A company hosts a stateless web application with low data storage in a single AWS Region. The company wants to increase the resiliency of the application to include a multi- Region presence. The company wants to set the recovery time objective (RTO) and recovery point objective (RPO) to hours. The company needs a low-cost and lowcomplexity disaster recovery (DR) strategy. Which DR strategy should the company use?
A. Warm standby
B. Pilot light
C. Backup and restore
D. Multi-site active-active
A developer is automating a new application deployment with AWS SAM. The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects. How should the developer configure AWS SAM to grant the necessary read permission to the S3 bucket?
A. Reference a second Lambda authorizer function.
B. Add a custom S3 bucket policy to the Lambda function.
C. Create an Amazon SQS topic for only S3 object reads. Reference the topic in the template.
D. Add the S3ReadPolicy template to the Lambda function's execution role.
Explanation: Step-by-Step Breakdown:
Requirement Summary:
UseAWS SAMto deploy:
Lambda needsread-only accessto the S3 bucket
Solution must be expressed viaAWS SAM template
Option A: Reference a second Lambda authorizer function
Incorrect: Lambda authorizers are used inAPI Gateway for authentication, not for
granting S3 permissions.
Option B: Add a custom S3 bucket policy to the Lambda function
Incorrect: Bucket policiescontrol who can access the bucket, not what the Lambda
function can do.
The permission must be granted to the Lambda’sIAM execution role.
Option C: Create an Amazon SQS topic for only S3 object reads
Incorrect: SQS cannot read objects from S3 and is not relevant to this scenario.
Option D: Add the S3ReadPolicy template to the Lambda function's execution role
Correct: AWS SAM providesmanaged policy templateslike
AmazonS3ReadOnlyAccess andshortcuts like S3ReadPolicy.
You can apply these to the Lambda’s execution role using the Policies: section in
your SAM template.
Example SAM YAML:
yaml
CopyEdit
Resources:
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: my-code/
Handler: app.handler
Runtime: python3.11
Policies:
- S3ReadPolicy:
BucketName: !Ref MyBucket
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-personal-bucket-name
A developer is migrating a containerized application from an on-premises environment to
an Amazon ECS cluster.
In the on-premises environment, the container uses a Docker file to store the application.
Service dependency configurations such as databases, caches, and storage volumes are
stored in a docker-compose.yml file.
Both files are located at the top level of the code base that the developer needs to
containerize. When the developer deploys the code to Amazon ECS, the instructions from
the Docker file are carried out. However, none of the configurations from docker-compose.
yml are applied.
The developer needs to resolve the error and ensure the configurations are applied.
A. Store the file path for the docker-compose.yml file as a Docker label. Add the label to the ECS cluster's container details.
B. Add the details from the docker-compose.yml file to an ECS task definition. Associate the task with the ECS cluster.
C. Create a namespace in the ECS cluster. Associate the docker-compose.yml file to the namespace.
D. Update the service type of the ECS cluster to REPLICA, and redeploy the stack.
Explanation: Why Option B is Correct:Amazon ECS does not natively process dockercompose. yml files. Instead, the configurations from docker-compose.yml must be converted into ECS-compatible configurations within a task definition. Task definitions are the primary way to specify container configurations in ECS, including service dependencies like databases, caches, and volumes.
A company uses a custom root certificate authority certificate chain (Root CA Cert) that is
10 KB in size generate SSL certificates for its on-premises HTTPS endpoints. One of the
company’s cloud based applications has hundreds of AWS Lambda functions that pull date
from these endpoints. A developer updated the trust store of the Lambda execution
environment to use the Root CA Cert when the Lambda execution environment is
initialized. The developer bundled the Root CA Cert as a text file in the Lambdas
deployment bundle.
After 3 months of development the root CA Cert is no longer valid and must be updated.
The developer needs a more efficient solution to update the Root CA Cert for all deployed
Lambda functions. The solution must not include rebuilding or updating all Lambda
functions that use the Root CA Cert. The solution must also work for alldevelopment,
testing and production environment. Each environment is managed in a separate AWS
account.
When combination of steps Would the developer take to meet these environments MOST
cost-effectively? (Select TWO)
A. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret
B. Store the Root CA Cert as a Secure Sting parameter in aws Systems Manager Parameter Store Create a resource-based policy. Add IAM users to allow access to the policy.
