AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 826900

1730 questions total · 24pages · All types, answers revealed

Page 11

Page 12 of 24

Page 13
826
MCQhard

A company is designing a disaster recovery plan for an Amazon DynamoDB table that stores critical session data. The table is provisioned with on-demand capacity. The recovery objective is to have the data available in another AWS Region within 15 minutes of a regional outage. Which design should they choose?

A.Use DynamoDB on-demand backups and restore to another Region.
B.Use DynamoDB Streams to replicate data to a table in another Region via AWS Lambda.
C.Use DynamoDB Global Tables to replicate data across Regions.
D.Create cross-Region Read Replicas for DynamoDB.
AnswerC

Global Tables provide active-active replication across Regions.

Why this answer

Option C is correct because DynamoDB Global Tables provide multi-Region, fully replicated tables with automatic conflict resolution, enabling active-active replication that meets the 15-minute recovery objective without manual intervention. Global Tables replicate data across Regions in sub-second latency, ensuring data availability within the required RTO during a regional outage.

Exam trap

The trap here is that candidates confuse DynamoDB Global Tables with cross-Region Read Replicas (which exist in RDS but not DynamoDB) or assume that on-demand backups can meet a 15-minute RTO, ignoring the manual restore time and lack of continuous replication.

How to eliminate wrong answers

Option A is wrong because on-demand backups are point-in-time snapshots that require manual restore to another Region, which typically takes longer than 15 minutes and does not provide continuous replication for real-time availability. Option B is wrong because DynamoDB Streams with AWS Lambda introduces eventual consistency and potential replication lag that can exceed 15 minutes, and it requires custom code for conflict resolution and error handling, making it less reliable for strict RTOs. Option D is wrong because DynamoDB does not support cross-Region Read Replicas; this feature is available in Amazon RDS (e.g., Aurora, MySQL) but not in DynamoDB, which uses Global Tables for multi-Region replication.

827
MCQhard

A gaming company uses Amazon DynamoDB to store player profiles. The table has partition key 'player_id' and sort key 'game_id'. During a new game launch, write traffic to a subset of players (influencers) spikes, causing throttling. The table uses on-demand capacity. Which solution resolves the hot key issue?

A.Increase the maximum read capacity units in the on-demand settings
B.Switch to provisioned capacity mode and increase write capacity units
C.Add a random suffix to the partition key for the hot players to distribute writes
D.Enable DynamoDB Accelerator (DAX) to cache writes
AnswerC

Shuffling hot keys across partitions resolves hot key throttling.

Why this answer

Option C is correct because adding a suffix to the partition key for hot keys distributes writes across multiple partitions. Option A (increase read capacity) doesn't help writes. Option B (DAX) is for reads.

Option D (change to provisioned) doesn't solve hot key; adaptive capacity works in both modes.

828
MCQmedium

A company uses Amazon ElastiCache for Redis to cache session data. The security team requires that all data in transit be encrypted. The Redis cluster currently does not have encryption in transit enabled. The database specialist needs to enable encryption in transit with minimal downtime. Which action should the specialist take?

A.Create a new Redis cluster with encryption in transit enabled, and migrate the data from the existing cluster.
B.Update the Redis parameter group to enable the 'encryption-in-transit' parameter and reboot the cluster.
C.Use a security group to enforce encrypted connections by allowing only TLS traffic.
D.Modify the existing Redis cluster to enable encryption in transit using the AWS CLI.
E.Enable encryption in transit on the existing cluster by using the AWS Management Console.
AnswerA

Encryption in transit can only be enabled at cluster creation time.

Why this answer

Encryption in transit for ElastiCache for Redis can only be enabled at cluster creation time; it cannot be added to an existing cluster. Therefore, the correct approach is to create a new Redis cluster with encryption in transit enabled, migrate the session data from the existing cluster (e.g., using replication or a manual export/import), and then redirect application traffic to the new cluster. This ensures minimal downtime if the migration is performed during a maintenance window or using a blue/green deployment strategy.

Exam trap

The trap here is that candidates assume encryption in transit can be toggled on an existing cluster, similar to enabling encryption at rest, but AWS enforces it as a creation-time-only setting for ElastiCache for Redis.

How to eliminate wrong answers

Option B is wrong because there is no 'encryption-in-transit' parameter in a Redis parameter group; encryption in transit is a cluster-level setting that cannot be changed via parameter groups. Option C is wrong because security groups control network access at the IP/port level but cannot enforce TLS encryption; they do not enable encryption in transit on the Redis cluster itself. Option D is wrong because the AWS CLI cannot modify an existing cluster to enable encryption in transit; this setting is immutable after creation.

Option E is wrong because the AWS Management Console does not allow enabling encryption in transit on an existing cluster; it must be set at launch time.

829
MCQhard

A financial services company uses Amazon DynamoDB to store transaction records. The table has a partition key of 'AccountId' and a sort key of 'TransactionDate'. The company needs to run analytical queries that aggregate transactions by account and month. Currently, queries are slow due to full table scans. Which design change will improve query performance most effectively?

A.Add DynamoDB Accelerator (DAX) to the table.
B.Change the table's sort key from TransactionDate to Month.
C.Enable DynamoDB Streams and process the stream with AWS Lambda to pre-aggregate results.
D.Create a Global Secondary Index (GSI) with partition key AccountId and sort key Month.
AnswerD

Allows efficient aggregation queries using the GSI.

Why this answer

Option B is correct because creating a Global Secondary Index (GSI) with AccountId as partition key and Month as sort key allows efficient querying without scans. Option A is wrong because changing the sort key to Month loses the ability to query by exact date. Option C is wrong because enabling DynamoDB Streams does not improve query performance.

Option D is wrong because DynamoDB Accelerator (DAX) speeds up reads but does not change the query pattern.

830
Multi-Selectmedium

A company is designing a database for a global e-commerce platform that requires low-latency reads and writes from multiple AWS Regions. The database must support ACID transactions and complex queries with joins. Which TWO services should they consider? (Choose two.)

Select 2 answers
A.Amazon DynamoDB with Global Tables
B.Amazon ElastiCache for Redis with global datastore
C.Amazon RDS for MySQL with cross-Region read replicas
D.Amazon Aurora with Aurora Global Database
E.Amazon Redshift with cross-Region snapshots
AnswersA, D

DynamoDB Global Tables provide multi-region low-latency writes and reads, but lack complex joins.

Why this answer

For global low-latency with ACID transactions and complex queries, Amazon Aurora (especially with Global Database) is a strong choice. DynamoDB is not relational and does not support complex joins natively. RDS Multi-AZ is single-region.

ElastiCache is not a database. Redshift is for analytics. The correct answers are Aurora (which supports Global Database for multi-region) and possibly RDS with cross-Region replication, but RDS does not have native global database capability like Aurora.

However, the question says 'which TWO services', and the best two are Aurora and DynamoDB? But DynamoDB does not support complex joins. Option A (DynamoDB) is often used for global scale but lacks joins. Option B (Aurora) is the best fit.

Option C (RDS) can be used with cross-Region read replicas but not for writes. Option D (ElastiCache) is cache. Option E (Redshift) is for analytics.

The only viable services for ACID and joins are Aurora and possibly RDS if they accept eventual consistency? But the question says 'low-latency reads and writes' and 'global', so Aurora Global Database is the best. The second could be DynamoDB if they use serverless and global tables, but the question explicitly says 'complex queries with joins', which DynamoDB does not support. Therefore, the correct pair is likely Aurora and something else? Actually, there is no other service that fully meets all requirements.

Perhaps the answer is Aurora and RDS? But RDS does not support multi-region writes. The most reasonable is to select Aurora and DynamoDB for different workloads, but the stem implies a single database. Given the constraints, the best two are Aurora (for relational) and DynamoDB (for non-relational), but they are different paradigms.

However, the exam may expect Aurora and DynamoDB as two services for different parts of the application. Alternatively, the correct answer might be Aurora and RDS with cross-Region replication? But RDS does not have global tables. I'll go with Aurora and DynamoDB as the two services that can be used together to meet the requirements: DynamoDB for high-speed key-value access and Aurora for complex queries.

The question says 'which TWO services should they consider', implying they may use both. So I'll choose A and B.

831
MCQmedium

A company is migrating its on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all data at rest be encrypted using a customer-managed key stored in AWS KMS, and that the key be rotated automatically every year. The company also needs to ensure that only specific IAM roles can access the key. Which combination of steps should the database administrator take to meet these requirements?

A.Create the RDS instance without encryption, then use the AWS Console to enable encryption after creation using a customer-managed key.
B.Create the RDS instance with encryption using the default AWS managed service key, and set up automatic key rotation in KMS.
C.Use AWS CloudHSM to generate and store the encryption key, and configure RDS to use the CloudHSM key for encryption.
D.Create the RDS instance with encryption enabled using a customer-managed KMS key, and configure the key policy to restrict access to the required IAM roles.
AnswerD

This meets encryption, key rotation, and access control requirements.

Why this answer

Option B is correct because enabling encryption on the RDS instance with a customer-managed KMS key allows rotation and access control via KMS key policies. Option A is wrong because RDS does not support manual encryption after creation. Option C is wrong because default service key does not allow custom rotation.

Option D is wrong because CloudHSM is not needed for this scenario.

832
MCQhard

A database engineer is reviewing Amazon RDS for MySQL error logs and sees repeated authentication failures from the same IP address. The application team confirms the password is correct. What is the most likely cause of these errors?

A.The password is incorrect
B.The user 'app_user' does not have access from host '10.0.1.50'
C.The 'app_user' account is locked
D.The database requires SSL connections
AnswerB

The user may be defined as 'app_user'@'%' or from a different host, causing a mismatch.

Why this answer

The error logs show authentication failures despite the password being correct, which indicates the issue is not with the password itself but with the host-based access control. In MySQL, user accounts are defined as 'user'@'host', and if the application is connecting from an IP address (e.g., 10.0.1.50) that is not included in the user's allowed hosts, MySQL will reject the connection with an authentication error even if the password is correct. This is a common misconfiguration when migrating or scaling applications across different subnets.

Exam trap

The trap here is that candidates often assume authentication failures always mean a wrong password, but AWS/DBS-C01 tests your understanding that MySQL's host-based authentication can produce the same error message when the host is not authorized, even with a valid password.

How to eliminate wrong answers

Option A is wrong because the application team has confirmed the password is correct, and authentication failures from a specific IP with a correct password point to host-based restrictions, not an incorrect password. Option C is wrong because a locked account would produce a different error message (e.g., 'Access denied for user ... account is locked') and would affect all connection attempts, not just those from a single IP. Option D is wrong because requiring SSL connections would cause a different error (e.g., 'SSL connection error: ...') and would affect all connection attempts, not just those from a specific IP; the error logs show authentication failures, not SSL handshake failures.

833
MCQmedium

A database specialist is managing an Amazon RDS for Oracle DB instance. The instance has a large amount of data and the specialist needs to migrate it to a new instance in a different AWS Region. Which method would minimize downtime and be the most efficient?

A.Use AWS Database Migration Service (DMS) with ongoing replication to migrate to the target instance.
B.Export the database to Amazon S3 using Oracle Data Pump, then import into the new instance.
C.Create a cross-region read replica and promote it.
D.Take a full backup using Oracle RMAN, copy the backup files to the target region, and restore.
AnswerA

DMS supports minimal downtime with ongoing replication.

Why this answer

Option C is correct. AWS Database Migration Service (DMS) with ongoing replication minimizes downtime and supports cross-region migration. Option A is wrong because exporting to S3 and importing is time-consuming and does not support ongoing replication.

Option B is wrong because cross-region read replicas are not available for Oracle. Option D is wrong because RMAN backups are not integrated with AWS for cross-region migration.

834
MCQeasy

A snapshot of an Amazon RDS DB instance is shown in the exhibit. What does the output indicate?

A.The snapshot creation is still in progress.
B.The snapshot is encrypted and the encryption process is complete.
C.The snapshot is not encrypted.
D.The snapshot is in the process of being encrypted.
AnswerB

The status 'encrypted' means the snapshot is encrypted.

Why this answer

Option D is correct because the snapshot is encrypted (Encrypted: true) and the status is 'encrypted', meaning the snapshot encryption is complete. Option A is wrong because the snapshot exists and is encrypted. Option B is wrong because the snapshot is encrypted.

Option C is wrong because the status is not 'creating'.

835
Multi-Selectmedium

A company is designing a database solution for a global user base that requires single-digit millisecond read latency for user profile data. The data is eventually consistent and can tolerate a few seconds of staleness. Which TWO AWS services or features should be combined to achieve this latency?

Select 2 answers
A.Amazon ElastiCache for Redis with global datastore.
B.Amazon DynamoDB Global Tables.
C.Amazon CloudFront with a custom origin pointing to DynamoDB.
D.Amazon RDS for MySQL with cross-Region read replicas.
E.Amazon Aurora Global Database.
AnswersB, C

Global Tables replicate data across regions, enabling low-latency local reads.

Why this answer

Amazon DynamoDB Global Tables provides a fully managed, multi-Region, multi-active database that replicates data across AWS Regions with sub-second latency, enabling single-digit millisecond reads for user profile data. Combined with Amazon CloudFront as a CDN, you can cache DynamoDB responses at edge locations, further reducing read latency for a global user base while tolerating eventual consistency and a few seconds of staleness.

Exam trap

The trap here is that candidates may assume Amazon ElastiCache or Aurora Global Database are required for single-digit millisecond latency, overlooking how DynamoDB Global Tables combined with CloudFront caching can achieve this without the complexity of managing a separate cache layer or dealing with cross-Region replication lag.

836
MCQeasy

A company is migrating a 2 TB MySQL database from on-premises to Amazon RDS for MySQL. They need to minimize downtime and ensure data consistency. They plan to use AWS DMS. What is the first step they should take before starting the migration task?

A.Create a read replica of the source database to reduce load.
B.Enable binary logging (binlog) on the source MySQL database.
C.Disable foreign key checks on the source database to speed up the load.
D.Enable binary logging on the target RDS for MySQL instance.
AnswerB

Binlog is required for CDC to capture ongoing changes.

Why this answer

AWS DMS requires binary logging (binlog) to be enabled on the source MySQL database to capture ongoing changes during the full-load and change data capture (CDC) phase. This ensures data consistency and minimizes downtime by allowing DMS to replicate incremental changes after the initial load. Without binlog, DMS cannot perform CDC, and the migration would be limited to a one-time snapshot, risking data loss or extended downtime.

Exam trap

The trap here is that candidates often confuse the need for binary logging on the source versus the target, or assume that a read replica or disabling constraints is the first step, but DMS specifically requires binlog on the source for continuous replication.

How to eliminate wrong answers

Option A is wrong because creating a read replica of the source database does not directly enable DMS to capture changes; DMS can already read from the source without a replica, and a replica adds complexity without addressing the core requirement for CDC. Option C is wrong because disabling foreign key checks on the source database is not a prerequisite for DMS; DMS handles foreign key constraints during migration, and disabling them could compromise data integrity. Option D is wrong because binary logging must be enabled on the source database, not the target; the target RDS instance does not need binlog for DMS to write data, and enabling it on the target is irrelevant for capturing source changes.

837
Multi-Selecthard

Which THREE factors should be considered when selecting the backup strategy for an Amazon RDS for PostgreSQL DB instance? (Choose 3.)

Select 3 answers
A.The backup retention period
B.The Recovery Point Objective (RPO) requirement
C.The impact of the backup window on database performance
D.The need for Multi-AZ deployment
E.The encryption at rest requirement
AnswersA, B, C

Retention period determines how long backups are stored, affecting cost and compliance.

Why this answer

Option A is correct because the backup retention period directly determines how far back you can perform a point-in-time recovery (PITR) for an RDS for PostgreSQL instance. Amazon RDS stores automated backups and transaction logs for the specified retention period (1 to 35 days), and this period must be aligned with your compliance and operational requirements. Choosing an appropriate retention period is a fundamental factor in defining the backup strategy.

Exam trap

AWS often tests the misconception that Multi-AZ deployment is part of the backup strategy, but in reality it is a high-availability feature that does not affect backup retention, RPO, or backup window performance.

838
MCQeasy

A team manages an Amazon Aurora MySQL database. They observe that the 'Deadlocks' metric in CloudWatch is spiking. The application uses a single writer instance and multiple read replicas. Which action is most effective at reducing deadlocks?

A.Increase the instance size to handle more concurrent connections.
B.Redirect read traffic to read replicas to reduce load on the writer.
C.Enable Multi-AZ to distribute the load.
D.Review application code to ensure transactions are as short as possible and access tables in a consistent order.
AnswerD

Minimizing transaction duration and accessing resources in a fixed order reduces deadlock probability.

Why this answer

Deadlocks in Aurora MySQL occur when two or more transactions hold locks that the other needs, and they wait indefinitely. The most effective way to reduce deadlocks is to keep transactions short and access tables in a consistent order, which minimizes lock contention and avoids circular wait conditions. This directly addresses the root cause of deadlocks, unlike scaling or redirecting traffic, which only reduce the probability of contention without fixing the underlying locking pattern.

Exam trap

The trap here is that candidates often confuse load-related issues (e.g., high CPU or connections) with deadlocks, and incorrectly choose scaling or read replica offloading, when deadlocks are fundamentally a locking order and transaction duration problem.

How to eliminate wrong answers

Option A is wrong because increasing instance size improves throughput and reduces resource contention but does not change the application's locking behavior; deadlocks can still occur if transactions hold locks for long periods or access tables in inconsistent orders. Option B is wrong because redirecting read traffic to read replicas reduces load on the writer but does not affect the locking patterns of write transactions; deadlocks are caused by write-write conflicts, not read load. Option C is wrong because Multi-AZ in Aurora is a high-availability feature that provides a standby replica for failover; it does not distribute load or reduce lock contention, and Aurora's storage is already replicated across three AZs by default.

839
MCQeasy

A company is building a document management system where each document can have multiple tags and users need to query documents by any combination of tags. The number of tags per document is up to 20, and the total number of documents is expected to be 50 million. Which database design is most appropriate for this flexible tag-based querying?

A.Amazon DynamoDB with a global secondary index on the tag attribute
B.Amazon RDS for MySQL with a normalized schema
C.Amazon Neptune
D.Amazon ElastiCache for Memcached
AnswerA

DynamoDB scales easily and supports flexible tag queries.

Why this answer

Amazon DynamoDB with a global secondary index on the tag attribute allows efficient querying by tag. To query multiple tags, application-side intersection is needed. Option A (RDS with multiple join tables) is wrong because it introduces complex joins and is less scalable.

Option C (ElastiCache) is wrong because it is not a persistent database for primary storage. Option D (Neptune) is wrong because although graph databases can handle tags, they are not the most straightforward for simple tag queries.

840
MCQhard

An application using Amazon DynamoDB is experiencing higher than expected read costs. The table uses on-demand capacity mode. The read pattern is mostly fetching small items (1 KB) using GetItem. Which of the following is the most cost-effective optimization?

A.Change the table to provisioned capacity mode with auto scaling
B.Compress the items using application-level compression
C.Use DAX to cache the read results
D.Switch to eventually consistent reads for GetItem operations
AnswerD

Eventually consistent reads consume half the RCU of strongly consistent reads.

Why this answer

Option A is correct because DynamoDB charges for read capacity units based on item size, and using GetItem with strongly consistent reads consumes 1 RCU for items up to 4 KB. Option B is wrong because changing to provisioned capacity may not be cost-effective with unpredictable traffic. Option C is wrong because compression is not natively supported.

Option D is wrong because DAX adds cost and may not reduce RCU consumption if reads are strongly consistent.

841
Multi-Selecteasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all data be encrypted at rest using a customer-managed KMS key. Additionally, the database should be accessible only from a specific VPC. Which THREE steps should the database specialist take to meet these requirements? (Choose three.)

Select 3 answers
A.Configure the security group for the RDS instance to allow inbound traffic only from the application security group.
B.Launch the RDS instance in a private subnet of the VPC.
C.Create a VPC endpoint for RDS and associate it with the DB instance.
D.Store the encryption key in Amazon S3 and configure RDS to use it.
E.Enable encryption at rest using a customer-managed KMS key when creating the RDS instance.
AnswersA, B, E

This restricts access to the application's security group.

Why this answer

Option A is correct because security groups act as a virtual firewall for RDS instances. By configuring the security group to allow inbound traffic only from the application security group, you restrict database access to specific application servers, meeting the requirement that the database be accessible only from a specific VPC.

Exam trap

The trap here is that candidates often confuse VPC endpoints with network access control, thinking a VPC endpoint restricts access to the database, when in fact it only provides a private connection path without limiting which resources can connect.

842
MCQeasy

A startup is building a social media application that requires a database to store user relationships (followers, following) and support graph queries. The data volume is expected to grow to tens of terabytes. Which AWS database service is most suitable for this workload?

A.Amazon RDS for MySQL with self-joins.
B.Amazon Redshift.
C.Amazon DynamoDB with adjacency list design.
D.Amazon Neptune.
AnswerD

Neptune is a purpose-built graph database.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data, such as social media user relationships (followers, following). It supports both property graph and RDF models, enabling efficient graph traversal queries using Gremlin or SPARQL, which is ideal for this workload. Neptune scales to tens of terabytes and provides low-latency query performance for complex graph patterns, making it the most suitable choice.

