AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 175

1730 questions total · 24pages · All types, answers revealed

Page 1 of 24

Page 2
1
MCQhard

A company is using Amazon DynamoDB with on-demand capacity. The application performs many small writes that are throttled frequently. The company wants to minimize costs while reducing throttling. What should the company do?

A.Increase the write capacity units manually.
B.Use DynamoDB Accelerator (DAX) to cache writes.
C.Switch to provisioned capacity with auto scaling.
D.Use batch writes to combine small writes.
AnswerC

Provisioned with auto scaling can handle predictable patterns and reduce cost vs. on-demand.

Why this answer

Option A is incorrect because on-demand already scales. Option B is correct because DynamoDB Accelerator (DAX) reduces read/write load. Option C is incorrect because provisioned with auto scaling can be cost-effective.

Option D is incorrect because batch writes may not fit small writes.

2
Multi-Selectmedium

A company is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The database contains a large table that is partitioned by date. The company wants to minimize downtime during migration and ensure compatibility. Which TWO actions should the company take?

Select 2 answers
A.Use AWS Database Migration Service (DMS) with ongoing replication to migrate the data.
B.Migrate the database using a full load only and accept downtime.
C.Use AWS Schema Conversion Tool (SCT) to convert the schema automatically without any manual adjustments.
D.Replace the Oracle database with Amazon RDS for MySQL.
E.Convert Oracle partitions to PostgreSQL table inheritance or declarative partitioning.
AnswersA, E

DMS enables minimal downtime by replicating changes continuously.

Why this answer

AWS DMS with ongoing replication (change data capture) allows continuous synchronization from the source Oracle database to the target Aurora PostgreSQL, minimizing downtime by keeping the target nearly up-to-date until the final cutover. This approach supports large partitioned tables and reduces the migration window compared to a full load only.

Exam trap

The trap here is that candidates may think a full load only is sufficient for minimizing downtime, or that SCT can automatically convert all Oracle features without manual adjustments, but the exam requires understanding that ongoing replication and proper partition conversion are both necessary for a low-downtime, compatible migration.

3
MCQeasy

A developer needs to allow an application running on an EC2 instance to connect to an Amazon RDS for MySQL DB instance securely. Which combination of steps should the developer take?

A.Store the database password in the application code.
B.Open the RDS security group to allow traffic from 0.0.0.0/0.
C.Store the credentials in an S3 bucket and download them at runtime.
D.Attach an IAM role to the EC2 instance with permissions to use RDS IAM authentication, and configure the database to use an authentication token.
AnswerD

This avoids storing credentials and uses temporary tokens.

Why this answer

Option B is correct because using IAM roles for EC2 and IAM database authentication for RDS is the most secure approach. Option A is wrong because hardcoding credentials in the application is insecure. Option C is wrong because opening the database to the world is insecure.

Option D is wrong because storing credentials in S3 without encryption is insecure.

4
MCQhard

A company notices that its Aurora MySQL cluster has a high number of locks and deadlocks. The application uses read replicas for read scaling. What is the MOST likely cause?

A.Performance Insights is enabled
B.The writer and reader instances are of different sizes
C.Long-running transactions on the writer instance
D.Read replicas are performing write operations
AnswerC

Long transactions hold locks, increasing contention and deadlock probability.

Why this answer

Option B is correct because long-running transactions on the writer hold locks, increasing deadlocks. Option A is wrong because read replicas do not cause locks on writer. Option C is wrong because different instance sizes do not cause deadlocks.

Option D is wrong because Performance Insights is diagnostic, not a cause.

5
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. During the migration, they need to ensure minimal downtime. Which AWS service should be used for the migration?

A.AWS Database Migration Service
B.AWS DataSync
C.Amazon S3 Transfer Acceleration
D.AWS Server Migration Service
AnswerA

DMS supports homogeneous and heterogeneous migrations with minimal downtime.

Why this answer

AWS Database Migration Service (DMS) is designed for minimal-downtime migrations, supporting continuous replication.

6
MCQhard

A company uses Amazon DynamoDB with global tables. During a regional failure, the application in the secondary region experiences higher latency and throttling. The DynamoDB table's WriteCapacityUnits are set to 10000 in both regions. Which action should be taken to reduce throttling during failover?

A.Switch the table to on-demand capacity mode
B.Enable DynamoDB auto scaling for write capacity in both regions
C.Disable global tables and use application-level replication
D.Increase the write capacity of the secondary region to 20000
AnswerB

Auto scaling adjusts capacity automatically to handle traffic spikes and reduce throttling.

Why this answer

Option C is correct because enabling auto scaling allows DynamoDB to adjust capacity based on traffic patterns. Option A is wrong because increasing only the secondary region may not be sufficient without auto scaling. Option B is wrong because turning off global tables would prevent replication.

Option D is wrong because switching to on-demand is expensive and not the best practice for predictable workloads.

7
MCQmedium

The application uses the IAM role to access the 'orders' DynamoDB table. What is the intended effect of this policy?

A.The role can perform any DynamoDB action on the 'orders' table
B.The role can only access items where the partition key matches the principal's identifier
C.The role can access all items in the table but only during specific times
D.The role is denied access to the 'orders' table
AnswerB

The condition restricts access to items with LeadingKeys equal to the aws:userid.

Why this answer

The policy uses a condition key like `dynamodb:LeadingKeys` with a value referencing the principal's identifier (e.g., `${aws:userid}`). This restricts access to only those items in the 'orders' table whose partition key matches the IAM role's unique identifier, enforcing row-level security. The intended effect is fine-grained access control, not full table access or time-based restrictions.

Exam trap

The trap here is that candidates assume a policy with `Allow` on DynamoDB actions grants full table access, overlooking the `Condition` block that restricts access to specific items based on the partition key.

How to eliminate wrong answers

Option A is wrong because the policy includes a condition that limits DynamoDB actions to items with a specific partition key, so it does not grant unrestricted access to all items. Option C is wrong because the policy does not reference any time-based conditions (e.g., `aws:CurrentTime`); it only filters by partition key. Option D is wrong because the policy grants access (via `Allow` effect) to specific actions, not an explicit deny.

8
Multi-Selecthard

A company is designing a document database for a content management system using Amazon DocumentDB. The application requires high availability and low-latency reads across multiple AWS Regions. Which TWO design choices meet these requirements?

Select 2 answers
A.Configure read replicas in each region to offload read traffic.
B.Use a single instance in each region with Multi-AZ disabled.
C.Use local secondary indexes to improve query performance in each region.
D.Deploy a global cluster with a primary region and secondary regions for read workloads.
E.Shard the data across multiple clusters in different regions.
AnswersA, D

Read replicas provide additional read capacity with low latency.

Why this answer

Option A (global cluster) provides multi-region replication with low-latency reads. Option D (read replicas) enhances read capacity. Option B is wrong because one instance per region doesn't provide high availability.

Option C is wrong because sharding is not native in DocumentDB. Option E is wrong because local secondary indexes don't help cross-region.

9
MCQhard

A company uses Amazon DynamoDB for its critical application. The security team requires that all access to DynamoDB tables be logged and monitored for suspicious activity. The company also needs to be alerted when a user deletes a table. Which combination of AWS services should be used?

A.AWS CloudTrail and Amazon DynamoDB Streams.
B.AWS Config and Amazon Simple Notification Service (SNS).
C.AWS CloudTrail and Amazon CloudWatch Events.
D.Amazon VPC Flow Logs and Amazon CloudWatch Logs.
AnswerC

CloudTrail logs API calls, and CloudWatch Events can create rules to match DeleteTable events and trigger alerts.

Why this answer

Option B is correct because CloudTrail logs all DynamoDB API calls, and CloudWatch Events can trigger alerts. Option A is wrong because DynamoDB Streams captures item-level changes, not API calls. Option C is wrong because VPC Flow Logs capture network traffic, not API calls.

Option D is wrong because Config records resource changes but not API calls directly for alerting.

10
MCQmedium

A database administrator is troubleshooting a slow-running query on an Amazon RDS for PostgreSQL DB instance. The query plan shows a sequential scan on a large table. The table has a primary key and an index on the column used in the WHERE clause. Why might the query optimizer choose a sequential scan over an index scan?

A.The query is expected to return a large percentage of rows.
B.The query is a SELECT * without a WHERE clause.
C.The table's statistics are outdated.
D.The index on the column is not being used because it is a composite index with a different column order.
AnswerA

When a query returns a significant portion of rows, a sequential scan is often faster than an index scan because it avoids many random I/O operations.

Why this answer

Option B is correct because if the optimizer estimates that a large percentage of rows will be returned, a sequential scan can be more efficient than random I/O from an index. Option A is wrong because outdated statistics can cause suboptimal plans, but the question asks for a reason the planner might choose sequential scan; outdated stats could lead to either choice. Option C is wrong because the presence of an index does not force its use; the optimizer decides.

Option D is wrong because the query has a WHERE clause, so a full table scan is not the only option, but it may be chosen due to the selectivity.

11
MCQhard

A developer receives a 'ResourceNotFoundException' when trying to describe a DynamoDB table. The developer runs the command shown in the exhibit and gets the output. What is the most likely cause?

A.The developer is using a different AWS region or the table name has incorrect case.
B.The table is not in ACTIVE state.
C.The table ARN is incorrect.
D.The developer does not have permission to describe the table.
AnswerA

Correct. The error likely stems from using the wrong region or incorrect table name casing.

Why this answer

Option C is correct because the table is in us-west-2, but the developer may be querying from a different region or the table name is case-sensitive. Option A is wrong because the table is ACTIVE. Option B is wrong because the ARN is present.

Option D is wrong because the command succeeded.

