Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsDBS-C01Exam Questions

Amazon Web Services · Free Practice Questions · Last reviewed May 2026

DBS-C01 Exam Questions and Answers

30real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

65 exam questions
180 min time limit
Pass: 750/1000 / 1000
5 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Workload-Specific Database Design2. Deployment and Migration3. Management and Operations4. Monitoring and Troubleshooting5. Database Security
1

Domain 1: Workload-Specific Database Design

All Workload-Specific Database Design questions
Q1
mediumFull explanation →

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database has a large table that is frequently accessed by reporting queries. The reporting queries filter on a column that has a high cardinality but low selectivity. To optimize query performance on this table, which design choice should the database specialist recommend?

A

Partition the table by the filter column

B

Use a read replica to offload reporting queries

C

Increase the provisioned read IOPS for the RDS instance

D

Create a covering index on the filter column

A covering index includes all columns needed, allowing query results to be returned from the index alone.

Why: Option D is correct because a covering index includes all columns needed by the reporting queries, allowing PostgreSQL to satisfy the query entirely from the index without accessing the heap (table) pages. This eliminates the overhead of random I/O for row lookups, which is especially beneficial when filtering on a high-cardinality, low-selectivity column where many rows match but the index scan alone can return the required data. In Amazon RDS for PostgreSQL, this reduces read IOPS consumption and improves query latency.
Q2
hardFull explanation →

A company is designing a new e-commerce platform using Amazon DynamoDB. The workload requires single-digit millisecond latency for user session data, which is accessed by session token. The session data is temporary and should be automatically deleted after 24 hours. Which DynamoDB design should the database specialist recommend?

A

Create an AWS Lambda function that runs every hour and deletes expired session data

B

Store session data in Amazon S3 with a lifecycle policy to delete objects after 24 hours

C

Use DynamoDB Accelerator (DAX) to cache session data and set a 24-hour TTL on the cache

D

Enable DynamoDB Time to Live (TTL) on the session token attribute

TTL automatically deletes items after a specified expiry timestamp, meeting the 24-hour deletion requirement.

Why: DynamoDB Time to Live (TTL) automatically deletes expired items after a specified timestamp, making it ideal for session data that must be removed after 24 hours. This approach requires no additional infrastructure, meets the single-digit millisecond latency requirement by using the session token as the primary key, and ensures automatic cleanup without manual intervention or added cost.
Q3
easyFull explanation →

A financial services company is migrating its Oracle database to Amazon Aurora PostgreSQL. The database runs a critical batch processing job every night that updates millions of rows. The company needs the migration to minimize downtime and ensure data integrity. Which AWS service should the database specialist use to perform the migration?

A

AWS Database Migration Service (AWS DMS) with ongoing replication from Oracle to Aurora PostgreSQL

AWS DMS can perform a one-time migration and then use ongoing replication to keep the target in sync with the source, minimizing downtime.

B

AWS Data Pipeline to export data from Oracle and import into Aurora PostgreSQL

C

AWS Schema Conversion Tool (AWS SCT) to convert the schema and then use native PostgreSQL tools to migrate data

D

AWS Glue to extract data from Oracle and load into Aurora PostgreSQL

Why: AWS DMS with ongoing replication (change data capture, CDC) is the correct choice because it enables a near-zero-downtime migration by continuously replicating changes from the source Oracle database to the target Aurora PostgreSQL while the source remains fully operational. After the initial full load, DMS applies ongoing transactions, allowing you to cut over with minimal interruption. This directly addresses the requirement to minimize downtime for the nightly batch job and ensures data integrity through transactional consistency.
Q4
mediumFull explanation →

A social media application uses Amazon DynamoDB as its primary data store. The application stores user posts and allows users to retrieve the most recent 10 posts of users they follow. The access pattern is a followee-based query that needs to be highly scalable and low-latency. Which DynamoDB table design should the database specialist recommend?

A

Use a partition key of post ID and a local secondary index on the followee ID

B

Use a single table with a scan operation and filter on the followee attribute

C

Use a composite primary key with a partition key of follower ID and a sort key of timestamp, and store the followee ID as an attribute

This design allows efficient Query on the follower ID to retrieve recent posts in reverse order by timestamp.

D

Design the table with a partition key of user ID and a sort key of timestamp, and create a global secondary index (GSI) on followee ID

Why: Option C is correct because it models the access pattern directly: the follower ID as the partition key ensures all posts from followed users are co-located, and the sort key of timestamp allows efficient retrieval of the most recent 10 posts via a Query with a limit of 10 and descending order. This design avoids expensive scans or secondary index lookups, meeting the low-latency and scalability requirements.
Q5
easyFull explanation →

A company is running a MySQL database on Amazon RDS and needs to store JSON documents that are frequently queried by fields within the JSON. The company wants to reduce development complexity and improve query performance. Which RDS MySQL feature should the database specialist recommend?

A

Migrate the JSON data to Amazon DynamoDB and use DynamoDB's document model

B

Use the JSON data type in MySQL 8.0 and utilize JSON path expressions in queries

MySQL's JSON data type allows efficient storage and querying using JSON path expressions and indexes.

C

Store JSON documents in a VARCHAR(MAX) column and use LIKE operations for queries

D

Store JSON documents as BLOBs and parse them in application code

Why: Option B is correct because MySQL 8.0's native JSON data type stores JSON documents in an optimized binary format, enabling efficient indexing and querying via JSON path expressions (e.g., `JSON_EXTRACT`, `->`, `->>`). This reduces development complexity by allowing direct SQL access to JSON fields without application-level parsing, and improves query performance through generated columns and virtual indexes.
Q6
hardFull explanation →

A company is designing a multi-tenant SaaS application on Amazon Aurora MySQL. Each tenant has its own database, but some tenants are very large and generate high write traffic. The company wants to isolate tenant workloads to prevent a noisy neighbor from affecting other tenants. Which TWO design strategies should the database specialist recommend?

A

Use Aurora Serverless for tenants with variable workloads

Aurora Serverless automatically scales compute capacity based on workload, minimizing impact on other tenants.

B

Use a single Aurora cluster with read replicas for each tenant

C

Migrate all tenants to Amazon DynamoDB and use DynamoDB Accelerator (DAX) for caching

D

Use Amazon RDS Proxy to pool connections and limit throughput per tenant

E

Use separate Aurora clusters for high-traffic tenants

Separate clusters provide complete resource isolation, preventing noisy neighbor issues.

Why: Option A is correct because Aurora Serverless automatically scales compute capacity based on application demand, which is ideal for tenants with variable workloads. This prevents a noisy neighbor scenario by ensuring that a tenant's burst of write traffic does not consume shared resources that would degrade performance for other tenants.

Want more Workload-Specific Database Design practice?

Practice this domain
2

Domain 2: Deployment and Migration

All Deployment and Migration questions
Q1
mediumFull explanation →

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database is 2 TB in size and has a high write workload. The company needs to minimize downtime during the migration. Which AWS service or feature should the company use to achieve this?

A

Use pg_dump and pg_restore to export and import the database.

B

Use AWS Database Migration Service (AWS DMS) with ongoing replication.

AWS DMS supports ongoing replication via change data capture, minimizing downtime.

C

Use the AWS Schema Conversion Tool (AWS SCT) to convert the schema and migrate data.

D

Use AWS DataSync to replicate the database files.

Why: AWS DMS with ongoing replication (change data capture, CDC) is the correct choice because it allows continuous synchronization of the source PostgreSQL database with the target RDS for PostgreSQL instance after an initial full load. This minimizes downtime by enabling the target to stay up-to-date with changes until the cutover, which is critical for a 2 TB database with a high write workload.
Q2
easyFull explanation →

A company wants to migrate its on-premises Oracle database to Amazon Aurora PostgreSQL. The company needs to automatically convert the Oracle schema to PostgreSQL-compatible format. Which AWS service should the company use?

A

AWS Database Migration Service (AWS DMS) with the Oracle native dump and load option

B

AWS Server Migration Service (AWS SMS)

C

AWS Database Migration Service (AWS DMS)

D

AWS Schema Conversion Tool (AWS SCT)

AWS SCT automates schema conversion from Oracle to Amazon Aurora PostgreSQL.