Exam trap

The trap here is that candidates often choose DynamoDB (Option C) because they associate it with NoSQL scalability, but they overlook that adjacency list designs in DynamoDB require multiple queries and client-side logic for graph traversals, making it unsuitable for deep or multi-hop relationship queries at scale.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL with self-joins is a relational database that does not natively support graph traversal operations; self-joins become exponentially slower and more complex as the depth of relationships increases, leading to poor performance at tens of terabytes. Option B is wrong because Amazon Redshift is a columnar data warehouse designed for analytical queries on large datasets, not for real-time graph queries or transactional relationship storage, and it lacks native graph traversal capabilities. Option C is wrong because Amazon DynamoDB with adjacency list design can model simple one-to-many relationships but is not optimized for multi-hop graph traversals; queries like 'find followers of followers' require multiple round trips and client-side joins, resulting in high latency and complexity at scale.

843
MCQmedium

A company is migrating a 500 GB MySQL database from on-premises to Amazon RDS for MySQL. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used?

A.Use mysqldump to export the database and import to RDS during a maintenance window.
B.Use AWS Schema Conversion Tool (SCT) to convert the schema and migrate data.
C.Take a physical backup, copy it to Amazon S3, and restore to RDS.
D.Use AWS Database Migration Service (DMS) with a full load and ongoing replication from a change data capture source.
AnswerD

DMS supports full load plus CDC for minimal downtime migrations.

Why this answer

AWS DMS is the correct choice because it supports both a full load of the 500 GB database and ongoing replication using change data capture (CDC) from the on-premises MySQL source. This enables minimal downtime by keeping the target RDS instance synchronized during the migration window, and it handles schema conversion automatically for MySQL-to-MySQL migrations without needing a separate tool.

Exam trap

The trap here is that candidates often assume a simple backup-and-restore or logical dump is sufficient for minimal downtime, but they overlook the requirement for ongoing replication, which only DMS with CDC can provide without disrupting the source database.

How to eliminate wrong answers

Option A is wrong because mysqldump is a logical backup tool that requires taking the source database offline or locking tables during export, causing significant downtime, and it does not support ongoing replication after the initial load. Option B is wrong because AWS SCT is designed for heterogeneous migrations (e.g., Oracle to Aurora) and is unnecessary for a homogeneous MySQL-to-MySQL migration; it does not perform the actual data movement or ongoing replication. Option C is wrong because taking a physical backup and restoring to RDS requires stopping writes on the source to ensure consistency, and it cannot provide ongoing replication to keep the target in sync with the source after the restore.

844
MCQmedium

A company uses Amazon DynamoDB for a session management workload. The access pattern is random and requires single-digit millisecond latency. The table has a read capacity of 5000 RCU. During peak hours, read requests occasionally exceed this capacity, causing throttling. Which design change is most appropriate to handle traffic spikes?

A.Switch to DynamoDB on-demand mode.
B.Add a global secondary index with different partition key.
C.Enable DynamoDB auto scaling for reads.
D.Add a DAX cluster to cache read requests.
AnswerC

Dynamically adjusts capacity to handle spikes.

Why this answer

Option C is correct because DynamoDB auto scaling allows the table to dynamically adjust its provisioned read capacity (RCU) in response to traffic spikes, preventing throttling while maintaining single-digit millisecond latency. This is the most appropriate design change for a session management workload with random access patterns, as it handles occasional bursts without requiring manual intervention or architectural changes.

Exam trap

The trap here is that candidates often choose DAX (Option D) thinking it solves throttling by caching, but DAX only reduces read load if the same items are frequently requested—random access patterns with low cache hit rates make DAX ineffective for preventing throttling, and it does not increase the table's RCU limit.

How to eliminate wrong answers

Option A is wrong because switching to DynamoDB on-demand mode would eliminate throttling but introduces unpredictable costs and may not be cost-effective for a workload with a baseline of 5000 RCU and only occasional spikes; on-demand is designed for unpredictable or new workloads, not for optimizing cost in a known pattern. Option B is wrong because adding a global secondary index (GSI) with a different partition key does not address read capacity throttling on the base table; GSIs have their own read/write capacity and are used for alternative query patterns, not for scaling existing read throughput. Option D is wrong because adding a DAX cluster caches read requests to reduce latency and offload reads from the table, but it does not increase the provisioned read capacity; if the cache misses or the DAX cluster itself is overwhelmed, throttling can still occur on the underlying table.

845
Multi-Selectmedium

A company is planning to deploy a new Amazon RDS for Oracle database in a Multi-AZ configuration. The database must be highly available and fault-tolerant. Which THREE actions should the company take to meet these requirements? (Choose three.)

Select 3 answers
A.Take manual snapshots daily
B.Create a read replica in a different Availability Zone
C.Enable Multi-AZ deployment
D.Enable automated backups with a retention period of 35 days
E.Enable deletion protection
AnswersC, D, E

Multi-AZ provides automatic failover.

Why this answer

Multi-AZ deployment automatically creates a standby instance in a different AZ. Automated backups are enabled by default and stored across multiple AZs. Retaining automated backups for 35 days provides point-in-time recovery.

Read replicas are for read scaling, not high availability. Manual snapshots are for long-term retention, not high availability. Multi-Region replication is for disaster recovery, not high availability.

846
Multi-Selectmedium

A company is using Amazon DynamoDB for a gaming application. The application stores player scores in a table with a partition key of player_id and a sort key of timestamp. The company wants to query the top 10 scores for a given player efficiently. Which TWO steps should the company take to optimize this query?

Select 2 answers
A.Use the Query API with the LSI and scan index forward set to false to get the top scores.
B.Create a local secondary index (LSI) on the score attribute with the same partition key.
C.Use a Scan operation with a filter expression to retrieve the top scores.
D.Create a local secondary index on the timestamp attribute.
E.Create a global secondary index (GSI) on the score attribute.
AnswersA, B

Querying the LSI with ScanIndexForward=false returns items in descending order, efficiently retrieving the top scores.

Why this answer

A local secondary index (LSI) on score allows efficient sorting within a partition. A global secondary index (GSI) on score would not be efficient for per-player queries. The correct options are A and D.

Option B (GSI) would not help per-player sorting. Option C (scan) is inefficient. Option E (LSI on timestamp) is already present.

847
MCQmedium

A company is running a MySQL database on Amazon RDS for a customer relationship management (CRM) application. The database has a table named 'contacts' with over 100 million rows. The application frequently runs queries to find contacts by email address. The email column has a B-tree index. Recently, the application started experiencing slow query performance. The team checked CloudWatch metrics and saw that the ReadIOPS for the RDS instance is consistently at 80% of the provisioned IOPS limit. The instance type is db.r5.large with 3000 provisioned IOPS (gp2). The buffer pool hit ratio is 95%. What is the most cost-effective design change to improve query performance?

A.Upgrade the RDS instance to db.r5.xlarge with 6000 provisioned IOPS.
B.Migrate the contacts table to Amazon DynamoDB with email as partition key.
C.Implement an Amazon OpenSearch Service cluster for email search.
D.Increase the buffer pool size by changing to a memory-optimized instance.
AnswerA

Increases IOPS capacity, reducing IO bottleneck.

Why this answer

Option B is correct because moving to a db.r5.xlarge with 6000 provisioned IOPS (gp2) doubles IOPS capacity, reducing IO wait. Option A is wrong because DynamoDB requires application changes. Option C is wrong because Elasticsearch is additional complexity and cost.

Option D is wrong because the buffer pool hit ratio is already high; increasing memory won't help much.

848
MCQhard

A company uses Amazon DynamoDB to store session data. The security team has enabled DynamoDB Accelerator (DAX) for performance. However, they are concerned about data encryption at rest. DAX encrypts data at rest by default. The security team wants to use a customer managed key (CMK) in AWS KMS. How can this be configured?

A.Use an asymmetric customer managed key because it provides better security.
B.DAX does not support encryption at rest with a customer managed key; only AWS managed keys are supported.
C.Enable encryption at rest on the DAX cluster after creation by modifying the cluster settings.
D.Create a DAX cluster and specify the KMS key ID of a symmetric customer managed key during creation.
AnswerD

DAX allows specifying a symmetric CMK during cluster creation.

Why this answer

Option B is correct because DAX supports specifying a KMS key at cluster creation, and it must be a symmetric CMK. Option A is wrong because DAX does support encryption at rest, and it can use a CMK. Option C is wrong because DAX uses KMS for encryption, not S3.

Option D is wrong because the KMS key must be a symmetric CMK; asymmetric CMKs are not supported for DAX encryption.

849
MCQmedium

A company is using Amazon Redshift for data warehousing. The data engineering team notices that queries are running slower than expected. CloudWatch shows that 'CPUUtilization' is high and 'DiskSpaceUsage' is also high. The cluster has 4 dc2.large nodes. What is the most likely cause of the performance degradation?

A.Insufficient network bandwidth between nodes
B.CPU is the bottleneck and needs more compute nodes
C.Workload management (WLM) queue is causing query waits
D.Queries are spilling to disk due to insufficient memory
AnswerD

High disk usage suggests memory pressure causing disk-based operations.

Why this answer

Option B is correct because high disk usage on dc2 nodes indicates that the cluster is spilling to disk due to insufficient memory. Option A is wrong because network throughput is not indicated. Option C is wrong because WLM queue waits would show in other metrics.

Option D is wrong because high CPU alone does not explain disk usage.

850
Multi-Selectmedium

A company is troubleshooting an Amazon RDS for MySQL DB instance that is experiencing high CPU utilization. The DB instance is a db.t3.medium. Which TWO actions should the database administrator take to investigate the cause?

Select 2 answers
A.Enable Performance Insights to identify the top SQL queries consuming CPU.
B.Disable Multi-AZ to reduce overhead.
C.Modify the DB parameter group to increase the query cache size.
D.Increase the DB instance class to a larger size.
E.Review the slow query log to find queries with long execution times.
AnswersA, E

Performance Insights provides query-level performance data.

Why this answer

Option A is correct because enabling Performance Insights helps identify top SQL queries. Option B is correct because reviewing slow query logs helps identify inefficient queries. Option C is wrong because increasing instance size is a fix, not investigation.

Option D is wrong because disabling Multi-AZ reduces availability, not CPU. Option E is wrong because modifying parameter groups without analysis is not investigative.

851
MCQeasy

A company wants to migrate a self-hosted MongoDB database to Amazon DocumentDB. They need to convert the schema. Which AWS service should they use?

A.AWS Glue
B.AWS Database Migration Service (DMS)
C.AWS Schema Conversion Tool (SCT)
D.Amazon Athena
AnswerC

SCT can convert MongoDB schemas to DocumentDB-compatible format.

