181. An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct IAM policy already exists.
What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?
A. Attach the existing IAM policy to the Lambda function.
B. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.
C. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
D. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.
Answer
B
182. A developer is using AWS Step Functions to automate a workflow. The workflow defines each step as an AWS Lambda function task. The developer notices that runs of the Step Functions state machine fail in the GetResource task with either an IllegalArgumentException error or a TooManyRequestsException error.
The developer wants the state machine to stop running when the state machine encounters an IllegalArgumentException error. The state machine needs to retry the GetResource task one additional time after 10 seconds if the state machine encounters a TooManyRequestsException error. If the second attempt fails, the developer wants the state machine to stop running.
How can the developer implement the Lambda retry functionality without adding unnecessary complexity to the state machine?
A. Add a Delay task after the GetResource task. Add a catcher to the GetResource task. Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be the Delay task. Configure the Delay task to wait for an interval of 10 seconds. Configure the next step to be the GetResource task.
B. Add a catcher to the GetResource task. Configure the catcher with an error type of TooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of 1. Configure the next step to be the GetResource task.
C. Add a retrier to the GetResource task. Configure the retrier with an error type of TooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of 1.
D. Duplicate the GetResource task. Rename the new GetResource task to TryAgain. Add a catcher to the original GetResource task. Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be TryAgain.
Answer
C
183. An online sales company is developing a serverless application that runs on AWS. The application uses an AWS Lambda function that calculates order success rates and stores the data in an Amazon DynamoDB table. A developer wants an efficient way to invoke the Lambda function every 15 minutes.
Which solution will meet this requirement with the LEAST development effort?
A. Create an Amazon EventBridge rule that has a rate expression that will run the rule every 15 minutes. Add the Lambda function as the target of the EventBridge rule.
B. Create an AWS Systems Manager document that has a script that will invoke the Lambda function on Amazon EC2. Use a Systems Manager Run Command task to run the shell script every 15 minutes.
C. Create an AWS Step Functions state machine. Configure the state machine to invoke the Lambda function execution role at a specified interval by using a Wait state. Set the interval to 15 minutes.
D. Provision a small Amazon EC2 instance. Set up a cron job that invokes the Lambda function every 15 minutes.
Answer
A
184. A developer is creating a serverless application that uses an AWS Lambda function. The developer will use AWS CloudFormation to deploy the application. The application will write logs to Amazon CloudWatch Logs. The developer has created a log group in a CloudFormation template for the application to use. The developer needs to modify the CloudFormation template to make the name of the log group available to the application at runtime.
Which solution will meet this requirement?
A. Use the AWS::Include transform in CloudFormation to provide the log group’s name to the application.
B. Pass the log group’s name to the application in the user data section of the CloudFormation template.
C. Use the CloudFormation template’s Mappings section to specify the log group’s name for the application.
D. Pass the log group’s Amazon Resource Name (ARN) as an environment variable to the Lambda function.
Answer
D
185. A developer is creating an Amazon DynamoDB table by using the AWS CLI. The DynamoDB table must use server-side encryption with an AWS owned encryption key.
How should the developer create the DynamoDB table to meet these requirements?
A. Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
B. Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
C. Create an AWS owned key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
D. Create the DynamoDB table with the default encryption options.
Answer
D
186. A company runs an application on AWS. The application uses an AWS Lambda function that is configured with an Amazon Simple Queue Service (Amazon SQS) queue called high priority queue as the event source. A developer is updating the Lambda function with another SQS queue called low priority queue as the event source. The Lambda function must always read up to 10 simultaneous messages from the high priority queue before processing messages from low priority queue. The Lambda function must be limited to 100 simultaneous invocations.
Which solution will meet these requirements?
A. Set the event source mapping batch size to 10 for the high priority queue and to 90 for the low priority queue.
B. Set the delivery delay to 0 seconds for the high priority queue and to 10 seconds for the low priority queue.
C. Set the event source mapping maximum concurrency to 10 for the high priority queue and to 90 for the low priority queue.
D. Set the event source mapping batch window to 10 for the high priority queue and to 90 for the low priority queue.
Answer
C
187. A data visualization company wants to strengthen the security of its core applications. The applications are deployed on AWS across its development, staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials. The sensitive credentials need to be automatically rotated. A version of the sensitive credentials need to be stored for each environment.
Which solution will meet these requirements in the MOST operationally efficient way?
A. Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments.
B. Create a new parameter version in AWS Systems Manager Parameter Store for each environment. Store the environment-specific credentials in the parameter version.
C. Configure the environment variables in the application code. Use different names for each environment type.
D. Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret.
Answer
D
188. A developer is investigating an issue in part of a company’s application. In the application, messages are sent to an Amazon Simple Queue Service (Amazon SQS) queue. The AWS Lambda function polls messages from the SQS queue and sends email messages by using Amazon Simple Email Service (Amazon SES). Users have been receiving duplicate email messages during periods of high traffic.
Which reasons could explain the duplicate email messages? (Choose two.)
A. Standard SQS queues support at-least-once message delivery.
B. Standard SQS queues support exactly-once processing, so the duplicate email messages are because of user error.
C. Amazon SES has the DomainKeys Identified Mail (DKIM) authentication incorrectly configured.
D. The SQS queue’s visibility timeout is lower than or the same as the Lambda function’s timeout.
E. The Amazon SES bounce rate metric is too high.
Answer
A, D
189. A developer is deploying a company’s application to Amazon EC2 instances. The application generates gigabytes of data files each day. The files are rarely accessed, but the files must be available to the application’s users within minutes of a request during the first year of storage. The company must retain the files for 7 years.
How can the developer implement the application to meet these requirements MOST cost-effectively?
A. Store the files in an Amazon S3 bucket. Use the S3 Glacier Instant Retrieval storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Deep Archive storage class after 1 year.
B. Store the files in an Amazon S3 bucket. Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition the files to the S3 Glacier Flexible Retrieval storage class after 1 year.
C. Store the files on an Amazon Elastic Block Store (Amazon EBS) volume. Use Amazon Data Lifecycle Manager (Amazon DLM) to create snapshots of the EBS volumes and to store those snapshots in Amazon S3.
D. Store the files on an Amazon Elastic File System (Amazon EFS) mount. Configure EFS lifecycle management to transition the files to the EFS Standard- Infrequent Access (Standard-IA) storage class after 1 year.
Answer
A
190. A company’s developer has deployed an application in AWS by using AWS CloudFormation. The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values.
When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.
Which solution will meet these requirements with the LEAST development effort?
A. Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
B. Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application. Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table.
C. Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table.
D. Modify the CloudFormation stack policy to deny updates on Parameter Store parameters.
Answer
A