A developer is testing an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM) local CLI. The application that is implemented by the
Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop.
What should the developer do to meet these requirements?

A. Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.

B. Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the -profile option.

C. Edit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.

D. Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the –parameter-overrides option.

A global company has a mobile app with static data stored in an Amazon S3 bucket in the us-east-1 Region. The company serves the content through an Amazon
CloudFront distribution. The company is launching the mobile app in South Africa. The data must reside in the af-south-1 Region. The company does not want to deploy a specific mobile client for South Africa.
What should the company do to meet these requirements?

A. Use the CloudFront geographic restriction feature to block access to users in South Africa.

B. Create a Lambda@Edge function. Associate the Lambda@Edge function as an origin request trigger with the CloudFront distribution to change the S3 origin Region.

C. Create a Lambda@Edge function. Associate the Lambda@Edge function as a viewer response trigger with the CloudFront distribution to change the S3 origin Region.

D. Include af-south-1 in the alternate domain name (CNAME) of the CloudFront distribution.

A developer has created a Java application that makes HTTP requests directly to AWS services. Application logging shows 5xx HTTP response codes that occur at irregular intervals. The errors are affecting users.
How should the developer update the application to improve the application's resiliency?

A. Revise the request content in the application code.

B. Use the AWS SDK for Java to interact with AWS APIs.

C. Scale out the application so that more instances of the application are running.

D. Add additional logging to the application code.

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.
What code updates will grant these new users access to the API?

A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.

B. The updateAuthorizer method must be called to update the API’s authorizer to include the newly created API key.

C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?

A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table

B. Configure event source mapping for the Lambda function

C. Map an Amazon SNS topic to the DynamoDB streams

D. Increase the maximum execution time (timeout) setting of the Lambda function

A company experienced partial downtime during the last deployment of a new application. AWS Elastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a new version one batch at a time after taking them out of service. Therefore, full capacity was not maintained during deployment.
The developer plans to release a new version of the application, and is looking for a policy that will maintain full capacity and minimize the impact of the failed deployment.
Which deployment policy should the developer use?

A. Immutable

B. All at Once

C. Rolling

D. Rolling with an Additional Batch

A company that has multiple offices uses an Amazon DynamoDB table to store employee payroll information. Item attributes consist of employee names, office identifiers, and cumulative daily hours worked The most frequently used query extracts a report of an alphabetical subset of employees for a specific office.
Which design of the DynamoDB table primary key will have the MINIMUM performance impact?

A. Partition key on the office identifier and sort key on the employee name

B. Partition key on the employee name and sort key on the office identifier

C. Partition key on the employee name

D. Partition key on the office identifier

A developer needs to write an AWS CloudFormation template on a local machine and deploy a CloudFormation stack to AWS.
What must the developer do to complete these tasks?

A. Install the AWS CLI. Configure the AWS CLI by using an IAM user name and password.

B. Install the AWS CLI. Configure the AWS CLI by using an SSH key.

C. Install the AWS CLI. Configure the AWS CLI by using an IAM user access key and secret key.

D. Install an AWS software development kit (SDK). Configure the SDK by using an X.509 certificate.

A developer is working on a web application that runs on Amazon Elastic Container Service (Amazon ECS) and uses an Amazon DynamoDB table to store data.
The application performs a large number of read requests against a small set of the table data.
How can the developer improve the performance of these requests? (Choose two.)

A. Create an Amazon ElastiCache cluster. Configure the application to cache data in the cluster.

B. Create a DynamoDB Accelerator (DAX) cluster. Configure the application to use the DAX cluster for DynamoDB requests.

C. Configure the application to make strongly consistent read requests against the DynamoDB table.

D. Increase the read capacity of the DynamoDB table.

E. Enable DynamoDB adaptive capacity.

A developer needs to use Amazon DynamoDB to store customer orders. The developer's company requires all customer data to be encrypted at rest with a key that the company generates.
What should the developer do to meet these requirements?

A. Create the DynamoDB table with encryption set to None. Code the application to use the key to decrypt the data when the application reads from the table. Code the application to use the key to encrypt the data when the application writes to the table.

B. Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS customer managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

C. Store the key by using AWS Key Management Service (AWS KMS). Create the DynamoDB table with default encryption. Include the kms:Encrypt parameter with the Amazon Resource Name (ARN) of the AWS KMS key when using the DynamoDB software development kit (SDK).

D. Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS AWS managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.

A developer is writing an AWS Lambda function. The Lambda function needs to access items that are stored in an Amazon DynamoDB table.
What is the MOST secure way to configure this access for the Lambda function?

