A Developer has created a new AWS IAM user that has s3:putObject permission to write to a specific Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.
How can this issue be resolved?

A. Update the policy of the IAM user to allow the s3:Encrypt action.
B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.

A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the Developer’s account. The Developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.
Which logs can the Developer use to verify whether the traffic is reaching subnet B?

A. VPN logs
B. BGP logs
C. VPC Flow Logs
D. AWS CloudTrail logs

A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours.
Which combination of steps will resolve the latency issue? (Choose two.)

A. Double the Auto Scaling group’s maximum number of servers.
B. Host the application code on AWS Lambda.
C. Scale vertically by resizing the EC2 instances.
D. Create an Amazon CloudFront distribution to cache the static content.
E. Store the application’s static content in Amazon S3.

A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom.
Which encryption option will meet these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. Server-side encryption with customer-provided keys (SSE-C)
D. Server-side encryption with self-managed keys

A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?

A. dynamodb:DeleteItemdynamodb:GetItem
dynamodb:PutItem
B. dynamodb:UpdateItemdynamodb:GetItemdynamodb:DescribeTable
C. dynamodb:GetRecordsdynamodb:PutItemdynamodb:UpdateTable
D. dynamodb:UpdateItemdynamodb:GetItemdynamodb:PutItem

A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance. The company has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS.
What should the Developer do to update the application to support data storage in Amazon RDS?

A. Update the database connection parameters in the application to point to the new RDS instance.
B. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.
C. Create a new EC2 instance with an IAM role that allows access to the new RDS database.
D. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.

A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?

A. Deploy the function into multiple AWS Regions.
B. Deploy the function into multiple Availability Zones.
C. Deploy the function using Lambda layers.
D. Deploy the function with its memory allocation set to the maximum amount.

A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario?

A. Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in.
B. Save the picture’s S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.
C. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture.
D. Save the picture’s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.

A Developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials.
Which AWS service or feature can be used to meet these requirements?


A. AWS IAM
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. AWS Directory Service

A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits.
What can the Developer implement to improve performance while keeping costs low?

A. Target tracking scaling policy
B. Docker Swarm
C. Service scheduler
D. Step scaling policy