12
Multi-Selecthard

A company uses Amazon DynamoDB to store session data for a web application. The security team discovers that an IAM user has been performing unauthorized scans on the table. They need to implement controls to detect and prevent such unauthorized access in the future. Which THREE actions should the security team take? (Choose THREE.)

Select 3 answers
A.Enable AWS CloudTrail logging and create a metric filter for Scan API calls.
B.Use fine-grained access control with IAM conditions to restrict access to specific items or attributes.
C.Disable the Scan operation on the DynamoDB table.
D.Create an IAM policy that denies the 'Scan' action for unauthorized users using a condition key.
E.Enable VPC Flow Logs to monitor traffic to DynamoDB.
AnswersA, B, D

CloudTrail logs API calls, and metric filters can trigger alarms on unauthorized scans.

Why this answer

Options A, B, and E are correct. Option A: Using CloudTrail logs to detect unauthorized scans helps with detective controls. Option B: Implementing a resource-based policy with a condition key 'dynamodb:Scan' to deny access is a preventive control.

Option E: Using fine-grained access control with IAM conditions like 'dynamodb:Attributes' can restrict scans to specific attributes. Option C is wrong because VPC Flow Logs capture network traffic, not DynamoDB operations. Option D is wrong because disabling scan operations is not practical; many use cases require scans.

13
MCQhard

A company is migrating a 10 TB Oracle Data Warehouse to Amazon Redshift. The source database runs on premises with limited bandwidth (100 Mbps). The migration must complete within 5 days. Which approach is most cost-effective and meets the timeline?

A.Use AWS DMS over the internet to migrate data.
B.Use AWS Snowball Edge to transfer the initial full load, then AWS DMS for ongoing changes.
C.Use AWS Schema Conversion Tool (SCT) to convert and then upload to S3.
D.Use AWS DMS with AWS Direct Connect at 1 Gbps.
AnswerB

Snowball is fast and cost-effective for large data transfer.

Why this answer

Option C is correct because AWS Snowball Edge can transfer 10 TB in days, then use DMS for ongoing sync. Option A is wrong because 100 Mbps would take ~11 days for full load alone. Option B is wrong because direct DMS over 100 Mbps would take too long for initial load.

Option D is wrong because SCT is not a data transfer tool.

14
Multi-Selecteasy

A company is using Amazon ElastiCache for Redis to cache database query results. The cache cluster is a single node. The application experiences increased latency when the cache misses. Which TWO actions can improve the cache hit ratio?

Select 2 answers
A.Increase the Time-to-Live (TTL) for cached items.
B.Disable persistence to free memory.
C.Decrease the Time-to-Live (TTL) for cached items.
D.Add read replicas to the ElastiCache cluster.
E.Implement lazy loading to populate the cache on read requests.
AnswersA, E

Longer TTL reduces cache misses.

Why this answer

Options A and E are correct. Option A: Increasing the TTL keeps data in cache longer, reducing misses. Option E: Using lazy loading caches data on demand, which can improve hit ratio over time.

Option B is wrong because decreasing TTL would increase misses. Option C is wrong because more read replicas do not improve hit ratio; they improve read throughput. Option D is wrong because disabling persistence does not affect hit ratio.

15
MCQmedium

A social media company runs a large Amazon DynamoDB table (Users) with 10 TB of data. The table uses on-demand capacity. Recently, the application started experiencing occasional ProvisionedThroughputExceeded exceptions during read-heavy periods. The table's read metrics show that consumed read capacity is consistently below 50% of provisioned capacity. The application uses eventually consistent reads. The table has a global secondary index (GSI) on the 'status' attribute. The GSI's read capacity consumption is often at 100% of its provisioned capacity. What is the most likely cause of the throttling?

A.The on-demand capacity mode is not suitable for this workload; switch to provisioned with auto scaling.
B.The base table's read capacity is insufficient despite on-demand mode.
C.The GSI is throttling because its read capacity is not set to on-demand, or the GSI's partition key is causing hot partitions.
D.The application should use strongly consistent reads to reduce throttling.
AnswerC

GSI has its own capacity; if it throttles, base table reads that use the GSI may be throttled.

Why this answer

The GSI has its own read capacity settings. If the GSI is throttled, reads on the base table that require the GSI may also be throttled. Option B is correct.

Option A is unlikely because base table RCU is not maxed. Option C is incorrect because on-demand auto scaling does not apply to GSIs separately in the same way. Option D is incorrect because eventual consistency does not cause throttling.

16
Multi-Selectmedium

Which TWO factors should be considered when choosing between Amazon DynamoDB and Amazon RDS for MySQL for a new e-commerce application with variable traffic patterns?

Select 2 answers
A.Ability to perform complex joins and aggregations: DynamoDB supports SQL-like queries.
B.Operational overhead: DynamoDB is serverless, RDS requires patching and provisioning.
C.Support for ACID transactions in both databases.
D.Encryption at rest is only available for RDS.
E.Automatic scaling of throughput with DynamoDB on-demand vs. manual scaling of RDS.
AnswersB, E

DynamoDB is fully managed with no server management; RDS still requires some management.

Why this answer

Option B is correct because DynamoDB is a fully managed serverless service that eliminates the need for patching, provisioning, or managing servers, whereas Amazon RDS for MySQL requires manual patching, scaling, and instance provisioning. This operational overhead difference is critical for variable traffic patterns, as DynamoDB automatically handles infrastructure management, reducing administrative burden.

Exam trap

The trap here is that candidates may assume ACID transactions are exclusive to relational databases, but DynamoDB supports ACID transactions within a single table, leading them to incorrectly select option C as a distinguishing factor.

17
Multi-Selectmedium

A company runs a PostgreSQL database on Amazon RDS for a CRM application. The database is 500 GB and experiences high read traffic. The company wants to improve read scalability and reduce latency. Which TWO actions should the company take? (Choose two.)

Select 2 answers
A.Implement Amazon ElastiCache for Redis to cache common queries.
B.Store large objects in Amazon S3 and reference them.
C.Enable Multi-AZ for automatic failover.
D.Create one or more read replicas in the same region.
E.Migrate data to Amazon DynamoDB with Global Tables.
AnswersA, D

Caching reduces database load.

Why this answer

Option A is correct because Amazon ElastiCache for Redis can cache the results of frequently executed read queries, offloading read traffic from the RDS PostgreSQL instance and reducing latency for repeated queries. This is especially effective for read-heavy workloads where the same data is requested many times, as Redis provides sub-millisecond response times and reduces the load on the database.

Exam trap

The trap here is that candidates often confuse Multi-AZ (which is for high availability) with read replicas (which are for read scaling), and may incorrectly think that enabling Multi-AZ also distributes read traffic, when in fact the standby instance is not accessible for reads.

18
Multi-Selectmedium

An e-commerce company uses Amazon RDS for MySQL to store order data. They need to run complex analytical queries on the data without impacting the performance of the transactional workload. Which TWO solutions should they implement? (Choose TWO.)

Select 2 answers
A.Migrate the transaction table to Amazon DynamoDB
B.Use Amazon Redshift for analytics and load data via AWS DMS
C.Store order data in Amazon S3 and query with Amazon Athena
D.Enable Multi-AZ to use the standby for queries
E.Create an Amazon RDS read replica for analytical queries
AnswersB, E

Redshift is purpose-built for analytics; DMS can replicate data from RDS.

Why this answer

Creating a read replica offloads read queries from the primary database. Amazon Redshift is a data warehouse optimized for analytics; data can be loaded from RDS. Option B is wrong because enabling Multi-AZ does not provide a separate read-only endpoint.

Option C is wrong because DynamoDB is not suitable for complex analytical queries. Option D is wrong because S3 alone cannot run analytical queries.

19
MCQmedium

A company is migrating an on-premises MongoDB database to Amazon DocumentDB. The application uses secondary indexes extensively and requires low-latency reads. Which database design consideration is MOST important for this workload?

A.Convert secondary indexes to the DocumentDB-compatible format
B.Provision EBS-optimized instances with increased IOPS
C.Use a larger instance type to avoid indexing issues
D.Enable DynamoDB Accelerator (DAX) for caching
AnswerA

DocumentDB requires indexes to be created in its own format; otherwise queries may not use them.

Why this answer

Option B is correct because Amazon DocumentDB does not support the same range of secondary indexes as MongoDB; converting indexes ensures performance. Option A is wrong because DocumentDB uses its own storage, not EBS. Option C is wrong because DynamoDB Accelerator is for DynamoDB, not DocumentDB.

Option D is wrong because vertical scaling is often insufficient; proper indexing is key.

20
MCQmedium

A company uses Amazon DynamoDB global tables for a multi-region application. They notice that writes in one region are not appearing in another region after several minutes. What should they check first?

A.Check the ReplicationLatency metric in Amazon CloudWatch
B.Verify that auto scaling is configured identically in both regions
C.Ensure DynamoDB Streams are enabled on the table
D.Check the table size in both regions
AnswerA

This metric shows the lag between regions.

Why this answer

Option C is correct because ReplicationLatency metric shows delay between regions. Option A is wrong because Streams are used for replication; check the metric first. Option B is wrong because auto scaling affects capacity, not replication.

Option D is wrong because table size doesn't directly cause replication delay.

21
MCQhard

A company runs a financial analytics platform on Amazon DynamoDB. The table stores transaction records with a partition key of account_id and a sort key of transaction_timestamp. Each account has thousands of transactions. The application frequently queries the most recent transactions for a given account_id, sorted by timestamp in descending order. Recently, as the number of accounts grew, the query latency increased significantly. The DynamoDB table has provisioned read capacity of 10,000 RCUs, and CloudWatch metrics show that consumed read capacity is at 60%. The database specialist suspects that the issue is due to the query pattern. Which action should the database specialist take to reduce query latency?

