A developer is using an AWS Key Management Service (AWS KMS) customer master key (CMK) with imported key material to encrypt data in Amazon S3. The developer accidentally deletes the key material of the CMK and is unable to decrypt the data.
How can the developer decrypt the data that was encrypted by the CMK?

A. Request support from AWS to recover the deleted key material.
B. Create a new CMK. Use the new CMK to decrypt the data.
C. Use the CMK without the key material.
D. Reimport the same key material to the CMK.

A developer creates an AWS Lambda function to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. All message content must be encrypted in transit and at rest between Lambda and Amazon SNS.
A part of the Lambda execution role is as follows:

Which combination of steps should the developer take to meet these requirements? (Choose two.)

A. Enable server-side encryption on the SNS topic.
B. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "true" as the condition.
C. Create a VPC endpoint for Amazon SNS.
D. Add a StringEquals condition of "sns:Protocol": "https" to the Lambda execution role.
E. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "false" as the condition.

A developer needs to implement a cache to store data that an application frequently queries from an Amazon RDS for MySQL database. The data structures that will be cached include sets and sorted sets.
How should the developer implement the cache to achieve the LOWEST latency?

A. Create an Amazon ElastiCache for Memcached instance. Serialize the data as JSON before caching the data.
B. Create an Amazon ElastiCache for Redis instance. Use a Redis client library to cache the data.
C. Create an Amazon DynamoDB table. Serialize the data as JSON before caching the data.
D. Create an Amazon ElastiCache for Memcached instance. Use a Memcached client library to cache the data.

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user.
During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:' permission for the S3 bucket.
B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
C. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

A developer is writing an application in Python. The application runs on AWS Lambda. The application generates a file and needs to upload this file to Amazon S3.
The developer must implement this upload functionality with the least possible change to the application code.
Which solution meets these requirements?

A. Make an HTTP request directly to the S3 API to upload the file.
B. Include the AWS SDK for Python in the Lambda function. Use the SDK to upload the file.
C. Use the AWS SDK for Python that is installed in the Lambda environment to upload the file.
D. Use the AWS CLI that is installed in the Lambda environment to upload the file.

A developer has an application that asynchronously invokes an AWS Lambda function. The developer wants to store messages that resulted in failed invocations of the Lambda function so that the application can retry the call later.
What should the developer do to accomplish this goal with the LEAST operational overhead?

A. Set up Amazon CloudWatch Logs log groups to filter and store the messages in an Amazon S3 bucket. Import the messages in Lambda. Run the Lambda function again.
B. Configure Amazon EventBridge (Amazon CloudWatch Events) to send the messages to Amazon Simple Notification Service (Amazon SNS) to initiate the Lambda function again.
C. Implement a dead-letter queue for discarded messages. Set the dead-letter queue as an event source for the Lambda function.
D. Send Amazon EventBridge (Amazon CloudWatch Events) events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the Lambda function to pull messages from the SQS queue. Run the Lambda function again.

A developer is designing an Amazon DynamoDB table for an application. The application will store user information that includes a unique identifier and an email address for each user. The application must be able to query the table by using either the unique identifier or the email address.
How should the developer design the DynamoDB table to meet these requirements?

A. For the primary key of the table, specify the unique identifier as the partition key and specify the email address as the sort key.
B. For the primary key of the table, specify the unique identifier as the partition key. Create a local secondary index (LSI) based on the email address.
C. For the primary key of the table, specify the email address as the partition key and specify the unique identifier as the sort key.
D. For the primary key of the table, specify the unique identifier as the partition key. Create a global secondary index (GSI) based on the email address.

A developer is creating an AWS Lambda function that generates a new file each time it runs. Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account.
How should the developer accomplish this?

A. When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change.
B. After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository.
C. Use an AWS SDK to instantiate a CodeCommit client. Invoke the putjile method to add the file to the repository.
D. Upload the new file to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the repository.

A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e- commerce activity. During peak times, the backend servers that process orders are overloaded with requests.
This results in some orders failing to process. A developer needs to create a solution that will re-factor the application.
Which steps will allow for more flexibility during peak times, while still remaining cost-effective? (Choose two.)

A. Increase the backend T2 EC2 instance sizes to x1 to handle the largest possible load throughout the year.
B. Implement an Amazon SQS queue to decouple the front-end and backend servers.
C. Use an Amazon SNS queue to decouple the front-end and backend servers.
D. Migrate the backend servers to on-premises and pull from an Amazon SNS queue.
E. Modify the backend servers to pull from an Amazon SQS queue.

A company is running a web application that is using Amazon Cognito for authentication. The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company's security team has concerns about compromised credentials. The development team needs to configure mandatory MFA only when suspicious sign-in attempts are detected.
Which Amazon Cognito feature will meet these requirements?

A. Short message service (SMS) text message MFA
B. Advanced security metrics
C. Time-based one-time password (TOTP) software token MFA
D. Adaptive authentication