A. Create an IAM user that has permissions to access the DynamoDB table. Create an access key for this user. Store the access key ID and secret access key in the Lambda function environment variables.

B. Add a resource-based policy to the DynamoDB table to allow access from the Lambda function’s IAM role.

C. Create an IAM policy that allows access to the DynamoDB table. Attach this policy to the Lambda function’s IAM role.

D. Create a DynamoDB Accelerator (DAX) cluster. Configure the Lambda function to use the DAX duster to access the DynamoDB table.

A company has point-of-sale devices across thousands of retail shops that synchronize sales transactions with a centralized system. The system includes an
Amazon API Gateway API that exposes an AWS Lambda function. The Lambda function processes the transactions and stores the transactions in Amazon RDS for MySQL. The number of transactions increases rapidly during the day and is near zero at night.
How can a developer increase the elasticity of the system MOST cost-effectively?

A. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale road replicas based on CPU consumption.

B. Migrate from Amazon RDS to Amazon Aurora MySQL. Use an Aurora Auto Scaling policy to scale read replicas based on the number of database connections.

C. Create an Amazon Simple Queue Service (Amazon SQS) queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Turn on enhanced fanout for the Lambda function.

D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Publish transactions to the queue. Set the queue to invoke the Lambda function. Set the reserved concurrency of the Lambda function to be less than the number of database connections.

A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time.
Which approach should the Developer use to achieve this goal?

A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.

B. Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.

C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.

D. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.

A company is using AWS CodeDeploy for all production deployments. A developer has an Amazon Elastic Container Service (Amazon ECS) application that uses the CodeDeployDefault.ECSAIIAtOnce configuration. The developer needs to update the production environment in increments of 10% until the entire production environment is updated.
Which CodeDeploy configuration should the developer use to meet these requirements?

A. CodeDeployDefault.ECSCanary10Percent5Minutes

B. CodeDeployDefault.ECSLinear10PercentEvery3Minutes

C. CodeDeployDefault.OneAtATime

D. CodeDeployDefault.LambdaCanary10Percent5Minutes

A developer is trying to get data from an Amazon DynamoDB table called demoman-table. The developer configured the AWS CLI to use a specific IAM user's credentials and executed the following command:
 
The command returned errors and no rows were returned.
What is the MOST likely cause of these issues?

A. The command is incorrect; it should be rewritten to use put-item with a string argument.

B. The developer needs to log a ticket with AWS Support to enable access to the demoman-table.

C. Amazon DynamoDB cannot be accessed from the AWS CLI and needs to be called via the REST API.

D. The IAM user needs an associated policy with read access to demoman-table.

A developer creates a customer managed key for multiple AWS users to encrypt data in Amazon S3. The developer configures Amazon Simple Notification
Service (Amazon SNS) to publish a message if key deletion is scheduled. The developer needs to preserve any SNS messages that cannot be delivered so that those messages can be reprocessed.
Which AWS service or feature should the developer use to meet this requirement?

A. Amazon Simple Email Service (Amazon SES)

B. AWS Lambda

C. Amazon Simple Queue Service (Amazon SQS)

D. Amazon CloudWatch alarm

A developer is planning to use an Amazon API Gateway and AWS Lambda to provide a REST API. The developer will have three distinct environments to manage: development, test, and production.
How should the application be deployed while minimizing the number of resources to manage?

A. Create a separate API Gateway and separate Lambda function for each environment in the same Region.

B. Assign a Region for each environment and deploy API Gateway and Lambda to each Region.

C. Create one API Gateway with multiple stages with one Lambda function with multiple aliases.

D. Create one API Gateway and one Lambda function, and use a REST parameter to identify the environment.

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?

A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipelines?

A. Create a separate CodePipeline pipeline to run unit tests

B. Update the AWS CodeBuild specification to include a phase for running unit tests

C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests

D. Create a testing branch in AWS CodeCommit to run unit tests

A developer is configuring an Amazon CloudFront distribution for a new application to provide encryption in transit. The application is running in the eu-west-1
Region. The developer creates a new certificate in AWS Certificate Manager (ACM) in eu-west-1, but the certificate is not visible in the CloudFront distribution settings.
What should the developer do to fix this problem?

A. Create the certificate for the domain in the same Region as the application. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

B. Create the certificate in the eu-west-1 Region. Ensure that the alternate domain name (CNAME) in the distribution settings matches the domain name in the certificate.

