AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 901975

1730 questions total · 24pages · All types, answers revealed

Page 12

Page 13 of 24

Page 14
901
MCQhard

A DBA runs the above AWS CLI command. The DB instance is an Amazon RDS for MySQL instance. The DBA needs to connect to the database from an EC2 instance in the same VPC but cannot connect. Which action should be taken first?

A.Verify that the DB instance endpoint resolves correctly from the EC2 instance.
B.Check the inbound rules of the security group for port 3306.
C.Enable encryption on the DB instance.
D.Check the DB instance status in the output.
AnswerB

Security group inbound rules control access to the DB instance.

Why this answer

Option D is correct because the VPC security group (sg-0123456789abcdef0) must allow inbound traffic on port 3306 (MySQL) from the EC2 instance's security group. Option A is wrong because the endpoint is correct. Option B is wrong because the instance is available.

Option C is wrong because encryption does not affect connectivity.

902
MCQeasy

A database administrator notices that an Amazon RDS for MySQL DB instance has experienced a failover during a maintenance window. What is the most likely cause of this failover?

A.The DB instance ran out of storage and automatically failed over
B.A read replica was promoted to a primary instance
C.A manual failover was initiated by the administrator
D.A system update was applied during the maintenance window, causing a reboot
AnswerD

RDS applies patches during maintenance windows; Multi-AZ instances may fail over to reduce downtime.

Why this answer

Option C is correct because the RDS maintenance window is used to apply system updates, which may require a reboot and failover if Multi-AZ is enabled. Option A is wrong because manual failover is initiated by the administrator. Option B is wrong because storage scaling does not cause failover.

Option D is wrong because read replica creation does not cause failover.

903
MCQeasy

A developer needs to deploy an Amazon RDS for MySQL DB instance that is accessible only from a specific EC2 instance in a VPC. Which configuration ensures this?

A.Use an IAM role to allow the EC2 instance to connect to the RDS instance
B.Enable public accessibility and assign a public IP to the RDS instance
C.Place RDS and EC2 in different subnets and configure a network ACL
D.Place the RDS instance in the same VPC as the EC2 instance and configure a security group inbound rule referencing the EC2 security group
AnswerD

This ensures traffic is allowed only from the specific EC2 security group.

Why this answer

Option C is correct because placing the RDS instance in the same VPC and using a security group that allows inbound traffic from the EC2 instance's security group ensures restricted access. Option A is wrong because public accessibility would expose the DB to the internet. Option B is wrong because a network ACL applies at subnet level, not instance level.

Option D is wrong because an IAM role does not control network access.

904
MCQmedium

A company has an Amazon RDS for SQL Server DB instance that stores financial data. The security team requires that all database activity be monitored in real-time for suspicious queries. Which AWS service should be used to meet this requirement?

A.AWS CloudTrail
B.AWS Security Hub
C.Amazon GuardDuty with RDS Protection
D.Amazon Inspector
AnswerC

GuardDuty RDS Protection monitors database activity for threats.

Why this answer

Option A is correct because Amazon GuardDuty with RDS Protection can monitor database activity for threats in real-time. Option B is wrong because AWS CloudTrail captures API calls, not SQL queries. Option C is wrong because Amazon Inspector is for vulnerability assessment.

Option D is wrong because Security Hub aggregates findings from other services.

905
Multi-Selecteasy

Which TWO of the following are valid methods to migrate an on-premises MySQL database to Amazon RDS for MySQL? (Select TWO.)

Select 2 answers
A.Use pg_dump to export the data and import into RDS.
B.Use AWS DMS to migrate from on-premises MySQL to RDS.
C.Use SQL Server Integration Services (SSIS) to migrate the data.
D.Use Oracle Data Pump to export the data and import into RDS.
E.Use mysqldump to export the database and import it into RDS.
AnswersB, E

DMS supports MySQL as source.

Why this answer

AWS DMS (Database Migration Service) is a fully managed service designed to migrate databases to AWS with minimal downtime. It supports homogeneous migrations like MySQL to Amazon RDS for MySQL, handling schema conversion, data replication, and ongoing changes via change data capture (CDC). This makes option B a valid and recommended method for migrating an on-premises MySQL database to RDS.