Why this answer

AWS DMS can migrate MongoDB to DocumentDB, and AWS SCT can help convert schemas if needed. However, DocumentDB supports MongoDB wire protocol, so often SCT is not required. But the question asks for schema conversion, so SCT is the correct choice.

852
Multi-Selectmedium

A company is migrating a 3 TB on-premises Oracle database to Amazon Aurora PostgreSQL using AWS DMS. The migration task is failing with an error indicating insufficient memory. Which TWO actions should the company take to resolve this issue? (Choose TWO.)

Select 2 answers
A.Change the target database engine to Amazon RDS for MySQL.
B.Disable Multi-AZ on the DMS replication instance.
C.Increase the instance class of the DMS replication instance.
D.Reduce the number of tables being migrated in the task.
E.Use a smaller instance class for the DMS replication instance.
AnswersC, D

A larger instance class provides more memory to handle the migration.

Why this answer

Option C is correct because the 'insufficient memory' error during an AWS DMS migration indicates that the replication instance lacks the memory required to handle the data volume, transformation rules, or cache for large transactions. Increasing the instance class (e.g., from dms.c5.large to dms.c5.2xlarge) provides more memory and CPU, directly resolving the resource constraint.

Exam trap

The trap here is that candidates might confuse a DMS replication instance memory issue with a target database performance issue, leading them to incorrectly change the target engine or disable Multi-AZ instead of scaling the replication instance.

853
MCQeasy

A startup is building a mobile application that needs to store user profiles and preferences. The data is schema-less and will grow rapidly. The application requires single-digit millisecond latency for reads and writes. Which AWS database should they choose?

A.Amazon Aurora (MySQL compatible)
B.Amazon Redshift
C.Amazon RDS for SQL Server
D.Amazon DynamoDB
AnswerD

DynamoDB supports schema-less design and low-latency access.

Why this answer

Amazon DynamoDB is a fully managed NoSQL database designed for low-latency, schema-less data at any scale. Option A (Aurora) is relational and requires predefined schema. Option C (Redshift) is for analytics.

Option D (RDS SQL Server) is relational and not optimized for rapid scaling of schema-less data.

854
Multi-Selecteasy

A company is deploying a new Amazon RDS for PostgreSQL DB instance. Which THREE actions are recommended for a secure deployment?

Select 3 answers
A.Enable encryption at rest using AWS KMS
B.Use the default VPC for simplicity
C.Delete automated backups after the initial snapshot to reduce costs
D.Enable automated backups with a retention period
E.Place the DB instance in a private subnet
AnswersA, D, E

Encryption at rest protects data if storage is compromised.

Why this answer

Options A, C, and D are correct. Enabling encryption at rest, using private subnets, and enabling automated backups are security best practices. Option B is wrong because deleting automated backups immediately after creation removes the ability to perform point-in-time recovery.

Option E is wrong because using the default VPC may not be properly isolated.

855
MCQhard

A company runs a critical e-commerce platform on Amazon Aurora MySQL. The database is 2 TB and experiences a sudden spike in write latency during flash sales. The application uses auto-generated UUIDs as primary keys. The CPU utilization on the writer instance is 80%, and the read replicas show low utilization. Write latency has increased from 5 ms to 200 ms. The company needs to reduce write latency with minimal application changes. Which course of action is MOST effective?

A.Implement sharding across multiple Aurora clusters.
B.Change the primary key to an auto-increment BIGINT and recreate indexes.
C.Add more read replicas and redirect write-heavy queries to replicas.
D.Upgrade the writer instance to a larger instance type with more IOPS.
AnswerB

Sequential keys reduce index page splits, improving write performance.

Why this answer

B is correct because UUID primary keys cause random writes that fragment the B-tree index, leading to frequent page splits and high write latency. Changing to an auto-increment BIGINT allows sequential writes, which fill index pages contiguously and reduce the write amplification that drives latency from 5 ms to 200 ms. This requires no application logic changes beyond the schema migration, making it the most effective minimal-change solution.

Exam trap

The trap here is that candidates assume scaling compute or storage (Option D) is the universal fix for write latency, but the exam specifically tests the impact of primary key design on index write amplification in Aurora MySQL.

How to eliminate wrong answers

Option A is wrong because sharding across multiple Aurora clusters adds significant application complexity (e.g., distributed transactions, cross-cluster joins) and does not address the root cause of random-write overhead from UUIDs. Option C is wrong because read replicas cannot handle write traffic; they only serve read queries, so redirecting write-heavy queries to replicas is impossible and would not reduce write latency on the writer instance. Option D is wrong because upgrading the instance type with more IOPS only masks the symptom of high write latency; it does not fix the underlying index fragmentation caused by UUID primary keys, so the latency will persist after the upgrade.

856
MCQhard

A company is using Amazon ElastiCache for Redis as a caching layer for a web application. The application team reports that cache miss rates have increased significantly, causing higher database load. The Redis cluster has two nodes (one primary, one replica) with the default eviction policy of noeviction. Which action should the database specialist recommend to reduce cache misses?

A.Increase the memory of existing nodes to accommodate more keys.
B.Change the eviction policy to allkeys-lru to allow Redis to evict less recently used keys.
C.Enable AOF persistence to improve cache durability.
D.Add more read replicas to distribute the cache load.
AnswerB

allkeys-lru evicts keys based on LRU, reducing cache misses.

Why this answer

Option B is correct because changing the eviction policy to allkeys-lru allows Redis to evict less frequently used keys when memory is full, reducing cache misses. Option A is wrong because adding more nodes does not solve the eviction issue if the policy prevents eviction. Option C is wrong because increasing the memory of existing nodes only delays the problem.

Option D is wrong because enabling persistence does not help with memory management.

857
MCQhard

A company uses Amazon DynamoDB with a table that stores sensitive customer data. The security team requires that all data at rest be encrypted using a customer-managed AWS KMS key (CMK). Additionally, the company needs to ensure that only specific IAM roles can access the table. Which solution meets these requirements with the least operational overhead?

A.Enable encryption at rest using AWS KMS with a CMK and use column-level encryption with AWS KMS to restrict access.
B.Attach a resource-based policy to the DynamoDB table that grants access only to the specific IAM roles.
C.Use a DynamoDB Accelerator (DAX) cluster with encryption at rest using a CMK, and attach a resource-based policy to the table.
D.Configure the DynamoDB table to use AWS KMS encryption with a CMK. Create an IAM role with a policy that grants access to the table and includes a condition that the encryption context matches the CMK.
E.Configure the DynamoDB table to use AWS KMS encryption with a CMK, and attach a key policy to the CMK that allows only the specific IAM roles.
AnswerD

This ensures encryption with a CMK and restricts access using IAM conditions on the encryption context.

Why this answer

Option D is correct because it combines DynamoDB encryption at rest with a customer-managed KMS CMK and uses an IAM role policy with an encryption context condition. This ensures that only specific IAM roles can access the table, and the encryption context condition ties the KMS key usage to the table, providing fine-grained access control with minimal operational overhead. The encryption context is automatically set by DynamoDB to the table ARN, so the condition key `kms:EncryptionContext:aws:dynamodb:tableName` can be used to restrict decryption to that specific table.

Exam trap

The trap here is that candidates often confuse key policies with IAM policies, thinking that a key policy alone can restrict table access, or they incorrectly assume DynamoDB supports resource-based policies like S3 bucket policies.

How to eliminate wrong answers

Option A is wrong because column-level encryption is not a feature of DynamoDB; it would require application-level encryption, adding operational overhead and not directly restricting IAM role access to the table. Option B is wrong because DynamoDB does not support resource-based policies; it uses IAM policies for access control, and attaching a resource-based policy is not possible. Option C is wrong because DAX is a caching layer, not a security mechanism; it does not enforce table-level access control, and attaching a resource-based policy to the table is still not supported.

Option E is wrong because a key policy on the CMK controls who can use the key for encryption/decryption, but it does not directly control access to the DynamoDB table itself; IAM policies are needed for table access.

858
Multi-Selectmedium

Which THREE factors should be considered when selecting a database for a time-series workload (e.g., IoT sensor data) that requires high write throughput and efficient data retention?

Select 3 answers
A.Normalize the schema to reduce data duplication.
B.Use Amazon RDS Proxy to manage database connections.
C.Configure automatic data expiration using TTL (Time-to-Live).
D.Partition the table by time intervals (e.g., hourly or daily).
E.Use Amazon Timestream for its built-in time-series optimizations.
AnswersC, D, E

TTL automates data retention.

Why this answer

Options A, C, and D are correct. Amazon Timestream is purpose-built for time-series data and supports data retention policies. Partitioning by time in a relational database can improve query performance.

Configuring automatic data expiration using TTL is essential for managing data lifecycle. Option B (normalization) is not typically beneficial for time-series workloads as it can degrade write performance. Option E (using Amazon RDS Proxy) is for connection pooling, not specific to time-series.

859
Multi-Selecteasy

A company uses an Amazon RDS for MySQL DB instance that needs to be accessed by a Lambda function. Which TWO steps should be taken to ensure secure access?

Select 2 answers
A.Create an IAM role for the Lambda function with permissions to use RDS IAM database authentication.
B.Place the Lambda function in the same VPC as the RDS instance to avoid traversing the internet.
C.Store the database credentials in the Lambda environment variables.
D.Use the database master user account for the Lambda function.
E.Attach a NAT gateway to the Lambda function's VPC for outbound internet access.
AnswersA, B

IAM database authentication allows passwordless access using IAM roles.

Why this answer

Options B and D are correct. Placing the Lambda function in the same VPC and using an IAM role with least privilege are security best practices. Option A is wrong because storing credentials in Lambda environment variables is not secure.

Option C is wrong because using the database master user for Lambda is insecure. Option E is wrong because a NAT gateway is not needed for RDS access within the same VPC.

860
MCQhard

A company is using Amazon DynamoDB with Auto Scaling enabled. During a flash sale, write traffic spikes and the application experiences ProvisionedThroughputExceededException errors. The DynamoDB table has provisioned write capacity of 1000 WCU and Auto Scaling is set to scale between 1000 and 10000 WCU. What is the most likely cause of the throttling?

A.Auto Scaling cannot react quickly enough to sudden traffic spikes.
B.The DynamoDB table has insufficient partitions to handle the traffic.
C.The table's burst capacity is exhausted and Auto Scaling has not yet increased capacity.
D.The Auto Scaling policy has a maximum WCU limit that is too low.
AnswerA

Auto Scaling adjusts capacity based on CloudWatch metrics with a delay.

Why this answer

Option D is correct because Auto Scaling reacts to actual consumption, but there is a lag; sudden spikes throttle before capacity increases. Option A is wrong because Auto Scaling does not have a maximum limit issue. Option B is wrong because throttling is due to write capacity, not partitioning.