C. Store the Root CA Cert in an Amazon S3 bucket. Create a resource- based policy to allow access to the bucket.
D. Refactor the Lambda code to load the Root CA Cert from the Root CA Certs location. Modify the runtime trust store inside the Lambda function handler.
E. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert's location. Modify the runtime trust store outside the Lambda function handler.
Explanation: This solution will meet the requirements by storing the Root CA Cert as a Secure String parameter in AWS Systems Manager Parameter Store, which is a secure and scalable service for storing and managing configuration data and secrets. The resource-based policy will allow IAM users in different AWS accounts and environments to access the parameter without requiring cross-account roles or permissions. The Lambda code will be refactored to load the Root CA Cert from the parameter store and modify the runtime trust store outside the Lambda function handler, which will improve performance and reduce latency by avoiding repeated calls to Parameter Store and trust store modifications for each invocation of the Lambda function. Option A is not optimal because it will use AWS Secrets Manager instead of AWS Systems Manager Parameter Store, which will incur additional costs and complexity for storing and managing a non-secret configuration data such as Root CA Cert. Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss. Option D is not optimal because it will modify the runtime trust store inside the Lambda function handler, which will degrade performance and increase latency by repeating unnecessary operations for each invocation of the Lambda function.
A developer is building an application on AWS. The application has an Amazon API
Gateway API that sends requests to an AWS Lambda function. The API is experiencing
increased latency because the Lambda function has limited available CPU to fulfill the
requests.
Before the developer deploys the API into production, the developer must configure the
Lambda function to have more CPU.
Which solution will meet this requirement?
A. Increase the virtual CPU (vCPU) cores quota of the Lambda function.
B. Increase the amount of memory that is allocated to the Lambda function.
C. Increase the ephemeral storage size of the Lambda function.
D. Increase the timeout value of the Lambda function.
A company developed an API application on AWS by using Amazon CloudFront. Amazon API Gateway, and AWS Lambda. The API has a minimum of four requests every second A developer notices that many API users run the same query by using the POST method. The developer wants to cache the POST request to optimize the API resources. Which solution will meet these requirements'?
A. Configure the CloudFront cache Update the application to return cached content based upon the default request headers.
B. Override the cache method in me selected stage of API Gateway Select the POST method.
C. Save the latest request response in Lambda /tmp directory Update the Lambda function to check the /tmp directory
D. Save the latest request m AWS Systems Manager Parameter Store Modify the Lambda function to take the latest request response from Parameter Store
Explanation: This solution will meet the requirements by using Amazon CloudFront, which is a content delivery network (CDN) service that speeds up the delivery of web content and APIs to end users. The developer can configure the CloudFront cache, which is a set of edge locations that store copies of popular or recently accessed content close to the viewers. The developer can also update the application to return cached content based upon the default request headers, which are a set of HTTP headers that CloudFront automatically forwards to the origin server and uses to determine whether an object in an edge location is still valid. By caching the POST requests, the developer can optimize the API resources and reduce the latency for repeated queries. Option B is not optimal because it will override the cache method in the selected stage of API Gateway, which is not possible or effective as API Gateway does not support caching for POST methods by default. Option C is not optimal because it will save the latest request response in Lambda /tmp directory, which is a local storage space that is available for each Lambda function invocation, not a cache that can be shared across multiple invocations or requests. Option D is not optimal because it will save the latest request in AWS Systems Manager Parameter Store, which is a service that provides secure and scalable storage for configuration data and secrets, not a cache for API responses.
A developer is designing an event-driven architecture. An AWS Lambda function that processes data needs to push processed data to a subset of four consumer Lambda functions. The data must be routed based on the value of one field in the data. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an Amazon Simple Queue Service {Amazon SQS) queue and even! source mapping for each consumer Lambda function. Add message routing logic to the dataprocessing Lambda function.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add message filtering logic to each consumer Lambda function. Subscribe the data-processing Lambda function to the SNS topic.
C. Create a separate Amazon Simple Notification Service (Amazon SNS) topic and subscription for each consumer Lambda function. Add message routing logic to the dataprocessing Lambda function to publish to the appropriate topic.
D. Create a single Amazon Simple Notification Service {Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add SNS subscription filter policies to each subscription. Configure the data-processing Lambda function to publish to the topic.
A company runs a new application on AWS Elastic Beanstalk. The company needs to deploy updates to the application. The updates must not cause any downtime for application users. The deployment mustforward a specified percentage of incoming client traffic to a new application version during an evaluation period. Which deployment type will meet these requirements?
