61. A company has an application that uses an AWS Lambda function to process data. A developer must implement encryption in transit for all sensitive configuration data, such as API keys, that is stored in the application. The developer creates an AWS Key Management Service (AWS KMS) customer managed key.
What should the developer do next to meet the encryption requirement?
A. Create parameters of the String type in AWS Systems Manager Parameter Store. For each parameter, specify the KMS key ID to encrypt the parameter in transit. Reference the GetParameter API call in the Lambda environment variables.
B. Create secrets in AWS Secrets Manager by using the customer managed KMS key. Create a new Lambda function and set up a Lambda layer. Configure the Lambda layer to retrieve the values from Secrets Manager.
C. Create objects in Amazon S3 for each sensitive data field. Specify the customer managed KMS key to encrypt the object. Configure the Lambda function to retrieve the objects from Amazon S3 during data processing.
D. Create encrypted Lambda environment variables. Specify the customer managed KMS key to encrypt the variables. Enable encryption helpers for encryption in transit. Grant permission to the Lambda function’s execution role to access the KMS key.
Answer
D
62. A developer is building an ecommerce application. When there is a sale event, the application needs to concurrently call three third-party systems to record the sale. The developer wrote three AWS Lambda functions. There is one Lambda function for each third-party system, which contains complex integration logic.
These Lambda functions are all independent. The developer needs to design the application so each Lambda function will run regardless of others’ success or failure.
Which solution will meet these requirements?
A. Publish the sale event from the application to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the three Lambda functions to poll the queue.
B. Publish the sale event from the application to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the three Lambda functions to be triggered by the SNS topic.
C. Publish the sale event from the application to an Application Load Balancer (ALB). Add the three Lambda functions as ALB targets.
D. Publish the sale event from the application to an AWS Step Functions state machine. Move the logic from the three Lambda functions into the Step Functions state machine.
Answer
B
63. A developer is writing an application, which stores data in an Amazon DynamoDB table. The developer wants to query the DynamoDB table by using the partition key and a different sort key value. The developer needs the latest data with all recent write operations.
How should the developer write the DynamoDB query?
A. Add a local secondary index (LSI) during table creation. Query the LSI by using eventually consistent reads.
B. Add a local secondary index (LSI) during table creation. Query the LSI by using strongly consistent reads.
C. Add a global secondary index (GSI) during table creation. Query the GSI by using eventually consistent reads.
D. Add a global secondary index (GSI) during table creation. Query the GSI by using strongly consistent reads.
Answer
B
64. A developer manages an application that writes customer orders to an Amazon DynamoDB table. The orders use customer_id as the partition key, order_id as the sort key, and order_date as an attribute. A new access pattern requires accessing data by order_date and order_id. The developer needs to implement a new AWS Lambda function to support the new access pattern.
How should the developer support the new access pattern in the MOST operationally efficient way?
A. Add a new local secondary index (LSI) to the DynamoDB table that specifies order_date as the partition key and order_id as the sort key. Write the new Lambda function to query the new LSI index.
B. Write the new Lambda function to scan the DynamoDB table. In the Lambda function, write a method to retrieve and combine results by order_date and order_id.
C. Add a new global secondary index (GSI) to the DynamoDB table that specifies order_date as the partition key and order_id as the sort key. Write the new Lambda function to query the new GSI index.
D. Enable DynamoDB Streams on the table. Choose the new and old images information to write to the DynamoDB stream. Write the new Lambda function to query the DynamoDB stream
Answer
C
65. A developer is creating a web application for a school that stores data in Amazon DynamoDB. The ExamScores table has the following attributes: student_id, subject_name, and top_score.
Each item in the ExamScores table is identified with student_id as the partition key and subject_name as the sort key. The web application needs to display the student _id for the top scores for each school subject. The developer needs to increase the speed of the queries to retrieve the student_id for the top scorer for each school subject.
Which solution will meet these requirements?
