AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 676750

1730 questions total · 24pages · All types, answers revealed

Page 9

Page 10 of 24

Page 11
676
MCQeasy

A developer is migrating a self-managed MongoDB database to Amazon DocumentDB. The database contains 500 GB of data. What is the most efficient method to perform the initial data load?

A.Take a file system snapshot and restore to DocumentDB
B.Use mongodump and mongorestore
C.Use AWS DMS with full load
D.Use mongodump with --out and then import using mongoimport
AnswerB

These native tools are efficient and compatible with DocumentDB.

Why this answer

Option B is correct because mongodump and mongorestore are the standard tools for logical backup and restore in MongoDB, and they are compatible with DocumentDB. Option A is wrong because AWS DMS supports MongoDB as a source but is less efficient for large initial loads compared to native tools. Option C is wrong because creating a snapshot of a self-managed database is not applicable to DocumentDB.

Option D is wrong because mongodump with the --out parameter does not load data into DocumentDB; it creates dump files.

677
MCQmedium

A company is running Amazon Redshift for data warehousing. The data warehouse is used for complex analytical queries. Recently, query performance has degraded due to data skew. Which steps should be taken to address this issue?

A.Apply sort keys on the skewed columns.
B.Apply compression on the skewed columns.
C.Re-evaluate the distribution style of the tables.
D.Increase the number of nodes in the cluster.
AnswerC

Choosing the right distribution style can evenly distribute data across nodes.

Why this answer

Option B is correct because choosing an appropriate distribution style (e.g., KEY or EVEN) can reduce data skew and improve performance. Option A is wrong while sorting can help query performance, it does not directly address skew. Option C is wrong because adding more nodes may not resolve skew.

Option D is wrong because compression reduces storage, not skew.

678
MCQeasy

A developer reports that an application is unable to connect to an Amazon RDS for MySQL DB instance. The security group for the DB instance allows inbound traffic on port 3306 from the application server's security group. The DB instance is in a VPC with both public and private subnets. The application server is in a private subnet. What is the most likely cause of the connection failure?

A.The DB instance is in a public subnet and the application server is in a private subnet, so they cannot communicate.
B.The security group for the DB instance does not allow inbound traffic from the application server's security group.
C.The network ACL for the private subnet is blocking outbound traffic to the DB instance.
D.The DB instance is not part of a DB subnet group that includes the private subnet.
AnswerB

The security group must have an inbound rule allowing traffic from the application server's security group on port 3306.

Why this answer

If the DB instance is in a public subnet and the application server is in a private subnet, they are in different subnets within the same VPC, so they can communicate via private IPs if routing is correct. However, the most common issue is that the security group rule is not correctly associated or the DB instance is in a public subnet with a public DNS name that resolves to a public IP, but the private subnet cannot reach the internet. But the question implies the DB instance is in a public subnet; private subnet instances can reach public subnet instances via the VPC router.

However, often the misconfiguration is that the DB instance's security group does not allow traffic from the application server's security group. Option D is correct because the security group rule might be missing or incorrect. Option A is wrong because NACLs are stateless and typically allow all outbound.

Option B is wrong because the DB instance is in a public subnet, but the application server is in a private subnet, they can communicate within the VPC. Option C is wrong because the DB subnet group is for Multi-AZ, not single instance.

679
MCQeasy

A company needs to store session state for a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The session data is small (less than 1 KB per user) and must be highly available with low latency. Which AWS database service is best for this use case?

A.Amazon S3
B.Amazon ElastiCache for Redis
C.Amazon DynamoDB
D.Amazon RDS for MySQL
AnswerB

In-memory storage with low latency and high availability.

Why this answer

Amazon ElastiCache for Redis is ideal for storing session state because it is an in-memory key-value store with low latency and supports features like TTL and replication for high availability. Option B (DynamoDB) is wrong because it is not as fast for session state and is more expensive for small data. Option C (RDS) is wrong because it is a relational database with higher latency.

Option D (S3) is wrong because it is object storage with higher latency.

680
MCQhard

A company runs a global application using Amazon Aurora Global Database. The primary region is us-east-1, and secondary regions are eu-west-1 and ap-southeast-1. The application reports that writes to the primary are taking longer than expected. What is the most likely cause?

A.Multi-AZ failover occurred in the primary region.
B.The Global Database replication to secondary regions is causing synchronous commit latencies.
C.The primary DB instance is under-provisioned.
D.Read replicas in secondary regions are overloaded.
AnswerB

Aurora Global Database uses synchronous replication across regions.

Why this answer

Aurora Global Database uses asynchronous replication from the primary to secondary regions, not synchronous. However, the question states writes to the primary are taking longer than expected, which is a symptom of synchronous replication overhead. In Aurora Global Database, the primary commits locally and then asynchronously replicates to secondaries, so writes should not be directly impacted by secondary region latency.

The most likely cause is that the primary DB instance is under-provisioned (Option C), leading to resource contention and slower write operations.

Exam trap

The trap here is confusing asynchronous replication with synchronous replication; candidates may incorrectly assume that Global Database replication causes synchronous commit delays, but Aurora Global Database is designed to avoid that by using asynchronous replication.

How to eliminate wrong answers

Option A is wrong because Multi-AZ failover in the primary region would cause a brief write outage or failover time, not consistently longer write latencies; after failover, writes resume normally. Option B is wrong because Aurora Global Database replication is asynchronous, not synchronous; synchronous replication would cause commit latency, but that is not how Aurora Global Database works. Option D is wrong because read replicas in secondary regions are read-only and do not affect write performance on the primary; they handle only read traffic.

681
Multi-Selecthard

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The security team wants to audit all database logins and queries. Which TWO actions should be taken to enable auditing?

Select 2 answers
A.Enable AWS CloudTrail data events for RDS.
B.Create an RDS event notification subscription.
C.Publish MySQL logs to Amazon CloudWatch Logs.
D.Set the general_log parameter to 1.
E.Enable Enhanced Monitoring.
AnswersC, D

CloudWatch Logs can store and analyze logs.

Why this answer

Options C and D are correct. Enabling the general_log (C) captures all queries, and exporting logs to CloudWatch Logs (D) allows analysis. Option A is wrong because enhanced monitoring is for performance, not queries.

Option B is wrong because event notifications are for instance events, not queries. Option E is wrong because RDS does not support AWS CloudTrail for database queries.

682
MCQmedium

A company is running a MongoDB workload on-premises and wants to migrate to AWS with minimal operational overhead. The application uses MongoDB-specific features like aggregation pipelines. Which service is best?

A.Amazon DynamoDB
B.Amazon DocumentDB
C.Amazon RDS for PostgreSQL
D.Amazon Elasticsearch Service
AnswerB

DocumentDB is MongoDB-compatible and fully managed, reducing operational overhead.

Why this answer

Amazon DocumentDB is the correct choice because it is a fully managed, MongoDB-compatible document database that supports MongoDB-specific features like aggregation pipelines, indexes, and queries. It minimizes operational overhead by handling hardware provisioning, patching, backups, and replication, making it ideal for migrating an on-premises MongoDB workload to AWS without significant application changes.

Exam trap

The trap here is that candidates often choose Amazon DynamoDB because it is a NoSQL database, but they overlook that DynamoDB lacks MongoDB wire protocol compatibility and aggregation pipeline support, forcing a complete application rewrite.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a key-value and document database that does not support MongoDB aggregation pipelines or MongoDB wire protocol, requiring significant application rewrites. Option C is wrong because Amazon RDS for PostgreSQL is a relational database that does not natively support MongoDB's document model or aggregation pipelines, forcing schema redesign and data migration complexity. Option D is wrong because Amazon Elasticsearch Service is a search and analytics engine, not a document database, and lacks MongoDB compatibility, making it unsuitable for running MongoDB workloads.

683
MCQmedium

A security engineer needs to ensure that all access to an Amazon DynamoDB table is encrypted in transit. Which configuration achieves this?

A.Configure a VPC endpoint for DynamoDB and enable encryption.
B.Ensure all client applications use the DynamoDB HTTPS endpoint.
C.Place the DynamoDB table behind Amazon CloudFront.
D.Enable SSL on the DynamoDB table by setting the 'ssl_enabled' parameter.
AnswerB

All DynamoDB requests must be made over HTTPS; this is the only way to encrypt data in transit.

Why this answer

Option B is correct because DynamoDB enforces HTTPS for all API calls, ensuring encryption in transit. Option A is wrong because DynamoDB does not support client-side SSL configuration. Option C is wrong because VPC endpoints use AWS PrivateLink but still require HTTPS.

Option D is wrong because CloudFront is a CDN, not for database access.

684
Multi-Selectmedium

A company is designing a disaster recovery strategy for an Amazon RDS for PostgreSQL database. They need a Recovery Point Objective (RPO) of less than 5 seconds and a Recovery Time Objective (RTO) of less than 1 minute. Which TWO actions should they take? (Choose two.)

Select 2 answers
A.Use AWS Database Migration Service for continuous replication to a separate instance
B.Create a cross-region read replica and manually update DNS in a disaster
C.Take hourly snapshots and restore in another region
D.Create a cross-region read replica and configure automatic failover using Amazon Route 53 health checks
E.Configure Multi-AZ deployment with a synchronous standby in another AZ
AnswersD, E

Automatic failover with health checks can achieve RTO <1 minute and RPO <5 seconds with synchronous replication.

Why this answer

Option D is correct because a cross-region read replica can be promoted to a primary instance in under a minute, and with Amazon Route 53 health checks configured for automatic failover, the DNS update occurs automatically, meeting the RTO of less than 1 minute. The asynchronous replication lag is typically sub-second, achieving an RPO of less than 5 seconds. Option E is correct because a Multi-AZ deployment with a synchronous standby in another Availability Zone provides automatic failover with no data loss (RPO of 0) and failover completes in about 30-60 seconds, satisfying both RPO and RTO requirements.