A.Migrate the table to Amazon Aurora PostgreSQL with a secondary index on account_id and transaction_timestamp.
B.Create a Global Secondary Index (GSI) with account_id as partition key and transaction_timestamp as sort key, and query the GSI with ScanIndexForward set to false.
C.Enable DynamoDB Accelerator (DAX) to cache query results.
D.Increase the provisioned read capacity to 20,000 RCUs to handle the load.
AnswerB

A GSI with the desired sort key allows efficient descending queries.

Why this answer

Option B is correct because creating a Global Secondary Index (GSI) with account_id as the partition key and transaction_timestamp as the sort key allows the application to query the most recent transactions for a given account_id efficiently. By setting ScanIndexForward to false in the query, DynamoDB returns items in descending order by sort key, which directly matches the query pattern. This avoids the need to scan all transactions for an account and then sort them, significantly reducing latency.

The existing table's sort key is transaction_timestamp, but the query pattern requires descending order; the GSI provides an optimized access path without changing the base table structure.

Exam trap

The trap here is that candidates may think increasing RCUs or adding caching (DAX) will solve latency issues, but the real problem is the inefficient query pattern that requires scanning and sorting all items for an account, which a properly designed GSI with ScanIndexForward=false directly addresses.

How to eliminate wrong answers

Option A is wrong because migrating to Amazon Aurora PostgreSQL would introduce unnecessary complexity and operational overhead, and it does not address the root cause of the query pattern inefficiency in DynamoDB; the issue is about optimizing the existing NoSQL access pattern, not switching database engines. Option C is wrong because enabling DynamoDB Accelerator (DAX) caches query results but does not reduce the latency of the initial query that must still scan and sort all transactions for an account; DAX helps with repeated queries but not with the underlying inefficient scan-and-sort pattern. Option D is wrong because increasing provisioned read capacity to 20,000 RCUs does not solve the latency problem caused by the query pattern; the consumed read capacity is only at 60%, indicating sufficient capacity, and the latency is due to the need to scan and sort thousands of items per account, not due to throttling.

22
MCQeasy

A company is designing a database for an e-commerce application that needs to store product catalog data. The data is highly structured with relationships between products, categories, and suppliers. The application requires ACID transactions to maintain data integrity when updating inventory. The company expects moderate read and write traffic. Which AWS database service is MOST suitable for this workload?

A.Amazon ElastiCache for Redis
B.Amazon Neptune
C.Amazon RDS for MySQL
D.Amazon DynamoDB
AnswerC

RDS for MySQL provides full ACID compliance and supports relational data structures.

Why this answer

Amazon RDS for MySQL is the most suitable choice because it provides a fully managed relational database that supports ACID transactions, which are essential for maintaining data integrity during inventory updates. The highly structured nature of product catalog data with relationships between products, categories, and suppliers maps naturally to MySQL's relational model with foreign keys and joins. RDS for MySQL handles moderate read/write traffic efficiently and offers features like Multi-AZ for high availability and read replicas for scaling reads.

Exam trap

The trap here is that candidates often pick Amazon DynamoDB for its scalability and performance, but overlook the requirement for ACID transactions and relational joins, which DynamoDB handles poorly compared to a traditional RDBMS like MySQL.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis is an in-memory key-value store that does not support ACID transactions or relational queries; it is designed for caching and session management, not as a primary database for structured relational data. Option B is wrong because Amazon Neptune is a graph database optimized for highly connected data like social networks or recommendation engines, but it is overkill and not designed for ACID-compliant transactional workloads with structured relational schemas. Option D is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not natively support complex joins, foreign keys, or ACID transactions across multiple items without using expensive transactions API features; it is better suited for unstructured or semi-structured data at scale.

23
MCQeasy

A media company is storing large video files (up to 10 GB each) in Amazon S3 and needs to maintain metadata about each file, including title, duration, and upload timestamp. The workload involves frequent writes (1000+ per second) and occasional read queries by title. Which database is best suited for this metadata store?

A.Amazon Neptune
B.Amazon RDS for MySQL
C.Amazon DynamoDB
D.Amazon ElastiCache for Memcached
AnswerC

DynamoDB supports high write throughput and fast queries by partition key.

Why this answer

Amazon DynamoDB is the best choice because it supports single-digit millisecond latency at any scale, handles over 1000 writes per second with auto-scaling, and can efficiently serve occasional read queries by title using a global secondary index (GSI) on the title attribute. Its fully managed, serverless nature eliminates operational overhead for high-throughput metadata storage.

Exam trap

AWS often tests the misconception that a relational database (RDS) is always the default for metadata, but the high write throughput and simple query pattern here make DynamoDB the correct choice, not RDS.

How to eliminate wrong answers

Option A is wrong because Amazon Neptune is a graph database designed for highly connected data (e.g., social networks, recommendation engines), not for simple key-value or document metadata with high write throughput. Option B is wrong because Amazon RDS for MySQL, while capable of storing metadata, cannot scale to 1000+ writes per second without significant vertical scaling or complex sharding, and its relational overhead (schema, joins) is unnecessary for simple metadata lookups. Option D is wrong because Amazon ElastiCache for Memcached is an in-memory cache, not a persistent database; it would lose data on node failure and cannot serve as a durable metadata store.

24
Multi-Selectmedium

A database specialist is troubleshooting an Amazon DynamoDB table that is experiencing high throttling on write requests. The table has on-demand capacity and uses a composite primary key (partition key and sort key). Which THREE actions should the specialist take to identify and resolve the issue?

Select 3 answers
A.Examine the partition key value distribution to identify hot partitions
B.Implement DynamoDB Accelerator (DAX) to offload read traffic
C.Change the table to provisioned capacity mode
D.Increase the read capacity units on the table
E.Review Amazon CloudWatch metrics for 'WriteThrottleEvents' and 'ConsumedWriteCapacityUnits'
AnswersA, B, E

Uneven distribution causes throttling on hot partitions.

Why this answer

Option A is correct because high throttling on write requests in DynamoDB often results from uneven partition key value distribution, creating 'hot partitions' that exceed the per-partition throughput limits. By examining the distribution, the specialist can identify which keys are causing the bottleneck and then apply strategies like write sharding or adjusting the partition key design to spread traffic evenly.

Exam trap

The trap here is that candidates may confuse read and write capacity units or assume that on-demand capacity eliminates all throttling, when in fact hot partitions can still cause throttling regardless of the capacity mode.

25
Multi-Selecteasy

A company is using Amazon RDS for MySQL and wants to implement database activity monitoring to detect suspicious queries. Which TWO AWS services can be used together to achieve this?

Select 2 answers
A.AWS Lambda
B.AWS CloudTrail
C.AWS Systems Manager Patch Manager
D.Amazon Inspector
E.Amazon CloudWatch Logs
AnswersA, E

Can process CloudWatch Logs and detect patterns.

Why this answer

Options A and D are correct. RDS can publish logs to CloudWatch Logs, and CloudWatch Logs can trigger a Lambda function to analyze logs in real-time. Option B is for vulnerability scanning.

Option C is for patching. Option E is for auditing API calls, not database queries.

26
Multi-Selectmedium

A company is troubleshooting a performance issue with an Amazon RDS for MariaDB instance. The CloudWatch metric 'ReadIOPS' is consistently high, but 'WriteIOPS' is low. Which TWO actions could help improve read performance?

Select 2 answers
A.Add a read replica to offload read queries.
B.Increase the allocated storage to improve IOPS.
C.Use Amazon ElastiCache to cache query results.
D.Increase the DB instance class to one with more memory.
E.Enable Multi-AZ to improve read performance.
AnswersA, D

Read replicas handle read traffic, reducing load on the primary.

Why this answer

Adding a read replica offloads read traffic from the primary. Increasing the instance size can provide more memory for caching, reducing read IO. Option C (increasing storage) may help if it increases IOPS, but not necessarily.

Option D (enabling Multi-AZ) does not improve read performance. Option E (using Amazon ElastiCache) is a valid approach but not specific to RDS.

27
Multi-Selecteasy

A company is using Amazon DynamoDB and wants to restrict access to a specific table so that only users in a particular IAM group can perform read and write operations. Which THREE steps should be taken to achieve this?

Select 3 answers
A.Create an IAM policy that allows dynamodb:GetItem, dynamodb:PutItem, etc. on the specific table ARN.
B.Attach the IAM policy to an IAM group.
C.Attach a resource-based policy to the DynamoDB table allowing access from the group.
D.Add the users to the IAM group.
E.Create an IAM role and assign it to the table.
AnswersA, B, D

This defines the allowed actions on the table.

Why this answer

Options A, B, and D are correct. You create an IAM policy that grants DynamoDB actions on the specific table (A). You attach that policy to the IAM group (B).

You then add users to that group (D). Option C is wrong because the policy should be attached to the group, not the table. Option E is wrong because resource-based policies on the table are not the primary method; IAM policies are used.

28
Multi-Selectmedium

A company is running an Amazon RDS for MySQL DB instance with Multi-AZ. The company wants to perform a major version upgrade with minimal downtime. Which TWO actions should be taken? (Choose TWO.)

Select 2 answers
A.Use the AWS CLI to modify the DB instance with the --allow-major-version-upgrade flag.
B.Use the AWS Management Console to modify the DB instance and apply the upgrade immediately.
C.Enable automatic minor version upgrades on the DB instance.
D.Create a read replica, upgrade the replica to the new version, and promote it to become the primary.
E.Take a snapshot and restore to the new version.
AnswersB, D

For Multi-AZ, this performs the upgrade on the standby first, then fails over, minimizing downtime.

Why this answer

Option A is correct because enabling automatic minor version upgrades is good practice but not required for major upgrades. Option B is correct because creating a read replica, upgrading it first, and then promoting it minimizes downtime. Option D is also correct (but wait, the question says 'Which TWO' and there are exactly two correct: B and D? Actually, A is not required for major upgrades.