C. Recreate the CloudFront distribution in the same Region as the certificate.

D. Specify the ACM certificate name as the default root object of the CloudFront distribution.

A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client- side encryption.
What steps must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter

B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

Where should the appspec.yml file be placed in order for AWS CodeDeploy to work?

A. In the root of the application source code directory structure

B. In the bin folder along with all the complied code

C. In an S3 bucket

D. In the same folder as the application configuration files

An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucket must be resized to a thumbnail image by the application.
Each thumbnail image is uploaded with a new name in the same S3 bucket.
Which AWS service can a developer configure to directly process each single S3 event for each S3 object upload?

A. Amazon EC2

B. Amazon Elastic Container Service (Amazon ECS)

C. AWS Elastic Beanstalk

D. AWS Lambda

A developer must use AWS X-Ray to monitor an application that is running on an Amazon EC2 instance. The developer has prepared the application by using the
X-Ray SDK.
What should the developer do to perform the monitoring?

A. Configure the X-Ray SDK sampling rule and target. Activate the X-Ray daemon from the EC2 console or the AWS CLI with the modify-instance-attribute command to set the XRayEnabled flag.

B. Install the X-Ray daemon. Assign an IAM role to the EC2 instance with a policy that allows writes to X-Ray.

C. Install the X-Ray daemon. Configure it to forward data to Amazon EventBridge (Amazon CloudWatch Events). Grant the EC2 instance permission to write to Event Bridge (CloudWatch Events).

D. Deploy the X-Ray SDK with the application, and instrument the application code. Use the SDK logger to capture and send the events.

A company has a multi-tier application that uses Amazon API Gateway, AWS Lambda, and Amazon RDS. The company wants to investigate a slow response time to calls that come from the API Gateway API.
What is the MOST operationally efficient way for the company to determine which internal call is causing the slow response times?

A. Use Amazon CloudWatch.

B. Use AWS X-Ray.

C. Use AWS CloudTrail.

D. Use VPC Flow Logs.

A developer is using Amazon S3 as the event source that invokes a Lambda function when new objects are created in the bucket. The event source mapping information is stored in the bucket notification configuration. The developer is working with different versions of the Lambda function, and has a constant need to update notification configuration so that Amazon S3 invokes the correct version.
What is the MOST efficient and effective way to achieve mapping between the S3 event and Lambda?

A. Use a different Lambda trigger.

B. Use Lambda environment variables.

C. Use a Lambda alias.

D. Use Lambda tags.

A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people.
How can the developer securely provide temporary access to the objects that are stored in the S3 bucket?

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket’s S3 URL.

B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.

C. Set a bucket policy that restricts access after a period of time. Provide the bucket’s S3 URL.

D. Configure static web hosting on the S3 bucket. Provide the bucket’s web URL.

A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about 8 seconds on average for AWS Lambda functions.
What should the Developer do to reduce the cold start time? (Choose two.)

A. Add the Spring Framework to the project and enable dependency injection.

B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.

C. Increase the memory allocation setting for the Lambda function.

D. Increase the timeout setting for the Lambda function.

E. Change the Lambda invocation mode from synchronous to asynchronous.

A developer wants to use AWS Elastic Beanstalk to test a new version of on application in a test environment.
Which deployment method offers the FASTEST deployment?

A. Immutable

B. Rolling

C. Rolling with additional batch

D. All at once

A developer tested an application locally and then deployed it to AWS Lambda. While testing the application remotely, the Lambda function fails with an access denied message.
How can this issue be addressed?

A. Update the Lambda function’s execution role to include the missing permissions.

B. Update the Lambda function’s resource policy to include the missing permissions.

C. Include an IAM policy document at the root of the deployment package and redeploy the Lambda function.

D. Redeploy the Lambda function using an account with access to the AdministratorAccess policy.

A developer is creating a mobile application that will not require users to log in.
What is the MOST efficient method to grant users access to AWS resources?

A. Use an identity provider to securely authenticate with the application.

B. Create an AWS Lambda function to create an IAM user when a user accesses the application.

C. Create credentials using AWS KMS and apply these credentials to users when using the application.

D. Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.

An application needs to use the IP address of the client in its processing. The application has been moved into AWS and has been placed behind an Application
Load Balancer (ALB). However, all the client IP addresses now appear to be the same. The application must maintain the ability to scale horizontally.
Based on this scenario, what is the MOST cost-effective solution to this problem?

A. Remove the application from the ALB. Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application.

B. Remove the application from the ALB. Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol.

C. Alter the application code to inspect the X-Forwarded-For header. Ensure that the code can work properly if a list of IP addresses is passed in the header.

D. Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.

