A developer needs to give a new application the ability to retrieve configuration data.
The application must be able to retrieve new configuration data values without the
need to redeploy the application code. If the application becomes unhealthy because
of a bad configuration change, the developer must be able to automatically revert
the configuration change to the previous value.
A. Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule that has remediation actions to track changes in the application and to roll back any bad configuration changes.
B. Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule. Attach a custom AWS Systems Manager document to the rule that automatically rolls back any bad configuration changes.
C. Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up an alarm to automatically roll back any bad configuration changes.
D. Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up CloudWatch Application Signals to roll back any bad configuration changes.
A developer is configuring an applications deployment environment in AWS CodePipeine. The application code is stored in a GitHub repository. The developer wants to ensure that the repository package's unit tests run in the new deployment environment. The deployment has already set the pipeline's source provider to GitHub and has specified the repository and branch to use in the deployment. When combination of steps should the developer take next to meet these requirements with the least the LEAST overhead' (Select TWO).
A. Create an AWS CodeCommt project. Add the repository package's build and test commands to the protects buildspec
B. Create an AWS CodeBuid project. Add the repository package's build and test commands to the projects buildspec
C. Create an AWS CodeDeploy protect. Add the repository package's build and test commands to the project's buildspec
D. Add an action to the source stage. Specify the newly created project as the action provider. Specify the build attract as the actions input artifact.
E. Add a new stage to the pipeline alter the source stage. Add an action to the new stage. Speedy the newly created protect as the action provider. Specify the source artifact as the action's input artifact.
Explanation: This solution will ensure that the repository package’s unit tests run in the new deployment environment with the least overhead because it uses AWS CodeBuild to build and test the code in a fully managed service, and AWS CodePipeline to orchestrate the deployment stages and actions. Option A is not optimal because it will use AWS CodeCommit instead of AWS CodeBuild, which is a source control service, not a build and test service. Option C is not optimal because it will use AWS CodeDeploy instead of AWS CodeBuild, which is a deployment service, not a build and test service. Option D is not optimal because it will add an action to the source stage instead of creating a new stage, which will not follow the best practice of separating different deployment phases.
A developer needs to set up an API to provide access to an application and its resources. The developer has a TLS certificate. The developer must have the ability to change the default base URL of the API to a custom domain name. The API users are distributed globally. The solution must minimize API latency.
A. Create an Amazon CloudFront distribution that uses an AWS Lambda@Edge function to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.
B. Create an Amazon API Gateway REST API. Use the private endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.
C. Create an Amazon API Gateway REST API. Use the edge-optimized endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.
D. Create an Amazon CloudFront distribution that uses CloudFront Functions to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.
A developer is building an application that processes a stream of user-supplied data. The data stream must be consumed by multiple Amazon EC2 based processing applications in parallel and in real time. Each processor must be able to resume without losing data if there is a service interruption. The application architect plans to add other processors in the near future, and wants to minimize the amount of data duplication involved. Which solution will satisfy these requirements?
A. Publish the data to Amazon Simple Queue Service (Amazon SQS).
B. Publish the data to Amazon Data Firehose.
C. Publish the data to Amazon EventBridge.
D. Publish the data to Amazon Kinesis Data Streams.
A developer warns to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes before the API is deployed to the production environment. For the lest the developer will send test requests to the API through a testing tool. Which solution will meet these requirements with the LEAST operational overhead?
A. Export the existing API to an OpenAPI file. Create a new API Import the OpenAPI file Modify the new API to add request validation. Perform the tests Modify the existing API to add request validation. Deploy the existing API to production.
B. Modify the existing API to add request validation. Deploy the updated API to a new API Gateway stage Perform the tests Deploy the updated API to the API Gateway production stage.
C. Create a new API Add the necessary resources and methods including new request validation. Perform the tests Modify the existing API to add request validation. Deploy the existing API to production.
D. Clone the exiting API Modify the new API lo add request validation. Perform the tests Modify the existing API to add request validation Deploy the existing API to production.