A. Rolling
B. Traffic-splitting
C. In-place
D. Immutable
Explanation:
AWS Elastic Beanstalk supports several deployment policies, and in this case, the
requirement is to forward a specific percentage of traffic to the new version without causing
downtime. TheTraffic-splittingdeployment policy is the most appropriate choice.
A developer needs to perform geographic load testing of an API. The developer must deploy resources to multiple AWS Regions to support the load testing of the API. How can the developer meet these requirements without additional application code?
A. Create and deploy an AWS Lambda function in each desired Region. Configure the Lambda function to create a stack from an AWS CloudFormation template in that Region when the function is invoked.
B. Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.
C. Create an AWS Systems Manager document that defines the resources. Use the document to create the resources in the desired Regions.
D. Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI deploy command to create a stack from the template in each Region.
Explanation: AWS CloudFormation is a service that allows developers to model and provision AWS resources using templates. A CloudFormation template can define the load test resources, such as EC2 instances, load balancers, and Auto Scaling groups. A CloudFormation stack set is a collection of stacks that can be created and managed from a single template in multiple Regions and accounts. The AWS CLI create-stack-set command can be used to create a stack set from a template and specify the Regions where the stacks should be created.
A banking company is building an application for users to create accounts, view balances, and review recent transactions. The company integrated an Amazon API Gateway REST API with AWS Lambda functions. The company wants to deploy a new version of a Lambda function that gives customers the ability to view their balances. The new version of the function displays customer transaction insights. The company wants to test the new version with a small group of users before deciding whether to make the feature available for all users. Which solution will meet these requirements with the LEAST disruption to users?
A. Create a canary deployment for the REST API. Gradually increase traffic to the new version of the function. Revert traffic to the old version if issues are detected.
B. Redeploy the REST API stage to use the new version of the function. If issues are detected, update the REST API to point to the previous version of the function.
C. Deploy the new version of the function to a new stage in the REST API. Route traffic to the new stage. If the new version fails, route traffic to the original stage.
D. Create a new REST API stage for the new version of the function. Create a weighted alias record set in Amazon Route 53 to distribute traffic between the original stage and the new stage.
A developer has created an AWS Lambda function that makes queries to an Amazon Aurora MySQL DB instance. When the developer performs a test the OB instance shows an error for too many connections. Which solution will meet these requirements with the LEAST operational effort?
A. Create a read replica for the DB instance Query the replica DB instance instead of the primary DB instance.
B. Migrate the data lo an Amazon DynamoDB database.
C. Configure the Amazon Aurora MySQL DB instance tor Multi-AZ deployment.
D. Create a proxy in Amazon RDS Proxy Query the proxy instead of the DB instance.
Explanation: This solution will meet the requirements by using Amazon RDS Proxy, which is a fully managed, highly available database proxy for Amazon RDS that makes applications more scalable, more resilient to database failures, and more secure. The developer can create a proxy in Amazon RDS Proxy, which sits between the application and the DB instance and handles connection management, pooling, and routing. The developer can query the proxy instead of the DB instance, which reduces the number of open connections to the DB instance and avoids errors for too many connections. Option A is not optimal because it will create a read replica for the DB instance, which may not solve the problem of too many connections as read replicas also have connection limits and may incur additional costs. Option B is not optimal because it will migrate the data to an Amazon DynamoDB database, which may introduce additional complexity and overhead for migrating and accessing data from a different database service. Option C is not optimal because it will configure the Amazon Aurora MySQL DB instance for Multi-AZ deployment, which may improve availability and durability of the DB instance but not reduce the number of connections.
A developer is creating a mobile app that calls a backend service by using an Amazon API Gateway REST API. For integration testing during the development phase, the developer wants to simulate different backend responses without invoking the backend service. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an AWS Lambda function. Use API Gateway proxy integration to return constant HTTP responses.
B. Create an Amazon EC2 instance that serves the backend REST API by using an AWS CloudFormation template.
C. Customize the API Gateway stage to select a response type based on the request.
D. Use a request mapping template to select the mock integration response.
Explanation: Amazon API Gateway supports mock integration responses, which are predefined responses that can be returned without sending requests to a backend service. Mock integration responses can be used for testing or prototyping purposes, or for simulating different backend responses based on certain conditions. A request mapping template can be used to select a mock integration response based on an expression that evaluates some aspects of the request, such as headers, query strings, or body content. This solution does not require any additional resources or code changes and has the least operational overhead.
| Page 9 out of 31 Pages |
| Previous |