An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.
Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

A. The EC2 instance will only be able to list the S3 buckets.
B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
C. The EC2 instance will be able to perform all actions on any S3 bucket.
D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.

A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation.
Which of the following will help the developer accomplish this objective?

A. Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console.
B. Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file.
C. Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console.
D. Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file.

A developer is building an application using an Amazon API Gateway REST API backend by an AWS Lambda function that interacts with an Amazon DynamoDB table. During testing, the developer observes high latency when making requests to the API.
How can the developer evaluate the end-to-end latency and identify performance bottlenecks?

A. Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck.
B. Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests.
C. Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs.
D. Enable VPC Flow Logs to capture and analyze network traffic within the VPC.

A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository.
What needs to be configured before cloning this repository?

A. Use AWS KMS to set up public and private keys for use with AWS CodeCommit.
B. Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories.
C. Use AWS Certificate Manager to provision public and private SSL/TLS certificates.
D. Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommitl.

A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing.
What could be causing this issue?

A. The cache is not being invalidated when the price of the item is changed
B. The price of the item is being retrieved using a write-through ElastiCache cluster
C. The DynamoDB table was provisioned with insufficient read capacity
D. The DynamoDB table was provisioned with insufficient write capacity

A development team uses AWS Elastic Beanstalk for application deployment. The team has configured the application version lifecycle policy to limit the number of application versions to 25. However, even with the lifecycle policy, the source bundle is deleted from the Amazon S3 source bucket.
What should a developer do in the Elastic Beanstalk application version lifecycle settings to retain the source code in the S3 bucket?

A. Change the Set the application versions limit by total count setting to zero.
B. Disable the Lifecycle policy setting.
C. Change the Set the application version limit by age setting to zero.
D. Set Retention to Retain source bundle in S3.

A developer is migrating code to an AWS Lambda function that will an Amazon Aurora MySQL database.
What is the MOST secure way to authenticate the function to the database?

A. Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database.
B. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.
C. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data.
D. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.

A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group. The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB.
Which AWS IAM changes are needed when creating an instance role to provide this functionality?

A. Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and iam:PassRole permissions for the role.
B. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
D. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole permission for the role.

What is required to trace Lambda-based applications with AWS X-Ray?

A. Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray.
B. Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray.
C. Use an IAM execution role to give the Lambda function permissions and enable tracing.
D. Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace.

A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical copies of the infrastructure, stage changes, and revert to previous versions.
Which approach addresses these requirements?

A. Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure.
B. Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure.
C. Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure.
D. Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure.