Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsDBS-C01Flashcards
Free — No Signup RequiredAmazon Web Services· Updated 2026

DBS-C01 Flashcards — Free AWS Certified Database Specialty DBS-C01 Study Cards

Reinforce DBS-C01 concepts with active-recall study cards covering all 5 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.

1730+ study cards5 domains coveredActive recall methodFull explanations included
Start 30-card session50-card shuffle
Exam OverviewPractice TestMock ExamStudy GuideFlashcards

Study Sessions

DBS-C01 Flashcards

Pick a session size:

⚡Quick 10📝20 Cards🎯30 Cards📊50 Cards💪100 Cards
1,730+ cards · All free

Domains

Workload-Specific Database Design
Deployment and Migration
Management and Operations
Monitoring and Troubleshooting
Database Security

How to use DBS-C01 flashcards effectively

Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For DBS-C01 preparation, this means flashcards are one of the highest-return study tools available.

Attempt recall first

Read the DBS-C01 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.

Review wrong cards again

When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.

Study by domain

Group your DBS-C01 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real DBS-C01 exam requires.

Short sessions beat marathon reviews

20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass DBS-C01.

DBS-C01 flashcard preview

Sample cards from the DBS-C01 flashcard bank. Read the question, think of the answer, then read the explanation below.

1

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database has a large table that is frequently accessed by reporting queries. The reporting queries filter on a column that has a high cardinality but low selectivity. To optimize query performance on this table, which design choice should the database specialist recommend?

Workload-Specific Database Design

Create a covering index on the filter column

Option D is correct because a covering index includes all columns needed by the reporting queries, allowing PostgreSQL to satisfy the query entirely from the index without accessing the heap (table) pages. This eliminates the overhead of random I/O for row lookups, which is especially beneficial when filtering on a high-cardinality, low-selectivity column where many rows match but the index scan alone can return the required data. In Amazon RDS for PostgreSQL, this reduces read IOPS consumption and improves query latency.

2

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database is 2 TB in size and has a high write workload. The company needs to minimize downtime during the migration. Which AWS service or feature should the company use to achieve this?

Deployment and Migration

Use AWS Database Migration Service (AWS DMS) with ongoing replication.

AWS DMS with ongoing replication (change data capture, CDC) is the correct choice because it allows continuous synchronization of the source PostgreSQL database with the target RDS for PostgreSQL instance after an initial full load. This minimizes downtime by enabling the target to stay up-to-date with changes until the cutover, which is critical for a 2 TB database with a high write workload.

3

A company is running an Amazon RDS for MySQL Multi-AZ DB instance. The primary instance in us-east-1a experiences an unexpected failure. After the automatic failover, the application team reports that write latency has increased significantly. The new primary instance is in us-east-1b. The DB instance class and storage configuration are identical. What is the MOST likely cause of the increased write latency?

Management and Operations

The application is connecting to the DB instance in a different Availability Zone, increasing network latency.

Option B is correct because after failover, the new primary DB instance resides in us-east-1b, while the application likely continues to connect to the original endpoint or is still running in us-east-1a. This cross-AZ network hop introduces additional latency for write operations, as the application must send data over the network between Availability Zones. The DB instance class and storage are identical, so performance differences are not due to hardware changes.

4

A company is using Amazon RDS for MySQL and notices that the Read IOPS metric is consistently high during business hours. The application is read-heavy. Which configuration change would most likely reduce Read IOPS?

Monitoring and Troubleshooting

Create one or more read replicas and redirect read traffic to them.

Creating read replicas offloads read queries from the primary DB instance to replica instances, directly reducing the number of read I/O operations on the primary. Since the application is read-heavy and Read IOPS is high during business hours, distributing read traffic to replicas alleviates the I/O bottleneck on the primary instance without requiring a larger instance or storage changes.

5

A company uses Amazon DynamoDB with a table that stores sensitive customer data. The security team requires that all data at rest be encrypted using a customer-managed AWS KMS key (CMK). Additionally, the company needs to ensure that only specific IAM roles can access the table. Which solution meets these requirements with the least operational overhead?