Why: AWS Schema Conversion Tool (AWS SCT) is designed specifically to convert database schemas from one engine to another, including Oracle to Amazon Aurora PostgreSQL. It automatically translates Oracle DDL (tables, indexes, stored procedures, functions, etc.) into PostgreSQL-compatible format, handling data type mappings, PL/SQL to PL/pgSQL conversion, and other schema-level transformations. AWS DMS handles data migration, not schema conversion, making SCT the correct choice for this requirement.
Q3
hardFull explanation →

A company is using AWS Database Migration Service (AWS DMS) to migrate a 5 TB MySQL database to Amazon RDS for MySQL. The migration is taking longer than expected. The company notices that the source database has a high volume of write operations. Which configuration change would MOST likely improve the migration performance?

A

Increase the number of parallel threads in the DMS task settings.

Parallel threads allow concurrent loading of data, improving throughput for high-write workloads.

B

Enable Multi-AZ on the target RDS instance.

C

Use a smaller instance class for the replication instance to reduce cost.

D

Set the LOB mode to 'Full LOB mode'.

Why: Increasing the number of parallel threads in the DMS task settings allows AWS DMS to process multiple table partitions or row changes concurrently, which directly addresses the bottleneck caused by a high volume of write operations on the source. By default, DMS uses a single thread per table, but when the source is under heavy write load, parallel threads can capture and apply changes more efficiently, reducing the overall migration time.
Q4
mediumFull explanation →

A company is migrating an on-premises Microsoft SQL Server database to Amazon RDS for SQL Server. The database uses SQL Server Agent jobs for ETL processes. After migration, the company needs to continue running these jobs. What is the MOST efficient way to manage these jobs in the AWS cloud?

A

Recreate the jobs as AWS Lambda functions and trigger them with Amazon CloudWatch Events.

AWS Lambda can run ETL jobs and be scheduled via CloudWatch Events, replacing SQL Server Agent.

B

Install SQL Server Agent on an Amazon EC2 instance and connect to RDS.

C

Use the AWS Schema Conversion Tool (AWS SCT) to convert the jobs to PostgreSQL functions.

D

Use AWS Database Migration Service (AWS DMS) tasks to replicate the jobs.

Why: AWS Lambda functions triggered by Amazon CloudWatch Events (now Amazon EventBridge) provide a serverless, fully managed alternative to SQL Server Agent jobs. This approach eliminates the need to manage any compute infrastructure, as Lambda handles the execution of ETL logic directly against the RDS for SQL Server instance. It is the most efficient because it requires no additional servers, reduces operational overhead, and integrates natively with AWS monitoring and scheduling services.
Q5
easyFull explanation →

A company needs to migrate a 100 GB MongoDB database to Amazon DocumentDB (with MongoDB compatibility). The migration must have minimal impact on the source database performance. Which approach should the company take?

A

Use AWS Database Migration Service (AWS DMS) with ongoing replication from the MongoDB source.

AWS DMS supports MongoDB as a source and can perform continuous replication with minimal impact.

B

Use AWS DataSync to transfer the MongoDB data files.

C

Set up a MongoDB replica set on Amazon EC2 and promote it to primary, then migrate to DocumentDB.

D

Use mongodump to export the data and mongorestore to import into DocumentDB.

Why: AWS DMS with ongoing replication is the correct approach because it supports continuous change data capture (CDC) from MongoDB, enabling a live migration with minimal performance impact on the source. DMS reads the MongoDB oplog to capture changes without locking the database, which is critical for a 100 GB production database. This allows the target DocumentDB to stay synchronized until cutover, reducing downtime and avoiding the need for a full export/import that would strain the source.
Q6
mediumFull explanation →

A company is migrating a 3 TB on-premises Oracle database to Amazon Aurora PostgreSQL using AWS DMS. The migration task is failing with an error indicating insufficient memory. Which TWO actions should the company take to resolve this issue? (Choose TWO.)

A

Change the target database engine to Amazon RDS for MySQL.

B

Disable Multi-AZ on the DMS replication instance.

C

Increase the instance class of the DMS replication instance.

A larger instance class provides more memory to handle the migration.

D

Reduce the number of tables being migrated in the task.

Migrating fewer tables simultaneously reduces memory consumption.

E

Use a smaller instance class for the DMS replication instance.