Exam trap

The trap here is that candidates may confuse database-specific tools (pg_dump for PostgreSQL, Oracle Data Pump for Oracle, SSIS for SQL Server) with MySQL-compatible tools, leading them to select options that are technically incorrect for migrating a MySQL database to Amazon RDS for MySQL.

906
MCQeasy

A company is deploying a new web application that uses Amazon RDS for MySQL. The application must be highly available across three Availability Zones with automatic failover. Which deployment configuration should be used?

A.Deploy Amazon RDS for MySQL in a Single-AZ configuration and use an Application Load Balancer.
B.Deploy Amazon Aurora MySQL with three Aurora Replicas in different Availability Zones.
C.Deploy Amazon RDS for MySQL with Multi-AZ and a standby instance in a different Availability Zone.
D.Deploy Amazon RDS for MySQL with Read Replicas in two additional Availability Zones.
AnswerB

Aurora with Replicas provides automatic failover and high availability across multiple AZs.

Why this answer

Option B is correct because a Multi-AZ deployment with a standby instance provides automatic failover, but only supports two Availability Zones (primary and standby). For three AZs, Amazon Aurora is needed. Option A is wrong because Aurora with three replicas provides high availability across three AZs.

Option C is wrong because Read Replicas are for read scaling, not automatic failover. Option D is wrong because a Single-AZ deployment is not highly available.

907
MCQmedium

Refer to the exhibit. An IAM policy is attached to an IAM role used by a Lambda function that writes to a DynamoDB table. The function also needs to read items from the table. What is the outcome of this policy?

A.The policy is invalid because it contains both Allow and Deny for the same table
B.The Lambda function can both read and write items
C.The Lambda function can write items but cannot read items
D.The Lambda function cannot perform any operations on the table
AnswerC

The Deny for GetItem overrides the Allow, so reads fail.

Why this answer

The IAM policy includes an explicit Deny for the `dynamodb:GetItem` action on the table, which overrides any Allow statements due to the explicit deny evaluation logic in AWS IAM. Since the Lambda function assumes a role with this policy, it is denied read access while the Allow for `dynamodb:PutItem` permits write operations. Therefore, the function can write but cannot read items from the DynamoDB table.

Exam trap

The trap here is that candidates often assume a single Allow statement grants all actions on a resource, overlooking that an explicit Deny for a specific action will block that action even if other actions are allowed.

How to eliminate wrong answers

Option A is wrong because a policy can contain both Allow and Deny for the same resource; this is valid and results in the Deny taking precedence. Option B is wrong because the explicit Deny on `dynamodb:GetItem` prevents read operations, so the function cannot both read and write. Option D is wrong because the Allow for `dynamodb:PutItem` is not overridden by any Deny, so write operations are permitted.

908
MCQhard

A media company stores video metadata in Amazon DynamoDB. The table has partition key 'video_id' and sort key 'upload_date'. The application frequently queries videos by 'category' and 'status'. The access pattern changes over time. Which design minimizes cost and maximizes query flexibility?

A.Create a single GSI with partition key 'category' and sort key 'status'
B.Create multiple GSIs with different partition keys to support various query patterns
C.Use DynamoDB Streams to replicate data to Amazon Elasticsearch Service
D.Redesign to a single DynamoDB table that aggregates all attributes into the partition key
AnswerB

Multiple GSIs provide query flexibility at the cost of additional storage, but DynamoDB allows up to 20 GSIs.

Why this answer

Option D is correct because DynamoDB supports multiple GSIs per table, allowing different access patterns. Option A (single GSI) is less flexible. Option B (stream to Elasticsearch) adds complexity and cost.

Option C (single table design) may not fit all patterns.

909
MCQeasy

A company has a 50 GB MariaDB database on an on-premises server. They want to migrate to Amazon RDS for MariaDB. They have a 100 Mbps network connection. The migration window is 2 hours. The database can be offline for up to 30 minutes. Which migration approach is most appropriate?

A.Use AWS DMS with ongoing replication.
B.Use AWS Snowball to transfer the database files.
C.Create a MariaDB dump, transfer to an EC2 instance in the same region, then import to RDS.
D.Use AWS SCT to convert schema and then use DMS.
AnswerC

Simple and within window; dump/import time ~20 minutes.

Why this answer

Option A is correct: creating a dump and importing is straightforward and can be done within the window. Option B is wrong because DMS may require more setup. Option C is wrong because Snowball is overkill.

Option D is wrong because SCT is for schema conversion, not needed here.

910
MCQmedium

A company has a production Amazon RDS for SQL Server database that stores financial data. The database administrator wants to audit all access to sensitive columns (e.g., credit card numbers) using the SQL Server Audit feature. The database is part of a Multi-AZ deployment. The administrator has enabled audit logging to the 'DEFAULT' file audit target, but the audit files are being written to the local instance storage and are not being retained after failover. The compliance team requires that audit logs be stored in Amazon S3 for at least 7 years. The administrator has set up an event subscription to send database events to an S3 bucket using AWS DMS, but the audit logs are not being captured. What should the administrator do to meet the compliance requirements?

A.Use RDS event subscriptions to send database audit logs to an S3 bucket.
B.Configure AWS DMS to continuously replicate the audit database to an S3 bucket.
C.Create a new SQL Server Audit target using the Amazon S3 option and configure the audit to write to an S3 bucket.
D.Enable RDS Enhanced Monitoring and configure it to send logs to CloudWatch Logs.
AnswerC

RDS for SQL Server supports custom audit targets to S3, allowing persistent storage of audit logs.

Why this answer

Option C is correct because Amazon RDS for SQL Server supports writing SQL Server Audit logs directly to an Amazon S3 bucket as an audit target. This is the only native method that persists audit logs beyond the instance lifecycle, ensuring they survive Multi-AZ failover and meet the 7-year retention requirement. The DEFAULT file target writes to ephemeral instance storage, which is lost on failover, and RDS event subscriptions or DMS cannot capture SQL Server Audit output.

Exam trap

The trap here is that candidates confuse RDS event subscriptions (which send metadata events) with actual audit log delivery, or assume DMS can replicate arbitrary file output, when in fact only the native S3 audit target persists SQL Server Audit logs in a durable, compliant manner.

How to eliminate wrong answers

Option A is wrong because RDS event subscriptions only send database events (e.g., instance state changes, backups) to S3, not the actual SQL Server Audit log files. Option B is wrong because AWS DMS is a database migration service that replicates tables or schemas, not audit file output; it cannot capture or stream SQL Server Audit binary files to S3. Option D is wrong because RDS Enhanced Monitoring collects OS-level metrics (CPU, memory, I/O) and sends them to CloudWatch Logs, not SQL Server Audit logs.

911
MCQhard

A company runs a critical OLTP workload on Amazon RDS for PostgreSQL. The database size is 2 TB and growing. To reduce storage costs, the company wants to archive old data that is rarely accessed. Which approach is most cost-effective and minimally impacts performance?

A.Move the database to Amazon Aurora PostgreSQL with storage auto-scaling.
B.Migrate the entire database to Amazon DynamoDB.
C.Implement table partitioning and use S3 as an external table for old partitions.
D.Delete old rows and run VACUUM FULL to reclaim space.
AnswerC

Reduces primary storage cost while preserving data access.

Why this answer

Option C is correct because it uses PostgreSQL table partitioning (e.g., range partitioning by date) combined with the `postgres_fdw` or `pg_parquet` extension to treat old partitions as foreign tables stored in Amazon S3. This keeps the hot data in RDS for fast OLTP access while offloading cold data to low-cost S3 storage, minimizing performance impact and reducing storage costs without requiring a full migration or schema redesign.

Exam trap

The trap here is that candidates assume deleting rows and running VACUUM FULL (Option D) reduces storage costs, but RDS bills for allocated storage, not used space, so reclaiming space does not lower the bill and VACUUM FULL can cause significant performance disruption.

