. Configure the application to cache the secret value locally.

C.

Enable replication for the secret in the primary Region. Ensure that the application can access the appropriate secret ARN in each Region where the secret is replicated.

D.

Create a new secret in each Region. Ensure that the application can access the appropriate secret ARN in each Region where the secret is replicated.

A company is migrating legacy internal applications to AWS. Leadership wants to rewrite the internal employee directory to use native AWS services. A developer needs to create a solution for storing employee contact details and high-resolution photos for use with the new application.

Which solution will enable the search and retrieval of each employee ' s individual details and high-resolution photos using AWS APIs?

A.

Encode each employee ' s contact information and photos using Base64. Store the information in an Amazon DynamoDB table using a sort key.

B.

Store each employee ' s contact information in an Amazon DynamoDB table along with the object keys for the photos stored in Amazon S3.

C.

Use Amazon Cognito user pools to implement the employee directory in a fully managed software-as-a-service (SaaS) method.

D.

Store employee contact information in an Amazon RDS DB instance with the photos stored in Amazon Elastic File System (Amazon EFS).