Exam trap

The trap here is that candidates often assume cross-region read replicas support automatic failover natively, but they do not; you must explicitly configure Route 53 health checks and DNS failover to achieve the required RTO, while Multi-AZ provides automatic failover but only within the same region, not cross-region.

685
MCQeasy

A company is using Amazon RDS for PostgreSQL and needs to ensure that all connections to the database use encryption in transit. The database is accessible over the internet. Which configuration is required?

A.Restrict the security group to only allow traffic from trusted IP addresses.
B.Modify the DB instance to use a custom port 443 instead of 5432.
C.Set the rds.force_ssl parameter to 1 and configure the client to use the AWS RDS SSL certificate.
D.Use a self-signed certificate on the server and configure the client to trust it.
AnswerC

This enforces SSL connections.

Why this answer

Option A is correct because to enforce SSL connections, you need to set the rds.force_ssl parameter to 1 in the DB parameter group, and also download and use the RDS SSL certificate on the client side. Option B is wrong because the SSL certificate is provided by AWS, not self-signed. Option C is wrong because the default PostgreSQL port is 5432, not 443.

Option D is wrong because security groups alone cannot enforce encryption.

686
MCQmedium

A company is using Amazon RDS for MySQL with a cross-Region read replica to support disaster recovery. The primary DB instance is in us-west-2, and the read replica is in us-east-1. The read replica is used for reporting and also serves as a failover target. The operations team notices that the read replica lag is consistently above 10 seconds during peak hours. What should the team do to reduce replica lag?

A.Increase the DB instance class of the read replica.
B.Enable Multi-AZ on the primary DB instance.
C.Increase the backup retention period for the primary DB instance.
D.Disable binary logging (binlog) on the primary DB instance.
AnswerA

A larger instance class can process replication events faster.

Why this answer

Increasing the DB instance class of the read replica provides more CPU and memory resources, which allows the replica to apply changes from the binary log more quickly. Cross-Region replication lag is often caused by the replica being unable to keep up with the write rate on the primary, so scaling up the replica directly addresses the bottleneck in applying binlog events.

Exam trap

The trap here is that candidates may think enabling Multi-AZ on the primary will reduce replica lag, but Multi-AZ only provides synchronous replication within the same Region and does not affect cross-Region asynchronous replication performance.

How to eliminate wrong answers

Option B is wrong because enabling Multi-AZ on the primary provides high availability and automatic failover within the same Region, but does not affect the replication throughput to a cross-Region read replica. Option C is wrong because increasing the backup retention period only affects how long automated backups are retained; it has no impact on replication lag. Option D is wrong because disabling binary logging on the primary would stop all replication, including the cross-Region read replica, and is not a valid method to reduce lag.

687
MCQhard

A company is migrating a 5 TB MongoDB database to Amazon DocumentDB. They have a short maintenance window and need to minimize downtime. Which migration strategy should be used?

A.Use AWS DMS to perform a full load and then ongoing replication from the source MongoDB.
B.Use the MongoDB change streams feature to replicate changes to DocumentDB in real time.
C.Set up AWS Direct Connect to the source and use mongorestore directly to DocumentDB.
D.Export the data using mongodump, transfer to Amazon S3, and import using mongorestore.
AnswerA

DMS supports MongoDB as source and DocumentDB as target with ongoing replication.

Why this answer

AWS DMS supports MongoDB as a source and Amazon DocumentDB as a target, enabling a full load of the 5 TB database followed by ongoing change data capture (CDC) using MongoDB's oplog. This minimizes downtime by keeping the target nearly synchronized during the migration window, allowing a final cutover with minimal interruption.

Exam trap

The trap here is that candidates may assume MongoDB change streams are a universal replication mechanism, but DocumentDB does not support consuming them as a target, and AWS DMS is the only fully managed service that provides both full load and ongoing replication for this specific source-target pair.

How to eliminate wrong answers

Option B is wrong because MongoDB change streams are not natively supported by Amazon DocumentDB as a replication target; DocumentDB uses its own change streams, and there is no built-in mechanism to consume MongoDB change streams for real-time replication. Option C is wrong because AWS Direct Connect provides a dedicated network connection but does not solve the migration tooling issue; mongorestore directly to DocumentDB would require stopping writes on the source, causing downtime, and does not support ongoing replication. Option D is wrong because exporting with mongodump and importing with mongorestore is a batch process that requires the source database to be quiesced or taken offline, resulting in significant downtime for a 5 TB dataset, and it lacks ongoing replication capability.

688
Multi-Selecthard

A company is designing a security architecture for Amazon DynamoDB. They need to ensure that only authorized applications can access the data, and that data in transit is encrypted. Which THREE steps should be taken? (Choose THREE.)

Select 3 answers
A.Use a customer-managed KMS key to encrypt data in transit.
B.Attach an IAM policy that grants access only to specific IAM roles or users.
C.Use an AWS PrivateLink VPC endpoint to access DynamoDB from within a VPC.
D.Configure a security group to restrict inbound traffic to the DynamoDB table.
E.Use HTTPS (TLS) for all API calls to DynamoDB.
AnswersB, C, E

IAM policies control access to DynamoDB.

Why this answer

Options A, B, and D are correct. Using VPC endpoints keeps traffic within AWS network, IAM policies control access, and DynamoDB encrypts data in transit automatically. Option C is wrong because security groups are not used for DynamoDB (they are for VPC endpoints).

Option E is wrong because KMS is for encryption at rest, not in transit.

689
Multi-Selectmedium

Which TWO of the following are valid strategies for reducing costs for an Amazon DynamoDB table with on-demand capacity mode? (Choose TWO.)

Select 2 answers
A.Implement DynamoDB Accelerator (DAX) to cache reads.
B.Use Amazon DynamoDB TTL to automatically delete expired data.
C.Enable DynamoDB global tables to distribute traffic.
D.Use DynamoDB Streams to process updates asynchronously.
E.Switch to provisioned capacity mode with auto scaling.
AnswersA, E

DAX reduces the number of read requests to DynamoDB, lowering read capacity consumption.

Why this answer

Implementing DAX reduces the number of read requests to the underlying DynamoDB table by serving cached results, which lowers read capacity consumption and thus reduces costs for on-demand tables. Switching to provisioned capacity with auto scaling allows you to pay for a baseline of read/write capacity units rather than per-request pricing, which is more cost-effective for predictable or steady workloads.

Exam trap

The trap here is that candidates often think TTL or Streams reduce operational costs, but they only affect storage or enable event-driven processing, not the per-request billing that drives on-demand costs.

690
Multi-Selecthard

Which THREE actions should be taken to prepare for a migration of an on-premises MySQL database to Amazon RDS for MySQL with minimal downtime using AWS DMS?

Select 3 answers
A.Enable binary logging on the source MySQL database
B.Set up an SSH tunnel or VPN for secure connectivity between DMS and the source
C.Create a database user with REPLICATION CLIENT and REPLICATION SLAVE privileges
D.Disable foreign key checks on the source database
E.Take a full backup of the source database
AnswersA, B, C

Binary logging is required for DMS to capture changes.

Why this answer

Correct: A (enable binary logging for CDC), B (create a user with replication privileges), and E (set up an SSH tunnel for secure connection). C is not required; D is not necessary for DMS.

691
MCQmedium

A company is using Amazon RDS for Oracle with Transparent Data Encryption (TDE) enabled. They need to rotate the TDE master key. What is the correct procedure?

A.Use Oracle's ALTER SYSTEM SET ENCRYPTION KEY command to rotate the key.
B.Use the AWS KMS RotateKey operation to rotate the customer master key (CMK) that is used for TDE.
C.Create a new encrypted RDS instance and migrate the data.
D.Modify the DB instance to use a new KMS key.
AnswerB

KMS key rotation is the supported method for TDE key rotation.

Why this answer

TDE master key rotation is done by calling the AWS KMS RotateKey operation or by using the rds.rds_rotate_tde_key stored procedure. Option A is correct. Option B is wrong because rotating the Oracle master key manually is not recommended and may break TDE.

Option C is wrong because a new DB instance is unnecessary. Option D is wrong because modifying the DB instance does not rotate the TDE key.

692
MCQhard

A company is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The migration uses AWS Database Migration Service (DMS) with ongoing replication. The team notices that the target Aurora database is falling behind the source during peak hours. Which of the following actions would MOST effectively improve the replication performance?

A.Disable Multi-AZ on the target Aurora cluster
B.Increase the Amazon Aurora instance size
C.Use a smaller Aurora instance to reduce write latency
D.Configure the DMS task to use 'Limited LOB mode' and increase the max LOB size
AnswerD

LOB handling is a common bottleneck; using Limited LOB mode reduces overhead and improves replication speed.

Why this answer

Option B is correct because increasing the DMS task's max LOB size or setting LOB mode to 'Limited' can reduce overhead when replicating large objects. Option A is wrong because increasing Aurora instance size may help but DMS task configuration is more direct. Option C is wrong because disabling Multi-AZ does not affect DMS performance.

Option D is wrong because using a smaller Aurora instance would worsen performance.

693
Drag & Dropmedium

Arrange the steps to set up cross-Region read replicas for an Amazon Aurora MySQL DB cluster in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Cross-Region replicas require binary logging enabled on the source, then creating a read replica in another Region and verifying replication.

694
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database uses Oracle Data Guard for disaster recovery. Which AWS service should be used to monitor the replication lag between the source and target databases during migration?

A.Amazon RDS Performance Insights
B.AWS Database Migration Service (AWS DMS)
C.Amazon CloudWatch
D.AWS CloudTrail
AnswerB

DMS provides replication lag metrics during migration.

Why this answer

Option B is correct because AWS DMS provides metrics for replication lag. Option A is wrong because CloudWatch can monitor DMS metrics but is not specific to Data Guard. Option C is wrong because RDS Performance Insights does not monitor replication lag.

Option D is wrong because CloudTrail does not monitor replication lag.

695
MCQeasy

A company needs to migrate an on-premises PostgreSQL database to Amazon Aurora PostgreSQL with minimal downtime. Which AWS service should be used for the ongoing replication?

A.AWS Glue.
B.AWS Backup.
C.AWS Database Migration Service (DMS).
D.AWS Schema Conversion Tool (SCT).
AnswerC

DMS provides CDC for ongoing replication.

Why this answer

Option A is correct because AWS DMS supports ongoing replication from PostgreSQL to Aurora. Option B is wrong because it's for schema conversion. Option C is wrong because it's a general ETL tool.

Option D is wrong because it's a backup service.

696
MCQmedium

A company is migrating an Oracle database to Amazon RDS for Oracle. Security policy requires that all database connections be encrypted in transit. The security team wants to enforce that clients must use TLS 1.2 or higher. How can this be achieved?

A.Modify the DB subnet group to only allow traffic from specific IP ranges.
B.Create an IAM policy that denies access unless the connection uses TLS.
C.Set the require_secure_transport parameter to ON in the DB parameter group.
D.Set the rds.force_ssl parameter to 1 in the DB parameter group.
AnswerD

This parameter forces SSL connections for Oracle RDS instances.

Why this answer

Option B is correct because Amazon RDS for Oracle supports SSL/TLS encryption, and you can set the rds.force_ssl parameter to 1 to require SSL connections, which enforces TLS encryption. Option A is wrong because the rds.force_ssl parameter is specific to Oracle, not a generic parameter for all engines. Option C is wrong because security groups control network access but not encryption requirements.

Option D is wrong because IAM policies cannot enforce encryption in transit at the database level; they can only control authentication and authorization.

697
MCQeasy

A startup is building a social media application. User profiles, posts, and comments have relationships but the team expects rapid growth and wants to scale horizontally with no single points of failure. They need a database that supports flexible schemas for different content types. Which database service is most appropriate?

A.Amazon DynamoDB
B.Amazon Neptune
C.Amazon Redshift
D.Amazon RDS for MySQL
AnswerA

DynamoDB provides horizontal scaling, flexible schema, and high availability.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that scales horizontally, is highly available, and supports flexible schemas. RDS is relational with fixed schemas. Redshift is for analytics.

Neptune is for graph databases, not general purpose.

698
MCQhard

A KMS key has the grant shown. An IAM role named AdminRole is the grantee. What additional permission does this grant provide to AdminRole beyond what the role's IAM policy allows?

A.The role can use the key to encrypt and decrypt, regardless of its IAM policy.
B.The role can use the key to encrypt and decrypt, but only if its IAM policy also allows it.
C.The role can delete the KMS key.
D.The role can create new grants for this key.
AnswerA

Grants grant permissions directly to the grantee principal.

Why this answer

Option D is correct. A KMS grant allows the grantee to perform specified operations on the KMS key even if the grantee does not have permission in their IAM policy. Option A is wrong because the grant does not allow deletion of the key.

Option B is wrong because the grant does not allow creating grants. Option C is wrong because the grant specifically allows Encrypt and Decrypt operations.

699
MCQeasy

A developer accidentally deleted a table in an Amazon RDS for PostgreSQL DB instance. The instance has automated backups enabled with a retention period of 7 days. The deletion occurred 2 hours ago. What is the quickest way to recover the table?

A.Perform a point-in-time recovery to a time just before the deletion.
B.Use PostgreSQL pg_dump to connect and dump the table from the current instance.
C.Download the automated backup file from S3 and restore the table.
D.Restore the DB instance from the latest automated snapshot.
AnswerA

Point-in-time recovery uses transaction logs to restore to any time within the retention period.

Why this answer

Option C is correct because point-in-time recovery restores the instance to a time before the deletion, and you can then extract the table. Option A is wrong because automated backups are not directly accessible as files. Option B is wrong because restoring from a snapshot would require a snapshot taken before deletion, which may not exist if the last snapshot was after deletion.

Option D is wrong because the 'deleted' table is not in the current database.

700
Multi-Selecteasy

A company is planning to migrate a 1 TB SQL Server database to Amazon RDS for SQL Server. Which TWO factors should be considered when choosing the migration approach?

Select 2 answers
A.The number of concurrent users accessing the database
B.The need to modify the database schema for compatibility
C.Whether the database uses SQL Server Agent jobs
D.The acceptable downtime window for the application
E.The version of the source SQL Server instance
AnswersB, D

Schema changes may be required and SCT can assist.

Why this answer

Options A and C are correct. The acceptable downtime window determines whether offline or online migration is used, and the ability to modify the schema may require SCT. Option B is wrong because SQL Server Agent jobs can be migrated.

Option D is wrong because the source SQL Server version affects compatibility. Option E is wrong because the number of concurrent users is not a primary factor.

701
MCQeasy

A company needs to store application logs for 90 days and run periodic analytical queries. The logs are generated at 1 TB per day. Which storage solution is most cost-effective?

A.Store logs in Amazon RDS for MySQL with partitioning.
B.Store logs in Amazon Redshift with automatic compression.
C.Store logs in Amazon DynamoDB with TTL for expiration.
D.Store logs in Amazon S3 and use S3 Select for queries.
AnswerD

S3 is cost-effective and S3 Select supports queries.

Why this answer

Amazon S3 is the most cost-effective storage solution for 90-day retention of 1 TB/day of application logs, as it offers low-cost object storage with lifecycle policies to automatically expire data after 90 days. S3 Select allows you to run analytical queries (e.g., filtering, aggregations) directly on the data stored in S3 using SQL-like statements, without needing to load data into a separate analytics engine, thus minimizing compute costs and operational overhead.

Exam trap

The trap here is that candidates often over-engineer the solution by choosing a database or data warehouse (like Redshift or RDS) for log storage, forgetting that S3 with S3 Select is purpose-built for cost-effective storage and serverless querying of large datasets with minimal operational complexity.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database designed for transactional workloads, not for storing and querying large volumes of log data at petabyte scale; it would be prohibitively expensive for 90 TB of logs and lacks native log expiration features. Option B is wrong because Amazon Redshift is a data warehouse optimized for complex analytical queries on structured data, but it is overkill and costly for simple log retention and periodic queries; it also requires loading data into the warehouse, incurring additional compute and storage costs. Option C is wrong because Amazon DynamoDB is a NoSQL key-value and document database designed for low-latency access at scale, but it is not cost-effective for storing 90 TB of log data due to its per-GB storage cost and provisioned throughput costs; while TTL can expire items, DynamoDB is not optimized for analytical queries like S3 Select.

702
MCQmedium

A company is designing a database for an e-commerce platform that requires high availability and automatic failover with minimal downtime. The application performs both OLTP and read-heavy analytics. Which AWS database service should be used?

A.Amazon DynamoDB
B.Amazon RDS for MySQL
C.Amazon Redshift
D.Amazon Aurora
AnswerD

Aurora offers high availability, automatic failover, and up to 15 read replicas for analytics.

Why this answer

Amazon Aurora is the correct choice because it combines the high availability and automatic failover of a relational database with the performance needed for both OLTP and read-heavy analytics. Aurora provides six-way replication across three Availability Zones, automatic failover in under 30 seconds, and supports up to 15 low-latency read replicas that can offload analytics queries without impacting write performance.

Exam trap

The trap here is that candidates often choose Amazon RDS for MySQL because they assume Multi-AZ provides automatic failover and read replicas for analytics, but they overlook that Aurora offers faster failover, better read replica performance, and integrated storage replication without the need for separate Multi-AZ configuration.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database optimized for high-scale OLTP workloads, but it lacks native support for complex SQL joins, aggregations, and the relational schema required for read-heavy analytics typical of an e-commerce platform. Option B is wrong because Amazon RDS for MySQL, while supporting read replicas, has a single-AZ primary by default and requires Multi-AZ deployment for failover, which still incurs a longer failover time (typically 1-2 minutes) and does not offer the same level of read replica performance or automatic scaling as Aurora. Option C is wrong because Amazon Redshift is a columnar data warehouse designed for large-scale analytics and OLAP workloads, not for OLTP transactions with high concurrency and sub-millisecond latency requirements.

703
MCQeasy

A database administrator notices that an Amazon RDS for MySQL instance is using 100% of its allocated storage. Which action should be taken first to prevent the instance from becoming inaccessible?

A.Modify the DB instance to increase allocated storage.
B.Create a snapshot and archive it to Amazon S3.
C.Delete old binary logs to free up space.
D.Reboot the DB instance.
AnswerA

Correct. Increasing storage is a direct and safe way to prevent the instance from becoming inaccessible.

Why this answer

Option B is correct because increasing storage is immediate and prevents the instance from going into storage-full state. Option A is wrong because deleting logs may free space temporarily but is not a scalable solution. Option C is wrong because archiving to S3 does not free space.

Option D is wrong because it does not solve the immediate issue.

704
MCQhard

A company is designing a database for a mobile application that requires offline synchronization. Users should be able to read and write data while offline, and changes should sync when connectivity is restored. Which AWS service supports this pattern?