Why: Option C is correct because the 'insufficient memory' error during an AWS DMS migration indicates that the replication instance lacks the memory required to handle the data volume, transformation rules, or cache for large transactions. Increasing the instance class (e.g., from dms.c5.large to dms.c5.2xlarge) provides more memory and CPU, directly resolving the resource constraint.

Want more Deployment and Migration practice?

Practice this domain
3

Domain 3: Management and Operations

All Management and Operations questions
Q1
mediumFull explanation →

A company is running an Amazon RDS for MySQL Multi-AZ DB instance. The primary instance in us-east-1a experiences an unexpected failure. After the automatic failover, the application team reports that write latency has increased significantly. The new primary instance is in us-east-1b. The DB instance class and storage configuration are identical. What is the MOST likely cause of the increased write latency?

A

The DB instance class in us-east-1b is a different size than the original.

B

The application is connecting to the DB instance in a different Availability Zone, increasing network latency.

The new primary is in us-east-1b, and if the application is in us-east-1a, cross-AZ latency increases write latency.

C

The Multi-AZ configuration uses asynchronous replication, causing higher latency.

D

The new primary is in the same Availability Zone as the application, but the standby is in a different AZ, causing synchronous replication overhead.

Why: Option B is correct because after failover, the new primary DB instance resides in us-east-1b, while the application likely continues to connect to the original endpoint or is still running in us-east-1a. This cross-AZ network hop introduces additional latency for write operations, as the application must send data over the network between Availability Zones. The DB instance class and storage are identical, so performance differences are not due to hardware changes.
Q2
hardFull explanation →

A database administrator is troubleshooting an Amazon RDS for PostgreSQL DB instance that is experiencing high CPU utilization. The administrator runs the following query to find the current running queries:

SELECT pid, now() - pg_stat_activity.query_start AS duration, query, state FROM pg_stat_activity WHERE state = 'active';

The output shows a high number of queries with a state of 'active' and durations exceeding several minutes. What should the administrator do FIRST to reduce CPU utilization?

A

Modify the max_connections parameter to limit concurrent sessions.

B

Scale up the DB instance to a larger instance class.

C

Use pg_terminate_backend to terminate the long-running queries.

Terminating long-running queries immediately reduces CPU usage.

D

Enable pg_stat_statements to collect query performance data.

Why: Option C is correct because the immediate cause of high CPU utilization is the long-running active queries consuming resources. Using pg_terminate_backend to terminate these queries will quickly free up CPU cycles, providing immediate relief. This is the first troubleshooting step before making configuration changes or scaling, as it directly addresses the symptom shown in the pg_stat_activity output.
Q3
easyFull explanation →

A company is using Amazon DynamoDB with on-demand capacity mode. The application experiences occasional throttling during peak hours. The operations team wants to reduce throttling without changing the application code. What should they do?

A

Increase the read and write capacity units in the on-demand mode.

B

Switch to provisioned capacity mode and configure auto scaling.

Provisioned capacity with auto scaling ensures adequate capacity for peak traffic.

C

Enable DynamoDB Accelerator (DAX) to cache reads.

D

Use DynamoDB global tables to distribute traffic across regions.

Why: Option B is correct because DynamoDB on-demand capacity mode does not allow manual adjustment of capacity units; it scales automatically but can still throttle if traffic exceeds the previous peak by a large margin. Switching to provisioned capacity mode with auto scaling allows you to set a higher minimum capacity and scale proactively based on actual usage patterns, reducing throttling without code changes. This approach gives more control over capacity limits while still automating adjustments.
Q4
hardFull explanation →

A company is migrating an on-premises Microsoft SQL Server database to Amazon RDS for SQL Server. The database uses SQL Server Agent jobs, custom CLR assemblies, and cross-database queries. Which of the following will require modification before migration?

A

Cross-database queries

B

Custom CLR assemblies

C

Stored procedures that use dynamic SQL

D

SQL Server Agent jobs

SQL Server Agent is not available in RDS; jobs require alternative solutions.