A developer has built an application that inserts data into an Amazon DynamoDB table. The table is configured to use provisioned capacity. The application is deployed on a burstable nano Amazon EC2 Instance. The application logs show that the application has been failing because of a
ProvisionedThroughputExceedException error.
Which actions should the developer take to resolve this issue? (Choose two.)

A. Move The application to a larger EC instance.

B. Increase the number or read capacity units (RCUs) that are provisioned for the DynamoDB table.

C. Reduce the frequency of requests to DynamoDB by implement ng exponential backoff.

D. Increase the frequency of requests to DynamoDB by decreasing the retry delay.

E. Change the capacity mode of the DynamoDB table from provisioned to on-demand.

A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications.
How should the Developer identify and troubleshoot the root cause of the performance issues in production?

A. Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.

B. Use AWS CloudTrail and then examine the logs.

C. Use AWS X-Ray, then examine the segments and errors.

D. Run Amazon Inspector agents and then analyze performance.

A developer notices timeouts from the AWS CLI when the developer runs list commands.
What should the developer do to avoid these timeouts?

A. Use the –page-size parameter to request a smaller number of items.

B. Use shorthand syntax to separate the list by a single space.

C. Use the yaml-stream output for faster viewing of large datasets.

D. Use quotation marks around strings to enclose data structure.

A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations.
As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing.
What is the MOST secure approach?

A. Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.

B. Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.

C. Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.

D. Use client-side encryption/decryption with Amazon S3 and AWS KMS.

A company has moved a legacy on-premises application to AWS by performing a lift and shift. The application exposes a REST API that can be used to retrieve billing information. The application is running on a single Amazon EC2 instance. The application code cannot support concurrent invocations. Many clients access the API, and the company adds new clients all the time.
A developer is concerned that the application might become overwhelmed by too many requests. The developer needs to limit the number of requests to the API for all current and future clients. The developer must not change the API, the application, or the client code.
What should the developer do to meet these requirements?

A. Place the API behind an Amazon API Gateway API. Set the server-side throttling limits.

B. Place the API behind a Network Load Balancer. Set the target group throttling limits.

C. Place the API behind an Application Load Balancer. Set the target group throttling limits.

D. Place the API behind an Amazon API Gateway API. Set the per-client throttling limits.

A developer is creating a serverless application that uses an AWS Lambda function The developer will use AWS CloudFormation to deploy the application The application will write logs to Amazon CloudWatch Logs. The developer has created a log group in a CloudFormation template for the application to use. The developer needs to modify the CloudFormation template to make the name of the log group available to the application at runtime.
Which solution will meet this requirement?

A. Use the AWS::Include transform in CloudFormation to provide the log group’s name to the application.

B. Pass the log group’s name to the application in the user data section of the CloudFormation template

C. Use the CloudFormation template’s Mappings section to specify the log group’s name for the application.

D. Pass the log group’s Amazon Resource Name (ARN) as an environment variable to the Lambda function.

A company is running an application on Amazon Elastic Container Service (Amazon ECS). When the company deploys a new version of the application, the company initially needs to expose 10% of live traffic to the new version. After a period of time, the company needs to immediately route all the remaining live traffic to the new version.
Which ECS deployment should the company use to meet these requirements?

A. Rolling update

B. Blue/green with canary

C. Blue/green with all at once

D. Blue/green with linear

A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance.
How can the application find this information?

A. Query the instance metadata from http://169.254.169.254/latest/meta-data/.

B. Query the instance user data from http://169.254.169.254/latest/user-data/.

C. Query the Amazon Machine Image (AMI) information from http://169.254 169.254/latest/meta-data/ami/.

D. Check the hosts file of the operating system.

A developer needs to use the AWS CLI on an on-premises development server temporarily to access AWS services while performing maintenance. The developer needs to authenticate to AWS with their identity for several hours.
What is the MOST secure way to call AWS CLI commands with the developer's IAM identity?

A. Specify the developer’s IAM access key ID and secret access key as parameters for each CLI command

B. Run the aws configure CLI command. Provide the developer’s IAM access key ID and secret access key.

C. Specify the developer’s IAM profile as a parameter for each CLI command.

D. Run the get-session-token CLI command with the developer’s IAM user. Use the returned credentials to call the CLI

A company has an application that writes files to an Amazon S3 bucket. Whenever there is a new file, an S3 notification event invokes an AWS Lambda function to process the file. The Lambda function code works as expected. However, when a developer checks the Lambda function logs, the developer finds that multiple invocations occur for every file.
What is causing the duplicate entries?