A.Amazon RDS Proxy
B.Amazon S3 Transfer Acceleration
C.Amazon Cognito
D.AWS AppSync with Amazon DynamoDB
AnswerD

AppSync supports offline data sync with conflict resolution.

Why this answer

AWS AppSync with Amazon DynamoDB is correct because AppSync provides managed GraphQL APIs that support offline data synchronization via its client SDKs. When a mobile app is offline, mutations are queued locally and automatically replayed against DynamoDB once connectivity is restored, using a conflict resolution mechanism (e.g., last-writer-wins or custom resolvers) to merge changes.

Exam trap

The trap here is that candidates may confuse Amazon Cognito's authentication capabilities with the offline sync feature, overlooking that AppSync is the service that actually provides the offline mutation queue and conflict resolution.

How to eliminate wrong answers

Option A is wrong because Amazon RDS Proxy is a connection pooling service for relational databases, not designed for offline sync or mobile client data caching. Option B is wrong because Amazon S3 Transfer Acceleration speeds up uploads to S3 over long distances using edge locations, but it does not provide offline write queuing or conflict resolution for application data. Option C is wrong because Amazon Cognito is an identity and user management service; while it can integrate with AppSync for authentication, it alone does not enable offline data synchronization or local mutation storage.

705
MCQmedium

An IAM policy is attached to a user who is deploying an RDS database. The user attempts to create a DB instance named 'my-database' using the AWS CLI. Which statement is true?

A.The user cannot create the DB instance because the Deny statement applies to all actions
B.The user cannot create the DB instance because the resource ARN does not exist yet
C.The user cannot create the DB instance because of an error in the policy
D.The user can create the DB instance
AnswerD

The Allow statement explicitly allows CreateDBInstance on the resource.

Why this answer

The policy allows rds:CreateDBInstance on the specific DB instance and allows rds:CreateDBSubnetGroup on all resources. There is a Deny on ModifyDBInstance, but that action is not performed. The user can create the DB instance.

Option A is incorrect because the Deny does not prevent creation. Option C is incorrect because the policy allows creation. Option D is incorrect because the policy is valid.

706
MCQmedium

A development team is building a serverless application that uses Amazon DynamoDB. The team needs to ensure that only the application's Lambda function can read and write data to a specific DynamoDB table. The Lambda function uses an IAM role. How should the team configure access?

A.Place the DynamoDB table and Lambda function in the same VPC and use a VPC endpoint to control access.
B.Encrypt the DynamoDB table with an AWS KMS key and grant the Lambda function decryption permissions.
C.Create an IAM role for the Lambda function with DynamoDB access, and configure a resource-based policy on the DynamoDB table that allows only that role.
D.Create an IAM role for the Lambda function with a policy that allows DynamoDB access, and attach the role to the function.
AnswerC

The resource-based policy on DynamoDB restricts access to the specified IAM role, ensuring only the Lambda function can access the table.

Why this answer

Option B is correct because using a resource-based policy on the DynamoDB table that grants access only to the Lambda function's role is the proper way to restrict access. Option A is wrong because an IAM role attached to the Lambda function alone does not restrict other principals from accessing the table; a resource-based policy is needed. Option C is wrong because DynamoDB does not support VPC endpoints for resource-based policies in this manner.

Option D is wrong because encryption does not control access.

707
Multi-Selecthard

A company is using Amazon DynamoDB to store IoT sensor data. The application writes a large volume of data and needs to read recent data by timestamp. The table has a partition key of device_id and a sort key of timestamp. The access pattern is to read the latest data for a specific device. Which TWO design patterns will optimize read performance and reduce costs?

Select 2 answers
A.Use adaptive capacity to evenly distribute traffic across partitions.
B.Use DynamoDB Accelerator (DAX) to cache the most recent reads.
C.Enable auto scaling for the table to handle spikes.
D.Use DynamoDB Transactions for consistent reads.
E.Create a global secondary index (GSI) with device_id as partition key and timestamp as sort key.
AnswersA, B

Adaptive capacity helps handle hot partitions, improving performance and cost efficiency.

Why this answer

Option A is correct because adaptive capacity allows DynamoDB to automatically manage partition traffic distribution, preventing hot partitions when a single device_id receives a high volume of writes. This ensures consistent read performance without manual partition management. Option B is correct because DAX provides an in-memory cache for the most frequently accessed data, reducing read latency and read capacity unit consumption for repeated queries of recent sensor data.

Exam trap

The trap here is that candidates often confuse auto scaling with adaptive capacity, or assume a GSI is always beneficial, not realizing that duplicating the base table key structure adds cost without performance gain.

708
MCQeasy

A company uses Amazon Aurora MySQL and needs to audit all database logins, including failed attempts. Which feature should be enabled?

A.Database Activity Streams
B.Enhanced Monitoring
C.VPC Flow Logs
D.AWS CloudTrail
AnswerA

Database Activity Streams provide a near real-time stream of database activity, including login attempts.

Why this answer

Option A is correct because Aurora MySQL supports database activity streams for auditing. Option B is wrong because CloudTrail does not log database-level queries. Option C is wrong because VPC Flow Logs capture network traffic, not database logins.

Option D is wrong because enhanced monitoring provides OS-level metrics, not audit logs.

709
Multi-Selecteasy

A company is using Amazon RDS for Oracle and needs to comply with regulatory requirements that mandate encryption of all data at rest and in transit. Which TWO actions should be taken to meet these requirements?

Select 2 answers
A.Enable encryption at rest by specifying a KMS key when creating the DB instance.
B.Use Oracle Transparent Data Encryption (TDE) to encrypt the data at rest.
C.Enable encryption for CloudWatch Logs.
D.Configure Oracle Native Network Encryption in the sqlnet.ora file.
E.Enable SSL/TLS encryption by setting the rds.force_ssl parameter and using the RDS SSL certificate.
AnswersA, E

This encrypts the database storage.

Why this answer

Options A and C are correct. Option A: Encryption at rest is enabled via the console or API when creating the instance. Option C: Encryption in transit is enforced by setting rds.force_ssl=1 and using SSL certificates.

Option B is wrong because native network encryption is an alternative but not the recommended approach; RDS supports Oracle native network encryption but it is less secure than SSL/TLS. Option D is wrong because TDE is for encryption at rest but is a separate feature; however, enabling encryption at rest via RDS is sufficient. Option E is wrong because CloudWatch Logs encryption is for logs, not the database itself.

710
MCQeasy

A company wants to migrate an on-premises Oracle database to Amazon RDS for Oracle with minimal downtime. Which AWS service should be used for the migration?

A.AWS Systems Manager
B.AWS Schema Conversion Tool (SCT)
C.AWS Database Migration Service (DMS)
D.AWS Service Control Policies (SCP)
AnswerC

DMS supports minimal downtime migrations.

Why this answer

AWS Database Migration Service (DMS) is designed for migrating databases to AWS with minimal downtime. AWS Schema Conversion Tool (SCT) is used for schema conversion but not for the actual data migration. Service Control Policies (SCP) and Systems Manager are not relevant for database migration.

711
Multi-Selectmedium

A company is migrating an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). The security team requires that data be encrypted at rest and in transit. Additionally, the team wants to use IAM roles to authenticate applications. Which THREE steps should the database specialist take to meet these requirements?

Select 3 answers
A.Use IAM roles to authenticate applications to the DocumentDB cluster.
B.Use a custom certificate authority for SSL/TLS.
C.Enable encryption at rest for the DocumentDB cluster.
D.Create a VPC endpoint for DocumentDB to enforce encryption.
E.Enable encryption in transit by using TLS for all connections.
AnswersA, C, E

DocumentDB supports IAM database authentication.

Why this answer

Options A, B, and E are correct. Encryption at rest is enabled by default; in-transit encryption is enabled via TLS; IAM authentication is supported through IAM roles. Option C is wrong because DocumentDB uses TLS, not SSL/TLS with custom certificates.

Option D is wrong because DocumentDB does not support VPC endpoints for encryption; encryption at rest is cluster-level.

712
MCQmedium

A company uses Amazon DynamoDB for a highly transactional application. The application is experiencing increased latency and throttled requests. The operations team notices that the DynamoDB table's read and write capacity utilization is consistently near 100%. The table uses on-demand capacity mode. What is the MOST likely cause of the throttling?

A.The table has reached the per-table throughput limit for on-demand mode.
B.The table is configured as a global table and cross-region replication is causing write conflicts.
C.The application is not using DynamoDB Accelerator (DAX) to cache reads.
D.The table's partition key design is causing hot partitions, and adaptive capacity is not enabled.
AnswerA

On-demand mode has a maximum throughput per table; exceeding it causes throttling.

Why this answer

Option D: On-demand mode has a per-table throughput limit (e.g., 40,000 read/write units per second). When sustained traffic exceeds that, requests are throttled. Option A: Global tables replicate writes to other regions but do not cause throttling.

Option B: DynamoDB Accelerator (DAX) reduces latency but can still see throttling if the table itself is throttled. Option C: Adaptive capacity automatically scales partitions but cannot exceed the on-demand limit.

713
MCQmedium

A company is running a MySQL database on an EC2 instance and wants to migrate to Amazon RDS for MySQL with minimal downtime. The database is 500 GB in size and has a high write workload. Which migration approach is most appropriate?

A.Export data to Amazon S3 and use AWS Glue to load into RDS.
B.Copy the MySQL data directory to Amazon EBS and attach to RDS.
C.Take a mysqldump from the source and import into RDS.
D.Use AWS Database Migration Service (DMS) with ongoing replication.
AnswerD

DMS supports live migration with minimal downtime.