Option C is wrong because burst capacity is limited; sustained spikes require pre-warming or use of on-demand.

861
MCQeasy

A startup is building a real-time leaderboard for a mobile game using Amazon DynamoDB. The leaderboard must update frequently and support global access with low latency. Which database design approach is most suitable?

A.Use Amazon DynamoDB global tables with appropriate partition key design.
B.Use Amazon ElastiCache for Redis with replication across Regions.
C.Use Amazon Aurora Global Database with a single writer and multiple readers.
D.Use Amazon S3 with event notifications to update a leaderboard file.
AnswerA

Provides low-latency global access and high throughput.

Why this answer

Amazon DynamoDB global tables provide multi-Region, fully managed, multi-master replication, which is ideal for a real-time leaderboard requiring frequent updates and low-latency global access. By designing an appropriate partition key (e.g., game ID or time-based composite key), you can distribute write traffic evenly and avoid hot partitions, ensuring consistent performance under high update frequency.

Exam trap

The trap here is that candidates often assume a caching layer like ElastiCache is always the best for low-latency global access, but they overlook the need for multi-Region write capability and the inherent limitations of Redis cross-Region replication for high-frequency updates.

How to eliminate wrong answers

Option B is wrong because Amazon ElastiCache for Redis with replication across Regions is not natively multi-master; cross-Region replication requires additional tooling (e.g., Global Datastore for Redis) and does not offer the same strong consistency or automatic conflict resolution as DynamoDB global tables for frequent writes. Option C is wrong because Amazon Aurora Global Database is designed for relational workloads with a single writer and multiple readers, which cannot handle the high-velocity, concurrent writes required by a real-time leaderboard without introducing write bottlenecks and latency. Option D is wrong because Amazon S3 with event notifications is not a real-time database; it introduces significant latency for updates and lacks the low-latency query capabilities needed for a live leaderboard, making it unsuitable for frequent updates and global access.

862
MCQmedium

An IoT company ingests sensor data into Amazon DynamoDB. The data has a partition key of device_id and sort key of timestamp. Queries often filter by device_id and a date range. Which design pattern improves query performance and reduces cost?

A.Use DynamoDB Time to Live (TTL) to expire old data
B.Create a local secondary index on device_id and timestamp
C.Enable DynamoDB Accelerator (DAX)
D.Create a global secondary index on timestamp
AnswerB

LSI allows efficient querying by device_id and sort key.

Why this answer

Option B is correct because a local secondary index (LSI) on device_id and timestamp allows efficient querying by device_id and a date range without scanning the entire table. Since the base table already uses device_id as the partition key, the LSI shares the same partition key but provides an alternate sort key (timestamp), enabling range queries on timestamp for each device_id. This reduces read capacity consumption and improves latency by avoiding full table scans or expensive filter expressions.

Exam trap

The trap here is that candidates often confuse local secondary indexes (LSI) with global secondary indexes (GSI), assuming a GSI on timestamp alone is sufficient, but without device_id as a partition key in the index, the query cannot efficiently isolate a single device's data.

How to eliminate wrong answers

Option A is wrong because DynamoDB TTL only expires old data automatically to reduce storage costs, but it does not improve query performance for filtering by device_id and date range. Option C is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that speeds up read-heavy workloads, but it does not change the underlying query pattern or indexing; queries still require a full scan if no appropriate index exists. Option D is wrong because a global secondary index (GSI) on timestamp alone would not allow efficient filtering by device_id, as the GSI's partition key would be timestamp, forcing a scan across all devices to find a specific device_id.

863
MCQhard

A company runs a time-series application on Amazon RDS for PostgreSQL. The table 'events' has 500 million rows and is queried by event_time and event_type. Queries for the last hour are slow despite indexing. Which design change would most improve query performance?

A.Add a composite index on (event_type, event_time)
B.Partition the table by month using PostgreSQL declarative partitioning
C.Migrate to Amazon DynamoDB with TTL
D.Upgrade to a larger RDS instance
AnswerB

Partition pruning limits scans to relevant partitions.

Why this answer

Option B is correct because partitioning the 'events' table by month using PostgreSQL declarative partitioning allows the query planner to prune partitions that do not contain data for the last hour. This dramatically reduces the number of rows scanned, even with a large table of 500 million rows, and directly addresses the slow query performance for time-range queries. Indexing alone cannot overcome the overhead of scanning a massive monolithic table for a narrow time window.

Exam trap

The trap here is that candidates often assume adding a composite index is sufficient for all query patterns, but for time-series data with a large table and narrow time-range queries, partition pruning provides a far more significant reduction in scanned data than any index can achieve.

How to eliminate wrong answers

Option A is wrong because adding a composite index on (event_type, event_time) may improve some queries but does not solve the fundamental problem of scanning a 500-million-row table for a one-hour time range; the index still has to traverse a large B-tree and fetch rows from the heap, leading to significant I/O. Option C is wrong because migrating to DynamoDB with TTL is designed for automatic item expiration, not for improving query performance on time-series data; DynamoDB lacks native time-range query optimization like partition pruning and would require careful design of partition keys and secondary indexes to avoid hot partitions. Option D is wrong because upgrading to a larger RDS instance provides more CPU and memory but does not change the fact that queries must scan the entire table or a large index; it is a vertical scaling approach that does not address the architectural inefficiency of a monolithic table for time-based queries.

864
Multi-Selecthard

A company is migrating an on-premises MongoDB database to Amazon DocumentDB. The migration must have minimal downtime. Which THREE steps should be taken? (Choose three.)

Select 3 answers
A.Use AWS Snowball Edge to transfer initial data.
B.Create an Amazon DocumentDB cluster as the target.
C.Use AWS DMS to perform a full load and then ongoing replication.
D.Shard the DocumentDB cluster across multiple regions.
E.Configure the source MongoDB to send oplog events to DMS.
AnswersB, C, E

DocumentDB is the target for migration.

Why this answer

Option A is correct because DocumentDB supports MongoDB compatibility and can be used as target. Option B is correct because AWS DMS supports MongoDB to DocumentDB migration with ongoing replication. Option C is correct because setting up replication from the source reduces downtime.

Option D is wrong because sharding adds complexity. Option E is wrong because AWS Snowball is for offline data transfer, not minimal downtime.

865
MCQmedium

A company runs an Oracle database on Amazon RDS. The database is used by multiple applications, and the company needs to capture all data modification language (DML) changes for auditing. Which solution should be used?

A.Use AWS CloudTrail to capture database events.
B.Enable Oracle Flashback and store the flashback logs.
C.Install Oracle Audit Vault on the RDS instance.
D.Use AWS DMS with change data capture (CDC) to stream changes to Amazon S3.
AnswerD

DMS CDC captures DML changes and can write to S3.

Why this answer

Option D is correct because AWS DMS with CDC and stream to S3 allows capturing DML changes and storing them for auditing. Option A is wrong because RDS does not support Oracle Flashback. Option B is wrong because RDS does not support Oracle Audit Vault.

Option C is wrong because CloudTrail does not capture database-level DML.

866
MCQhard

An administrator is setting up an AWS DMS replication instance and attaches the IAM policy shown in the exhibit. The administrator receives an error that the replication instance cannot be created. Which missing permission is the MOST likely cause?

A.ec2:DescribeVpcPeeringConnections
B.ec2:DescribeSecurityGroups
C.ec2:CreateNetworkInterfacePermission
D.dms:CreateReplicationInstance
AnswerB

DMS needs to describe security groups to attach to the replication instance.

Why this answer

Option C is correct because DMS replication instances require permission to describe security groups to validate network configuration. Option A is wrong because the policy already includes ec2:CreateNetworkInterface. Option B is wrong because ec2:DescribeVpcs is already present.

Option D is wrong because dms:CreateReplicationInstance is missing, but the error is about replication instance creation, not tasks; however, the most specific missing permission is ec2:DescribeSecurityGroups.

867
Multi-Selecthard

A company runs a critical Oracle database on Amazon RDS. They need to implement a disaster recovery strategy that provides the lowest possible recovery point objective (RPO) and recovery time objective (RTO) across AWS Regions. Which TWO actions should they take? (Choose two.)

Select 2 answers
A.Configure cross-Region automated backups to copy backups to another Region.
B.Configure an AWS DMS task to replicate data from the primary RDS Oracle instance to an RDS Oracle instance in another Region.
C.Enable Multi-AZ on the primary RDS instance.
D.Create a cross-Region read replica of the Oracle DB instance.
E.Use Amazon Aurora Global Database to replicate data across Regions.
AnswersA, B

Cross-Region automated backups provide an RPO of a few minutes and allow restore in the secondary Region.

Why this answer

To achieve cross-Region DR with low RPO/RTO, you can use an AWS DMS task with ongoing replication to an RDS instance in another Region. Additionally, you can enable Multi-AZ in the primary Region for high availability, but that doesn't provide cross-Region DR. Option C (cross-Region read replica) is not supported for Oracle.

Option D (Cross-Region automated backups) is supported and provides RPO of a few minutes. Option E (Aurora Global Database) is for Aurora, not Oracle. The correct combination is: Option A (DMS) and Option D (Cross-Region backup restore).

However, DMS provides continuous replication (low RPO) and Option D provides automated backups that can be restored in another Region (low RTO if restored). But Option A alone is not sufficient for RTO; you need a standby instance. The best answer is to use DMS for replication to a standby RDS instance in the secondary Region and use Cross-Region automated backups for additional protection.

But the question asks for TWO actions. Option A + Option D is valid. Option B (Multi-AZ) is for HA within a Region.

Option C is not supported. Option E is for Aurora. So A and D.

868
MCQhard

An IAM role with the above trust policy is created. The role is then attached to an EC2 instance. The application on the EC2 instance tries to create an RDS DB instance using the AWS SDK. What will happen?

A.The call will fail because the role's permissions policy does not allow rds:CreateDBInstance
B.The call will succeed because the trust policy grants permissions to EC2
C.The call will succeed because the trust policy allows EC2 to create RDS instances
D.The call will fail because the trust policy does not include the RDS service
AnswerA

The role needs a permissions policy allowing the action.

Why this answer

The trust policy allows the EC2 service to assume the role, but the IAM policy attached to the role (not shown) must also allow rds:CreateDBInstance. The trust policy alone does not grant permissions; it only allows the service to assume the role. The actual permissions come from the role's permissions policy.

Without that, the call will fail. Option B is incorrect because the trust policy is valid for EC2. Option C is incorrect because trust policy does not grant permissions.

Option D is incorrect because the trust policy is correct.

869
Multi-Selectmedium

A company is migrating a 2 TB SQL Server database to Amazon RDS for SQL Server. They have a limited maintenance window and need to minimize downtime. Which TWO strategies should they combine?