Why: SQL Server Agent jobs are not supported in Amazon RDS for SQL Server because RDS is a managed service that does not provide access to the underlying operating system or the SQL Server Agent service. To migrate job scheduling, you must use alternatives such as AWS Database Migration Service (DMS) tasks, AWS Lambda, or Amazon RDS for SQL Server native scheduling via stored procedures and Windows Task Scheduler on an EC2 instance.
Q5
mediumFull explanation →

A company is using Amazon RDS for MySQL with a cross-Region read replica to support disaster recovery. The primary DB instance is in us-west-2, and the read replica is in us-east-1. The read replica is used for reporting and also serves as a failover target. The operations team notices that the read replica lag is consistently above 10 seconds during peak hours. What should the team do to reduce replica lag?

A

Increase the DB instance class of the read replica.

A larger instance class can process replication events faster.

B

Enable Multi-AZ on the primary DB instance.

C

Increase the backup retention period for the primary DB instance.

D

Disable binary logging (binlog) on the primary DB instance.

Why: Increasing the DB instance class of the read replica provides more CPU and memory resources, which allows the replica to apply changes from the binary log more quickly. Cross-Region replication lag is often caused by the replica being unable to keep up with the write rate on the primary, so scaling up the replica directly addresses the bottleneck in applying binlog events.
Q6
mediumFull explanation →

A company is using an Amazon Aurora MySQL DB cluster. The company wants to implement a backup strategy that supports point-in-time recovery (PITR) with a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 5 minutes. Which TWO actions should the company take?

A

Configure automated backups with a retention period of at least 5 minutes beyond the current time.

Automated backups enable PITR.

B

Create manual snapshots every 5 minutes.

C

Enable cross-Region replication for the cluster.

D

Enable parallel query for the cluster.

E

Enable Aurora Backtrack.

Backtrack allows rewinding the cluster to a specific time, meeting RTO and RPO.

Why: Option A is correct because Aurora automated backups are continuous and incremental, and the retention period must be set to at least 1 day (not 5 minutes) to enable point-in-time recovery (PITR). However, the key insight is that automated backups are always enabled by default with a 1-day retention, and PITR can restore to any point within that retention window, supporting an RPO of 5 minutes as Aurora's backup process captures changes every 5 minutes. Option E is correct because Aurora Backtrack allows you to 'rewind' the cluster to a specific point in time without restoring from a backup, achieving an RTO of 15 minutes or less by directly moving the cluster to a previous state, provided Backtrack is enabled with a backtrack window of at least 5 minutes.

Want more Management and Operations practice?

Practice this domain
4

Domain 4: Monitoring and Troubleshooting

All Monitoring and Troubleshooting questions
Q1
easyFull explanation →

A company is using Amazon RDS for MySQL and notices that the Read IOPS metric is consistently high during business hours. The application is read-heavy. Which configuration change would most likely reduce Read IOPS?

A

Add a Multi-AZ standby instance.

B

Create one or more read replicas and redirect read traffic to them.

Read replicas handle read queries from the primary, reducing read IOPS on the source instance.

C

Increase the DB instance size to a larger instance type.

D

Enable storage Auto Scaling on the RDS instance.

Why: Creating read replicas offloads read queries from the primary DB instance to replica instances, directly reducing the number of read I/O operations on the primary. Since the application is read-heavy and Read IOPS is high during business hours, distributing read traffic to replicas alleviates the I/O bottleneck on the primary instance without requiring a larger instance or storage changes.
Q2
mediumFull explanation →

A developer reports that an application using Amazon DynamoDB is experiencing high latency during peak hours. The table has a provisioned capacity of 500 read capacity units (RCUs) and 500 write capacity units (WCUs). The application uses eventually consistent reads and the table is about 50 GB. The developer notices throttled write requests in CloudWatch. Which action would most effectively reduce write throttling?

A

Enable DynamoDB Accelerator (DAX) for the table.

B

Create a global secondary index on the table.

C

Increase the provisioned write capacity for the table.

Increasing write capacity units reduces throttling for write requests.

D

Switch from eventually consistent reads to strongly consistent reads.