Let's check: Option B and D are correct: B: create read replica, upgrade, promote; D: perform the upgrade on the standby first. Option A is not directly related. Option C is wrong because it causes downtime.

Option E is wrong because it is not supported for major upgrades. So correct: B and D.

29
MCQhard

A company has a MySQL database that stores user profile data. The database is 1 TB and growing. The team wants to archive inactive user profiles that haven't been accessed in over 1 year. The archived data must be queryable but at a slower performance tier. Which approach is most cost-effective?

A.Create an RDS read replica and delete inactive records from the primary
B.Move inactive profiles to Amazon Aurora Serverless and stop the cluster when not in use
C.Export inactive profiles to Amazon S3 and use S3 Intelligent-Tiering for storage
D.Use Amazon DynamoDB with TTL to expire inactive profiles
AnswerC

S3 Intelligent-Tiering optimizes costs, and the data can be queried using Athena.

Why this answer

Amazon S3 Intelligent-Tiering automatically moves data between access tiers to optimize costs. Querying S3 data can be done using Amazon Athena or S3 Select. Option A (RDS read replica) keeps all data in RDS, costly.

Option B (DMS to S3) is a one-time load; S3 Intelligent-Tiering optimizes storage costs over time. Option D (DynamoDB TTL) deletes data, not archives.

30
MCQhard

A company runs a MongoDB workload on Amazon EC2 and wants to migrate to Amazon DocumentDB. The database has a total size of 2 TB and experiences 10,000 writes per second during peak. Which migration strategy minimizes downtime?

A.Export data using mongodump and import with mongorestore.
B.Use AWS Glue to stream data to DocumentDB.
C.Use AWS DMS with continuous replication.
D.Copy data files to Amazon S3 and load into DocumentDB.
AnswerC

DMS supports live migration with minimal downtime.

Why this answer

AWS DMS with continuous replication (change data capture) is the correct strategy because it allows you to keep the source MongoDB and target DocumentDB synchronized in near-real time, minimizing downtime to a brief cutover window. For a 2 TB database with 10,000 writes per second, a full export/import would take hours and require significant downtime, while DMS handles the initial full load and then continuously applies ongoing changes until you switch over.

Exam trap

The trap here is that candidates often assume a simple export/import (mongodump/mongorestore) is sufficient, but they overlook the requirement for minimal downtime with a high-write workload, where only a CDC-capable tool like DMS can keep the target synchronized during migration.

How to eliminate wrong answers

Option A is wrong because mongodump/mongorestore performs a full logical backup and restore, which for a 2 TB database would take many hours and require the source to be quiesced or read-only during the dump, causing extended downtime; it also does not support continuous replication to reduce the cutover window. Option B is wrong because AWS Glue is an ETL service designed for batch processing and data transformation, not for real-time streaming or continuous replication of database writes; it lacks the change data capture (CDC) capability needed to keep a live database synchronized with minimal downtime. Option D is wrong because copying data files to S3 and loading into DocumentDB is not a supported migration method; DocumentDB does not accept raw data files from MongoDB, and there is no native mechanism to ingest from S3 directly into a DocumentDB cluster.

31
MCQeasy

A gaming company wants to store player profiles and game state. The data is accessed via a REST API and must be highly available with single-digit millisecond latency. The schema is simple and may evolve over time. Which database should they use?

A.Amazon DynamoDB
B.Amazon S3
C.Amazon RDS for PostgreSQL
D.Amazon Redshift
AnswerA

DynamoDB provides low latency, high availability, and schema flexibility.

Why this answer

Option A is correct because DynamoDB is a fully managed NoSQL database with consistent single-digit millisecond latency and flexible schema. Option B is wrong because RDS is relational and adds latency for simple lookups. Option C is wrong because Redshift is for analytics.

Option D is wrong because S3 is object storage, not designed for low-latency updates.

32
MCQeasy

A company is designing a database for a global e-commerce application that requires low-latency reads and writes with strong consistency. The application is expected to handle millions of requests per second and requires high availability. Which AWS database service is most suitable for this workload?

A.Amazon ElastiCache for Memcached
B.Amazon S3 with S3 Select
C.Amazon RDS for MySQL with Multi-AZ deployment
D.Amazon DynamoDB with DynamoDB Accelerator (DAX)
AnswerD

DynamoDB provides scalable, low-latency, strongly consistent performance suitable for high-request-rate applications.

Why this answer

Amazon DynamoDB with DAX can provide single-digit millisecond latency at scale, supports strongly consistent reads, and is designed for high availability across multiple AWS regions. Option A (Amazon RDS MySQL with Multi-AZ) does not provide the same scalability for millions of requests per second. Option C (Amazon ElastiCache for Memcached) is a caching layer, not a primary database.

Option D (Amazon S3) is object storage, not suitable for low-latency transactional workloads.

33
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user who will manage AWS DMS tasks. When the user tries to start a replication task, they receive an access denied error. What is the most likely cause?

A.The policy does not allow rds:DescribeDBInstances
B.The policy does not allow the dms:StartReplicationTask action
C.The policy is missing permissions to describe endpoints and connections
D.The policy does not allow dms:CreateReplicationTask
AnswerC

To start a replication task, DMS needs to describe endpoints and connections; these actions are missing from the policy.

Why this answer

Option A is correct because the policy does not include dms:StartReplicationTask, only dms:StartReplicationTask is not present (the action is StartReplicationTask, not StartReplicationTask? Actually the policy has StartReplicationTask, so that should be fine. Wait, the policy does include dms:StartReplicationTask. So the error might be due to missing DescribeEndpoints.

Option D is plausible. Let's re-evaluate. The policy includes StartReplicationTask, so A is not correct.

The user might need dms:DescribeEndpoints to start a task. So D is correct.

34
MCQhard

A company is migrating a 500 GB PostgreSQL database from on-premises to Amazon Aurora PostgreSQL. The migration must have a recovery point objective (RPO) of less than 5 minutes and a recovery time objective (RTO) of less than 30 minutes. Which migration strategy should the company use?

A.Create a read replica of the on-premises database and promote it.
B.Use AWS DMS with full load and ongoing replication.
C.Take a full backup using pg_basebackup and restore to Aurora.
D.Use pg_dump to export the database and import into Aurora.
AnswerB

Ongoing replication achieves low RPO.

Why this answer

Option B is correct because AWS DMS with ongoing replication can achieve an RPO of less than 5 minutes by continuously replicating changes, and the RTO can be met by cutting over quickly. Option A is wrong because a full backup and restore has an RPO of hours. Option C is wrong because pg_dump export/import has an RPO of the time of the dump.

Option D is wrong because creating a read replica from on-premises is not possible.

35
MCQeasy

A company is using Amazon DynamoDB and needs to export data to Amazon S3 for analysis. Which AWS service can perform this export without writing custom code?

A.AWS Data Pipeline
B.Amazon EMR
C.AWS Glue
D.DynamoDB Console
AnswerC

Glue can run ETL jobs to export DynamoDB data to S3.

Why this answer

AWS Glue provides a built-in DynamoDB-to-S3 export feature that requires no custom code. You can create a Glue job using the 'Export DynamoDB table to S3' blueprint, which automatically handles schema inference, data conversion, and partitioning. This is the only option that directly supports the export without writing any code.

Exam trap

The trap here is that candidates may choose AWS Data Pipeline because it is a traditional ETL service, but they overlook that AWS Glue now offers a simpler, code-free export blueprint specifically for DynamoDB-to-S3, making it the most direct answer.

How to eliminate wrong answers

Option A is wrong because AWS Data Pipeline requires defining a pipeline with activities and resources, which involves configuration but not custom code; however, it is not the simplest or most direct service for this task and is deprecated in favor of Glue. Option B is wrong because Amazon EMR requires you to write or run custom scripts (e.g., Spark or Hive) to export data from DynamoDB to S3, which does not meet the 'without writing custom code' requirement. Option D is wrong because the DynamoDB Console only allows manual export of table data to S3 via the 'Export to S3' feature, but this is a one-time, manual operation, not an automated service; the question asks for a 'service' that can perform the export, and the console is a UI, not a service.

36
MCQmedium

A company uses Amazon Aurora MySQL for its online transaction processing (OLTP) application. Recently, read traffic has increased significantly, causing performance issues. The company wants to offload read traffic with minimal application changes. Which solution should they implement?

A.Enable Multi-AZ deployment
B.Create one or more Aurora Replicas
C.Migrate to Amazon DynamoDB
D.Add an Amazon ElastiCache cluster in front of Aurora
AnswerB

Aurora Replicas are read-only copies that offload read traffic.

Why this answer

Aurora Replicas are asynchronous read replicas that can handle read traffic without application changes (just use different endpoint). Option A (Multi-AZ) is for high availability, not read scaling. Option C (ElastiCache) requires application changes.

Option D (DynamoDB) would require a full redesign.

37
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 100 Mbps internet connection. The migration must be completed within 3 days with minimal downtime. Which approach is MOST suitable?

A.Export the database as a dump file, upload to S3, and restore to RDS.
B.Use AWS Database Migration Service (DMS) with a full load from an AWS Snowball device, then ongoing replication.
C.Use AWS DMS with full load over the internet, then ongoing replication.
D.Create a VPN connection to AWS and use Oracle Data Pump over the VPN.
AnswerB

Snowball handles the initial large data transfer, and DMS provides minimal downtime replication.

Why this answer

Option A is correct because AWS DMS can perform a live migration with minimal downtime, and using an AWS Snowball for the initial load reduces the time over the slow internet connection. Option B is wrong because uploading over the internet would take too long. Option C is wrong because restoring from an on-premises backup over the internet is also slow.

