Which of the following are good use cases for how Amazon ElastiCache can help an application? (Select TWO.)
A . Improve the performance of S3 PUT operations
B . Improve the latency of deployments performed by AWS CodeDeploy
C . Improve latency and throughput for read-heavy application workloads.
D . Reduce the time required to merge AWS CodeCommit branches
E . Improve performance of compute-intensive applications.
Answer: C,E
Which of the following services are key/value stores? Choose 3 answers
A . Amazon ElastiCache
B . Simple Notification Service
C . DynamoDB
D . Simple Workflow Service
E . Simple Storage Service
Answer: A,C,E
A developer wants to send multi-value headers to an AWS Lambda function that is registered as a target with an Application Load Balancer (ALB).
What should the developer do to achieve this?
A . Place the Lambda function and target group in the same account
B . Send the request body to the Lambda function with a size less than 1 MB 0
C . Include the Base64 encoding status status code, status description, and headers in the Lambda function
D . Enable the multi-value headers on the ALB
Answer: D
A company’s ecommerce website is experiencing massive traffic spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time.
A developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent
A . Which cache writing policy will satisfy these requirements?
B . Write to the cache directly and sync the backend at a later time.
C . Write to the backend first and wait for the cache to expire.
D . Write to the cache and the backend at the same time
E . Write to the backend first and invalidate the cache
Answer: E
A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.
Which of the following solutions will accomplish this task? (Choose two.)
A . Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint
B . Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key
C . Set up Server-Side Encryption with AWS KMS-Managed Keys
D . Transfer the data over an SSL connection
E . Set up Server-Side Encryption with S3-Managed Keys
Answer: B,D
Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.
Which type of encryption meets these requirements?
A . Server-side encryption using S3-managed keys
B . Server-side encryption with AWS KMS-managed keys
C . Client-side encryption with a client-side symmetric master key
D . Client-side encryption with AWS KMS-managed keys
Answer: B
An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
A . Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B . Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C . Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D . Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
Answer: A
Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available.
Which of the following could create this situation? (Select two.)
A . The traces are reaching X-Ray, but the Developer does not have access to view the records.
B . The X-Ray daemon is not installed on the EC2 instance.
C . The X-Ray endpoint specified in the application configuration is incorrect.
D . The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.
E . The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.
Answer: B,E
A company uses a third-party tool to build, bundle, and package rts applications on-premises. and store them locally. The company uses Amazon EC2 instances to run its front-end applications.
How can an application be deployed from the source control system onto the EC2 instances?
A . Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle m a zip. tar. or tar.gz format
B . Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy
C . Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances
D . Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances
Answer: B
A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.
How can the developer meet these requirements?
A . Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes
B . Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes
C . Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS
D . Modify the S3 bucket policy to only allow specific users to download the documents Revert the change after 15 minutes.
Answer: B