1. A developer is launching a global application that delivers content to multiple countries. The developer needs to serve specific content based on the country of each user and each user’s primary language. The developer must ensure that content is served reliably and with low latency.
Which solution will meet these requirements?
A. Create an Amazon API Gateway REST API. Create an AWS Global Accelerator standard accelerator to resolve requests to the API. Configure endpoint groups on the accelerator. Attach listeners for each country and language.
B. Store the content in a centralized Amazon S3 bucket. Enable S3 Transfer Acceleration on the bucket. Create an Amazon Route 53 hosted zone that includes the endpoint for the S3 bucket. Create records in Route 53 that use geoproximity and geolocation routing policies.
C. Create an Amazon API Gateway REST API. Connect the REST API to AWS WAF. Use geo match statements and regex match statements to allow or deny requests based on the labels returned from web request evaluations.
D. Configure an Amazon CloudFront distribution that uses the application as an origin. Configure the distribution to forward the Accept-Language header and the CloudFront-Viewer-Country header to the origin.
Answer
D
2. An Amazon Data Firehose delivery stream is receiving customer data that contains personally identifiable information. A developer needs to remove pattern-based customer identifiers from the data and store the modified data in an Amazon S3 bucket.
What should the developer do to meet these requirements?
A. Implement Firehose data transformation as an AWS Lambda function. Configure the function to remove the customer identifiers. Set an Amazon S3 bucket as the destination of the delivery stream.
B. Launch an Amazon EC2 instance. Set the EC2 instance as the destination of the delivery stream. Run an application on the EC2 instance to remove the customer identifiers. Store the transformed data in an Amazon S3 bucket.
C. Create an Amazon OpenSearch Service instance. Set the OpenSearch Service instance as the destination of the delivery stream. Use search and replace to remove the customer identifiers. Export the data to an Amazon S3 bucket.
D. Create an AWS Step Functions workflow to remove the customer identifiers. As the last step in the workflow, store the transformed data in an Amazon S3 bucket. Set the workflow as the destination of the delivery stream.
Answer
A
3. A developer has deployed an AWS Lambda function that is subscribed to an Amazon Simple Notification Service (Amazon SNS) topic. The developer must implement a solution to add a record of each Lambda function invocation to an Amazon Simple Queue Service (Amazon SQS) queue.
Which solution will meet this requirement?
A. Configure the SQS queue as a dead-letter queue for the Lambda function.
B. Create code that uses the AWS SDK to call the SQS SendMessage operation to add the invocation details to the SQS queue. Add the code to the end of the Lambda function.
C. Add two asynchronous invocation destinations to the Lambda function: one destination for successful invocations and one destination for failed invocations. Configure the SQS queue as the destination for each type. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.
D. Add a single asynchronous invocation destination to the Lambda function to capture successful invocations. Configure the SQS queue as the destination. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.
Answer
D
4. A developer needs to configure an AWS Lambda function to make HTTP POST requests to an internal application. The application is in the same AWS account that hosts the function. The internal application runs on Amazon EC2 instances in a private subnet within a VPC.
Which solution will meet these requirements?
A. Configure a VPC endpoint to connect to the private subnet. Attach the endpoint to the Lambda function.
B. Attach the Lambda function to the VPC and to the private subnet.
C. Configure a VPN connection between the Lambda function and the private subnet. Attach the VPN to the Lambda function.
D. Configure the VPC route table to include the Lambda function’s IP address.
Answer
B
5. A company is hosting an Amazon AP! Gateway REST API that calls a single AWS Lambda function. The function is infrequently invoked by multiple clients at the same time.
The code performance is optimal, but the company wants to optimize the startup time of the function
What can a developer do to optimize the initialization of the function?
A. Enable API Gateway caching for the REST API.
B. Configure provisioned concurrency for the Lambda function.
C. Use Lambda proxy integration for the REST API.
D. Configure AWS Global Accelerator for the Lambda function.
Answer
B
6. A company wants to send notifications to customers to advertise a sale on the company’s products. The company needs to use Amazon Simple Notification Service (Amazon SNS) FIFO topics.