How to eliminate wrong answers

Option A is wrong because moving to Aurora PostgreSQL with storage auto-scaling does not reduce storage costs for rarely accessed data; it only automates scaling and still incurs Aurora storage costs for all data. Option B is wrong because migrating an entire 2 TB OLTP workload to DynamoDB would require a complete application rewrite to fit the NoSQL model, and DynamoDB is not optimized for complex relational queries or large-volume archival patterns. Option D is wrong because deleting old rows and running VACUUM FULL reclaims space but does not reduce storage costs long-term (RDS bills for allocated storage, not used space) and VACUUM FULL causes table bloat, performance degradation, and downtime.

912
MCQeasy

A company uses Amazon Redshift for its data warehouse. The security team wants to encrypt the data at rest and ensure that only authorized users can access the encryption keys. Which AWS service should be used to manage the encryption keys?

A.AWS CloudHSM
B.AWS Key Management Service (KMS)
C.AWS Secrets Manager
D.AWS Systems Manager Parameter Store
AnswerB

KMS is the integrated key management service for Redshift encryption at rest.

Why this answer

Amazon Redshift uses AWS KMS for encryption at rest. You can use either the default AWS-managed key or a customer-managed CMK. KMS integrates with Redshift to encrypt data in the cluster and allows fine-grained control over key access via IAM policies.

CloudHSM is not directly integrated with Redshift. Secrets Manager and Systems Manager Parameter Store are for secrets, not encryption keys for Redshift.

913
Multi-Selecteasy

Which TWO of the following are valid considerations when designing a database for an e-commerce application with high read traffic and low write latency requirements?

Select 2 answers
A.Use Amazon DynamoDB Accelerator (DAX) to improve read performance.
B.Store session data in Amazon S3 for fast access.
C.Use Amazon Redshift to serve read traffic directly.
D.Use Amazon ElastiCache to cache frequently accessed data.
E.Deploy Amazon RDS for MySQL with Multi-AZ for read scaling.
AnswersA, D

DAX is a caching layer for DynamoDB.

Why this answer

Option A and D are correct. Amazon ElastiCache is a caching layer that reduces read load on the database. Amazon DynamoDB Accelerator (DAX) provides in-memory caching for DynamoDB, reducing read latency.

Option B (Amazon Redshift) is a data warehouse for analytics, not for low-latency transactional reads. Option C (Amazon RDS for MySQL with Multi-AZ) provides high availability but does not primarily address high read traffic. Option E (Amazon S3) is object storage, not a transactional database.

914
Multi-Selectmedium

A database specialist is troubleshooting an Amazon RDS for SQL Server instance that is experiencing high CPU utilization. The instance has multiple databases. Which TWO actions should the specialist take to identify the cause?

Select 2 answers
A.Create a read replica to offload read traffic
B.Use Performance Insights to identify top SQL queries
C.Increase the instance size to handle the load
D.Modify the DB instance class to a burstable type
E.Enable Enhanced Monitoring to view OS-level metrics
AnswersB, E

Performance Insights shows top queries by CPU.

Why this answer

Options B and D are correct because they directly identify top CPU queries and resource-intensive databases. Option A is wrong because increasing CPU doesn't diagnose. Option C is wrong because read replicas don't help with CPU.

Option E is wrong because instance class change is a fix, not diagnosis.

915
Multi-Selectmedium

Which TWO of the following are methods to control access to an Amazon RDS DB instance? (Select TWO.)

Select 2 answers
A.VPC security groups
B.IAM policies
C.Amazon CloudWatch alarms
D.Database passwords
E.Amazon S3 bucket policies
AnswersA, B

Security groups act as a virtual firewall to control inbound traffic to the DB instance.

Why this answer

Options A and D are correct. Security groups control network access, and IAM policies can control who can perform RDS API actions. Option B is wrong because database passwords are a form of authentication, not access control.

Option C is wrong because CloudWatch alarms monitor metrics, not control access. Option E is wrong because S3 bucket policies do not apply to RDS.