Why: The developer reports throttled write requests, which directly indicates that the provisioned write capacity (500 WCUs) is insufficient to handle the peak write traffic. Increasing the provisioned write capacity for the table is the most direct and effective action to eliminate write throttling, as it raises the limit on write operations per second. Option C is correct because it addresses the root cause—write capacity exhaustion—without introducing unnecessary components or changing read behavior.
Q3
hardFull explanation →

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. During the migration, the database administrator notices that the CPU utilization on the RDS instance is consistently above 90% during peak hours, even though the on-premises server had similar specifications. The application queries are mostly SELECT statements with occasional DML. The RDS instance is db.r5.large with 500 GB of General Purpose SSD (gp2) storage. Which change would most likely reduce CPU utilization?

A

Create a read replica and redirect all SELECT queries to the replica.

B

Enable Multi-AZ to offload CPU to the standby instance.

C

Increase the allocated storage to 1 TB to improve I/O performance.

D

Upgrade to a larger instance type, such as db.r5.xlarge.

A larger instance provides more CPU cores and better performance, directly addressing high CPU utilization.

Why: The db.r5.large instance type has 2 vCPUs and 16 GiB of memory. Sustained CPU utilization above 90% during peak hours indicates that the instance is compute-bound for the workload. Upgrading to db.r5.xlarge (4 vCPUs, 32 GiB memory) doubles the available CPU capacity, directly reducing CPU utilization for the same query load. The on-premises server had similar specifications, but RDS instances may have different CPU architectures or hypervisor overhead, making the larger instance the most direct fix.
Q4
easyFull explanation →

A team manages an Amazon Aurora MySQL database. They observe that the 'Deadlocks' metric in CloudWatch is spiking. The application uses a single writer instance and multiple read replicas. Which action is most effective at reducing deadlocks?

A

Increase the instance size to handle more concurrent connections.

B

Redirect read traffic to read replicas to reduce load on the writer.

C

Enable Multi-AZ to distribute the load.

D

Review application code to ensure transactions are as short as possible and access tables in a consistent order.

Minimizing transaction duration and accessing resources in a fixed order reduces deadlock probability.

Why: Deadlocks in Aurora MySQL occur when two or more transactions hold locks that the other needs, and they wait indefinitely. The most effective way to reduce deadlocks is to keep transactions short and access tables in a consistent order, which minimizes lock contention and avoids circular wait conditions. This directly addresses the root cause of deadlocks, unlike scaling or redirecting traffic, which only reduce the probability of contention without fixing the underlying locking pattern.
Q5
mediumFull explanation →

An organization is using Amazon DynamoDB with on-demand capacity. They notice that the 'ThrottledRequests' metric is non-zero during a specific hour each day. The table stores session data and has a partition key of 'user_id'. The workload is uniform. What is the most likely cause of throttling?

A

The table has on-demand capacity and cannot throttle.

B

The account-level read/write capacity limit is exceeded.

C

A global secondary index is consuming write capacity.

D

The partition key is not evenly distributed.

Uneven access pattern can cause a hot partition leading to throttling even on on-demand tables.

Why: Option D is correct because the 'ThrottledRequests' metric indicates that requests are being throttled due to partition-level capacity limits. Even with on-demand capacity, DynamoDB imposes a per-partition throughput limit (typically 1,000 WCU or 3,000 RCU per partition). If the partition key 'user_id' is not evenly distributed, a single partition can become a hot key, exceeding its limit and causing throttling despite the table having on-demand capacity.
Q6
hardFull explanation →

A database engineer is troubleshooting slow query performance on an Amazon RDS for PostgreSQL instance. The instance is db.r5.large with 500 GB of General Purpose SSD (gp2) storage. CloudWatch metrics show high Read Latency and high Read IOPS, but low CPU utilization. Which TWO actions should the engineer take to improve performance?

A

Create a read replica and offload read queries to it.

Read replicas reduce the read IOPS on the primary, which can lower latency on the primary.

B

Increase the DB instance class to a larger size, such as db.r5.2xlarge.

C

Enable Multi-AZ to use the standby for read traffic.

D

Optimize queries by adding appropriate indexes.

E

Switch from General Purpose SSD (gp2) to Provisioned IOPS SSD (io1) with a higher IOPS rate.

Provisioned IOPS provides consistent low latency for I/O-intensive workloads.

Why: A is correct because creating a read replica offloads read queries from the primary instance, reducing the read IOPS and read latency on the primary. This directly addresses the high Read Latency and high Read IOPS metrics without requiring a larger instance class or storage change, especially since CPU utilization is low, indicating the bottleneck is I/O, not compute.