Why this answer

AWS DMS with ongoing replication (change data capture) is the most appropriate approach because it allows you to migrate the 500 GB database with minimal downtime. DMS performs a full load of the existing data and then continuously replicates ongoing changes from the source MySQL EC2 instance to the target Amazon RDS for MySQL, enabling a cutover with only a brief pause in writes.

Exam trap

The trap here is that candidates often choose mysqldump (Option C) because it is a familiar tool, but they overlook the requirement for minimal downtime and the impact of a high write workload on the time needed to complete a consistent export.

How to eliminate wrong answers

Option A is wrong because AWS Glue is an ETL service designed for transforming and loading data into data lakes or analytics services, not for direct database migration with minimal downtime; it cannot handle ongoing replication of MySQL binary logs. Option B is wrong because you cannot attach an EBS volume to an RDS instance; RDS manages its own storage and does not allow direct mounting of external EBS volumes. Option C is wrong because mysqldump is a logical backup tool that requires taking the source database offline or locking tables to ensure consistency, resulting in significant downtime for a 500 GB database with a high write workload.

714
MCQmedium

A company is running an Amazon Redshift cluster with a single node. They need to improve query performance for large analytical workloads. Which action would provide the most immediate performance improvement?

A.Distribute the data across all slices.
B.Apply compression encodings to all columns.
C.Increase the number of nodes in the cluster.
D.Run the VACUUM command to reclaim space.
AnswerC

Adding nodes increases processing power and memory.

Why this answer

Option C is correct because adding more nodes to the cluster distributes the workload and improves parallelism. Option A is wrong because using a single node, distributing data across slices is limited. Option B is wrong because compression is already used typically.

Option D is wrong because VACUUM reclaims space but does not significantly improve performance for large workloads.

715
MCQmedium

A company is running an Amazon RDS for MySQL DB instance. The DB instance is experiencing high CPU utilization due to a sudden increase in read traffic. The company needs to reduce the load on the primary DB instance with minimal downtime. Which solution should be used?

A.Modify the DB instance to a larger instance class.
B.Use an Amazon ElastiCache cluster to cache frequent queries.
C.Enable Multi-AZ on the DB instance.
D.Create an RDS read replica and redirect read queries to it.
AnswerD

Read replicas offload read traffic and can be created without downtime.

Why this answer

Option A is correct because creating a read replica offloads read traffic from the primary instance, reducing CPU utilization, and replicas can be promoted later if needed. Option B is wrong because modifying the DB instance class requires downtime. Option C is wrong because Multi-AZ is for high availability, not read scaling.

Option D is wrong because caching alone may not reduce CPU utilization caused by database queries.

716
MCQeasy

A developer accidentally deleted a production RDS for PostgreSQL DB instance. The company has automated backups enabled with a retention period of 7 days. What is the fastest way to restore the database to the state just before the deletion?

A.Recover the instance from the Amazon RDS Recycle Bin.
B.Restore from the latest automated snapshot that was taken before deletion.
C.Use the AWS DMS to migrate the data from the deleted instance to a new one.
D.Create a new DB instance and use point-in-time recovery to the time just before deletion.
AnswerD

Point-in-time recovery can be used to restore to any time within the retention window, even for deleted instances.

Why this answer

Option C is correct. When automated backups are enabled, you can restore a DB instance to any point within the retention period, even after deletion. The deleted instance is retained for the backup retention period.

Option A is wrong because point-in-time recovery does not require a manual snapshot. Option B is wrong because a manual snapshot was not taken. Option D is wrong because you cannot recover from the Recycle Bin for RDS instances; RDS does not use the Recycle Bin.

717
Multi-Selecthard

A company is migrating a 10 TB Oracle data warehouse to Amazon Redshift. The migration must minimize data transfer costs and ensure data integrity. Which TWO steps should the company take?

Select 2 answers
A.Use AWS DMS to replicate data directly over the internet
B.Use Amazon Kinesis Data Streams to stream data to Redshift
C.Use Amazon Redshift Spectrum to query data in S3 after loading
D.Use AWS Schema Conversion Tool (SCT) to convert the Oracle schema to Redshift
E.Use AWS Snowball Edge to physically transfer the data
AnswersD, E

SCT helps convert and optimize schema for Redshift.

Why this answer

Options A and D are correct. AWS SCT can assess the schema and convert it for Redshift. AWS Snowball Edge can transfer the large dataset offline to reduce network costs.

Option B is wrong because DMS may incur high network costs and time. Option C is wrong because Redshift Spectrum queries data in S3, not for migration. Option E is wrong because Kinesis is for streaming, not for bulk migration.

718
MCQeasy

A startup is building a mobile app backend using Amazon DynamoDB. They anticipate unpredictable traffic spikes. Which DynamoDB feature should they use to handle the spikes without manual intervention?

A.Use DynamoDB Accelerator (DAX) as a cache layer.
B.Enable DynamoDB Auto Scaling for read and write capacity.
C.Set up a TTL (Time to Live) to automatically expire old items.
D.Implement DynamoDB Global Tables for multi-region replication.
AnswerB

Auto Scaling adjusts capacity based on traffic patterns, handling spikes automatically.

Why this answer

DynamoDB Auto Scaling adjusts provisioned throughput based on actual traffic, using CloudWatch alarms. This handles spikes automatically. On-Demand capacity mode is another option that handles spikes automatically but can be more expensive for predictable workloads.

However, the question asks for a feature to handle unpredictable spikes. Auto Scaling is the traditional approach. On-Demand is also valid but the question may expect Auto Scaling as the classic answer.

But to be precise, On-Demand is designed for unpredictable traffic. However, the options: A: Auto Scaling, B: DAX, C: Global Tables, D: TTL. Auto Scaling is the most direct answer.

719
MCQmedium

Refer to the exhibit. An application team notices that the MySQL RDS instance 'mydb' is running at 80% CPU utilization during peak hours. They need to improve read performance without increasing the CPU load on the primary instance. Which action should they take?

A.Increase the DB instance class to db.r5.xlarge
B.Create a Read Replica in the same region
C.Change storage type to io1 with higher IOPS
D.Enable Multi-AZ deployment
AnswerB

Read Replica offloads read queries, reducing CPU on primary.

Why this answer

Creating a Read Replica offloads read traffic from the primary MySQL RDS instance, reducing CPU load on the primary while improving read performance for applications. Read Replicas asynchronously replicate data using MySQL’s native binlog-based replication, allowing the primary to focus on write operations without additional CPU overhead from serving reads.

Exam trap

The trap here is confusing Multi-AZ (which provides failover but no read scaling) with Read Replicas (which offload reads), leading candidates to select Multi-AZ when the goal is to reduce CPU load on the primary.

How to eliminate wrong answers

Option A is wrong because increasing the DB instance class to db.r5.xlarge would add more CPU and memory to the primary instance, but it does not offload read traffic; the primary would still handle all read requests, potentially increasing CPU utilization further. Option C is wrong because changing storage type to io1 with higher IOPS improves disk I/O performance but does not reduce CPU load; CPU utilization is driven by query processing, not storage throughput. Option D is wrong because enabling Multi-AZ deployment provides high availability and automatic failover via synchronous standby replication, but it does not offload read traffic; the standby replica cannot serve reads, so CPU load on the primary remains unchanged.

720
MCQhard

A company runs an Amazon Aurora MySQL database. The database experiences a sudden spike in connections and then becomes unresponsive. The DB instance has a db.r5.large class with 8 GB memory. The maximum connections parameter is set to the default. Which is the most likely cause of the unresponsiveness?

A.The DB instance's EBS burst balance dropped to zero
B.The storage volume ran out of allocated space
C.The number of connections exceeded the max_connections limit
D.A read replica had high replication lag
AnswerC

Exceeding max_connections can cause the database to reject connections and become unresponsive.

Why this answer

Option C is correct because the default max_connections for Aurora MySQL is based on memory, and with 8 GB, it is about 800. A spike exceeding that can exhaust resources. Option A is wrong because storage auto-scaling is seamless.

Option B is wrong because burst balance applies to gp2 volumes, but Aurora uses cluster storage. Option D is wrong because replica lag would affect reads, not make the instance unresponsive.

721
MCQeasy

A mobile gaming company needs a database to store player scores and leaderboards. The data must be updated in real time as players finish games. The database must support high write throughput and provide sub-millisecond read latency for leaderboard queries. Which database is best suited?

A.Amazon RDS for MySQL with read replicas
B.Amazon Redshift
C.Amazon ElastiCache for Redis
D.Amazon DynamoDB
AnswerD

DynamoDB offers consistent single-digit millisecond latency and high throughput.

Why this answer

Amazon DynamoDB is a NoSQL database that provides single-digit millisecond latency and can handle high write throughput. It also supports sorted data for leaderboards via Local Secondary Indexes or Global Secondary Indexes. RDS is slower and not designed for sub-millisecond reads.

Redshift is for analytics. ElastiCache is a cache, not a primary database.

722
MCQeasy

A company is using Amazon Aurora MySQL-Compatible Edition. The security team wants to audit all database login attempts and store the logs in Amazon S3 for 90 days. Which solution meets these requirements with the LEAST operational overhead?

A.Enable the Aurora audit log and publish logs to Amazon CloudWatch Logs. Create a CloudWatch Logs subscription filter to stream the logs to an Amazon S3 bucket.
B.Enable the Aurora audit log and configure the DB cluster to publish logs directly to an S3 bucket.
C.Install a custom audit plugin on the Aurora cluster that writes logs to a file, then use an AWS Lambda function to upload the file to S3.
D.Enable the Aurora audit log and use Amazon Kinesis Data Firehose to stream the logs to S3.
AnswerA

This uses managed services with minimal configuration.