Select 2 answers
A.Use AWS DMS to perform a full load and ongoing replication.
B.Use AWS Direct Connect to increase bandwidth.
C.Use AWS SCT to convert the schema and assess compatibility.
D.Use AWS CloudEndure Migration.
E.Use AWS Snowball to transfer a backup offline.
AnswersA, C

DMS enables near-zero downtime migration.

Why this answer

Using DMS for full load and ongoing replication minimizes downtime. AWS SCT is needed to convert schema if there are incompatibilities. Snowball is for offline transfer, but with 2 TB and limited time, DMS online is better.

Direct Connect improves network but is not a migration strategy. CloudEndure is for server migration.

870
MCQeasy

A company wants to encrypt data at rest for an existing Amazon RDS for MySQL DB instance. The database is currently unencrypted. What is the most efficient way to enable encryption?

A.Enable encryption on the existing DB instance by modifying the parameter group.
B.Create a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the DB instance from the encrypted snapshot.
C.Use AWS KMS to automatically encrypt the DB instance.
D.Modify the DB instance and enable encryption from the RDS console.
AnswerB

This is the standard procedure to encrypt an unencrypted RDS instance.

Why this answer

Option B is correct because RDS does not support enabling encryption on an existing unencrypted DB instance directly. You must create a snapshot, copy it with encryption enabled, and restore from that encrypted snapshot. Option A is incorrect because you cannot modify the DB instance to enable encryption.

Option C is incorrect because AWS KMS does not automatically encrypt the DB instance. Option D is incorrect because you cannot directly configure encryption on the existing instance.

871
MCQeasy

A company uses Amazon DynamoDB as a session store for a web application. The application uses a TTL attribute to expire old sessions. The company noticed that expired sessions are not being deleted promptly, causing the table size to grow and increasing costs. The TTL attribute is defined as 'expire_time' with a Unix epoch timestamp. The database specialist verified that TTL is enabled. What should the specialist do to ensure expired sessions are deleted in a timely manner?

A.Change the TTL attribute type to String format.
B.Increase the provisioned write capacity on the table to allow TTL to delete items faster.
C.Configure the 'ttl_deletion_lag' parameter to a lower value.
D.Create an AWS Lambda function that scans the table and deletes expired items.
AnswerB

TTL deletion uses write capacity; increasing it speeds up deletion.

Why this answer

Option C is correct because TTL deletion can be delayed if the table has a high write rate; increasing provisioned write capacity can speed up the deletion process. Option A is wrong because DynamoDB does not have a 'ttl_deletion_lag' parameter. Option B is wrong because TTL handles deletion automatically; a Lambda function is unnecessary.

Option D is wrong because the attribute type is correct (Number).

872
MCQhard

A company uses Amazon DynamoDB with on-demand capacity for a mobile application. During a marketing campaign, write traffic spikes to 10,000 writes per second for 5 minutes. The application experiences throttling after the first minute. The DynamoDB table has a single partition key. What should be done to prevent throttling in future campaigns?

A.Redesign the partition key to ensure write traffic is evenly distributed across partitions.
B.Enable DynamoDB Accelerator (DAX) to cache write requests.
C.Switch to provisioned capacity and increase write capacity units to 10,000.
D.Pre-warm the table by writing dummy data before the campaign.
AnswerA

Even distribution avoids hot partitions and prevents throttling at partition level.

Why this answer

Option B is correct because the issue is likely due to a hot partition caused by a single partition key. Option A is wrong because increasing read capacity does not help writes. Option C is wrong because on-demand capacity already handles large traffic, but throttling still occurs due to partition-level limits.

Option D is wrong because DAX is for caching reads, not writes.

873
MCQhard

A company is designing a multi-region active-active application that requires low-latency reads and writes across regions. The database must support conflict resolution. Which database should be used?

A.Amazon RDS Multi-AZ
B.Amazon DynamoDB Global Tables
C.Amazon Redshift
D.Amazon Aurora Global Database
AnswerB

DynamoDB global tables offer active-active replication with eventual consistency and conflict resolution.

Why this answer

Amazon DynamoDB Global Tables is the correct choice because it provides a fully managed, multi-region, multi-active database that replicates data across regions with eventual consistency, supporting low-latency reads and writes. It includes built-in conflict resolution using a last-writer-wins (LWW) mechanism based on timestamps, which meets the requirement for conflict resolution in an active-active architecture.

Exam trap

The trap here is that candidates often confuse Amazon Aurora Global Database with an active-active solution, but it is actually active-passive with a single write region, whereas DynamoDB Global Tables supports multi-region writes with automatic conflict resolution.

How to eliminate wrong answers

Option A is wrong because Amazon RDS Multi-AZ is a single-region, high-availability feature that provides a standby replica in a different Availability Zone, not multi-region active-active capability, and it does not support conflict resolution. Option C is wrong because Amazon Redshift is a data warehouse optimized for analytical queries, not low-latency transactional reads and writes across regions, and it lacks conflict resolution mechanisms. Option D is wrong because Amazon Aurora Global Database is designed for cross-region replication but supports only one primary region for writes (active-passive), not active-active, and it does not provide built-in conflict resolution for concurrent writes.

874
Matchingmedium

Match each AWS database migration tool/service to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Migrates databases to AWS with minimal downtime

Converts database schema and code to target engine

Physical device for large-scale data transfer

Continuous replication for ongoing changes

ETL service for preparing and transforming data

Why these pairings

Tools for migrating and transforming database workloads.

875
MCQeasy

A company is using Amazon DynamoDB with on-demand capacity mode. The application experiences occasional throttling during peak hours. The operations team wants to reduce throttling without changing the application code. What should they do?

A.Increase the read and write capacity units in the on-demand mode.
B.Switch to provisioned capacity mode and configure auto scaling.
C.Enable DynamoDB Accelerator (DAX) to cache reads.
D.Use DynamoDB global tables to distribute traffic across regions.
AnswerB

Provisioned capacity with auto scaling ensures adequate capacity for peak traffic.

Why this answer

Option B is correct because DynamoDB on-demand capacity mode does not allow manual adjustment of capacity units; it scales automatically but can still throttle if traffic exceeds the previous peak by a large margin. Switching to provisioned capacity mode with auto scaling allows you to set a higher minimum capacity and scale proactively based on actual usage patterns, reducing throttling without code changes. This approach gives more control over capacity limits while still automating adjustments.

Exam trap

The trap here is that candidates assume on-demand mode never throttles, but it can throttle during sudden traffic spikes that exceed the previous 30-minute peak, and they mistakenly think increasing capacity units is possible in on-demand mode.

How to eliminate wrong answers

Option A is wrong because on-demand mode does not have configurable read/write capacity units; it automatically adjusts capacity based on traffic, and you cannot increase them manually. Option C is wrong because DAX only caches reads, reducing read load on the table, but it does not address write throttling or the root cause of capacity limits; it also requires application code changes to use the DAX client. Option D is wrong because global tables replicate data across regions for disaster recovery and low-latency reads, but they do not reduce throttling in a single region; they add complexity and cost without solving the immediate capacity issue.

876
MCQmedium

An RDS DB instance has two security groups attached. Security group sg-12345678 allows inbound traffic on port 3306 from 0.0.0.0/0. Security group sg-87654321 allows inbound traffic on port 3306 from 10.0.0.0/16. What is the effective inbound access to the DB instance?

A.No IP addresses are allowed because the rules conflict.
B.Only the 0.0.0.0/0 range is allowed because sg-12345678 is more permissive.
C.Only the 10.0.0.0/16 range is allowed because sg-87654321 is more restrictive.
D.All IP addresses (0.0.0.0/0) are allowed to connect.
AnswerD

Since sg-12345678 allows all traffic, any IP can connect.

Why this answer

Option C is correct. Security group rules are evaluated together; the most permissive rule applies. Since sg-12345678 allows all IPs, the effective access is from 0.0.0.0/0.

Option A is wrong because both groups apply. Option B is wrong because the more permissive rule dominates. Option D is wrong because there is no override of the more permissive rule.

877
MCQhard

A financial services company runs a critical PostgreSQL database on Amazon RDS. The DBA needs to ensure that any database failover is detected within 30 seconds. Which monitoring approach should be used to meet this requirement?

A.Subscribe to RDS Event Notifications and create an SNS topic for 'failover' events.
B.Create a CloudWatch alarm on the 'DatabaseConnections' metric with a 1-minute evaluation period.
C.Use Enhanced Monitoring to monitor the 'engine' process status every second.
D.Enable CloudTrail and monitor the 'FailoverDBCluster' API call.
AnswerA

Event notifications are near real-time and can trigger actions within seconds.

Why this answer

Option C is correct because Amazon RDS Event Notifications for 'failover' events are delivered within seconds. Option A is wrong because CloudWatch metric 'DatabaseConnections' dropping to zero may indicate failover but the alarm evaluation period is typically 1 minute, causing delay. Option B is wrong because Enhanced Monitoring metrics have a granularity of 1 second but do not directly indicate failover.

Option D is wrong because CloudTrail logs API calls like FailoverDBCluster but these are not real-time, often with minutes delay.

878
MCQhard

A company runs an e-commerce platform on Amazon RDS for MySQL with a Multi-AZ deployment. The database has a table 'orders' with 50 million rows. During Black Friday sales, the application experiences severe slowdowns. Analysis shows that the CPU utilization is at 90% and there are many slow queries that perform full table scans on the 'orders' table. The development team has already added indexes on the most queried columns, but the problem persists. The database specialist suspects that the issue is not solely due to missing indexes. They notice that the queries often filter on a combination of 'order_date', 'customer_id', and 'status', and that the data distribution is heavily skewed: 80% of orders are 'completed' status. The 'order_date' range is typically the last 30 days. What should the database specialist do to improve query performance?

A.Partition the 'orders' table by 'status' and 'order_date' and create covering indexes on common query patterns.
B.Create multiple read replicas and distribute read traffic.
C.Implement an in-memory caching layer using Amazon ElastiCache for frequently accessed data.
D.Upgrade the RDS instance to a larger instance class with more vCPUs and memory.
AnswerA

Partitioning reduces the data scanned, and covering indexes speed up queries without accessing the table.

Why this answer

Option D is correct because partitioning the table by 'status' and 'order_date' can significantly reduce the amount of data scanned, as queries often filter on these columns. In addition, using a covering index can avoid lookups. Option A (vertical scaling) provides temporary relief but does not address the root cause.

Option B (read replicas) offloads read traffic but does not fix the slow queries themselves. Option C (cache layer) can help with repeated queries but not with ad-hoc analytical queries that still scan large datasets.

879
MCQeasy

A security auditor reviews the output of a DynamoDB table description command as shown in the exhibit. Which statement accurately describes the encryption configuration of the Users table?