916
Multi-Selecthard

A company is migrating a self-managed PostgreSQL database to Amazon Aurora PostgreSQL. They want to use the pglogical extension for logical replication to minimize downtime. Which THREE prerequisites must be met before setting up pglogical?

Select 3 answers
A.Add pglogical to shared_preload_libraries and restart the source database
B.Set wal_level to logical in the source PostgreSQL configuration
C.Configure max_wal_senders to at least 10
D.Enable track_commit_timestamp on the source
E.Ensure the source PostgreSQL version is 9.4 or later
AnswersA, B, E

The extension must be loaded.

Why this answer

Option A is correct because pglogical must be loaded into the shared preload libraries on the source PostgreSQL instance so that it is available at server start. Without this, the extension cannot be installed or used. The database must be restarted after modifying shared_preload_libraries for the change to take effect.

Exam trap

The trap here is that candidates often confuse the prerequisites for pglogical with those for native PostgreSQL logical replication, which also requires max_replication_slots and max_wal_senders to be set, but pglogical does not mandate a specific value like 10 for max_wal_senders.

917
Multi-Selectmedium

Which TWO of the following are best practices for designing a DynamoDB table for high traffic? (Choose 2)

Select 2 answers
A.Store large items to reduce the number of items
B.Use normalized tables and perform joins in application
C.Use global secondary indexes for alternate access patterns
D.Always use strongly consistent reads for best performance
E.Use partition keys with high cardinality
AnswersC, E

GSIs allow efficient queries on non-key attributes.

Why this answer

Global secondary indexes (GSIs) allow you to define alternate partition and sort keys to support different query patterns without duplicating data. This is a best practice for high-traffic workloads because it enables efficient access to data using multiple access patterns while maintaining a single base table, reducing the need for expensive scans or application-level joins.

Exam trap

AWS often tests the misconception that strongly consistent reads always provide better performance, when in fact they are more expensive and slower than eventually consistent reads, and should only be used when strict read-after-write consistency is required.

918
MCQmedium

A company uses Amazon RDS for PostgreSQL to run a reporting application. The reporting queries are complex and take several minutes to complete, causing performance impact on the primary instance. The company wants to isolate the reporting workload without data staleness. Which solution should they implement?

A.Implement an Amazon ElastiCache cluster to cache query results.
B.Enable Multi-AZ and use the standby instance for reporting.
C.Take a manual snapshot of the database and restore it for reporting.
D.Create a read replica and direct reporting queries to it.
AnswerD

Read replicas offload read traffic and are updated asynchronously.

Why this answer

Option D is correct because creating a read replica of the Amazon RDS for PostgreSQL primary instance allows you to offload complex reporting queries to the replica without impacting the primary. Read replicas use asynchronous replication (based on PostgreSQL streaming replication), which provides near-real-time data with minimal staleness, satisfying the requirement to isolate the reporting workload without significant data staleness.

Exam trap

The trap here is that candidates often confuse the Multi-AZ standby instance as usable for read traffic, but AWS explicitly prevents read access to the standby to maintain crash recovery consistency, whereas a read replica is purpose-built for offloading read workloads.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache caches query results, not the underlying data; it would serve stale results until the cache is invalidated, and complex queries that take minutes to run would not benefit from caching if the underlying data changes frequently. Option B is wrong because the Multi-AZ standby instance is not directly accessible for read or write operations; it is only used for automatic failover and cannot serve reporting traffic. Option C is wrong because taking a manual snapshot and restoring it creates a point-in-time copy that is static; any subsequent changes to the primary database would not be reflected, leading to data staleness, and the restore process is time-consuming.

919
Multi-Selectmedium

Which TWO metrics should be monitored to troubleshoot an Amazon RDS for PostgreSQL database that is experiencing high connection count and connection timeouts?

Select 2 answers
A.DatabaseConnections
B.NetworkTransmitThroughput
C.BurstBalance
D.SwapUsage
E.ReadLatency
AnswersA, C

DatabaseConnections shows the number of client connections.