Explanation: This solution allows the developer to test the changes without affecting the production environment. Cloning an API creates a copy of the API definition that can be modified independently. The developer can then add request validation to the new API and test itusing a testing tool. After verifying that the changes work as expected, the developer can apply the same changes to the existing API and deploy it to production.
A developer is creating an AWS Lambda function that searches for Items from an Amazon
DynamoDQ table that contains customer contact information. The DynamoDB table items
have the customers as the partition and additional properties such as customer -type,
name, and job_title.
The Lambda function runs whenever a user types a new character into the customer_type
text Input. The developer wants to search to return partial matches of alltne email_address
property of a particular customer type. The developer does not want to recreate the
DynamoDB table.
What should the developer do to meet these requirements?
A. Add a global secondary index (GSI) to the DynamoDB table with customer-type input, as the partition key and email_address as the sort key. Perform a query operation on the GSI by using the begins with key condition expression with the email_address property.
B. Add a global secondary index (GSI) to the DynamoDB table with email_address as the partition key and customer_type as the sort key. Perform a query operation on the GSI by using the begine_with key condition expresses with the email. Address property.
C. Add a local secondary index (LSI) to the DynemoOB table with customer_type as the partition Key and email_address as the sort Key. Perform a quick operation on the LSI by using the begine_with Key condition expression with the email-address property.
D. Add a local secondary index (LSI) to the DynamoDB table with job-title as the partition key and email_address as the sort key. Perform a query operation on the LSI by using the begins_with key condition expression with the email_address property.
Explanation: The solution that will meet the requirements is to add a global secondary index (GSI) to the DynamoDB table with customer_type as the partition key and email_address as the sort key. Perform a query operation on the GSI by using the begins_with key condition expression with the email_address property. This way, the developer can search for partial matches of the email_address property of a particular customer type without recreating the DynamoDB table. The other options either involve using a local secondary index (LSI), which requires recreating the table, or using a different partition key, which does not allow filtering by customer_type.
A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which AWS service or tool should the developer use to define serverless resources in YAML?
A. CloudFormation serverless intrinsic functions
B. AWS Elastic Beanstalk
C. AWS Serverless Application Model (AWS SAM)
D. AWS Cloud Development Kit (AWS CDK)
Explanation: AWS Serverless Application Model (AWS SAM) is an open-source framework that enables developers to build and deploy serverless applications on AWS. AWS SAM uses a template specification that extends AWS CloudFormation to simplify the definition of serverless resources such as API Gateway, DynamoDB, and Lambda. The developer can use AWS SAM to define serverless resources in YAML and deploy them using the AWS SAM CLI.
A company has an application that uses an AWS Lambda function to process customer orders. The company notices that the application processes some orders more than once. A developer needs to update the application to prevent duplicate processing. Which solution will meet this requirement with the LEAST implementation effort?
A. Implement a de-duplication mechanism that uses Amazon DynamoDB as the control database. Configure the Lambda function to check for the existence of a unique identifier before processing each event.
B. Create a custom Amazon ECS task to perform idempotency checks. Use AWS Step Functions to integrate the ECS task with the Lambda function.
C. Configure the Lambda function to retry failed invocations. Implement a retry mechanism that has a fixed delay between attempts to handle duplicate events.
D. Use Amazon Athena to query processed events to identify duplicate records. Add processing logic to the Lambda function to handle the duplication scenarios that the query identifies.
Explanation: Requirement Summary:
Orders are being processedmore than once
Need to preventduplicate processing
Looking forleast implementation effort
Key Concept:
Lambda + Event-driven patternscan occasionally result induplicate invocations(atleast-
once delivery model)
You needidempotency(i.e., prevent repeated processing of same event)
Evaluate Options:
A. Use DynamoDB for de-duplication
Simple and widely used approach
Store a unique orderId as the primary key
Before processing,check if order exists
If yes skip
If no process and store the ID
Minimal code changes required
B. ECS + Step Functions
Overkill for basic de-duplication
Adds significant complexity
C. Retry logic with fixed delay
Doesn't prevent duplication —makes it worse
Retrying might trigger thesame message again
D. Athena to identify duplicates
Reactive solution, not preventative
Not suitable for real-time event de-duplication
A team is developing an application that is deployed on Amazon EC2 instances. During testing, the team receives an error. The EC2 instances are unable to access an Amazon S3 bucket. Which steps should the team take to troubleshoot this issue? (Select TWO.)