A.The table is encrypted using an AWS managed KMS key.
B.The table uses server-side encryption with an S3 managed key.
C.The table is not encrypted at rest.
D.The table is encrypted using a customer managed KMS key.
AnswerD

The output shows a specific KMS key ARN, indicating a customer managed key.

Why this answer

Option B is correct. The output shows SSEDescription with Status ENABLED, SSEType KMS, and a KMSMasterKeyArn, indicating that the table is encrypted using a customer-managed KMS key. Option A is incorrect because the key ARN is a customer managed key, not an AWS managed key.

Option C is incorrect because the status is ENABLED. Option D is incorrect because the table is encrypted.

880
MCQhard

A gaming company uses Amazon DynamoDB to store player scores. The table has a partition key of 'game_id' and a sort key of 'player_id'. The application needs to retrieve the top 10 players for a given game_id based on score (stored as an attribute). The game_id has high cardinality. The team wants to avoid full table scans. Which design pattern is MOST efficient?

A.Query the table by game_id and sort the results in the application
B.Use a Scan operation with a filter expression and limit 10
C.Create a local secondary index with partition key game_id and sort key score
D.Create a global secondary index with partition key game_id and sort key score
AnswerD

Query the GSI with ScanIndexForward=false and limit 10 for fast retrieval.

Why this answer

DynamoDB does not support ORDER BY on non-key attributes. To efficiently retrieve top scores, a global secondary index (GSI) with game_id as partition key and score as sort key allows descending queries. Option B is wrong because using scan with limit is inefficient.

Option C is wrong because reading all items in the game partition and sorting in application is costly. Option D is wrong because a local secondary index (LSI) would require the same partition key but cannot have a different sort key if the table's sort key is player_id; also LSIs have size limits.

881
Multi-Selectmedium

A company is using Amazon RDS for MySQL and needs to monitor for slow queries. Which TWO AWS services can be used to capture and analyze slow query logs? (Choose TWO.)

Select 2 answers
A.Amazon S3
B.Amazon RDS Performance Insights
C.AWS Config
D.AWS CloudTrail
E.Amazon CloudWatch Logs
AnswersB, E

Performance Insights can help identify slow queries by analyzing database load.

Why this answer

Options A and C are correct because CloudWatch Logs can be used to stream RDS logs, and Performance Insights can help identify slow queries. Option B is wrong because CloudTrail records API calls, not database logs. Option D is wrong because S3 is a storage service, not a monitoring service.

Option E is wrong because Config records configuration changes.

882
MCQeasy

A company is designing a multi-tier application that uses Amazon RDS for PostgreSQL. The application must encrypt data at rest and in transit. Which combination of steps should be taken to meet these requirements? (Choose the single best answer.)

A.Use client-side encryption for data before sending to RDS, and enable encryption at rest after the instance is created.
B.Enable encryption at rest when launching the RDS instance, and configure the DB parameter group to require SSL connections.
C.Launch the RDS instance without encryption, then enable encryption at rest using the AWS Console.
D.Use AWS KMS to encrypt the connection between the application and RDS.
AnswerB

Encryption at rest is enabled at creation; SSL enforcement ensures encryption in transit.

Why this answer

Option B is correct because Amazon RDS for PostgreSQL supports encryption at rest only when enabled at instance launch, and SSL/TLS encryption in transit is enforced by configuring the DB parameter group to require SSL connections (e.g., setting `rds.force_ssl=1`). Encryption at rest cannot be added after creation, and SSL ensures data is encrypted between the application and the database.

Exam trap

The trap here is that candidates assume encryption at rest can be enabled after launch (like modifying an EBS volume) or that KMS alone handles in-transit encryption, but RDS requires upfront planning for at-rest encryption and explicit SSL configuration for transit.

How to eliminate wrong answers

Option A is wrong because client-side encryption does not protect data in transit between the application and RDS, and encryption at rest cannot be enabled after the instance is created—it must be specified at launch. Option C is wrong because encryption at rest cannot be enabled on an existing unencrypted RDS instance; you must migrate to a new encrypted instance. Option D is wrong because AWS KMS is used for managing encryption keys, not for encrypting network connections; SSL/TLS is the correct mechanism for encryption in transit.

883
Multi-Selectmedium

A company uses Amazon DynamoDB for a gaming application. During a new game launch, the application experiences high latency and throttling on a table with a partition key of 'user_id' and a sort key of 'timestamp'. The access pattern is to query recent items for a given user. Which TWO design changes can improve performance?

Select 2 answers
A.Use strongly consistent reads for all queries.
B.Use a composite key with 'game_id' as partition key and 'timestamp' as sort key.
C.Add a Global Secondary Index (GSI) with a different partition key.
D.Increase the provisioned read capacity for the table.
E.Enable DynamoDB Accelerator (DAX) to cache write operations.
AnswersB, C

A better partition key (game_id) can distribute writes evenly.

Why this answer

Option A is correct because using a Global Secondary Index (GSI) with a different key can distribute traffic. Option D is correct because adding a GSI with 'game_id' as partition key can distribute writes if 'game_id' has high cardinality. Option B is wrong because increasing read capacity doesn't solve hot partition issues.

Option C is wrong because simple queries are fine. Option E is wrong because DAX caches reads, not writes.

884
Multi-Selecthard

Which THREE design patterns are commonly used to optimize DynamoDB performance for write-heavy workloads?

Select 3 answers
A.Using DynamoDB adaptive capacity to handle unbalanced access patterns.
B.Using sparse indexes on rarely accessed attributes.
C.Batch writes using BatchWriteItem.
D.Write sharding using a random suffix on the partition key.
E.Using global tables to distribute writes across regions.
AnswersA, C, D

Adaptive capacity automatically rebalances partitions to handle hot spots.

Why this answer

Option A is correct because write sharding distributes writes evenly. Option C is correct because batching reduces API calls. Option E is correct because adaptive capacity helps handle uneven access patterns.

Option B is wrong because global tables are for multi-region replication, not write optimization. Option D is wrong because sparse indexes are for read optimization.

885
MCQeasy

What is the purpose of the 'TimeToLiveSpecification' in this template?

A.It enables DynamoDB to automatically delete items after the specified timestamp
B.It enforces that the 'expire_time' attribute must be unique
C.It automatically updates the 'expire_time' attribute when an item is read
D.It creates a backup of items that have expired
AnswerA

TTL deletes items when the timestamp is reached.

Why this answer

The 'TimeToLiveSpecification' in an AWS DynamoDB CloudFormation template enables DynamoDB's Time to Live (TTL) feature, which automatically deletes items when the current time exceeds the epoch timestamp value stored in the specified attribute (e.g., 'expire_time'). This is a cost-effective way to manage data retention without requiring custom delete logic or additional write capacity.

Exam trap

The trap here is that candidates confuse TTL with a feature that actively manages or updates timestamps, when in reality TTL is a passive, background deletion mechanism that only reads the existing attribute value and never modifies it.

How to eliminate wrong answers

Option B is wrong because TTL does not enforce uniqueness on the 'expire_time' attribute; DynamoDB only uses the attribute's value to determine expiration, and multiple items can share the same timestamp. Option C is wrong because TTL never automatically updates the 'expire_time' attribute when an item is read; it is a passive deletion mechanism based solely on the stored timestamp. Option D is wrong because TTL does not create backups of expired items; expired items are permanently deleted within 48 hours of expiration, and you must use DynamoDB Streams or separate backup mechanisms to capture them before deletion.

886
MCQmedium

A company is migrating an on-premises MongoDB database to AWS. The database stores JSON documents for a content management system. The workload requires read-after-write consistency and automatic scaling. Which AWS database service is MOST appropriate?

A.Amazon ElastiCache for Redis
B.Amazon DynamoDB
C.Amazon RDS for PostgreSQL
D.Amazon DocumentDB
AnswerD

DocumentDB is MongoDB-compatible, provides read-after-write consistency, and scales automatically.

Why this answer

Amazon DocumentDB is the most appropriate choice because it is a fully managed, MongoDB-compatible document database that natively stores JSON documents, supports read-after-write consistency via its default session consistency model, and provides automatic scaling of storage (up to 64 TB) and compute resources. It directly replaces on-premises MongoDB workloads without requiring schema changes or application rewrites, making it ideal for a content management system.

Exam trap

The trap here is that candidates often choose DynamoDB (Option B) because it is a NoSQL document database with automatic scaling, but they overlook the requirement for MongoDB compatibility and read-after-write consistency, which DynamoDB does not provide by default and requires additional configuration, whereas DocumentDB is purpose-built for MongoDB workloads with strong consistency out of the box.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis is an in-memory key-value store, not a document database; it does not natively support JSON document storage with MongoDB-compatible querying, and its eventual consistency model (with optional strong consistency via WAIT command) is not designed for persistent, read-after-write consistent document workloads. Option B is wrong because Amazon DynamoDB is a key-value and document database but uses a different API and consistency model (eventually consistent reads by default, with strongly consistent reads available at additional cost); it lacks MongoDB wire protocol compatibility, requiring application refactoring. Option C is wrong because Amazon RDS for PostgreSQL is a relational database that stores data in tables with a fixed schema, not as JSON documents; while it supports JSONB, it does not provide MongoDB-compatible APIs or automatic scaling of storage without manual intervention, and it requires schema migration from MongoDB's document model.

887
MCQeasy

A developer needs to grant an IAM user the ability to perform all operations on an Amazon RDS DB instance except the ability to delete it. Which IAM policy action should be explicitly denied?

A.rds:RebootDBInstance
B.rds:StopDBInstance
C.rds:ModifyDBInstance
D.rds:DeleteDBInstance
AnswerD

Explicitly denying this action prevents deletion.

Why this answer

To prevent deletion, you must explicitly deny the rds:DeleteDBInstance action. Option A is wrong because rds:ModifyDBInstance does not delete. Option C is wrong because rds:StopDBInstance does not delete.

Option D is wrong because rds:RebootDBInstance does not delete.

888
MCQmedium

A company is running an Amazon RDS for MySQL database. The application team reports that the database is slow. Upon investigation, you notice that the DB instance's CPU utilization is consistently above 90%. Which initial troubleshooting step should you take?

A.Increase the DB instance size to improve performance.
B.Enable Enhanced Monitoring to identify the source of high CPU usage.
C.Delete the slow query logs to reduce I/O.
D.Change the storage type from General Purpose (gp2) to Provisioned IOPS (io1).
AnswerB

Enhanced Monitoring provides OS-level metrics to diagnose CPU bottlenecks.

Why this answer

Option B is correct because enabling Enhanced Monitoring provides OS-level metrics that can help identify resource bottlenecks. Option A is wrong because increasing instance size without diagnosis may not address the root cause. Option C is wrong because switching storage type does not reduce CPU load.