Option D is wrong because a VPN does not solve the bandwidth limitation.

38
MCQhard

A database team is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The team needs to ensure minimal downtime and data consistency. Which approach should be used?

A.Use the PostgreSQL foreign data wrapper (FDW) to link the Oracle database
B.Use AWS Server Migration Service (SMS) to replicate the database
C.Use AWS Database Migration Service (DMS) with ongoing replication using change data capture (CDC)
D.Use pg_dump and pg_restore to migrate the data during a maintenance window
AnswerC

DMS with CDC minimizes downtime by replicating changes continuously.

Why this answer

AWS DMS with ongoing replication using change data capture (CDC) is the correct approach because it enables a live migration with minimal downtime. DMS can perform a full load of the Oracle database and then continuously replicate ongoing changes from Oracle to Aurora PostgreSQL, ensuring data consistency at the point of cutover. This method avoids the need for a long maintenance window and supports heterogeneous migrations with automatic schema conversion.

Exam trap

The trap here is that candidates often confuse AWS DMS with simpler dump-and-restore tools (pg_dump/pg_restore) or assume that a foreign data wrapper can perform a migration, when in fact DMS is the only AWS managed service designed specifically for heterogeneous database migrations with minimal downtime via CDC.

How to eliminate wrong answers

Option A is wrong because the PostgreSQL foreign data wrapper (FDW) is used for querying remote databases in real-time, not for migrating data with minimal downtime and consistency guarantees; it does not provide a managed replication or cutover mechanism. Option B is wrong because AWS Server Migration Service (SMS) is designed for migrating virtual machines (VMs) from on-premises to AWS, not for database-level replication; it cannot handle heterogeneous database migrations or CDC. Option D is wrong because pg_dump and pg_restore require taking the source database offline or using a maintenance window, which contradicts the requirement for minimal downtime; this approach also does not support ongoing replication to keep data consistent during migration.

39
MCQmedium

A company is migrating a 2 TB on-premises Oracle database to Amazon RDS for Oracle. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used to accomplish this?

A.AWS Schema Conversion Tool (AWS SCT)
B.AWS DataSync
C.AWS Glue
D.AWS Database Migration Service (AWS DMS)
AnswerD

AWS DMS supports minimal-downtime migrations and ongoing replication.

Why this answer

AWS DMS is the correct choice because it supports homogeneous migrations (Oracle to Oracle) with minimal downtime through ongoing replication using change data capture (CDC). It can handle a 2 TB database by using a large enough replication instance and enabling task logging for validation, ensuring data consistency during the migration.

Exam trap

The trap here is that candidates might confuse AWS DMS with AWS SCT, assuming schema conversion is needed for an Oracle-to-Oracle migration, but DMS handles both schema and data migration natively for homogeneous migrations without requiring SCT.

How to eliminate wrong answers

Option A is wrong because AWS SCT is used for schema conversion when migrating between heterogeneous database engines (e.g., Oracle to Aurora PostgreSQL), not for ongoing replication or minimal-downtime migration within the same engine. Option B is wrong because AWS DataSync is designed for transferring large files over NFS/SMB to Amazon S3 or EFS, not for database-level replication or CDC. Option C is wrong because AWS Glue is an ETL service for data preparation and analytics, not for live database migration with ongoing replication.

40
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user. The user attempts to create an RDS DB instance named 'new-prod-db' with Oracle Standard Edition Two engine. What will happen?

A.The request will fail because the Deny condition matches the engine.
B.The request will fail because there is no Allow for 'new-prod-db'.
C.The request will succeed because the Allow matches the name pattern.
D.The request will succeed because the Deny is not effective for 'new-prod-db'.
AnswerA

Explicit Deny for Oracle denies the action.

Why this answer

The policy has an Allow for db names starting with 'new-' and a Deny for Oracle engine. Since there is an explicit Deny for Oracle, the request will be denied due to the Deny override. The Allow does not apply because the Deny is more specific and takes precedence.

41
MCQeasy

A database administrator needs to track changes to an Amazon RDS DB instance's configuration, such as modifications to the DB instance class or security group. Which AWS service should be used?

A.Amazon CloudWatch Logs
B.AWS Config
C.AWS CloudTrail
D.AWS Systems Manager Patch Manager
AnswerB

AWS Config tracks configuration changes and provides a history.

Why this answer

Option B is correct because AWS Config records configuration changes to RDS instances. Option A is wrong because CloudTrail records API calls, not configuration state. Option C is wrong because CloudWatch Logs are for log data, not config changes.

Option D is wrong because Systems Manager Patch Manager is for patching.

42
MCQhard

The security team reports that the database 'mydb' is not encrypted. However, the CLI output shows 'StorageEncrypted' is true. What is the MOST likely reason for the security team's concern?

A.The database is using a default AWS managed key instead of a customer-managed key.
B.The KMS key specified may have been disabled or deleted, causing the database to be inaccessible or not encrypted.
C.The 'StorageEncrypted' field is false, but the CLI output shows true.
D.The database is not using a KMS key and is instead using a CloudHSM key.
AnswerB

If the KMS key is disabled or deleted, the database may not be able to encrypt/decrypt data, leading to security concerns.

Why this answer

Option C is correct. The KMS key ID is in the output, but the security team might be concerned about the key being disabled or deleted. Option A is wrong because 'StorageEncrypted' is true.

Option B is wrong because there is no HSM requirement. Option D is wrong because the key is specified.

43
MCQmedium

A company is using Amazon ElastiCache for Redis as a caching layer. The application performance degrades when cache misses increase. Which metric should be monitored to track the cache hit rate?

A.CurrConnections
B.CacheHits and CacheMisses
C.CPUUtilization
D.Evictions
AnswerB

CacheHits and CacheMisses are used to calculate hit rate.

Why this answer

Option D is correct because CacheHits and CacheMisses together give the hit rate. Option A is wrong because CPUUtilization is for resource usage. Option B is wrong because Evictions indicates memory pressure, not hit rate.

Option C is wrong because CurrConnections shows active connections.

44
MCQhard

A security engineer runs the commands shown in the exhibit for an RDS MySQL DB instance. The engineer wants to enforce SSL connections to the database. What should the engineer do?

A.Modify the default.mysql8.0 parameter group to set require_secure_transport to ON and reboot the instance.
B.Run the modify-db-instance command with --require-ssl-transport.
C.Create a custom DB parameter group with require_secure_transport set to ON, associate it with the DB instance, and reboot the instance.
D.Modify the DB instance and set the --enable-iam-database-authentication flag.
AnswerC

This is the correct method to enforce SSL.

Why this answer

Option B is correct because the default parameter group is not modifiable; a custom parameter group must be created, require_secure_transport set to ON, and then associated with the DB instance, followed by a reboot. Option A is wrong because modifying the default parameter group is not allowed. Option C is wrong because modifying the DB instance directly does not change parameter group parameters.

Option D is wrong because require_secure_transport is a MySQL-specific parameter, not an RDS API setting.

45
MCQhard

A company is migrating an on-premises Oracle data warehouse to AWS. The warehouse contains 20 TB of data and supports complex SQL queries with joins and aggregations. The migration should minimize downtime and require minimal changes to existing SQL queries. Which database service is MOST appropriate?

A.Amazon RDS for Oracle
B.Amazon DynamoDB
C.Amazon ElastiCache for Redis
D.Amazon Redshift
AnswerD

Redshift is purpose-built for data warehousing with complex query support.

Why this answer

Amazon Redshift is the most appropriate choice because it is a fully managed, petabyte-scale data warehouse service designed for complex SQL queries with joins and aggregations. It supports standard SQL with minimal changes to existing queries, and its columnar storage and massively parallel processing (MPP) architecture are optimized for analytical workloads. The 20 TB data size and requirement to minimize downtime align with Redshift's ability to perform online resizing and use features like RA3 nodes with managed storage for elastic scaling.

Exam trap

The trap here is that candidates may choose Amazon RDS for Oracle because they recognize Oracle as a familiar database, overlooking that RDS is optimized for OLTP, not for the analytical, large-scale data warehouse workload described in the question.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for Oracle is a transactional (OLTP) database not optimized for complex analytical queries with joins and aggregations on 20 TB of data; it lacks the MPP architecture and columnar storage needed for data warehouse performance. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support complex SQL joins or aggregations, and it is designed for high-throughput, low-latency transactional workloads, not analytical queries. Option C is wrong because Amazon ElastiCache for Redis is an in-memory cache, not a persistent data warehouse; it cannot handle 20 TB of data cost-effectively and does not support complex SQL queries with joins and aggregations.

46
MCQmedium

A team is using Amazon RDS for Oracle with an option group that includes the Oracle Enterprise Manager (OEM) option. After modifying the option group to add a new option, the DB instance is stuck in the 'modifying' state for an extended period. What should the team do?

A.Reboot the DB instance to complete the modification.
B.Contact AWS Support to force the modification.
C.Create a new DB instance with the desired options and migrate the data.
D.Modify the DB instance again to reset the state.
AnswerA

Some option changes require a reboot to take effect.

Why this answer

Option A is correct because adding certain options may require a reboot. Option B is incorrect because the option group modification is likely valid; the issue is that it requires a reboot. Option C is incorrect because modifying the DB instance again would not help.

Option D is incorrect because the DB instance is not in a failed state.

47
MCQhard

Refer to the exhibit. An IAM policy is attached to a user. The user reports that they cannot delete the production-db database. Which statement best explains the behavior?

A.An explicit Deny statement prevents the deletion of the production-db instance
B.The user needs additional permissions to delete any DB instance
C.The user does not have permission to describe DB instances
D.The user does not have permission to create a DB instance
AnswerA

Explicit Deny overrides Allow.

