A company is running a two-tier ecommerce application in one AWS account. The web server is deployed
using an Amazon RDS for MySQL Multi-AZ DB instance. A Developer mistakenly deleted the database in
the production environment. The database has been restored, but this resulted in hours of downtime and lost
revenue.
Which combination of changes in existing IAM policies should a Database Specialist make to prevent an error
like this from happening in the future? (Choose three.)
A.
Grant least privilege to groups, users, and roles
B.
Allow all users to restore a database from a backup that will reduce the overall downtime to restore thedatabase
C.
Enable multi-factor authentication for sensitive operations to access sensitive resources and APIoperations
D.
Use policy conditions to restrict access to selective IP addresses
E.
Use AccessList Controls policy type to restrict users for database instance deletion
F.
Enable AWS CloudTrail logging and Enhanced Monitoring
Grant least privilege to groups, users, and roles
Enable multi-factor authentication for sensitive operations to access sensitive resources and APIoperations
Use policy conditions to restrict access to selective IP addresses
A Database Specialist is creating a new Amazon Neptune DB cluster, and is attempting to load fata from
Amazon S3 into the Neptune DB cluster using the Neptune bulk loader API. The Database Specialist receives
the following error:
“Unable to connect to s3 endpoint. Provided source = s3://mybucket/graphdata/ and region = us-east-1. Please
verify your S3 configuration.”
Which combination of actions should the Database Specialist take to troubleshoot the problem? (Choose two.)
A.
Check that Amazon S3 has an IAM role granting read access to Neptune
B.
Check that an Amazon S3 VPC endpoint exists
C.
Check that a Neptune VPC endpoint exists
Check that Amazon EC2 has an IAM role granting read access to Amazon S3
Check that Neptune has an IAM role granting read access to Amazon S3
D.
Check that Amazon EC2 has an IAM role granting read access to Amazon S3
E.
Check that Neptune has an IAM role granting read access to Amazon S3
Check that an Amazon S3 VPC endpoint exists
Check that Amazon EC2 has an IAM role granting read access to Amazon S3
A company is writing a new survey application to be used with a weekly televised game show. The application
will be available for 2 hours each week. The company expects to receive over 500,000 entries every week,
with each survey asking 2-3 multiple choice questions of each user. A Database Specialist needs to select a
platform that is highly scalable for a large number of concurrent writes to handle he anticipated volume.
Which AWS services should the Database Specialist consider? (Choose two.)
A.
Amazon DynamoDB
B.
Amazon Redshift
C.
Amazon Neptune
D.
Amazon Elasticsearch Service
E.
Amazon ElastiCache
Amazon DynamoDB
Amazon ElastiCache
A clothing company uses a custom ecommerce application and a PostgreSQL database to sell clothes tothousands of users from multiple countries. The company is migrating its application and database from its on
premises data center to the AWS Cloud. The company has selected Amazon EC2 for the application and
Amazon RDS for PostgreSQL for the database. The company requires database passwords to be changed
every 60 days. A Database Specialist needs to ensure that the credentials used by the web application to
connect to the database are managed securely.
Which approach should the Database Specialist take to securely manage the database credentials?
A.
Store the credentials in a text file in an Amazon S3 bucket. Restrict permissions on the bucket to the
IAM role associated with the instance profile only. Modify the application to download the text file and
retrieve the credentials on start up. Update the text file every 60 days.
B.
Configure IAM database authentication for the application to connect to the database. Create an IAM
user and map it to a separate database user for each ecommerce user. Require users to update their
passwords every 60 days
C.
Store the credentials in AWS Secrets Manager. Restrict permissions on the secret to only the IAM role
associated with the instance profile. Modify the application to retrieve the credentials from Secrets
Manager on start up. Configure the rotation interval to 60 days.
D.
Store the credentials in an encrypted text file in the application AMI. Use AWS KMS to store the key
for
decrypting the text file. Modify the application to decrypt the text file and retrieve the credentials on
start up. Update the text file and publish a new AMI every 60 days.
Configure IAM database authentication for the application to connect to the database. Create an IAM
user and map it to a separate database user for each ecommerce user. Require users to update their
passwords every 60 days
A company is load testing its three-tier production web application deployed with an AWS CloudFormation
template on AWS. The Application team is making changes to deploy additional Amazon EC2 and AWS
Lambda resources to expand the load testing capacity. A Database Specialist wants to ensure that the changes
made by the Application team will not change the Amazon RDS database resources already deployed.
Which combination of steps would allow the Database Specialist to accomplish this? (Choose two.)
A.
Review the stack drift before modifying the template
B.
Create and review a change set before applying it
C.