Why this answer

Options B and D are correct. DatabaseConnections shows current connections, and BurstBalance helps understand if I/O is throttled. Option A is wrong because SwapUsage is not a standard RDS metric.

Option C is wrong because ReadLatency is about I/O latency, not connections. Option E is wrong because NetworkTransmitThroughput is about network, not connections.

920
MCQeasy

A company needs to store session data for millions of users with sub-millisecond latency. The data is key-value in nature and can tolerate eventual consistency. Which database service is best suited?

A.Amazon Redshift
B.Amazon Neptune
C.Amazon RDS for MySQL
D.Amazon DynamoDB
AnswerD

Low-latency, scalable key-value store.

Why this answer

Amazon DynamoDB is the best choice because it is a fully managed NoSQL key-value and document database designed for single-digit millisecond latency at any scale, making it ideal for session data storage. It supports eventual consistency, which is acceptable for this use case, and can handle millions of users with sub-millisecond read and write performance using its SSD-backed storage and distributed architecture.

Exam trap

The trap here is that candidates may choose Amazon RDS for MySQL (Option C) because they associate MySQL with web applications and session storage, but they overlook the strict latency and scalability requirements that DynamoDB's distributed NoSQL architecture uniquely satisfies.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for complex analytical queries using SQL, not for low-latency key-value lookups or session storage. Option B is wrong because Amazon Neptune is a graph database designed for highly connected data (e.g., social networks, recommendation engines) and is not optimized for simple key-value access patterns with sub-millisecond latency. Option C is wrong because Amazon RDS for MySQL is a relational database that, while capable of key-value operations, introduces overhead from SQL parsing, indexing, and ACID compliance that prevents consistent sub-millisecond latency at the scale of millions of concurrent users, and it does not natively support eventual consistency as a tunable feature.

921
MCQeasy

A developer is troubleshooting an application that writes to an Amazon ElastiCache for Redis cluster. The application occasionally fails with 'OOM command not allowed when used memory > maxmemory'. What is the most likely cause?

A.The cluster's maxclients limit has been reached.
B.The cluster's maxmemory-policy is set to noeviction.
C.The cluster has too many keyspace notifications enabled.
D.The cluster is in cluster mode and cross-slot commands are used.
AnswerB

When memory is full and noeviction is set, writes fail with OOM.

Why this answer

Option C is correct because this error indicates the cache has reached its memory limit and eviction policy is not set or set to noeviction. Option A is wrong because that error is about keyspace notifications. Option B is wrong because cluster mode may affect sharding but not this specific error.

Option D is wrong because connection limit would show a different error.

922
MCQmedium

A company uses the IAM policy shown in the exhibit to control access to a DynamoDB table. The table has a partition key user_id and a sort key timestamp. The application uses the AWS SDK to query items. When a user tries to query items with a filter condition, they receive an AccessDeniedException. What is the most likely cause?

A.The aws:userid variable is not being resolved correctly.
B.The query does not specify a partition key that matches the user's LeadingKeys condition.
C.The policy is missing a Condition element with dynamodb:Select.
D.The policy does not allow the Query action.
AnswerB

The condition restricts access to items with a partition key equal to the user's ID; if the query does not use that partition key, access is denied.

Why this answer

The IAM policy uses a `Condition` block with `ForAllValues:StringEquals` on `dynamodb:LeadingKeys` to restrict access to items where the partition key (`user_id`) matches the caller's IAM user ID (`${aws:userid}`). When a query does not specify a partition key that satisfies this condition, the request fails with an `AccessDeniedException`. The error occurs because the query must include a partition key equal to the user's ID to pass the leading keys restriction.

Exam trap

The trap here is that candidates may overlook the `LeadingKeys` condition and assume the error is due to a missing action or a policy syntax issue, rather than recognizing that the query must include a partition key matching the condition value.

How to eliminate wrong answers

Option A is wrong because the `aws:userid` variable is resolved correctly at runtime to the IAM user's unique ID; the issue is not with variable resolution but with the query not including a matching partition key. Option C is wrong because `dynamodb:Select` is not a valid condition key for DynamoDB IAM policies; the policy does not need a `Condition` element for `Select`. Option D is wrong because the policy explicitly allows the `Query` action on the table; the denial is due to the condition on the partition key, not the action itself.