A. Check whether the policy that is assigned to the JAM role that is attached to the EC2 instances grants access to Amazon S3.
B. Check the S3 bucket policy to validate the access permissions for the S3 bucket.
C. Check whether the policy that is assigned to the 1AM user that is attached to the EC2 instances grants access to Amazon S3.
D. Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3 bucket.
E. Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3.
A developer is building a web and mobile application for two types of users: regular users and guest users. Regular users are required to log in, but guest users do not log in. Users should see only their data, regardless of whether they authenticate. Users need AWS credentials before they can access AWS resources.
A. Use an Amazon Cognito identity pool to generate temporary AWS credentials that are linked to an unauthenticated role that has access to the required resources.
B. Set up an IAM user that has permissions to the required resources. Hardcode the IAM credentials in the web and mobile application.
C. Generate temporary keys that are stored in AWS KMS. Use the temporary keys to access the required resources.
D. Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager. Use the temporary credentials to access the required resources.
A developer has observed an increase in bugs in the AWS Lambda functions that a
development team has deployed in its Node is application. To minimize these bugs, the
developer wants to impendent automated testing of Lambda functions in an environment
that Closely simulates the Lambda environment.
The developer needs to give other developers the ability to run the tests locally. The
developer also needs to integrate the tests into the team's continuous integration and
continuous delivery (Ct/CO) pipeline before the AWS Cloud Development Kit (AWS COK)
deployment.
Which solution will meet these requirements?
A. Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response Document the test scripts for the other developers on the team Update the CI/CD pipeline to run the test scripts.
B. Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda Documentation Invoke the handler function by using a unit testing framework. Check the response Document how to run the unit testing framework for the other developers on the team. Update the OCD pipeline to run the unit testing framework.
C. Install the AWS Serverless Application Model (AWS SAW) CLI tool Use the Sam local generate-event command to generate sample events for me automated tests. Create automated test scripts that use the Sam local invoke command to invoke the Lambda functions. Check the response Document the test scripts tor the other developers on the team Update the CI/CD pipeline to run the test scripts.
D. Create sample events based on the Lambda documentation. Create a Docker container from the Node is base image to invoke the Lambda functions. Check the response Document how to run the Docker container for the more developers on the team update the CI/CD pipeline to run the Docker container.
Explanation: This solution will meet the requirements by using AWS SAM CLI tool, which is a command line tool that lets developers locally build, test, debug, and deploy serverless applications defined by AWS SAM templates. The developer can use sam local generateevent command to generate sample events for different event sources such as API Gateway or S3. The developer can create automated test scripts that use sam local invoke command to invoke Lambda functions locally in an environment that closely simulates Lambda environment. The developer can check the response from Lambda functions and document how to run the test scripts for other developers on the team. The developer can also update CI/CD pipeline to run these test scripts before deploying with AWS CDK. Option A is not optimal because it will use cdk local invoke command, which does not exist in AWS CDK CLI tool. Option B is not optimal because it will use a unit testing framework that reproduces Lambda execution environment, which may not be accurate or consistent with Lambda environment. Option D is not optimal because it will create a Docker container from Node.js base image to invoke Lambda functions, which may introduce additional overhead and complexity for creating and running Docker containers.
A company has an online web application that includes a product catalog. The catalog is stored in an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The application must be able to list the objects in the S3 bucket and must be able to download objects through an 1AM policy. Which policy allows MINIMUM access to meet these requirements?
A. Option A
B. Option B
C. Option C
D. Option D
| Page 10 out of 31 Pages |
| Previous |