Why this answer

Option C is correct because an explicit Deny overrides any Allow. The Deny statement specifically denies DeleteDBInstance on that resource. Option A is wrong because the policy allows CreateDBInstance.

Option B is wrong because DescribeDBInstances is allowed. Option D is wrong because the Deny is explicitly on the production-db ARN.

48
MCQhard

A database specialist is troubleshooting a performance issue on an Amazon RDS for MySQL DB instance. The CPU utilization is consistently above 90%, but the IOPS and memory metrics are well within limits. Which tool should the specialist use to identify the root cause?

A.Enable AWS CloudTrail to log database queries.
B.Use Amazon RDS Enhanced Monitoring to view OS-level metrics.
C.Check RDS events in the AWS Management Console.
D.Use Amazon RDS Performance Insights to identify the top SQL queries by CPU usage.
AnswerD

Performance Insights provides query-level performance data.

Why this answer

Option A is correct. Performance Insights can show the queries that are consuming the most CPU. Option B is wrong because Enhanced Monitoring is for OS-level metrics, not per-query CPU usage.

Option C is wrong because RDS Events are for operational events. Option D is wrong because CloudTrail is for API calls.

49
MCQhard

A company is deploying an Amazon Aurora MySQL database. The company requires that the database withstand the loss of two copies of data without impacting write availability. Which configuration should the company use?

A.Aurora with 3 copies of data in 3 Availability Zones
B.Aurora with 2 copies of data in 2 Availability Zones
C.Aurora with 3 copies of data in 2 Availability Zones
D.Aurora with 6 copies of data across 3 Availability Zones
AnswerD

Aurora automatically stores 6 copies across 3 AZs, allowing it to tolerate loss of two copies without affecting write availability.

Why this answer

Aurora stores 6 copies of data across 3 AZs. The loss of two copies can be tolerated if they are distributed. Option A (3 copies in 3 AZs) is incorrect; Aurora uses 6 copies.

Option B (2 copies in 2 AZs) is not correct. Option D (3 copies in 2 AZs) is not standard. The correct answer is C because Aurora's architecture provides higher durability.

50
Multi-Selectmedium

A company runs an Amazon RDS for MySQL DB instance in a VPC. Security requirements mandate that only specific EC2 instances in the same VPC can connect to the database. The security group attached to the RDS instance currently allows inbound traffic on port 3306 from 0.0.0.0/0. Which combination of steps should a database specialist take to meet the security requirement without impacting existing application connectivity? (Choose two.)

Select 2 answers
A.Modify the network ACL for the DB subnet to allow inbound port 3306 from the EC2 instance's private IP.
B.Remove the inbound rule for 0.0.0.0/0 on the RDS security group.
C.Add an inbound rule to the RDS security group referencing the security group ID of the EC2 instances.
D.Modify the DB subnet group to place the RDS instance in a public subnet with a route to the EC2 instance.
E.Add an inbound rule to the RDS security group allowing traffic from the VPC CIDR on port 3306.
AnswersB, C

Removing the overly permissive rule is necessary to restrict access.

Why this answer

Option B is correct because removing the overly permissive inbound rule for 0.0.0.0/0 on the RDS security group eliminates unrestricted access, which is a direct violation of the security requirement. Option C is correct because adding an inbound rule that references the security group ID of the EC2 instances allows traffic only from those instances, leveraging security group referencing for granular, stateful access control within the same VPC.

Exam trap

The trap here is that candidates often confuse network ACLs with security groups, thinking that modifying the NACL at the subnet level is sufficient, but they overlook that NACLs are stateless and less granular, while security group referencing provides precise, stateful control for instance-to-instance communication.

51
MCQmedium

A gaming company uses Amazon Aurora PostgreSQL for its leaderboard data. The database has a writer instance and two reader instances. The application frequently queries the leaderboard to display top players. The queries involve sorting and aggregation on a large table with millions of rows. Recently, the queries started timing out during peak hours. The database administrator analyzed the workload and found that the reader instances are underutilized, while the writer instance has high CPU due to write operations. The administrator wants to offload the read-heavy leaderboard queries to the readers without modifying the application code. What should the administrator do?

A.Configure the application to use the Aurora reader endpoint for read-only queries.
B.Upgrade the writer instance to a larger instance class to handle both read and write operations.
C.Create additional reader instances to distribute the read load.
D.Implement a read-only Aurora cluster and point read queries to it.
AnswerA

The reader endpoint load balances across readers, offloading reads from the writer.

Why this answer

Option C is correct because Aurora auto-scaling reader endpoints distribute connections across readers; the application can use the reader endpoint for read-only queries. Option A is wrong because read replicas are already present. Option B is wrong because upgrading the writer does not offload reads.

Option D is wrong because creating a new cluster is unnecessary.

52
MCQeasy

A company is using Amazon DynamoDB and has enabled DynamoDB Streams. The application needs to process stream records in real-time. Which AWS service can be used to invoke a Lambda function automatically for each stream record?

A.Amazon Kinesis Data Firehose
B.Amazon Simple Queue Service (SQS)
C.AWS Step Functions
D.AWS Lambda
AnswerD

Lambda can be configured as a trigger for DynamoDB Streams to process each stream record.

Why this answer

Option B is correct because Lambda can be triggered directly from DynamoDB Streams. Option A is wrong because Kinesis Data Firehose is for loading streaming data into destinations, not for triggering Lambda. Option C is wrong because SQS is for message queuing, not directly from DynamoDB Streams.

Option D is wrong because Step Functions coordinates workflows, but does not directly trigger from DynamoDB Streams without Lambda.

53
MCQhard

A company uses Amazon DynamoDB with global tables for a multi-region application. The application writes to the table in us-east-1. A developer notices that updates made in us-east-1 are not appearing in the replica in eu-west-1 after several minutes. Which action should be taken to diagnose the issue?

A.Review the CloudWatch metrics for ReplicationLatency and PendingReplicationCount for the global table.
B.Modify the application to use the eu-west-1 endpoint for writes.
C.Check that the table has an active DynamoDB Streams stream with StreamSpecification set to KEYS_ONLY.
D.Verify that the TTL attribute on the table is correctly configured.
AnswerA

These metrics show the replication status and can identify delays or errors in the replication process.

Why this answer

Option D is correct because CloudWatch metrics for ReplicationLatency and PendingReplicationCount can indicate replication delays or failures. Option A is wrong because update operations do not have a TTL. Option B is wrong because StreamSpecification is required for global tables but is automatically enabled; checking it is not a diagnostic step.

Option C is wrong because DynamoDB global tables use the same endpoint for both regions; replication is handled internally.

54
Matchingmedium

Match each database engine to its default port number.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

3306

5432

1521

1433

3306

Why these pairings

Default ports for common relational database engines.

55
MCQmedium

A company is using Amazon Aurora MySQL and needs to audit all database logins, including failed attempts, and store the audit logs for one year for compliance. The logs must be immutable and accessible only by the security team. Which solution should the company implement?

A.Enable VPC Flow Logs to capture network connections to the database endpoint.
B.Enable AWS CloudTrail to log database login events.
C.Enable RDS for Aurora database activity streams, stream to CloudWatch Logs, and export to S3 with S3 Object Lock enabled.
D.Enable the standard MySQL audit log plugin and store logs in a database table with restricted access.
AnswerC

Activity streams provide immutable audit logs.

Why this answer

The correct answer is B because RDS for Aurora supports advanced audit with database activity streams, which streams audit logs to CloudWatch Logs and then can be exported to S3 with object lock for immutability. Option A is incorrect because the standard MySQL audit log stored in a DB cluster table is not immutable and can be modified. Option C is incorrect because VPC Flow Logs do not capture database-level login events.

Option D is incorrect because CloudTrail captures API calls, not database login events.

56
MCQeasy

A small business runs a web application on a single Amazon RDS for MySQL DB instance. The application uses a master user account for all database operations. The security team is concerned about the risk of SQL injection and wants to implement the principle of least privilege. They want to create separate database users for read-only and read-write operations. The application currently uses a single connection string. The developer needs to modify the application to use two separate users. What is the correct approach to implement this securely?

A.Use stored procedures for all database operations and grant execute only to the master user.
B.Keep using the master user but restrict its IP address.
C.Enable IAM database authentication and use a single IAM role.
D.Create a read-only user and a read-write user in the database, grant minimal privileges, and modify the application to use the appropriate user for each operation.
AnswerD

Enforces least privilege.

Why this answer

Option C is correct because creating two users with appropriate grants and modifying the application to use them based on the operation reduces risk. Option A is wrong because using a single user does not enforce least privilege. Option B is wrong because IAM database authentication is a different mechanism but does not solve the user separation issue.

Option D is wrong because stored procedures do not eliminate the need for separate users.

57
Multi-Selecthard

A company runs a customer relationship management (CRM) application on Amazon RDS for PostgreSQL. The application has a table 'customers' with columns: id (primary key), name, email, signup_date, and status. The table has 10 million rows. The application frequently queries by email address. The company also needs to run analytical queries that aggregate customers by signup_date and status. The DBA notices that the index on email is heavily used and causes high write latency. The company wants to improve write performance without sacrificing read performance for email queries. Which THREE actions should the database specialist take? (Choose THREE.)

Select 3 answers
A.Create a BRIN index on signup_date.
B.Change the index on email from B-tree to hash.
C.Partition the customers table by signup_date using range partitioning.
D.Remove the index on email to reduce write latency.
E.Create a GIN index on email.
AnswersA, B, C

BRIN indexes are lightweight and efficient for large tables with natural ordering, improving analytical queries with low write overhead.

Why this answer

Option A is correct because a BRIN (Block Range INdex) index on signup_date is ideal for large tables where data is naturally ordered by insertion time. BRIN indexes are much smaller and have lower write overhead than B-tree indexes, making them suitable for analytical queries on signup_date without significantly impacting write performance.