Want more Monitoring and Troubleshooting practice?

Practice this domain
5

Domain 5: Database Security

All Database Security questions
Q1
mediumFull explanation →

A company runs an Amazon RDS for MySQL DB instance in a VPC. Security requirements mandate that only specific EC2 instances in the same VPC can connect to the database. The security group attached to the RDS instance currently allows inbound traffic on port 3306 from 0.0.0.0/0. Which combination of steps should a database specialist take to meet the security requirement without impacting existing application connectivity? (Choose two.)

A

Modify the network ACL for the DB subnet to allow inbound port 3306 from the EC2 instance's private IP.

B

Remove the inbound rule for 0.0.0.0/0 on the RDS security group.

Removing the overly permissive rule is necessary to restrict access.

C

Add an inbound rule to the RDS security group referencing the security group ID of the EC2 instances.

Referencing the EC2 security group allows traffic only from instances using that security group, following best practices.

D

Modify the DB subnet group to place the RDS instance in a public subnet with a route to the EC2 instance.

E

Add an inbound rule to the RDS security group allowing traffic from the VPC CIDR on port 3306.

Why: Option B is correct because removing the overly permissive inbound rule for 0.0.0.0/0 on the RDS security group eliminates unrestricted access, which is a direct violation of the security requirement. Option C is correct because adding an inbound rule that references the security group ID of the EC2 instances allows traffic only from those instances, leveraging security group referencing for granular, stateful access control within the same VPC.
Q2
hardFull explanation →

A company uses Amazon DynamoDB with a table that stores sensitive customer data. The security team requires that all data at rest be encrypted using a customer-managed AWS KMS key (CMK). Additionally, the company needs to ensure that only specific IAM roles can access the table. Which solution meets these requirements with the least operational overhead?

A

Enable encryption at rest using AWS KMS with a CMK and use column-level encryption with AWS KMS to restrict access.

B

Attach a resource-based policy to the DynamoDB table that grants access only to the specific IAM roles.

C

Use a DynamoDB Accelerator (DAX) cluster with encryption at rest using a CMK, and attach a resource-based policy to the table.

D

Configure the DynamoDB table to use AWS KMS encryption with a CMK. Create an IAM role with a policy that grants access to the table and includes a condition that the encryption context matches the CMK.

This ensures encryption with a CMK and restricts access using IAM conditions on the encryption context.

E

Configure the DynamoDB table to use AWS KMS encryption with a CMK, and attach a key policy to the CMK that allows only the specific IAM roles.

Why: Option D is correct because it combines DynamoDB encryption at rest with a customer-managed KMS CMK and uses an IAM role policy with an encryption context condition. This ensures that only specific IAM roles can access the table, and the encryption context condition ties the KMS key usage to the table, providing fine-grained access control with minimal operational overhead. The encryption context is automatically set by DynamoDB to the table ARN, so the condition key `kms:EncryptionContext:aws:dynamodb:tableName` can be used to restrict decryption to that specific table.
Q3
easyFull explanation →

A database specialist is troubleshooting a connectivity issue with an Amazon RDS for PostgreSQL instance. The instance is in a VPC with a public subnet. The security group allows inbound traffic on port 5432 from the application server's IP address. The application server is in the same VPC but in a private subnet. Despite the security group configuration, the application cannot connect. Which action should the specialist take to resolve the issue?

A

Launch the RDS instance in the default VPC.

B

Change the DB subnet group to include the application server's subnet.

C

Add a network ACL rule allowing inbound traffic on port 5432 from the application server's public IP.

D

Modify the RDS instance to be publicly accessible.

E

Update the security group inbound rule to allow traffic from the application server's private IP address.

The application connects from its private IP within the VPC, so the security group should allow that private IP.

Why: Option E is correct because the application server is in a private subnet, so it communicates with the RDS instance using its private IP address. The security group inbound rule must allow traffic from the application server's private IP (or the security group of the application server) on port 5432. The current rule only allows the application server's public IP, which is not used for traffic within the VPC, causing the connection failure.
Q4
hardFull explanation →

A company stores financial data in an Amazon Aurora MySQL DB cluster. The security team requires that database audit logs be stored in Amazon CloudWatch Logs and encrypted at rest using a customer-managed KMS key. The database specialist enables audit log publishing to CloudWatch Logs and specifies a KMS key for log encryption. However, the audit logs are not appearing in CloudWatch Logs. What is the most likely cause?