Why this answer

Option D is correct because Aurora can publish audit logs to CloudWatch Logs, which can then be streamed to S3 via a subscription filter. Option A is wrong because Aurora does not directly write logs to S3. Option B is wrong because third-party tools add operational overhead.

Option C is wrong because RDS does not send logs to Kinesis directly.

723
Multi-Selectmedium

Which TWO actions will help protect an Amazon RDS for MySQL database from a SQL injection attack? (Select TWO.)

Select 2 answers
A.Use parameterized queries in the application code.
B.Enable encryption at rest for the RDS instance.
C.Place the RDS instance in a private VPC subnet.
D.Restrict database user permissions to only required operations.
E.Enable auto minor version upgrade on the RDS instance.
AnswersA, D

Parameterized queries prevent injection.

Why this answer

Using parameterized queries (prepared statements) prevents SQL injection. Also, restricting database user permissions to only necessary operations limits damage. Enabling encryption at rest does not prevent injection.

Using a VPC does not prevent injection. Enabling auto minor version upgrade does not prevent injection.

724
Multi-Selectmedium

Which THREE actions can be performed using the AWS CLI for Amazon Aurora? (Choose three.)

Select 3 answers
A.Create a DB cluster from a snapshot using 'aws rds restore-db-cluster-from-snapshot'
B.Fail over an Aurora DB cluster using 'aws rds failover-db-cluster'
C.Modify the DB cluster parameter group using 'aws rds modify-db-cluster-parameter-group'
D.Change the storage type of an Aurora cluster using 'aws rds modify-db-instance'
E.Enable auto-scaling for Aurora Replicas using 'aws rds enable-autoscaling'
AnswersA, B, C

Valid CLI command.

Why this answer

All three are valid AWS CLI actions for Aurora. RestoreDBClusterFromS3 is for MySQL, but it exists.

725
Multi-Selectmedium

A company is migrating a large on-premises Oracle database to Amazon RDS for Oracle. The database is 5 TB in size, and the migration must be completed within a week. The company has a dedicated 10 Gbps AWS Direct Connect connection. Which TWO AWS services should the company use to minimize downtime during the migration?

Select 2 answers
A.AWS Schema Conversion Tool (AWS SCT)
B.AWS DataSync
C.AWS Snowball
D.AWS Database Migration Service (AWS DMS)
E.Amazon RDS for Oracle
AnswersA, D

SCT can convert the Oracle schema to Amazon RDS for Oracle compatible schema, if needed.

Why this answer

AWS DMS can handle ongoing replication to minimize downtime. AWS SCT can convert the schema if needed, and AWS DMS can migrate data. AWS Snowball is for offline data transfer, which may not be needed with Direct Connect.

AWS RDS is the target, not a migration service. AWS DataSync is for file data, not databases. The correct options are B and D.

726
MCQeasy

A company uses Amazon DynamoDB and notices that some queries are taking longer than expected. The table has a partition key only. The 'ConsumedReadCapacityUnits' is below the provisioned throughput. What is the most likely cause of the slow queries?

A.DAX is misconfigured and slowing down reads
B.Global tables replication is causing delays
C.DynamoDB Streams is enabled and consuming read capacity
D.The partition key is not distributed evenly, causing hot partitions
AnswerD

A hot partition can throttle requests even if overall capacity is underused.

Why this answer

Option C is correct because if the partition key is not chosen well, data can be skewed, causing hot partitions. Even if total consumed capacity is below provisioned, a single partition may receive more requests than its share of capacity, causing throttling on that partition. Option A is wrong because global tables do not cause slow queries on the source table.

Option B is wrong because DynamoDB Streams do not affect read latency. Option D is wrong because DAX is a caching layer that speeds up reads, not slows them.

727
MCQmedium

A company's security team wants to encrypt data at rest for an existing RDS for PostgreSQL DB instance. The instance is currently unencrypted. Which steps should the team take to enable encryption with minimal downtime?

A.Modify the DB instance and enable encryption in the RDS console.
B.Create a read replica of the DB instance and promote it to a standalone instance.
C.Create a new option group with encryption enabled and associate it with the DB instance.
D.Take a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore a new DB instance from the encrypted snapshot.
AnswerD

This is the standard method to encrypt an existing unencrypted RDS instance.

Why this answer

Option D is correct because Amazon RDS does not support direct encryption of an existing unencrypted DB instance. The only way is to create a snapshot, copy it with encryption, and restore a new encrypted instance. Option A is wrong because you cannot enable encryption on an existing instance directly.

Option B is wrong because modifying the DB instance does not allow enabling encryption. Option C is wrong because creating a read replica does not enable encryption.

728
MCQhard

A company uses Amazon Aurora MySQL-Compatible Edition for its e-commerce platform. During flash sales, the database experiences high write contention on the 'orders' table, causing slow inserts and deadlocks. The development team wants to reduce contention without changing the application code. Which database design strategy is MOST effective?

A.Implement manual sharding across multiple Aurora clusters
B.Add more read replicas to offload read traffic
C.Use a larger instance type with higher IOPS
D.Enable Aurora Multi-Master to allow multiple write nodes
AnswerD

Multi-Master allows concurrent writes, reducing contention.

Why this answer

Option D is correct because using Aurora Auto Scaling with a Multi-Master cluster allows multiple writers to handle writes concurrently, reducing contention. Option A is wrong because read replicas are for read scaling, not write. Option B is wrong because vertical scaling may help but does not address write contention.

Option C is wrong because sharding requires application changes.

729
MCQmedium

A company is experiencing slow query performance on an Amazon RDS for PostgreSQL DB instance. The DB instance is a db.r5.large with 16 GB RAM and 500 GB gp2 storage. Which metric in Amazon CloudWatch would most directly help identify if the performance issue is due to memory pressure?

A.Monitor FreeableMemory to see if available memory is low.
B.Monitor ReadIOPS to see if there is a high I/O rate due to swapping.
C.Monitor DatabaseConnections to check for a high number of connections consuming memory.
D.Monitor CPUUtilization to check for high CPU usage.
AnswerA

FreeableMemory directly indicates the amount of available RAM.

Why this answer

FreeableMemory shows the amount of available RAM. Low FreeableMemory indicates memory pressure, which can cause swapping and slow queries. Option A is wrong because CPUUtilization measures CPU, not memory.

Option B is wrong because DatabaseConnections tracks connections, not memory. Option C is wrong because ReadIOPS measures I/O operations, not memory.

730
MCQmedium

A company uses Amazon RDS for MySQL and wants to ensure that database users are authenticated using IAM database authentication. Which action must be performed to enable this?

A.Create database users with MySQL native password authentication.
B.Attach an IAM role to the RDS instance for database authentication.
C.Change the database port to 3306 to enable IAM authentication.
D.Set the parameter 'require_secure_transport' to ON and use the AWSAuthenticationPlugin.
AnswerD

IAM auth requires SSL and the AWSAuthenticationPlugin.

Why this answer

Option D is correct because IAM database authentication requires a specific parameter group setting (require_secure_transport=ON) and authentication plugin. Option A is wrong because native MySQL authentication is not IAM. Option B is wrong because IAM roles for RDS are for API access, not database authentication.

Option C is wrong because the standard MySQL port is 3306.

731
MCQeasy

A company needs to store and query graph data (nodes and edges) for a social network. They require low-latency traversals. Which AWS database is best suited?

A.Amazon Neptune
B.Amazon RDS for MySQL
C.Amazon ElastiCache for Redis
D.Amazon DynamoDB
AnswerA

Purpose-built graph database for low-latency traversals.

Why this answer

Option B is correct because Neptune is a purpose-built graph database. Option A is wrong because RDS is relational. Option C is wrong because DynamoDB is key-value.

Option D is wrong because ElastiCache is in-memory cache, not a graph database.

732
MCQmedium

A company runs a production Amazon RDS for PostgreSQL database. The database specialist needs to perform a major version upgrade with minimal downtime. Which strategy should the specialist use?

A.Create a read replica with the new major version, promote it to primary, and update the application connection string.
B.Take a snapshot of the database, launch a new instance from the snapshot, and upgrade it.
C.Modify the DB instance to the new version directly using the AWS Management Console.
D.Schedule a maintenance window during off-peak hours and apply the upgrade.
AnswerA

This minimizes downtime by using a replica.

Why this answer

Option C is correct because creating a read replica with the new version, promoting it, and then redirecting traffic minimizes downtime. Option A is wrong because it causes downtime. Option B is wrong because modifying the DB instance directly causes downtime during the upgrade.

Option D is wrong because snapshot restore takes time and causes data loss for changes after the snapshot.

733
MCQeasy

A startup is building a real-time leaderboard for a gaming application. The data is highly dynamic with frequent updates and requires single-digit millisecond latency. Which database is most suitable?

A.Amazon Neptune
B.Amazon Redshift
C.Amazon DynamoDB
D.Amazon RDS for PostgreSQL
AnswerC

DynamoDB offers consistent single-digit millisecond performance, ideal for real-time leaderboards.

Why this answer

Amazon DynamoDB is the most suitable choice because it is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale, making it ideal for real-time leaderboards with high-frequency updates. Its DAX (DynamoDB Accelerator) caching layer can further reduce read latency to microseconds, while its auto-scaling and on-demand capacity modes handle the highly dynamic workload without downtime.

Exam trap

Cisco often tests the misconception that a relational database like PostgreSQL is inherently faster for all real-time workloads, but the trap here is that the question explicitly requires 'single-digit millisecond latency' and 'highly dynamic with frequent updates'—characteristics that DynamoDB's NoSQL architecture is specifically designed to meet, whereas RDS for PostgreSQL would introduce latency from locking, indexing overhead, and connection pooling that prevents it from consistently achieving that performance under high write loads.