Exam trap

The trap here is that candidates may think removing the email index (Option D) is acceptable to reduce write latency, but the question explicitly states read performance for email queries must not be sacrificed, so the index must be retained and optimized instead.

58
MCQmedium

A company is migrating a 2 TB SQL Server database to Amazon RDS for SQL Server. They need to minimize downtime and are using AWS DMS with CDC. The migration is taking longer than expected during the full load phase. Which change would most likely improve the full load performance?

A.Disable CDC to focus on full load only
B.Use AWS Schema Conversion Tool to optimize schema
C.Use a larger RDS instance class for the target
D.Increase the number of parallel load tasks in the DMS task settings
AnswerD

More parallel tasks can load data faster.

Why this answer

Increasing the number of parallel load tasks in the DMS task settings allows the full load to be split into multiple concurrent threads, each handling a subset of tables or partitions. This directly improves throughput by utilizing more of the available source and target resources, which is the most effective way to accelerate a slow full load phase when using AWS DMS with CDC.

Exam trap

The trap here is that candidates often assume a larger target instance (Option C) is the universal performance fix, but AWS DMS full load performance is more commonly limited by the parallelism of the load tasks, not the target instance size, especially when the target can keep up with writes.

How to eliminate wrong answers

Option A is wrong because disabling CDC would stop capturing ongoing changes, potentially increasing downtime when CDC is re-enabled later, and it does not address the root cause of slow full load performance. Option B is wrong because the AWS Schema Conversion Tool (SCT) is used for converting database schemas between different engines (e.g., Oracle to SQL Server), not for optimizing performance of an existing SQL Server migration to RDS for SQL Server. Option C is wrong because while a larger RDS instance class can improve target write performance, the bottleneck during full load is often the DMS replication instance or the source database's ability to export data, not the target instance size alone; increasing parallel load tasks is a more direct and effective tuning parameter.

59
MCQeasy

A company is deploying a new web application that uses Amazon RDS for PostgreSQL. The database must be highly available with automatic failover across two Availability Zones. Which deployment option meets this requirement?

A.Deploy RDS PostgreSQL in a cross-region replication setup.
B.Deploy RDS PostgreSQL with Multi-AZ configuration.
C.Deploy RDS PostgreSQL in a single Availability Zone.
D.Deploy RDS PostgreSQL with a read replica in another AZ.
AnswerB

Multi-AZ provides automatic failover.

Why this answer

Multi-AZ deployment provides automatic failover. Option B (single-AZ) lacks HA. Option C (read replica) is for read scaling, not automatic failover.

Option D (cross-region) is more complex and costly.

60
Multi-Selectmedium

A company is migrating a self-managed MongoDB database to Amazon DocumentDB. The database stores user profiles and activity logs. The activity logs are write-heavy and accessed infrequently. The company wants to optimize cost and performance for the workload. Which THREE design decisions should the company make?

Select 3 answers
A.Enable encryption at rest for both databases.
B.Use a t3.medium instance for the activity logs collection to reduce cost.
C.Use Amazon S3 for storing activity logs instead of DocumentDB.
D.Create separate DocumentDB clusters for user profiles and activity logs.
E.Use a single DocumentDB cluster for both workloads with appropriate read replicas.
AnswersA, B, D

Encryption at rest is a security best practice.

Why this answer

Option A is correct because enabling encryption at rest for Amazon DocumentDB is a security best practice that ensures data is encrypted using AWS Key Management Service (KMS) keys. This is a mandatory design consideration for compliance and data protection, and it does not significantly impact cost or performance for the workload described.

Exam trap

The trap here is that candidates may assume a single cluster with read replicas is sufficient for mixed workloads, but the exam tests the understanding that separate clusters are needed to isolate write-heavy and read-heavy workloads for cost and performance optimization.

61
MCQmedium

A database specialist is investigating a sudden increase in Amazon RDS for PostgreSQL connections. The DB instance's CloudWatch metric DatabaseConnections shows a spike from 100 to 500 within minutes. The application connects using a connection pool. Which step should the specialist take first to mitigate the issue while preserving application availability?

A.Use the RDS console to terminate all active connections and then restart the database.
B.Modify the security group to restrict inbound traffic to the database.
C.Increase the DB instance size to handle more connections.
D.Modify the DB parameter group to reduce the max_connections value and reboot the instance to apply changes.
AnswerD

Lowering max_connections limits the number of concurrent connections, preventing overload.

Why this answer

Option C is correct because reducing the maximum connections in the parameter group and rebooting immediately limits the active connections, preventing the database from being overwhelmed. Option A is wrong because modifying the security group does not affect the number of connections. Option B is wrong because increasing the instance size may help but takes time to provision.

Option D is wrong because terminating all connections will disrupt the application.

62
MCQhard

A company is using Amazon DynamoDB with AWS Lambda to process data. The Lambda function needs to read and write items to a DynamoDB table. The security team wants to follow the principle of least privilege. Which IAM policy statement should be attached to the Lambda execution role?

A.{"Effect":"Allow","Action":"dynamodb:*","Resource":"*"}
B.{"Effect":"Allow","Action":["dynamodb:DescribeTable","dynamodb:ListTables"],"Resource":"*"}
C.{"Effect":"Allow","Action":["dynamodb:GetItem","dynamodb:PutItem","dynamodb:UpdateItem","dynamodb:DeleteItem"],"Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"}
D.{"Effect":"Allow","Action":"dynamodb:*","Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"}
AnswerC

This grants only the required actions on the specific table.

Why this answer

Option C is correct because it grants only the necessary DynamoDB actions (GetItem, PutItem, UpdateItem, DeleteItem) on the specific table. Option A is wrong because it grants DynamoDB full access, which is too permissive. Option B is wrong because it allows all actions on all tables.

Option D is wrong because it is overly restrictive; it only allows DescribeTable and ListTables, which are insufficient for read/write.

63
Multi-Selecthard

A company is moving a legacy on-premises Oracle database to AWS. The database has large tables with complex stored procedures and triggers. The company wants to minimize application changes. Which THREE AWS database services should the database specialist consider? (Choose THREE.)

Select 3 answers
A.Amazon Redshift
B.Amazon DynamoDB
C.Amazon RDS for Oracle
D.Amazon Aurora PostgreSQL with Babelfish
E.Amazon RDS Custom for Oracle
AnswersC, D, E

RDS for Oracle is a direct lift-and-shift with minimal changes.

Why this answer

Amazon RDS for Oracle (Option C) is correct because it provides native Oracle compatibility, allowing the company to migrate the legacy Oracle database with minimal application changes. It supports large tables, complex stored procedures, and triggers without requiring code modifications, as it uses the same Oracle Database engine.

Exam trap

The trap here is that candidates may overlook Amazon RDS Custom for Oracle, assuming managed RDS for Oracle is sufficient, but RDS Custom is necessary when legacy Oracle features require OS-level access or custom patches.

64
Multi-Selectmedium

Which TWO are valid considerations when designing a global database with Amazon Aurora Global Database? (Select TWO.)

Select 2 answers
A.Secondary regions cannot have their own reader instances.
B.Failover requires promoting the secondary cluster to a standalone cluster.
C.Cross-region replication latency is typically under 100 milliseconds.
D.Secondary regions can forward write operations to the primary region.
E.Aurora Global Database supports up to 5 secondary AWS Regions.
AnswersD, E

Correct: Write forwarding is a feature of Aurora Global Database.

Why this answer

Option D is correct because Amazon Aurora Global Database uses a primary-region architecture where secondary regions are fully readable and can forward write operations to the primary region. This is achieved through a dedicated replication channel that allows secondary clusters to accept write requests and asynchronously forward them to the primary, ensuring low-latency local writes while maintaining global consistency.

Exam trap

The trap here is that candidates often assume secondary regions are read-only and cannot accept writes, but Aurora Global Database allows secondary regions to forward write operations to the primary, which is a key differentiator from traditional read replicas.

65
MCQmedium

A company is migrating a large Oracle Data Warehouse (10 TB) to Amazon Redshift. The current system uses complex stored procedures, materialized views, and window functions. The company wants to minimize migration effort. Which approach is MOST suitable?

A.Migrate to Amazon Aurora MySQL and use its parallel query feature.
B.Migrate to Amazon Redshift and rewrite stored procedures as SQL scripts.
C.Migrate to Amazon DynamoDB and use DAX for caching.
D.Migrate to Amazon RDS for PostgreSQL and use its foreign data wrappers.
AnswerB

Redshift supports window functions, materialized views, and SQL scripting.

Why this answer

Option B is correct because Amazon Redshift is purpose-built for large-scale data warehousing and analytics, making it the natural target for a 10 TB Oracle Data Warehouse. While stored procedures would need to be rewritten as SQL scripts (since Redshift uses a different procedural language), materialized views and window functions are natively supported, minimizing migration effort compared to other options.

Exam trap

The trap here is that candidates may assume all cloud databases are equally suitable for data warehousing, overlooking that Redshift's columnar storage and MPP architecture are specifically designed for analytical workloads, while options like Aurora or DynamoDB are optimized for different use cases (OLTP or NoSQL).

How to eliminate wrong answers

Option A is wrong because Amazon Aurora MySQL is an OLTP-oriented database, not designed for the analytical workloads and large data volumes (10 TB) of a data warehouse; its parallel query feature is limited and cannot replace Oracle's data warehouse capabilities. Option C is wrong because Amazon DynamoDB is a NoSQL key-value store optimized for high-throughput, low-latency transactions, not for complex analytical queries, stored procedures, or materialized views required by a data warehouse. Option D is wrong because Amazon RDS for PostgreSQL, while supporting foreign data wrappers, lacks the columnar storage, massively parallel processing (MPP), and advanced analytics features (e.g., automatic compression, workload management) that Redshift provides for large-scale data warehousing.