A

The CloudWatch Logs log group does not exist and RDS cannot create it automatically.

B

The DB cluster is not configured to export error logs, only audit logs.

C

The IAM role used for publishing logs does not have the necessary permissions to use the KMS key for CloudWatch Logs.

The IAM role must have kms:Encrypt permission on the KMS key to allow log delivery.

D

CloudWatch Logs does not support encryption with customer-managed KMS keys for audit logs.

E

The audit log parameter is static and requires a DB cluster reboot after modification.

Why: When publishing database audit logs to CloudWatch Logs with a customer-managed KMS key, the IAM role used by RDS must have explicit permissions for the `kms:Encrypt` and `kms:Decrypt` actions on the KMS key. Without these permissions, RDS cannot encrypt the log stream, and the logs will not appear. Option C correctly identifies this missing permission as the most likely cause.
Q5
mediumFull explanation →

A company uses Amazon ElastiCache for Redis to cache session data. The security team requires that all data in transit be encrypted. The Redis cluster currently does not have encryption in transit enabled. The database specialist needs to enable encryption in transit with minimal downtime. Which action should the specialist take?

A

Create a new Redis cluster with encryption in transit enabled, and migrate the data from the existing cluster.

Encryption in transit can only be enabled at cluster creation time.

B

Update the Redis parameter group to enable the 'encryption-in-transit' parameter and reboot the cluster.

C

Use a security group to enforce encrypted connections by allowing only TLS traffic.

D

Modify the existing Redis cluster to enable encryption in transit using the AWS CLI.

E

Enable encryption in transit on the existing cluster by using the AWS Management Console.

Why: Encryption in transit for ElastiCache for Redis can only be enabled at cluster creation time; it cannot be added to an existing cluster. Therefore, the correct approach is to create a new Redis cluster with encryption in transit enabled, migrate the session data from the existing cluster (e.g., using replication or a manual export/import), and then redirect application traffic to the new cluster. This ensures minimal downtime if the migration is performed during a maintenance window or using a blue/green deployment strategy.
Q6
hardFull explanation →

A company uses Amazon RDS for SQL Server with Multi-AZ deployment. The security team wants to ensure that all database connections use SSL/TLS encryption. Which TWO actions should the database specialist take to enforce SSL connections? (Choose two.)

A

Use the RDS Console to enable 'Force SSL' on the DB instance.

B

Modify the DB parameter group to set 'require_secure_transport' to ON.

C

Create a server-level trigger that requires SSL for all logins.

A trigger can enforce SSL by checking the session's protocol and denying non-SSL connections.

D

Add an inbound rule to the security group that only allows traffic on port 1433 from IP addresses that use SSL.

E

Set the 'rds.force_ssl' parameter to 1 in the DB parameter group.

This parameter forces all connections to use SSL for SQL Server RDS.

Why: Option C is correct because SQL Server allows you to create a server-level DDL trigger that checks the login event and enforces SSL by examining the `@@OPTIONS` or `encrypt_option` in `sys.dm_exec_connections`. This is a supported method to force SSL for all connections to an RDS for SQL Server instance. Option E is correct because setting the `rds.force_ssl` parameter to 1 in the DB parameter group is the native RDS mechanism to enforce SSL/TLS for all connections to the DB instance.

Want more Database Security practice?

Practice this domain

Frequently asked questions

How many questions are on the DBS-C01 exam?

The DBS-C01 exam has 65 questions and must be completed in 180 minutes. The passing score is 750/1000.

What types of questions appear on the DBS-C01 exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are DBS-C01 questions organised by domain?

The exam covers 5 domains: Workload-Specific Database Design, Deployment and Migration, Management and Operations, Monitoring and Troubleshooting, Database Security. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual DBS-C01 exam questions?

No. These are original exam-style practice questions written against the official Amazon Web Services DBS-C01 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 65 DBS-C01 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all DBS-C01 questionsTake a timed practice test