A. The S3 bucket name is incorrectly specified in the application and is targeting another S3 bucket.

B. The Lambda function did not run correctly, and Lambda retried the invocation with a delay.

C. Amazon S3 is delivering the same event multiple times.

D. The application stopped intermittently and then resumed, splitting the logs into multiple smaller files.

A developer is designing a full-stack serverless application. Files for the website are stored in an Amazon S3 bucket. AWS Lambda functions that use Amazon
API Gateway endpoints return results from an Amazon DynamoDB table.
The developer must create a solution that securely provides registration and authentication for the application while minimizing the amount of configuration.
Which solution meets these requirements?

A. Create an Amazon Cognito user pool and an app client. Configure the app client to use the user pool and provide the hosted web UI provided for sign-up and sign-in.

B. Configure an Amazon Cognito identity pool. Map the users with IAM roles that are configured to access the S3 bucket that stores the website.

C. Configure and launch an Amazon EC2 instance to set up an identity provider with an Amazon Cognito user pool. Configure the user pool to provide the hosted web UI for sign-up and sign-in.

D. Create an IAM policy that allows access to the website that is stored in the S3 bucket. Attach the policy to an IAM group. Add IAM users to the group.

A developer received the following error message during an AWS CloudFormation deployment:
DELETE_FAILED (The following resource(s) failed to delete: [ASGInstanceRolel2345678].)
Which action should the developer take to resolve this error?

A. Contact AWS Support to report an issue with the Auto Scaling Groups (ASG) service.

B. Add a DependsOn attribute to the ASGInstanceRole12345678 resource in the CloudFormation template. Then delete the stack.

C. Modify the CloudFormation template to retain the ASGInstanceRolel2345678 resource. Then manually delete the resource after deployment.

D. Add a force parameter when calling CloudFormation with the role-arn of ASGInstanceRolel2345678.

A developer manages an application that interacts with Amazon RDS. After observing slow performance with read queries, the developer implements Amazon
ElastiCache to update the cache immediately following the primary database update.
What will be the result of this approach to caching?

A. Caching will increase the load on the database instance because the cache is updated for every database update.

B. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data.

C. The cache will become large and expensive because the infrequently requested data is also written to the cache.

D. Overhead will be added to the initial response time because the cache is updated only after a cache miss.

A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries.
How can this objective be met?

A. Add database retries to effectively use RDS with vertical scaling.

B. Use RDS with multi-AZ deployment.

C. Add a connection string to use an RDS read replica for read queries.

D. Add a connection string to use a read replica on an EC2 instance.

A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed.
What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway?

A. Associate different AWS Lambda functions to an API Gateway target endpoint.

B. Create different stages in API Gateway. then associate API Gateway with AWS Lambda.

C. Create aliases and versions in AWS Lambda.

D. Tag the AWS Lambda functions with different names.

A developer is designing a serverless application for an ecommerce website. An Amazon API Gateway API exposes AWS Lambda functions for billing, payment, and user operations. The website features shopping carts for the users. The shopping carts must be stored for extended periods of time and will be retrieved frequently by the front-end application.
The load on the application will vary significantly based on the time of day and the promotional sales that are offered on the website. The application must be able to scale automatically to meet these changing demands.
Which solution will meet these requirements?

A. Store the data objects on an Amazon RDS DB instance. Cache the data objects in memory by using Amazon ElastiCache.

B. Store the data objects on Amazon EC2 instances behind an Application Load Balancer. Use session affinity (sticky sessions) for each user’s shopping cart.

C. Store the data objects in Amazon S3 buckets. Cache the data objects by using Amazon CloudFront with the maximum TTL.

D. Store the data objects in Amazon DynamoDB tables. Cache the data objects by using DynamoDB Accelerator (DAX).

A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a new AWS Lambda function. The Lambda function runs complex code. The developer wants to test the Lambda function with more CPU power.
What should the developer do to meet this requirement?

A. Increase the runtime engine version.

B. Increase the timeout.

C. Increase the number of Lambda layers.

D. Increase the memory.

A company is planning to use AWS CodeDeploy to deploy an application to AWS Lambda. During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, every 10 minutes, the company must route another
10% of live traffic to the new version of the deployed application until all live traffic is routed to the new version.
Which CodeDeploy predefined configuration will meet these requirements?

A. CodeDeployDefault.OnceAtATime

B. CodeDeployDefault.LambdaCanary10Percent10Minutes

C. CodeDeployDefault.LambdaLinear10PercentEvery10Minutes

D. CodeDeployDefault.ECSLinear10PercentEvery3Minutes