923
MCQhard

A company is migrating a 3 TB MySQL database to Amazon Aurora MySQL. They need to validate data consistency after migration. Which approach should they use?

A.Compare row counts between source and target tables.
B.Use AWS DMS data validation feature.
C.Run random SELECT queries on a subset of rows to compare values.
D.Compute MD5 checksums of the entire dataset in both databases.
AnswerB

DMS data validation compares source and target data using table-level checksums.

Why this answer

Option C is correct because AWS DMS provides data validation to compare source and target data. Option A is wrong because comparing row counts is insufficient for consistency. Option B is wrong because checksums on all columns would be very expensive and time-consuming.

Option D is wrong because querying random rows is not comprehensive.

924
MCQmedium

A security engineer is investigating an Amazon RDS for MySQL database that was compromised. The engineer finds that the compromise was due to a SQL injection vulnerability in a web application. The web application uses a database user with full administrative privileges. What is the BEST practice to prevent such incidents in the future?

A.Create dedicated database users with minimal privileges required for each application function.
B.Configure the DB parameter group to use the 'sql_mode' option to reject dangerous queries.
C.Enable RDS audit logs to capture all SQL queries.
D.Place the RDS instance in a private subnet with a security group that restricts inbound traffic.
AnswerA

Least privilege ensures that even if compromised, the attacker has limited access.

Why this answer

Option D is correct because using separate database users with least privilege for each application limits the impact of a compromise. Option A is wrong because database audit logs help detect but not prevent. Option B is wrong because it reduces attack surface but does not address the root cause of excessive privileges.

Option C is wrong because parameter groups do not enforce least privilege.

925
MCQmedium

A company is migrating a 500 GB SQL Server database to Amazon RDS for SQL Server. They need to minimize downtime and support ongoing changes during migration. Which approach should they take?

A.Use native SQL Server backup and restore to RDS
B.Set up a Direct Connect connection and use log shipping
C.Use SQL Server Integration Services (SSIS) to replicate data
D.Use AWS DMS with full load and change data capture (CDC)
AnswerD

DMS with CDC enables minimal downtime by replicating changes.

Why this answer

AWS DMS with full load and change data capture (CDC) is the correct approach because it allows the initial 500 GB data load to be migrated while continuously replicating ongoing changes from the source SQL Server database to Amazon RDS for SQL Server. This minimizes downtime by enabling a cutover only after the target is fully synchronized, and it supports ongoing changes during migration without requiring the source database to be taken offline.

Exam trap

The trap here is that candidates often confuse log shipping (a native SQL Server HA feature) with AWS DMS CDC, but log shipping is not supported on RDS for SQL Server, making DMS the only viable option for minimizing downtime with ongoing changes.

How to eliminate wrong answers

Option A is wrong because native SQL Server backup and restore to RDS requires the database to be in full recovery mode and taken offline or read-only during the backup and restore process, causing significant downtime and not supporting ongoing changes. Option B is wrong because log shipping is a SQL Server-native feature that is not supported for Amazon RDS for SQL Server as RDS does not provide access to the underlying operating system or SQL Server Agent to configure and manage log shipping jobs. Option C is wrong because SSIS is an ETL tool designed for batch data movement and transformation, not for real-time replication of ongoing changes, and it would require complex custom logic to capture and apply CDC, making it unsuitable for minimizing downtime during a live migration.

926
MCQhard

A development team is using Amazon DynamoDB with on-demand capacity mode for a new application. During initial testing, they notice that write requests are occasionally throttled during traffic bursts. They have enabled DynamoDB Accelerator (DAX) for read-heavy operations. What is the best recommendation to eliminate write throttling?

A.Enable DynamoDB adaptive capacity to automatically adjust partition throughput.
B.Switch to provisioned capacity mode with Auto Scaling.
C.Increase the DAX cluster node size to handle more write traffic.
D.Review the table's partition key design to avoid hot keys.
AnswerD

Hot keys cause throttling even with on-demand.