Option D is wrong because deleting slow query logs removes diagnostic data.

889
MCQmedium

A company is running a MongoDB-compatible workload on Amazon DocumentDB. They are experiencing high write latency during peak hours. The current cluster has one instance (db.r5.large) with 100 GB storage. Which change is most likely to improve write performance?

A.Increase storage to 500 GB
B.Enable Multi-AZ deployment
C.Increase the instance size to db.r5.xlarge
D.Add a read replica in a different Availability Zone
AnswerC

A larger instance provides more CPU and memory, which can improve write performance.

Why this answer

DocumentDB writes are handled by the primary instance. Since the instance is r5.large, increasing instance size provides more CPU and memory, improving write throughput. Adding read replicas does not help writes.

Scaling storage does not directly improve write latency. Enabling Multi-AZ adds a standby but does not improve write performance.

890
MCQmedium

A company is using Amazon DynamoDB with a global table. The security team requires that all data be encrypted at rest using a customer-managed KMS key. The table was originally created with AWS managed key encryption. The company wants to switch to a customer-managed key without downtime. What should they do?

A.Use the UpdateTable API to change the KMS key to the customer-managed key.
B.Enable DynamoDB Streams on the old table and use a Lambda function to copy data to a new table with the customer-managed key.
C.Create a new replica in the global table with the customer-managed key and then delete the old replica.
D.Create a new table with the customer-managed key, export the data from the old table using AWS Data Pipeline, and import into the new table.
AnswerD

This avoids downtime if done carefully, but there is no direct migration tool; however, it is the only way.

Why this answer

Option C is correct because you cannot modify the encryption key of an existing DynamoDB table. You must create a new table with the desired key and migrate data. Option A is not possible.

Option B does not work for global tables? Actually, for global tables, you can update the encryption key? No, it's not supported. Option D is the correct process.

891
MCQeasy

A startup is building a social media application that needs to store user profiles, posts, comments, and likes. The data is highly interconnected, and the team wants to query relationships efficiently, such as 'find all friends of a user who liked a post'. Which database service is best suited for this workload?

A.Amazon ElastiCache for Redis
B.Amazon DynamoDB
C.Amazon RDS for PostgreSQL
D.Amazon Neptune
AnswerD

Neptune is a graph database built for relationship queries.

Why this answer

Amazon Neptune is a graph database designed for highly connected data, making it ideal for social graphs. Option A (DynamoDB) is wrong because it is a key-value/document database that requires additional application logic for graph queries. Option B (RDS) is wrong because relational databases can model graphs but are less efficient for deep relationship queries.

Option D (ElastiCache) is wrong because it is a cache, not a primary database.

892
MCQhard

A company wants to enforce that all new Amazon RDS DB instances are created with encryption at rest enabled. Which approach should be taken?

A.Use an IAM policy that denies the rds:CreateDBInstance action unless rds:StorageEncrypted is set to true.
B.Use AWS CloudTrail to detect unencrypted instance creation and automatically delete them.
C.Use AWS Config rules to mark unencrypted instances as noncompliant.
D.Enable encryption by default in the RDS console.
AnswerA

This preventive control enforces encryption at creation time via IAM conditions.

Why this answer

Option B is correct because an IAM policy with a condition on rds:StorageEncrypted can deny creation of unencrypted instances. Option A is wrong because CloudWatch Events can trigger a remediation Lambda but does not prevent creation. Option C is wrong because AWS Config can detect noncompliant instances but does not enforce at creation time.

Option D is wrong because RDS does not have a default encryption setting at the account level.

893
MCQeasy

A developer reports that an Amazon RDS for MySQL DB instance is experiencing high CPU utilization. You suspect a specific query is causing the issue. Which CloudWatch metric should you examine to confirm this?

A.CPUUtilization
B.DatabaseConnections
C.ReadLatency
D.FreeableMemory
AnswerA

CPUUtilization directly measures CPU usage.

Why this answer

The 'CPUUtilization' metric directly measures CPU usage. Options A, B, and D are not metrics that indicate CPU usage.

894
MCQmedium

A company is migrating a 500 GB on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The migration must have minimal downtime and support ongoing replication after the initial load. The network link has limited bandwidth, and the company wants to avoid costly data transfer fees. Which approach should be used?

A.Use AWS DMS with ongoing replication (CDC) from the start.
B.Use AWS Database Migration Service (DMS) with a full load only, then cut over.
C.Use pg_dump to export the database and pg_restore to import into RDS.
D.Use AWS Snowball Edge to transfer the database files, then load into RDS.
AnswerA

CDC captures changes continuously, minimizing downtime and supporting ongoing sync.

Why this answer

AWS DMS with ongoing replication (CDC) enables a full load followed by continuous change data capture, which meets the requirements of minimal downtime and ongoing replication. DMS compresses data in transit and can throttle network usage, helping to manage limited bandwidth and avoid costly data transfer fees by using the existing network link efficiently.

Exam trap

The trap here is that candidates often assume Snowball Edge is always the best choice for large databases to avoid bandwidth costs, but for 500 GB and the need for ongoing replication, DMS with CDC is more appropriate and cost-effective.

How to eliminate wrong answers

Option B is wrong because a full load only does not support ongoing replication after the initial load, so changes made during the migration would be lost, requiring downtime for a final cutover. Option C is wrong because pg_dump and pg_restore are offline tools that require the source database to be stopped or made read-only during the export, causing significant downtime and no ongoing replication capability. Option D is wrong because AWS Snowball Edge is designed for large-scale offline data transfer (typically >10 TB) and would introduce unnecessary latency and complexity for a 500 GB database, plus it does not support ongoing replication after the data is loaded.

895
MCQhard

A company is designing a multi-tenant application using Amazon Aurora MySQL. Each tenant's data must be isolated from others. They need to encrypt data at rest with a unique AWS KMS key per tenant. How can this be achieved?

A.Create separate databases within the same Aurora cluster and assign a different KMS key to each database.
B.Use client-side encryption with different KMS keys per tenant before inserting data into the database.
C.Use a single Aurora cluster with row-level encryption using different KMS keys per tenant.
D.Launch separate Aurora clusters for each tenant, each with its own KMS key for encryption at rest.
AnswerD

Each Aurora cluster can be encrypted with a different KMS key, providing per-tenant encryption at rest.

Why this answer

Option C is correct because Aurora MySQL does not support per-table or per-database encryption keys; encryption at rest is applied to the entire DB cluster using a single KMS key. Option A is wrong because RDS encryption is cluster-wide. Option B is wrong as it describes application-level encryption.

Option D is wrong because using separate clusters per tenant is the only way to have per-tenant KMS keys, though it adds cost.

896
MCQmedium

A company is designing a database for an e-commerce platform that stores product catalog data. The catalog has frequent reads and occasional writes. The data is highly relational but the team wants the lowest possible latency for read queries. Which database service should they choose?

A.Amazon DocumentDB
B.Amazon RDS for PostgreSQL with read replicas
C.Amazon DynamoDB with DAX
D.Amazon ElastiCache for Redis
AnswerC

DAX provides in-memory acceleration for DynamoDB, delivering microsecond read latency.

Why this answer

DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB that provides microsecond read latency. While DynamoDB itself is NoSQL, DAX is used to speed up reads. RDS with read replicas can improve read performance but not to microsecond level.

ElastiCache could be used but requires more application logic. DocumentDB is a document database not optimized for microsecond reads.

897
MCQmedium

A company runs an Amazon DynamoDB table with on-demand capacity. They notice that a specific partition key receives a high volume of read requests, causing throttling for that partition. What is the BEST solution to distribute the load evenly?

A.Create a global secondary index with a different partition key.
B.Add a random suffix to the partition key values to increase partition cardinality.
C.Use DynamoDB Accelerator (DAX) to cache reads.
D.Switch the table to provisioned capacity with auto-scaling.
AnswerB

This spreads reads across multiple partitions, reducing hot spots.

Why this answer

Adding a suffix to the partition key to create multiple partitions distributes read load across partitions.

898
MCQmedium

A company wants to restrict access to an Amazon DynamoDB table so that only requests from a specific VPC endpoint are allowed. Which policy should be attached to the table?

A.A security group rule that allows traffic only from the VPC endpoint.
B.An IAM policy that denies access unless the request comes from the specific VPC.
C.A VPC endpoint policy that allows only the specific VPC endpoint to access the DynamoDB table.
D.An S3 bucket policy that references the DynamoDB table.
AnswerC

VPC endpoint policies can restrict access to specific resources and endpoints.

Why this answer

Option C is correct because a VPC endpoint policy can restrict access based on the source VPC endpoint. Option A is wrong because an IAM policy attached to a user would not restrict the source VPC. Option B is wrong because bucket policies are for S3.

Option D is wrong because security groups are for EC2 and RDS, not DynamoDB.

899
Multi-Selectmedium

A company is migrating an on-premises MongoDB database to Amazon DocumentDB. The database stores IoT sensor data with time-series characteristics. The application performs range queries on timestamp fields and updates recent documents frequently. Which THREE aspects of DocumentDB should the company consider to optimize performance for this workload? (Choose three.)

Select 3 answers
A.Use global secondary indexes to speed up queries on the timestamp field.
B.Implement sharding to distribute write load across multiple instances.
C.Enable a TTL index on the timestamp field to automatically delete old data.
D.Create a compound index on (device_id, timestamp) to support range queries.
E.Use a single large instance class to avoid sharding complexity.
AnswersB, C, D

Sharding helps scale writes by distributing data across shards.

Why this answer

Option B is correct because DocumentDB does not support native sharding like MongoDB; however, for workloads with high write throughput, you can distribute writes by using multiple DocumentDB instances and routing writes based on a shard key in the application layer. This helps avoid write bottlenecks on a single instance and scales write capacity horizontally.

Exam trap

The trap here is that candidates may assume DocumentDB supports sharding natively like MongoDB, but DocumentDB does not have built-in sharding; instead, you must implement application-level sharding or use multiple clusters to distribute write load.

900
Multi-Selecteasy

Which TWO actions are recommended when deploying an Amazon RDS for MySQL instance in a production environment to ensure high availability and durability? (Choose two.)

Select 2 answers
A.Enable Enhanced Monitoring
B.Enable automated backups with a retention period of at least 7 days
C.Enable Performance Insights
D.Enable deletion protection
E.Enable Multi-AZ deployment
AnswersB, E

Automated backups allow point-in-time recovery within the retention period.

Why this answer

Option A is correct because Multi-AZ provides automatic failover. Option D is correct because automated backups with a retention period enable point-in-time recovery. Option B is wrong because deletion protection is for accidental deletion, not high availability.

Option C is wrong because performance insights are for monitoring, not HA. Option E is wrong because enhanced monitoring is for metrics, not HA.

Page 11

Page 12 of 24

Page 13