A. Create a local secondary index (LSI) with subject_name as the partition key and top_score as the sort key.
B. Create a local secondary index (LSI) with top_score as the partition key and student_id as the sort key.
C. Create a global secondary index (GSI) with subject_name as the partition key and top_score as the sort key.
D. Create a global secondary index (GSI) with subject_name as the partition key and student_id as the sort key.
Answer
C
66. A developer wrote an application that uses an AWS Lambda function to asynchronously generate short videos based on requests from customers. This video generation can take up to 10 minutes. After the video is generated, a URL to download the video is pushed to the customer’s web browser. The customer should be able to access these videos for at least 3 hours after generation.
Which solution will meet these requirements?
A. Store the video in the /tmp folder within the Lambda execution environment. Push a Lambda function URL to the customer.
B. Store the video in an Amazon Elastic File System (Amazon EFS) file system attached to the function. Generate a pre-signed URL for the video object and push the URL to the customer.
C. Store the video in Amazon S3. Generate a pre-signed URL for the video object and push the URL to the customer.
D. Store the video in an Amazon CloudFront distribution. Generate a pre-signed URL for the video object and push the URL to the customer.
Answer
C
67. A developer is creating an AWS Lambda function that is invoked by messages to an Amazon Simple Notification Service (Amazon SNS) topic. The messages represent customer data updates from a customer relationship management (CRM) system
The developer wants the Lambda function to process only the messages that pertain to email address changes. Additional subscribers to the SNS topic will process any other messages.
Which solution will meet these requirements in the LEAST development effort?
A. Use Lambda event filtering to allow only messages that are related to email address changes to invoke the Lambda function.
B. Use an SNS filter policy on the Lambda function subscription to allow only messages that are related to email address changes to invoke the Lambda function.
C. Subscribe an Amazon Simple Queue Service (Amazon SQS) queue to the SNS topic. Configure the SQS queue with a filter policy to allow only messages that are related to email address changes.
Connect the SQS queue to the Lambda function.
D. Configure the Lambda code to check the received message. If the message is not related to an email address change, configure the Lambda function to publish the message back to the SNS topic for the other subscribers to process.
Answer
B
68. A developer is creating AWS CloudFormation templates to manage an application’s deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.
How should the developer manage the deployment of the new version?
A. Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook.
B. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application’s DNS records for the new stack.
C. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.
D. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.
Answer
A
69. A developer has written a distributed application that uses microservices. The microservices are running on Amazon EC2 instances. Because of message volume, the developer is unable to match log output from each microservice to a specific transaction. The developer needs to analyze the message flow to debug the application.
Which combination of steps should the developer take to meet this requirement? (Choose two.)
A. Download the AWS X-Ray daemon. Install the daemon on an EC2 instance. Ensure that the EC2 instance allows UDP traffic on port 2000.
B. Configure an interface VPC endpoint to allow traffic to reach the global AWS X-Ray daemon on TCP port 2000.
C. Enable AWS X-Ray. Configure Amazon CloudWatch to push logs to X-Ray.
D. Add the AWS X-Ray software development kit (SDK) to the microservices. Use X-Ray to trace requests that each microservice makes.
E. Set up Amazon CloudWatch metric streams to collect streaming data from the microservices.
Answer
A, D
70. A company is working on a new serverless application. A developer needs to find an automated way to deploy AWS Lambda functions and the dependent infrastructure with minimum coding effort. The application also needs to be reliable.
Which method will meet these requirements with the LEAST operational overhead?
A. Build the application by using shell scripts to create .zip files for each Lambda function. Manually upload the .zip files to the AWS Management Console.
B. Build the application by using the AWS Serverless Application Model (AWS SAM). Use a continuous integration and continuous delivery (CI/CD) pipeline and the SAM CLI to deploy the Lambda functions.
C. Build the application by using shell scripts to create .zip files for each Lambda function. Upload the .zip files. Deploy the .zip files as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.
D. Build a container for each Lambda function. Store the container images in AWS CodeArtifact. Deploy the containers as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.
Answer
B