How to eliminate wrong answers

Option A is wrong because Amazon Neptune is a graph database optimized for highly connected data (e.g., social networks, fraud detection), not for high-throughput, low-latency key-value access patterns required by a real-time leaderboard. Option B is wrong because Amazon Redshift is a petabyte-scale data warehouse designed for complex analytical queries on large datasets, not for single-digit millisecond transactional updates or real-time point lookups. Option D is wrong because Amazon RDS for PostgreSQL is a relational database that, while capable, introduces overhead from ACID transactions, indexing, and connection management that typically results in higher latency (often 5–20 ms or more) compared to DynamoDB's optimized NoSQL engine, and it does not natively support the auto-scaling or DAX caching needed for such a dynamic workload.

734
MCQmedium

A company is using Amazon RDS for MySQL and needs to encrypt data at rest for an existing DB instance. Which approach meets this requirement with minimal downtime?

A.Take a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore from the encrypted snapshot.
B.Enable encryption directly on the existing DB instance by modifying it.
C.Use the AWS CLI command modify-db-instance with the --storage-encrypted flag.
D.Create a read replica of the DB instance with encryption enabled, then promote it.
AnswerA

This is the standard method to encrypt an existing RDS instance with minimal downtime.

Why this answer

Option B is correct because enabling encryption on an existing RDS instance requires a snapshot copy with encryption and then restoring it, which is the standard method with minimal downtime. Option A is wrong because you cannot enable encryption directly on the instance. Option C is wrong because RDS does not support enabling encryption via the ModifyDBInstance API directly.

Option D is wrong because creating a read replica with encryption still requires a snapshot restore for the primary.

735
Drag & Dropmedium

Arrange the steps to create an Amazon DynamoDB global table (multi-Region) in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Global tables require streams enabled, then adding replicas in other Regions for multi-Region replication.

736
MCQhard

A company is running an Amazon DynamoDB table with global secondary indexes (GSIs). Write activity increases, and the 'ThrottledWriteEvents' metric for a GSI spikes. The table itself is not throttled. What is the most likely cause?

A.The index is too large for the base table.
B.The GSI's partition key is not sufficiently distributed.
C.The table's write capacity is set too low.
D.The GSI's read capacity is set too low.
AnswerB

A skewed partition key causes hot partitions on the GSI, leading to write throttling.

Why this answer

Option B is correct because write sharding on the GSI partition key can cause hot partitions. Option A is wrong because read capacity on the GSI does not affect writes. Option C is wrong because write capacity on the table is separate from GSI.

Option D is wrong because the issue is about throttling on GSI, not table.

737
Multi-Selecthard

A company is migrating a 3 TB SQL Server database to Amazon RDS for SQL Server. The migration must have minimal downtime and support point-in-time recovery after migration. Which THREE steps should be included in the migration plan? (Choose three.)

Select 3 answers
A.Take a snapshot backup of the source database.
B.Take a differential backup.
C.Take a full backup of the source database.
D.Use AWS DMS for ongoing replication after initial restore.
E.Take transaction log backups.
AnswersC, D, E

Required for initial restore.

Why this answer

Options A, C, and E are correct. Full backup with transaction log backups allows point-in-time recovery and minimal downtime during restore. AWS DMS can be used for ongoing replication.

Option B is wrong because differential backup alone does not allow point-in-time recovery. Option D is wrong because snapshot backup is not native to SQL Server and RDS does not support restoring from native snapshots.

738
MCQhard

A company is using AWS Database Migration Service (AWS DMS) to migrate a 5 TB MySQL database to Amazon RDS for MySQL. The migration is taking longer than expected. The company notices that the source database has a high volume of write operations. Which configuration change would MOST likely improve the migration performance?

A.Increase the number of parallel threads in the DMS task settings.
B.Enable Multi-AZ on the target RDS instance.
C.Use a smaller instance class for the replication instance to reduce cost.
D.Set the LOB mode to 'Full LOB mode'.
AnswerA

Parallel threads allow concurrent loading of data, improving throughput for high-write workloads.

Why this answer

Increasing the number of parallel threads in the DMS task settings allows AWS DMS to process multiple table partitions or row changes concurrently, which directly addresses the bottleneck caused by a high volume of write operations on the source. By default, DMS uses a single thread per table, but when the source is under heavy write load, parallel threads can capture and apply changes more efficiently, reducing the overall migration time.

Exam trap

The trap here is that candidates often confuse increasing parallelism with enabling Multi-AZ or changing LOB settings, mistakenly thinking these options directly speed up migration, when in fact they address availability or data type handling, not throughput under heavy write load.

How to eliminate wrong answers

Option B is wrong because enabling Multi-AZ on the target RDS instance provides high availability and automatic failover, but does not improve the throughput or speed of the DMS migration process. Option C is wrong because using a smaller instance class for the replication instance would reduce CPU and memory resources, likely worsening migration performance, not improving it. Option D is wrong because setting LOB mode to 'Full LOB mode' is used for handling large objects (LOBs) and can actually slow down migration due to increased data transfer overhead; it does not address the high volume of write operations.

739
Multi-Selecteasy

Which TWO of the following are benefits of using Amazon RDS Proxy? (Choose TWO.)

Select 2 answers
A.Reduces the number of database connections by pooling them.
B.Automatically encrypts all traffic between the application and the database.
C.Improves application scalability by handling connection surges.
D.Provides built-in read/write splitting for read replicas.
E.Reduces storage costs by compressing data in transit.
AnswersA, C

Connection pooling reduces the number of open connections.

Why this answer

Amazon RDS Proxy acts as a connection broker between your application and the database, maintaining a pool of established connections. When the application opens a new connection, RDS Proxy reuses an idle connection from the pool, which reduces the total number of database connections and prevents the database from being overwhelmed. This pooling mechanism directly addresses the issue of connection exhaustion, especially in serverless or highly concurrent environments.

Exam trap

The trap here is that candidates often confuse RDS Proxy's connection pooling with other features like encryption, read/write splitting, or compression, which are separate capabilities not provided by the proxy itself.

740
MCQeasy

A database specialist needs to monitor the number of deadlocks occurring in an Amazon RDS for SQL Server DB instance. Which CloudWatch metric should be used?

A.BlockedTransactions
B.Deadlocks
C.DatabaseConnections
D.LockWaits
AnswerB

This is the correct metric for deadlocks.

Why this answer

Option A is correct because Deadlocks is a specific metric in Amazon RDS for SQL Server that tracks deadlock occurrences. Option B is wrong because it is a generic metric. Option C is wrong because it is for blocking, not deadlocks.

Option D is wrong because it is for lock waits.

741
MCQmedium

A company has an Amazon DynamoDB table with on-demand capacity mode. The table experiences occasional spikes in traffic. During these spikes, some requests receive ProvisionedThroughputExceededException errors. The company wants to minimize these errors without changing the application. Which solution should be used?

A.Switch the table to provisioned capacity mode and enable auto scaling.
B.Enable DynamoDB Accelerator (DAX) for caching.
C.Increase the read and write capacity units manually.
D.Use DynamoDB global tables to distribute the load across multiple regions.
AnswerA

Provisioned capacity with auto scaling can handle burst traffic more effectively than on-demand in some cases.

Why this answer

On-demand mode automatically scales to handle traffic spikes, but there is a per-partition throughput limit. Using DynamoDB Accelerator (DAX) caches responses and reduces read load, but for write spikes, it does not help. Switching to provisioned capacity with auto scaling can handle spikes if configured correctly, but on-demand should already handle spikes.

However, the errors indicate that the per-partition throughput limit is being exceeded. The best solution is to enable auto scaling with provisioned capacity to handle bursts better than on-demand? Actually, on-demand is supposed to handle spikes, but there is a per-partition limit. The best answer is to use DynamoDB global tables to distribute load.

But among options, B (switch to provisioned capacity with auto scaling) is often recommended for predictable spikes. Option A (increase read/write capacity units) is not applicable for on-demand; Option C (DAX) does not help write errors; Option D (global tables) helps with disaster recovery, not throughput. So B is correct.

742
MCQeasy

A developer is checking the encryption status of an RDS MySQL instance. The CLI output shows StorageEncrypted is true. What does this indicate?

A.Connections to the database are encrypted in transit.
B.The database is encrypted using the AWS managed key for RDS.
C.The database does not have encryption at rest enabled.
D.The database is encrypted at rest using a KMS key.
AnswerD

StorageEncrypted true confirms at-rest encryption.

Why this answer

Option C is correct because StorageEncrypted: true means the data at rest is encrypted using the specified KMS key. Option A is wrong because it does not indicate in-transit encryption. Option B is wrong because the key is a KMS key, not necessarily AWS managed.

Option D is wrong because encryption at rest is enabled.

743
MCQmedium

A company is migrating a 500 GB on-premises Oracle database to Amazon RDS for Oracle. The migration must have minimal downtime. Which AWS service should be used for the initial data load and ongoing replication?

A.AWS Snowball Edge for offline data transfer
B.AWS Database Migration Service (AWS DMS)
C.Amazon S3 to store backup files and restore
D.AWS DataSync
AnswerB

DMS supports full load and CDC replication for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) supports both full load and ongoing replication from Oracle to RDS Oracle, enabling minimal downtime migrations. Option A (S3) does not provide replication. Option B (Snowball) is offline.

Option D (DataSync) is for file data, not databases.

