Question 31
A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto Scaling group.
Which approach will meet these requirements?
A. Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.
B. Use Amazon S3 and rearchitect the application so all uploads are placed in S3.
C. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).
D. Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.
Question 32
A developer is creating a script to automate the deployment process for a serverless application. The developer wants to use an existing AWS ServerlessApplication Model (AWS SAM) template for the application.
What should the developer use for the project? (Choose two.)
A. Call aws cloudformation package to create the deployment package. Call aws cloudformation deploy to deploy the package afterward.
B. Call sam package to create the deployment package. Call sam deploy to deploy the package afterward.
C. Call aws s3 cp to upload the AWS SAM template to Amazon S3. Call aws lambda update-function-code to create the application.
D. Create a ZIP package locally and call aws serverlessrepo create-application to create the application.
E. Create a ZIP package and upload it to Amazon S3. Call aws cloudformation create-stack to create the application.
Question 33
A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing.
What could be causing this issue?
A. The cache is not being invalidated when the price of the item is changed
B. The price of the item is being retrieved using a write-through ElastiCache cluster
C. The DynamoDB table was provisioned with insufficient read capacity
D. The DynamoDB table was provisioned with insufficient write capacity
Question 34
The developer is creating a web application that collects highly regulated and confidential user data through a POST request. The web application is served through Amazon CloudFront. User names and phone numbers must be encrypted at the edge and must remain encrypted throughout the entire application stack.
What is the MOST secure way to meet these requirements?
A. Enforce Match Viewer with HTTPS Only on CloudFront.
B. Use only the newest TLS security policy on CloudFront.
C. Enforce a signed URL on CloudFront on the front end.
D. Use field-level encryption on CloudFront.
Question 35
A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?
A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
B. Configure event source mapping for the Lambda function
C. Map an Amazon SNS topic to the DynamoDB streams
D. Increase the maximum execution time (timeout) setting of the Lambda function
Question 36
A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?
A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.
B. The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key.
C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.
D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.
Question 37
An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucket must be resized to a thumbnail image by the application.
Each thumbnail image is uploaded with a new name in the same S3 bucket.
Which AWS service can a developer configure to directly process each single S3 event for each S3 object upload?
A. Amazon EC2
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS Elastic Beanstalk
D. AWS Lambda
Question 38
A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?
A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Question 39
Where should the appspec.
yml file be placed in order for AWS CodeDeploy to work?
A. In the root of the application source code directory structure
B. In the bin folder along with all the complied code
C. In an S3 bucket
D. In the same folder as the application configuration files
Question 40
A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client- side encryption.
What steps must be followed?
A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data
C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data