Database Security

Configure the DynamoDB table to use AWS KMS encryption with a CMK. Create an IAM role with a policy that grants access to the table and includes a condition that the encryption context matches the CMK.

Option D is correct because it combines DynamoDB encryption at rest with a customer-managed KMS CMK and uses an IAM role policy with an encryption context condition. This ensures that only specific IAM roles can access the table, and the encryption context condition ties the KMS key usage to the table, providing fine-grained access control with minimal operational overhead. The encryption context is automatically set by DynamoDB to the table ARN, so the condition key `kms:EncryptionContext:aws:dynamodb:tableName` can be used to restrict decryption to that specific table.

6

A financial services company runs a production Amazon Aurora MySQL database cluster (1 writer, 2 readers) in us-east-1. The database stores critical trading data. The company's disaster recovery policy requires an RPO of 5 seconds and an RTO of 1 minute for a regional failure. The current setup does not include any cross-region replication. The database is 5 TB in size. The operations team needs to implement a solution that meets the DR requirements with minimal cost and operational overhead. Which solution should the team implement?

Deploy an Aurora Global Database with a secondary cluster in us-west-2. Configure the secondary cluster as a failover target.

Aurora Global Database provides replication across regions with typical RPO of seconds and RTO of minutes. It is the most appropriate solution for low RPO/RTO with minimal overhead. Option B is correct. Option A (automated backups) have an RPO of 5 minutes, which exceeds the required 5 seconds. Option C (DMS) adds cost and complexity. Option D (cross-Region read replicas) can have replication lag exceeding 5 seconds.

7

A security auditor reviews the output of a DynamoDB table description command as shown in the exhibit. Which statement accurately describes the encryption configuration of the Users table?

The table is encrypted using a customer managed KMS key.

Option D is correct. The output shows SSEDescription with Status ENABLED, SSEType KMS, and a KMSMasterKeyArn, which indicates that the table is encrypted using a customer-managed KMS key. Option A is incorrect because AWS managed KMS keys do not have an ARN like the one shown; they would have an alias like 'aws/dynamodb'. Option B is incorrect because DynamoDB does not use S3 managed keys; the SSEType is KMS. Option C is incorrect because the status is ENABLED, indicating encryption at rest is enabled.

8

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database contains sensitive data that must be encrypted at rest. Which action should the company take to enable encryption on the RDS instance?

Create a new RDS DB instance with encryption enabled and migrate the data.

Amazon RDS for Oracle supports encryption at rest using AWS KMS. Encryption can only be enabled when the DB instance is created; you cannot encrypt an existing unencrypted RDS instance. Therefore, to enable encryption for an existing on-premises Oracle database being migrated, you must create a new RDS DB instance with encryption enabled at launch and then migrate the data into that new instance. This makes option B the correct choice. Option A is incorrect because you cannot modify an existing unencrypted RDS instance to add encryption. Option C is incorrect because while Oracle Transparent Data Encryption (TDE) can be used to encrypt data within the database, it is not the native Amazon RDS encryption method and requires additional configuration; moreover, RDS encryption via KMS cannot be added on an existing instance. Option D is incorrect because you cannot encrypt a snapshot of an unencrypted database and then restore it to get an encrypted instance; the restored instance will inherit the encryption setting of the snapshot, which for an unencrypted source database cannot be retroactively encrypted.

9

A company runs a critical application on Amazon RDS for PostgreSQL with Multi-AZ. The database has a large table (over 500 GB) that is frequently updated. The operations team notices that the primary instance's CPU usage is consistently above 90%, and the replica lag between the primary and standby is increasing during peak hours. The application can tolerate a few seconds of downtime. The team needs to reduce CPU load and improve write performance without changing the application code. Which action should be taken?

Upgrade the DB instance class to a larger size with more vCPUs.