The company needs to examine the rate at which the topics send notifications and the latency with which the topics send notifications.
Which solution will meet these requirements with the MOST operational efficiency?
A. Use AWS X-Ray. Enable active tracing for Amazon SNS.
B. Use the Amazon CloudWatch NumberOfNotificationsFailed metric.
C. Use AWS CloudTrail to log all Amazon SNS API calls.
D. Use Amazon GuardDuty. Enable runtime monitoring.
Answer
A
7. A developer is building the authentication mechanism for a new mobile app. Users need to be able to sign up, sign in, and access secured backend AWS resources.
Which solution will meet these requirements?
A. Use AWS Identity and Access Management Access Analyzer to generate IAM policies. Create an IAM role. Attach the policies to the role. Integrate the IAM role with an identity provider that the mobile app uses.
B. Create an IAM policy that grants access to the backend resources. Create an IAM role. Attach the policy to the role. Create an Amazon API Gateway endpoint. Attach the role to the endpoint. Integrate the endpoint with the mobile app.
C. Create an Amazon Cognito identity pool. Configure permissions by choosing a default IAM role for authenticated users or guest users in the identity pool. Associate the identity pool with an identity provider. Integrate the identity pool with the mobile app.
D. Create an Amazon Cognito user pool. Configure the security requirements by choosing a password policy, multi-factor authentication (MFA) requirements, and user account recovery options. Create an app client. Integrate the app client with the mobile app.
Answer
D
8. A developer created several AWS Lambda functions that write data to a single Amazon S3 bucket. The developer configured all the Lambda functions to send logs and metrics to Amazon CloudWatch.
The developer receives reports that one of the Lambda functions writes data to the bucket very slowly. The developer needs to measure the latency between the problematic Lambda function and the S3 bucket.
Which solution will meet this requirement?
A. Enable AWS X-Ray on the Lambda function. In the generated trace map, select the line between Lambda and Amazon S3.
B. Query the Lambda function’s log file in Amazon CloudWatch Logs Insights. Return the average of the auto-discovered @duration field.
C. Enable CloudWatch Lambda Insights on the function. View the latency graph that CloudWatch Lambda Insights provides.
D. Enable AWS X-Ray on the Lambda function. Select Amazon S3 in the latency graph to view the latency histogram.
Answer
A
9. A developer is using an AWS Lambda function to process data. The developer needs to extract custom metrics about processing times from the Lambda logs. The developer needs to analyze the metrics, set alarms, and detect issues in real time.
Which solution will meet these requirements?
A. Publish custom metric data to AWS CloudTrail by using the PutMetricData API operation. Classify and collect the metrics. Create graphs and alarms in CloudTrail for the custom metrics.
B. Use the open source client libraries provided by Amazon to generate the logs in the Amazon CloudWatch embedded metric format. Use CloudWatch to create the required graphs and alarms for the custom metrics.
C. Use Amazon CloudWatch Logs Insights to create custom metrics by querying the logs that come from the Lambda function. Use CloudWatch to create the required graphs and alarms for the custom metrics.
D. Create an Amazon Kinesis data stream to stream log events in real time from Lambda. Specify an Amazon S3 bucket as the destination for the Kinesis data stream. Use Amazon CloudWatch to visualize the log data and to set alarms.
Answer
B
10. A developer needs to fix an AWS CodeDeploy deployment that failed. During the failed deployment, the developer received the following error message:
“The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems. (Error code: HEALTH-CONSTRAINTS)”
What are the possible causes of the failed deployment? (Choose two.)
A. The CodeDeploy agent was not running on the instances that CodeDeploy was trying to deploy to.
B. The unified Amazon CloudWatch agent was not running on the instances that CodeDeploy was trying to deploy to.
C. The developer’s IAM role did not have the necessary permissions to perform code deployment to the instances.
D. CodeDeploy was trying to deploy to instances that were attached to an IAM instance profile that did not have the required permissions.
E. CodeDeploy was trying to deploy to instances that were not set up with correct CodeDeploy health checks.
Answer
A, E