An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:

Which combination of steps should be taken to prevent this failure? (Choose two.)

A. Contact AWS Support to request an AWS KMS rate limit increase.
B. Perform error retries with exponential backoff in the application code.
C. Contact AWS Support to request a S3 rate limit increase.
D. Import a customer master key (CMK) with a larger key size.
E. Use more than one customer master key (CMK) to encrypt S3 data.

A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls.
Which method the Developer use to access the multi-factor authentication protected API?

A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage

An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.

A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table

A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes.
What would be the BEST way to accomplish this?

A. Use an X-Versionheader to denote which version is being called and pass that header to the Lambda function(s)
B. Create an API Gateway Lambda authorizer to route API clients to the correct API version
C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?

A. Encrypt the data before sending it to Amazon S3
B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data

When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?

A. Separate the Lambda handler from the core logic
B. Use Amazon CloudWatch Events to send the processed data
C. Publish the processed data to an Amazon SNS topic
D. Push the processed data to Amazon SQS

A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are sent as query string parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?

A. Enable request validation
B. Include the Amazon Resource Name (ARN) of the Lambda function
C. Change the integration type
D. Create a mapping template

A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?

A. A GitHub secure authentication token
B. A public and private SSH key file
C. A set of Git credentials generated from IAM
D. An Amazon EC2 IAM role with CodeCommit permissions

A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?

A. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
B. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
C. Make a GenerateDataKeyAPI call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
D. Make a GenerateDataKeyWithoutPlaintextAPI call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data