Option A is correct because upgrading to a larger DB instance class provides additional vCPUs, reducing CPU utilization and alleviating replication lag. Option B is wrong: increasing the backup retention period does not reduce I/O during backups; it only keeps backups longer and does not address CPU or write performance. Option C is wrong: Multi-AZ RDS for PostgreSQL uses synchronous replication; switching to asynchronous replication is not possible without compromising durability, and it would not reduce CPU load on the primary. Option D is wrong: creating a read replica offloads read queries, but it does not reduce write load or CPU usage from writes on the primary instance; replication lag may persist or increase.

10

A company stores sensitive data in an Amazon RDS for PostgreSQL DB instance. The security team requires that all data at rest be encrypted. The instance is currently unencrypted. What is the simplest way to enable encryption with minimal downtime?

Create a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the snapshot to a new encrypted DB instance.

Option A is correct because an existing unencrypted Amazon RDS instance cannot be directly encrypted. The standard approach to enable encryption with minimal downtime is to create a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the snapshot to a new encrypted DB instance. This process typically involves a brief outage during the restore but is simpler than other methods. Option B is incorrect because the AWS CLI does not support enabling encryption on an existing instance. Option C is incorrect because migrating to RDS Custom adds unnecessary complexity and does not directly enable encryption on the current instance. Option D is incorrect because the AWS Management Console also does not allow enabling encryption on an existing instance.

11

A company needs to migrate a 100 GB MongoDB database to Amazon DocumentDB (with MongoDB compatibility). The migration must have minimal impact on the source database performance. Which approach should the company take?

Use AWS Database Migration Service (AWS DMS) with ongoing replication from the MongoDB source.

AWS DMS with ongoing replication is the correct approach because it supports continuous change data capture (CDC) from MongoDB, enabling a live migration with minimal performance impact on the source. DMS reads the MongoDB oplog to capture changes without locking the database, which is critical for a 100 GB production database. This allows the target DocumentDB to stay synchronized until cutover, reducing downtime and avoiding the need for a full export/import that would strain the source.

12

A company is migrating a 500 GB on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The migration must have minimal downtime and support ongoing replication after the initial load. Which AWS service should be used?

AWS Database Migration Service (DMS) with ongoing replication

AWS Database Migration Service (DMS) with ongoing replication (change data capture, CDC) is required because the scenario demands minimal downtime and continuous synchronization after the initial 500 GB load. DMS uses transaction logs (e.g., PostgreSQL WAL) to capture and apply ongoing changes, enabling a near-zero-duration cutover. Full load only (Option B) would cause downtime during the final sync and cannot support ongoing replication.

13

A team is migrating an on-premises database to Amazon RDS using AWS DMS. After the full load completed, the task stopped. The team needs to perform ongoing replication to minimize downtime. What change should the team make to the DMS task?

Modify the replication task to change the migration type to 'full-load-and-cdc'.

After a full load completes and the task stops, the team needs to enable ongoing replication to capture and apply changes made to the source database during the migration window. Modifying the DMS task to use the 'full-load-and-cdc' migration type allows the task to perform the initial full load and then seamlessly transition to Change Data Capture (CDC) to replicate incremental changes, minimizing downtime. This is the correct approach because DMS supports switching a completed full-load task to include CDC without re-running the full load.

14

A company is migrating an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). They want to validate that the data is consistent after migration. Which tool should they use?

AWS DMS data validation

AWS DMS data validation is the correct tool because it provides built-in, row-level checksum-based validation that compares source and target data after a full load or ongoing replication. For DocumentDB migrations, DMS can compute and compare checksums on the fly, ensuring consistency without requiring manual scripting or external tools. This is the recommended AWS approach for validating data integrity during and after a migration to DocumentDB.

15

A team is using AWS DMS to migrate a 3 TB Oracle database to Amazon Aurora PostgreSQL. They configured the task as shown. After the full load completes, they notice that the target tables have no indexes, primary keys, or foreign keys. What is the most likely cause?

The TargetTablePrepMode is set to DROP_AND_CREATE, which creates tables without indexes or constraints.