Export the database resources as stack outputs
D.
Define the database resources in a nested stack
E.
Set a stack policy for the database resources
Review the stack drift before modifying the template
Define the database resources in a nested stack
A company is developing a multi-tier web application hosted on AWS using Amazon Aurora as the database.
The application needs to be deployed to production and other non-production environments. A Database
Specialist needs to specify different MasterUsername and MasterUserPassword properties in the AWS
CloudFormation templates used for automated deployment. The CloudFormation templates are version
controlled in the company’s code repository. The company also needs to meet compliance requirement by
routinely rotating its database master password for production.
What is most secure solution to store the master password?
A.
Store the master password in a parameter file in each environment. Reference the environment-specific
parameter file in the CloudFormation template
B.
Encrypt the master password using an AWS KMS key. Store the encrypted master password in
theCloudFormation template
C.
Use the secretsmanager dynamic reference to retrieve the master password stored in AWS
SecretsManager and enable automatic rotation.
D.
Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems
ManagerParameter Store and enable automatic rotation.
Use the secretsmanager dynamic reference to retrieve the master password stored in AWS
SecretsManager and enable automatic rotation.
A company has migrated a single MySQL database to Amazon Aurora. The production data is hosted in a DB
cluster in VPC_PROD, and 12 testing environments are hosted in VPC_TEST using the same AWS account.
Testing results in minimal changes to the test data. The Development team wants each environment refreshed
nightly so each test database contains fresh production data every day.
Which migration approach will be the fastest and most cost-effective to implement?
A.
Run the master in Amazon Aurora MySQL. Create 12 clones in VPC_TEST, and script the clones to
bedeleted and re-created nightly.
B.
Run the master in Amazon Aurora MySQL. Take a nightly snapshot, and restore it into 12 databases
inVPC_TEST using Aurora Serverless.
C.
Run the master in Amazon Aurora MySQL. Create 12 Aurora Replicas in VPC_TEST, and script
thereplicas to be deleted and re-created nightly.
D.
Run the master in Amazon Aurora MySQL using Aurora Serverless. Create 12 clones in VPC_TEST,
andscript the clones to be deleted and re-created nightly.
Run the master in Amazon Aurora MySQL. Create 12 clones in VPC_TEST, and script the clones to
bedeleted and re-created nightly.
A company is running its line of business application on AWS, which uses Amazon RDS for MySQL at the
persistent data store. The company wants to minimize downtime when it migrates the database to Amazon
Aurora.
Which migration method should a Database Specialist use?
A.
Take a snapshot of the RDS for MySQL DB instance and create a new Aurora DB cluster with the option to migrate snapshots.
B.
Make a backup of the RDS for MySQL DB instance using the mysqldump utility, create a new Aurora
DB cluster, and restore the backup
C.
Create an Aurora Replica from the RDS for MySQL DB instance and promote the Aurora DB cluster.
D.
Create a clone of the RDS for MySQL DB instance and promote the Aurora DB cluster.
Take a snapshot of the RDS for MySQL DB instance and create a new Aurora DB cluster with the option to migrate snapshots.
A company has an Amazon RDS Multi-AZ DB instances that is 200 GB in size with an RPO of 6 hours. To
meet the company’s disaster recovery policies, the database backup needs to be copied into another Region.
The company requires the solution to be cost-effective and operationally efficient.
What should a Database Specialist do to copy the database backup into a different Region?
A.
Use Amazon RDS automated snapshots and use AWS Lambda to copy the snapshot into another Region
B.
Use Amazon RDS automated snapshots every 6 hours and use Amazon S3 cross-Region replication tocopy the snapshot into another Region
C.
Create an AWS Lambda function to take an Amazon RDS snapshot every 6 hours and use a secondLambda function to copy the snapshot into another Region
D.
Create a cross-Region read replica for Amazon RDS in another Region and take an automated snapshot
ofthe read replica
Create a cross-Region read replica for Amazon RDS in another Region and take an automated snapshot
ofthe read replica
A company is using Amazon with Aurora Replicas for read-only workload scaling. A Database Specialistneeds to split up two read-only applications so each application always connects to a dedicated replica. The
Database Specialist wants to implement load balancing and high availability for the read-only applications.
Which solution meets these requirements?
A.
Use a specific instance endpoint for each replica and add the instance endpoint to each read-onlyapplication connection string
B.
Use reader endpoints for both the read-only workload applications.
C.
Use a reader endpoint for one read-only application and use an instance endpoint for the other read-onlyapplication.
D.
Use custom endpoints for the two read-only applications
Use reader endpoints for both the read-only workload applications.
Page 3 out of 20 Pages |
Previous |