141. A developer is creating a new application for a pet store. The application will manage customer rewards points. The developer will use Amazon DynamoDB to store the data for the application. The developer needs to optimize query performance and limit partition overload before actual performance analysis.
Which option should the developer use for a partition key to meet these requirements?
A. A randomly generated universally unique identifier (UUID)
B. The customer’s full name
C. The date when the customer signed up for the rewards program
D. The name of the customer’s pet
Answer
A
142. A developer uses AWS IAM Identity Center (AWS Single Sign-On) to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation.
What is the MOST likely cause of the developer’s access issue?
A. The access permissions to the developer’s AWS CLI binary file have changed.
B. The permission set that is assumed by IAM Identity Center does not have the necessary permissions to complete the API call.
C. The credentials from the IAM Identity Center federated role have expired.
D. The developer is attempting to make API calls to the incorrect AWS account.
Answer
C
143. A company is building a serverless application. The application uses an API key to authenticate with a third-party application. The company wants to store the external API key as a part of an AWS Lambda configuration. The company needs to have full control over the AWS Key Management Service (AWS KMS) keys that will encrypt the API key and should be visible only to authorized entities.
Which solution will meet these requirements?
A. Store the API key in AWS Systems Manager Parameter Store as a string parameter. Use the default AWS KMS key that AWS provides to encrypt the API key.
B. Store the API key in AWS Lambda environment variables. Create an AWS KMS customer managed key to encrypt the API key.
C. Store the API key in the code repository. Use an AWS managed key to encrypt the code repository.
D. Store the API key as an Amazon DynamoDB table record. Use an AWS managed key to encrypt the API key.
Answer
B
144. A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of the EC2 instances, logging all requests to a log file.
The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB.
What must the developer do to capture the client public IP addresses in the log file?
A. Add a Host header to the HTTP server log configuration file.
B. Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file.
C. Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file.
D. Add an X-Forwarded-For header to the HTTP server log configuration file.
Answer
D
145. A company is developing a serverless application by using AWS Lambda functions. One of the Lambda functions needs to access an Amazon RDS DB instance. The DB instance is in a private subnet inside a VPC.
The company creates a role that includes the necessary permissions to access the DB instance. The company then assigns the role to the Lambda function. A developer must take additional action to give the Lambda function access to the DB instance.
What should the developer do to meet these requirements?
A. Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function.
B. Set up an AWS Direct Connect connection between the Lambda function and the DB instance.
C. Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance.
D. Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.
Answer
D
146. A developer needs temporary access to resources in a second account.
What is the MOST secure way to achieve this?
A. Use the Amazon Cognito user pools to get short-lived credentials for the second account.
B. Create a dedicated IAM access key for the second account, and send it by mail.
C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.
D. Establish trust, and add an SSH key for the second account to the IAM user.
Answer
C
147. A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.
Which approach should the company take to allow the application to interact with Amazon S3?
A. Create an IAM role that has administrative access to AWS. Attach the role to the EC2 instance.
B. Create an IAM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
C. Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.
D. Create an IAM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
Answer
C
148. A developer has created a data collection application that uses Amazon API Gateway, AWS Lambda, and Amazon S3. The application’s users periodically upload data files and wait for the validation status to be reflected on a processing dashboard. The validation process is complex and time-consuming for large files.
Some users are uploading dozens of large files and have to wait and refresh the processing dashboard to see if the files have been validated. The developer must refactor the application to immediately update the validation result on the user’s dashboard without reloading the full dashboard.
What is the MOST operationally efficient solution that meets these requirements?
A. Integrate the client with an API Gateway WebSocket API. Save the user-uploaded files with the WebSocket connection ID. Push the validation status to the connection ID when the processing is complete to initiate an update of the user interface.
B. Launch an Amazon EC2 micro instance, and set up a WebSocket server. Send the user-uploaded file and user detail to the EC2 instance after the user uploads the file. Use the WebSocket server to send updates to the user interface when the uploaded file is processed.
C. Save the user’s email address along with the user-uploaded file. When the validation process is complete, send an email notification through Amazon Simple Notification Service (Amazon SNS) to the user who uploaded the file.
D. Save the user-uploaded file and user detail to Amazon DynamoDB. Use Amazon DynamoDB Streams with Amazon Simple Notification Service (Amazon SNS) push notifications to send updates to the browser to update the user interface.
Answer
A
149. A developer is creating a machine learning (ML) pipeline in AWS Step Functions that contains AWS Lambda functions. The developer has configured an Amazon Simple Queue Service (Amazon SQS) queue to deliver ML model parameters to the ML pipeline to train ML models. The developer uploads the trained models are uploaded to an Amazon S3 bucket.
The developer needs a solution that can locally test the ML pipeline without making service integration calls to Amazon SQS and Amazon S3.
Which solution will meet these requirements?
A. Use the Amazon CodeGuru Profiler to analyze the Lambda functions used in the AWS Step Functions pipeline.
B. Use the AWS Step Functions Local Docker Image to run and locally test the Lambda functions.
C. Use the AWS Serverless Application Model (AWS SAM) CLI to run and locally test the Lambda functions.
D. Use AWS Step Functions Local with mocked service integrations.
Answer
D
150. A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing, and production. A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints.
Which solution will meet this requirement?
A. Store the third-party service endpoints in Lambda layers that correspond to the stage.
B. Store the third-party service endpoints in API Gateway stage variables that correspond to the stage.
C. Encode the third-party service endpoints as query parameters in the API Gateway request URL.
D. Store the third-party service endpoint for each environment in AWS AppConfig.
Answer
B