When TargetTablePrepMode is set to DROP_AND_CREATE, AWS DMS drops the target table if it exists and then creates a new one using only the basic column definitions from the source. It does not migrate indexes, primary keys, or foreign keys because DMS is not designed to replicate schema objects beyond table structure and data. To preserve constraints and indexes, you must either pre-create them on the target or use a different prep mode like TRUNCATE_BEFORE_LOAD.

16

A company is migrating an on-premises Microsoft SQL Server database to Amazon RDS for SQL Server. The database uses SQL Server Agent jobs, custom CLR assemblies, and cross-database queries. Which of the following will require modification before migration?

SQL Server Agent jobs

SQL Server Agent jobs are not supported in Amazon RDS for SQL Server because RDS is a managed service that does not provide access to the underlying operating system or the SQL Server Agent service. To migrate job scheduling, you must use alternatives such as AWS Database Migration Service (DMS) tasks, AWS Lambda, or Amazon RDS for SQL Server native scheduling via stored procedures and Windows Task Scheduler on an EC2 instance.

17

A company is using an Amazon RDS for PostgreSQL database to store sensitive customer data. The security team requires that all data be encrypted at rest and in transit, and that access to the database is restricted to only specific applications. Currently, the database is encrypted at rest using AWS KMS, and connections are made over SSL. However, the security team wants to ensure that even if the database credentials are compromised, an attacker cannot access the database from unauthorized IP addresses. What should be done to meet this requirement?

Modify the security group associated with the RDS instance to allow inbound traffic only from the application's IP addresses.

Option C is correct because modifying the security group associated with the RDS instance to allow inbound traffic only from the application's IP addresses restricts network access at the instance level, preventing unauthorized IP addresses from connecting even if credentials are compromised. Option A (attaching a resource-based policy) does not restrict network access—it controls IAM permissions. Option B (creating a new RDS instance in a VPC with a network ACL) is unnecessarily complex and involves migrating data; the requirement can be met by modifying the existing security group without creating a new instance. Option D (enabling IAM database authentication) authenticates database users via IAM but does not restrict source IP addresses, so it does not meet the stated requirement.

18

A company is using Amazon RDS for MySQL and notices that database connections are being rejected intermittently. The application logs show 'Too many connections' errors. The DB instance has 1000 max_connections. Which action should the DBA take to troubleshoot and resolve this issue without impacting performance?

Enable Performance Insights and review the 'DB Connections' metric to identify spikes and troubleshoot application connection pooling

Option C is correct because enabling Performance Insights allows the DBA to monitor the 'DB Connections' metric in near real-time, identify exactly when connection spikes occur, and correlate those spikes with application behavior. This diagnostic approach pinpoints the root cause—such as a connection leak or insufficient connection pooling—without making changes that could degrade performance. Increasing max_connections or lowering wait_timeout without understanding the usage pattern can lead to resource exhaustion or premature connection termination.

19

A database engineer is reviewing Amazon RDS for MySQL error logs and sees repeated authentication failures from the same IP address. The application team confirms the password is correct. What is the most likely cause of these errors?

The user 'app_user' does not have access from host '10.0.1.50'

The error logs show authentication failures despite the password being correct, which indicates the issue is not with the password itself but with the host-based access control. In MySQL, user accounts are defined as 'user'@'host', and if the application is connecting from an IP address (e.g., 10.0.1.50) that is not included in the user's allowed hosts, MySQL will reject the connection with an authentication error even if the password is correct. This is a common misconfiguration when migrating or scaling applications across different subnets.

20

Refer to the exhibit. A security engineer has applied this key policy to a customer managed KMS key used to encrypt a Secrets Manager secret containing database credentials. An application running on an Amazon EC2 instance in the same account and region is unable to decrypt the secret. What is the MOST likely cause?

The condition kms:ViaService restricts the decryption to requests made via Secrets Manager, but the application is calling KMS directly.

The condition `kms:ViaService` in the key policy restricts the `Decrypt` permission to requests that originate specifically from the AWS Secrets Manager service. When the application on the EC2 instance calls KMS directly (e.g., via the `Decrypt` API) to decrypt the secret, the request does not come through Secrets Manager, so the condition is not satisfied and the request is denied. This is the most likely cause of the decryption failure.