66
MCQhard

A company is using an RDS for MySQL DB instance encrypted at rest with AWS KMS. The security team requires that all access to the database be logged, including queries that fail due to authentication errors. Which configuration meets this requirement?

A.Enable the RDS audit log by setting the 'audit_log_enabled' parameter to 1 in the DB parameter group and export logs to CloudWatch Logs.
B.Enable RDS Enhanced Monitoring and publish metrics to CloudWatch.
C.Enable AWS CloudTrail for the RDS instance and store logs in S3.
D.Use S3 server access logs to capture database connection attempts.
AnswerA

Audit logs capture authentication failures and queries; exporting to CloudWatch allows monitoring.

Why this answer

Option C is correct because enabling RDS Enhanced Monitoring does not log queries; RDS does not have native query logging for authentication failures. The correct approach is to enable RDS audit logs by setting the 'audit_log_enabled' parameter to 1 in the DB parameter group, and enabling log exports to CloudWatch Logs. However, for MySQL, audit logs capture connection attempts and queries.

But none of the options directly mention that. The best answer is to use AWS CloudTrail for RDS API calls and RDS audit logs for database-level logs. Option C enables audit logs and exports to CloudWatch Logs, which captures authentication failures.

Option A is wrong because CloudTrail logs only control plane operations, not data plane queries. Option B is wrong because Enhanced Monitoring provides OS metrics, not query logs. Option D is wrong because storing logs in S3 requires enabling audit logs and exporting them.

The correct answer is not listed perfectly, but C is closest.

67
Multi-Selectmedium

A company is running a production Amazon RDS for MySQL Multi-AZ DB instance. The database administrator needs to perform a minor version upgrade with minimal downtime. Which TWO actions should be taken? (Choose TWO.)

Select 2 answers
A.Modify the DB instance to enable automatic minor version upgrade.
B.Apply the upgrade immediately during the next maintenance window.
C.Create a read replica, upgrade the replica, and promote it.
D.Modify the DB instance to be a Single-AZ deployment to simplify the upgrade.
E.Stop the DB instance before applying the upgrade.
AnswersA, B

Automatic upgrades apply during maintenance window with minimal downtime.

Why this answer

Enabling automatic minor version upgrade allows the upgrade to occur during the maintenance window with minimal downtime. Applying the upgrade immediately during the maintenance window also minimizes impact. Stopping the instance causes downtime.

Modifying the DB instance to single-AZ increases downtime risk. Creating a read replica does not help upgrade the primary.

68
Multi-Selectmedium

A company is designing a security strategy for Amazon RDS for SQL Server. Which TWO actions should be taken to encrypt data at rest? (Choose TWO.)

Select 2 answers
A.Enable Amazon EBS encryption on the underlying volumes.
B.Enable Transparent Data Encryption (TDE) on the SQL Server database.
C.Use AWS CloudHSM to store encryption keys.
D.Enable SSL/TLS for connections.
E.Enable RDS encryption at rest using AWS KMS.
AnswersB, E

TDE encrypts data at rest within the database.

Why this answer

Option A is correct because enabling RDS encryption at rest uses KMS. Option C is correct because Transparent Data Encryption (TDE) is supported by SQL Server and can be used. Option B is wrong because SSL encrypts in transit.

Option D is wrong because EBS encryption is not applicable to RDS instances (RDS manages storage). Option E is wrong because CloudHSM is not required for RDS encryption.

69
MCQmedium

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. The database has a large table with frequent inserts and updates. To minimize downtime during migration, which AWS service should be used?

A.Amazon RDS read replica
B.AWS Schema Conversion Tool (SCT)
C.AWS Glue
D.AWS Database Migration Service (DMS)
AnswerD

DMS supports minimal downtime with ongoing replication.

Why this answer

AWS Database Migration Service (DMS) is the correct choice because it supports ongoing replication (change data capture, CDC) from an on-premises MySQL source to Amazon RDS for MySQL, allowing the source database to remain fully operational during the migration. This minimizes downtime by continuously applying inserts and updates from the source to the target until you perform the final cutover, which can be a brief pause of seconds to minutes.

Exam trap

The trap here is that candidates confuse AWS DMS with AWS SCT, assuming SCT handles data migration, but SCT only converts schema/code for heterogeneous migrations, while DMS handles the actual data transfer and CDC for both homogeneous and heterogeneous migrations.

How to eliminate wrong answers

Option A is wrong because an Amazon RDS read replica is a feature for offloading read traffic or creating a standby within RDS, not for migrating data from an on-premises database; it cannot connect to an external MySQL instance. Option B is wrong because the AWS Schema Conversion Tool (SCT) is used to convert database schemas and code between different database engines (e.g., Oracle to Aurora), not for migrating data with minimal downtime from on-premises MySQL to RDS MySQL (which uses the same engine). Option C is wrong because AWS Glue is a serverless ETL service designed for batch data processing and transformation, not for real-time, low-downtime database migration with ongoing replication.

70
Drag & Dropmedium

Arrange the steps to enable automated backups for an Amazon RDS for PostgreSQL DB instance in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Automated backups are enabled by adjusting the backup retention period in the instance settings and applying the change.

71
Multi-Selecteasy

A company is using Amazon RDS for MySQL and has enabled Enhanced Monitoring. The database administrator wants to identify the top contributors to disk I/O. Which THREE metrics from Enhanced Monitoring should they examine?

Select 3 answers
A.DirtyBufferFlushRate
B.NetworkThroughput
C.LogicalReads
D.WriteOps
E.PhysicalReads
AnswersA, D, E

Indicates how often dirty buffers are written to disk.

Why this answer

Option A is correct because physical reads cause disk I/O. Option C is correct because write operations generate I/O. Option D is correct because dirty buffer flushes cause writes.

Option B is incorrect because logical reads are from memory, not disk. Option E is incorrect because network throughput is not disk I/O.

72
MCQeasy

A company runs an online transaction processing (OLTP) workload on Amazon RDS for PostgreSQL. The database has grown to 2 TB and the company needs to run complex analytical queries that join multiple large tables. These analytical queries are slowing down the OLTP operations. What is the MOST cost-effective solution to separate the workloads?

A.Create an RDS for PostgreSQL read replica and route analytical queries to it.
B.Use Amazon ElastiCache for caching analytical query results.
C.Migrate the analytical queries to Amazon Redshift.
D.Migrate the OLTP workload to Amazon DynamoDB.
AnswerA

Read replica offloads read-only queries, cost-effective.

Why this answer

Option A is correct because creating a read replica offloads analytical queries from the primary instance, and it's cost-effective. Option B is wrong because Amazon Redshift is a data warehouse, more expensive and overkill for this use case. Option C is wrong because DynamoDB is NoSQL and not suitable for complex joins.

Option D is wrong because ElastiCache is an in-memory cache, not for analytical queries.

73
MCQhard

A financial services company runs a core banking application on Amazon RDS for MySQL. They need to maintain a full audit trail of all changes to customer account balances for regulatory compliance. The audit trail must be immutable and queryable for up to 7 years. Which solution meets these requirements with minimal impact on the source database?

A.Use Amazon RDS Performance Insights to capture SQL queries and store them in Amazon S3
B.Use Amazon DynamoDB Streams with a Lambda function to capture changes from the MySQL database
C.Enable binary logging on the RDS instance and stream the binlog to Amazon S3 using AWS Database Migration Service (DMS)
D.Migrate to Amazon Aurora MySQL and enable database activity streams, streaming to Amazon Kinesis Data Streams and then to Amazon S3
AnswerD

Aurora database activity streams provide an immutable, near real-time feed of database activities that can be consumed via Kinesis.

Why this answer

Amazon Aurora MySQL with database activity streams captures a near real-time feed of database activity and can be streamed to Amazon Kinesis Data Streams for analysis. This provides an immutable audit log. Option A uses binary logs which are not immutable and have limited retention.

Option B is not immutable. Option D uses DynamoDB Streams but the source is RDS MySQL, not DynamoDB.

74
Multi-Selectmedium

Which TWO actions can help reduce the recovery time objective (RTO) for an Amazon RDS for PostgreSQL DB instance in the event of a failure? (Choose 2.)

Select 2 answers
A.Increase the DB instance class size.
B.Enable Multi-AZ deployment.
C.Create a read replica in a different Availability Zone.
D.Configure automated backups with point-in-time recovery.
E.Take manual snapshots every hour.
AnswersB, D

Multi-AZ provides automatic failover to a standby.

Why this answer

Options B and C are correct because Multi-AZ provides automatic failover, and automated backups with point-in-time recovery enable fast restore. Option A is wrong because Read replicas are for read scaling, not failover. Option D is wrong because manual snapshots are not automated and slower.

Option E is wrong because increasing instance size does not reduce RTO.

75
Multi-Selecthard

A company is migrating a large Oracle data warehouse to Amazon Redshift. The source database has many complex stored procedures, views, and joins. Which THREE actions should the company take during the migration?

Select 3 answers
A.Migrate triggers as they are in Redshift.
B.Use the AWS Schema Conversion Tool (SCT) to convert stored procedures.
C.Recreate all indexes from Oracle in Redshift.
D.Denormalize the schema to reduce the number of joins.
E.Design the schema using a star schema with fact and dimension tables.
AnswersB, D, E

SCT converts database schema and code.

Why this answer

Option A is correct because Redshift is columnar and may require denormalization. Option B is correct because the AWS Schema Conversion Tool (SCT) can convert Oracle stored procedures to Redshift SQL. Option D is correct because Redshift is optimized for star schema (fact and dimension tables).

Option C is wrong because Redshift does not support indexes like Oracle. Option E is wrong because Redshift does not support triggers.

Page 1 of 24

Page 2