744
MCQeasy

A financial services company is migrating its Oracle database to Amazon Aurora PostgreSQL. The database runs a critical batch processing job every night that updates millions of rows. The company needs the migration to minimize downtime and ensure data integrity. Which AWS service should the database specialist use to perform the migration?

A.AWS Database Migration Service (AWS DMS) with ongoing replication from Oracle to Aurora PostgreSQL
B.AWS Data Pipeline to export data from Oracle and import into Aurora PostgreSQL
C.AWS Schema Conversion Tool (AWS SCT) to convert the schema and then use native PostgreSQL tools to migrate data
D.AWS Glue to extract data from Oracle and load into Aurora PostgreSQL
AnswerA

AWS DMS can perform a one-time migration and then use ongoing replication to keep the target in sync with the source, minimizing downtime.

Why this answer

AWS DMS with ongoing replication (change data capture, CDC) is the correct choice because it enables a near-zero-downtime migration by continuously replicating changes from the source Oracle database to the target Aurora PostgreSQL while the source remains fully operational. After the initial full load, DMS applies ongoing transactions, allowing you to cut over with minimal interruption. This directly addresses the requirement to minimize downtime for the nightly batch job and ensures data integrity through transactional consistency.

Exam trap

The trap here is that candidates often confuse AWS DMS with ETL tools like Glue or Data Pipeline, assuming any data movement service can handle live migrations, but only DMS provides the transactional consistency and CDC required for near-zero-downtime database migrations.

How to eliminate wrong answers

Option B is wrong because AWS Data Pipeline is a workflow orchestration service, not a database migration tool; it lacks built-in CDC capabilities and would require manual scripting to handle ongoing replication, leading to significant downtime. Option C is wrong because AWS SCT only converts the schema and code, not the data; using native PostgreSQL tools for data migration would require the source database to be offline or heavily throttled, causing unacceptable downtime for the nightly batch job. Option D is wrong because AWS Glue is an ETL service designed for data transformation and analytics, not for transactional database migrations; it does not support ongoing replication (CDC) and would require the source to be quiesced, breaking the requirement for minimal downtime.

745
MCQmedium

A company is building a real-time chat application using Amazon DynamoDB. Each message has a conversation ID, timestamp, sender, and content. The primary access pattern is to retrieve the most recent 50 messages for a given conversation, ordered by timestamp. Which table design minimizes cost and latency?

A.Use a composite primary key of conversation ID and message ID, and enable DynamoDB Streams to process messages.
B.Use DynamoDB Accelerator (DAX) to cache the most recent messages.
C.Use conversation ID as partition key and timestamp as sort key; query with ScanIndexForward=false and Limit=50.
D.Use conversation ID as partition key and a GSI on timestamp.
AnswerC

Directly supports the access pattern without additional indexes.

Why this answer

Option C is correct because using conversation ID as the partition key and timestamp as the sort key allows a single Query operation with ScanIndexForward=false to retrieve items in reverse chronological order, and Limit=50 ensures only the most recent 50 messages are returned. This design minimizes cost by avoiding full table scans or additional indexes, and minimizes latency by leveraging DynamoDB's native sort key ordering without needing external caching or streams.

Exam trap

The trap here is that candidates may over-engineer the solution by adding unnecessary components like DAX or GSIs, when DynamoDB's native sort key and query parameters directly solve the access pattern with minimal cost and latency.

How to eliminate wrong answers

Option A is wrong because enabling DynamoDB Streams adds cost and complexity without addressing the access pattern; streams are for change data capture, not for efficient querying of recent messages. Option B is wrong because DAX is an in-memory cache that reduces read latency but adds cost and complexity; the primary access pattern can be efficiently served directly from DynamoDB without caching, making DAX unnecessary and more expensive. Option D is wrong because using a GSI on timestamp introduces additional storage and write costs, and the query still requires a ScanIndexForward=false with Limit=50 on the GSI, which is redundant since the base table's sort key already supports the same pattern more efficiently.

746
MCQhard

A financial services company uses Amazon Aurora MySQL-Compatible Edition for transaction processing. They need to run complex analytical queries on the same data without impacting transactional performance. Which solution meets these requirements?

A.Use Aurora Zero-ETL integration with Amazon Redshift
B.Enable Performance Insights and use RDS Proxy
C.Export data to Amazon S3 and query with Athena
D.Create an Aurora Replica and run analytical queries against it
AnswerA

Zero-ETL integration allows Redshift to query Aurora data directly without impacting performance.

Why this answer

Aurora Zero-ETL integration with Amazon Redshift allows you to run complex analytical queries on transactional data without impacting Aurora's performance. It eliminates the need for extract, transform, and load (ETL) pipelines by automatically replicating data from Aurora to Redshift in near real-time, ensuring that analytical workloads are offloaded to a separate, optimized analytics engine.

Exam trap

The trap here is that candidates often assume an Aurora Replica (Option D) is sufficient for read-heavy analytics, but they overlook that it still shares the same storage subsystem and can cause I/O contention and replication lag under heavy analytical loads.

How to eliminate wrong answers

Option B is wrong because Performance Insights and RDS Proxy are designed for monitoring and connection management, not for offloading analytical queries; they do not prevent analytical workloads from consuming Aurora's compute and I/O resources. Option C is wrong because exporting data to S3 and querying with Athena introduces latency and manual ETL steps, and Athena is optimized for ad-hoc querying of data lakes, not for continuous, complex analytical queries on live transactional data. Option D is wrong because an Aurora Replica shares the same underlying storage and can still impact the primary instance's performance during heavy analytical queries, as it competes for storage I/O and can cause replication lag.

747
MCQhard

A company is deploying a global application that requires a database with sub-millisecond read latency across multiple regions. Which AWS database service should they use?

A.Amazon ElastiCache for Redis
B.Amazon Aurora Global Database
C.Amazon DynamoDB Global Tables
D.Amazon RDS for MySQL with cross-region Read Replicas
AnswerC

Provides sub-millisecond latency with multi-region active-active replication.

Why this answer

Amazon DynamoDB Global Tables provide multi-region replication with sub-millisecond latency. Option C is correct. Option A (RDS with Read Replicas) has higher latency.

Option B (Aurora Global Database) is good but not sub-millisecond across regions. Option D (ElastiCache) is a cache, not a primary database.

748
MCQeasy

A company is designing a database for an IoT application that ingests millions of small sensor readings per second. The data is time-series and queries are mostly range scans over time. The company needs a cost-effective solution with high write throughput. Which AWS service should the database specialist recommend?

A.Amazon Redshift with auto-ingest
B.Amazon Timestream
C.Amazon RDS for PostgreSQL with pg_partman extension
D.Amazon DynamoDB with time-series data modeling
AnswerB

Timestream is a serverless time-series database optimized for IoT data.

Why this answer

Amazon Timestream is a purpose-built time-series database designed for IoT and operational applications that ingest millions of data points per second. It automatically manages storage tiers (in-memory and magnetic) to optimize cost, and its query engine is optimized for range scans over time, making it the most cost-effective and high-throughput choice for this workload.

Exam trap

The trap here is that candidates often default to DynamoDB for high-throughput workloads without recognizing that Timestream is the only AWS service purpose-built for time-series data, offering automatic tiering and optimized time-range queries that DynamoDB cannot match without complex custom sharding and indexing.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a columnar data warehouse optimized for complex analytical queries on large datasets, not for high-velocity, high-volume time-series ingestion; its auto-ingest feature cannot handle millions of writes per second without significant cost and latency. Option C is wrong because Amazon RDS for PostgreSQL with pg_partman is a relational database that, even with partitioning, cannot sustain millions of writes per second due to single-writer limitations and transaction overhead, and it lacks the specialized storage tiering for time-series data. Option D is wrong because while DynamoDB can be modeled for time-series data, it is not purpose-built for time-series workloads; it requires manual partitioning and TTL management, and its query model is less efficient for range scans over time compared to Timestream's native time-based indexing.

749
MCQhard

A company is designing a security strategy for an Amazon Aurora MySQL database. They need to ensure that database activity is monitored for suspicious behavior and that alerts are sent when anomalies are detected. Which AWS services should be combined to achieve this? (Select TWO.)

A.Amazon GuardDuty
B.Amazon RDS Database Activity Streams
C.AWS WAF
D.Amazon EventBridge
E.Amazon Inspector
AnswerA, B

GuardDuty can analyze database activity streams for threats.

Why this answer

Options A and D are correct. Option A: Database Activity Streams send activity to CloudWatch Logs and Kinesis. Option D: Amazon GuardDuty can analyze the stream for threats.

Option B is wrong because AWS WAF is for web application firewall. Option C is wrong because Amazon Inspector is for EC2 vulnerabilities. Option E is wrong because EventBridge can trigger alerts but is not a monitoring service for anomalies.

750
MCQmedium

A company is running an Amazon RDS for MySQL Multi-AZ DB instance. They notice increased latency during peak hours. The DB instance type is db.r5.large, and the storage is General Purpose SSD (gp2) with 500 GB. The application is read-heavy with frequent SELECT queries. Which action would most likely resolve the latency issue without changing the DB instance class?

A.Enable Performance Insights and analyze queries.
B.Create an Amazon RDS read replica in the same region.
C.Enable Multi-AZ on the existing DB instance.
D.Increase the allocated storage to 1,000 GB.
AnswerB

Read replicas offload read queries from the primary instance.

Why this answer

Option B is correct because adding a read replica offloads read traffic from the primary instance, reducing latency. Option A is wrong because Multi-AZ is for high availability, not read scaling. Option C is wrong because increasing storage size may improve IOPS but does not directly address read load.

Option D is wrong because enabling Performance Insights is for monitoring, not performance improvement.

Page 9

Page 10 of 24

Page 11