21

A gaming company uses Amazon RDS for PostgreSQL to store player profiles and game state data. The database is currently 500 GB and grows by 10 GB per day. The company runs weekly reports that scan the entire database, causing high I/O and CPU usage. The application experiences read latency spikes during report generation. The team wants to minimize performance impact on the application while maintaining the ability to run reports. Which solution should the team implement?

Create a read replica and direct all report queries to the read replica.

Creating a read replica for Amazon RDS for PostgreSQL allows the team to offload all report queries to a separate read-only endpoint, eliminating the I/O and CPU contention on the primary database. This directly addresses the read latency spikes during report generation without requiring any application changes beyond redirecting the reporting queries. The read replica asynchronously replicates data from the primary instance, ensuring the reports see a near-real-time snapshot of the data while the primary remains dedicated to the application workload.

22

A financial services company uses Amazon DynamoDB to store transaction records. Each transaction has a unique transaction_id as the partition key and a timestamp as the sort key. The application frequently queries all transactions for a given customer within a date range. However, customer_id is not an attribute indexed for querying. The company wants to optimize these queries without redesigning the entire table schema. Which action should the company take?

Create a Global Secondary Index (GSI) with customer_id as the partition key and timestamp as the sort key.

Option C is correct because creating a Global Secondary Index (GSI) with customer_id as the partition key and timestamp as the sort key allows efficient querying of all transactions for a given customer within a date range without redesigning the base table. The GSI provides a new access pattern with its own partition and sort keys, enabling the Query operation on customer_id and timestamp, which is far more efficient than a Scan. This approach preserves the existing table schema and supports the required query pattern with minimal overhead.

23

A company is designing a multi-tier application that uses Amazon RDS for PostgreSQL. The application must encrypt data at rest and in transit. Which combination of steps should be taken to meet these requirements? (Choose the single best answer.)

Enable encryption at rest when launching the RDS instance, and configure the DB parameter group to require SSL connections.

Option B is correct because Amazon RDS for PostgreSQL supports encryption at rest only when enabled at instance launch, and SSL/TLS encryption in transit is enforced by configuring the DB parameter group to require SSL connections (e.g., setting `rds.force_ssl=1`). Encryption at rest cannot be added after creation, and SSL ensures data is encrypted between the application and the database.

Study all 1730+ DBS-C01 cards

DBS-C01 flashcards by domain

The DBS-C01 flashcard bank covers all 5 official blueprint domains published by Amazon Web Services. Cards are distributed proportionally, so domains with higher exam weight have more cards.

Domain Coverage

Workload-Specific Database Design

~1 cards

Deployment and Migration

~1 cards

Management and Operations

~1 cards

Monitoring and Troubleshooting

~1 cards

Database Security

~1 cards

Flashcards vs practice tests: which is better for DBS-C01?

Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:

Flashcards — concept retention

Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that DBS-C01 questions assume you know.

Best in: weeks 1–3

Practice tests — application

Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.DBS-C01 questions test scenario reasoning — not just recall — so practice tests are essential.

Best in: weeks 3–6

The most effective DBS-C01 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.

DBS-C01 flashcards — frequently asked questions

Are the DBS-C01 flashcards free?

Yes. Courseiva provides free DBS-C01 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.

How many DBS-C01 flashcards are on Courseiva?

Courseiva has 1730+ original DBS-C01 flashcards across all 5 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Amazon Web Services exam objectives.

How are Courseiva flashcards different from Anki or Quizlet?

Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official DBS-C01 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.

Can I use DBS-C01 flashcards offline?

Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.

Free forever · No credit card required

Track your DBS-C01 flashcard progress

Save your results, see which domains need more work, and get spaced repetition recommendations — all free.

Sign Up Free

Free forever · Every certification included

Start Studying

⚡Quick 10 cards📝20-card session🎯30-card session📊50-card shuffle💪100-card marathon

Also Study With

Practice TestMock ExamStudy GuideExam Domains