Why this answer

Option D is correct because on-demand capacity can handle spikes, but if throttling still occurs, there may be a hot partition. Option A is wrong because DAX only caches reads. Option B is wrong because adaptive capacity helps but may not eliminate throttling for extremely skewed access.

Option C is wrong because on-demand is already enabled; throttling indicates a design issue.

927
MCQhard

A company has a compliance requirement to encrypt all RDS snapshots at rest using a customer-managed KMS key. The RDS instance is already encrypted with an AWS-managed key. What is the correct procedure to ensure snapshots use the customer-managed key?

A.Create a new RDS instance with the customer-managed KMS key and migrate data using DMS.
B.Take a snapshot of the RDS instance, copy the snapshot specifying the customer-managed KMS key, and restore from the copied snapshot.
C.Change the default KMS key for the AWS account to the customer-managed key.
D.Modify the RDS instance to use the customer-managed KMS key directly.
AnswerB

This is the only way to re-encrypt the database with a new KMS key.

Why this answer

Option C is correct. You cannot change the encryption key of an existing RDS instance; you must create a snapshot, copy it with a new key, and restore. Option A is not possible.

Option B is not possible. Option D is not possible without copying.

928
MCQhard

A team is troubleshooting an Amazon DynamoDB table that is throttling write requests. The table has on-demand capacity mode enabled. Which of the following is the most likely cause of the throttling?

A.The table has exceeded its provisioned write capacity units.
B.The write traffic exceeds the table's previous peak traffic by more than double.
C.The table is not using adaptive capacity.
D.There is an active AWS Health event affecting the DynamoDB service.
AnswerB

DynamoDB on-demand can throttle if traffic exceeds the previous peak by more than double in a short time.

Why this answer

Even with on-demand capacity, DynamoDB can throttle if you exceed the account-level provisioned throughput limits or if there is a sudden spike that exceeds the previous peak traffic by a large margin. Option C is correct; Option A is incorrect because on-demand does not have per-table limits. Option B is incorrect because adaptive capacity helps but does not prevent all throttling.

Option D is a possible reason but not the most likely.

929
MCQhard

A company has a critical application that uses Amazon RDS for MySQL with Multi-AZ deployment. During a recent failure, the automatic failover took 2 minutes, causing application timeout. The company needs to reduce failover time to under 30 seconds. Which solution should the database specialist recommend?

A.Migrate the database to Amazon Aurora MySQL.
B.Create a read replica and promote it during failover.
C.Increase the DB instance class to a larger size.
D.Implement Amazon RDS Proxy to handle connection draining.
AnswerA

Aurora has a distributed storage layer that allows faster failover.

Why this answer

Amazon Aurora MySQL is designed to reduce failover time significantly compared to standard RDS MySQL Multi-AZ. Aurora typically completes failover in under 30 seconds by using a shared distributed storage volume across multiple Availability Zones, allowing the primary instance to fail over to a read replica without the need to replay redo logs or perform crash recovery. This meets the requirement of reducing failover time to under 30 seconds.

Exam trap

The trap here is that candidates may think increasing instance size or using RDS Proxy directly reduces failover time, but failover time is dominated by crash recovery and log replay, not compute or connection management.

How to eliminate wrong answers

Option B is wrong because creating a read replica and promoting it during failover is a manual process that can take several minutes, not under 30 seconds, and does not provide automatic failover with the same consistency guarantees as Multi-AZ or Aurora. Option C is wrong because increasing the DB instance class does not reduce failover time; failover time is dominated by crash recovery and redo log replay, which are independent of instance size. Option D is wrong because Amazon RDS Proxy manages connection pooling and draining but does not affect the underlying database failover time; it only helps with application connection handling during a failover event.

930
Matchingmedium

Match each AWS security feature to its purpose for databases.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Virtual firewall controlling inbound/outbound traffic at instance level

Use IAM users/roles to authenticate to RDS/Aurora

Protects data stored on disk using KMS keys

Encrypts data in transit between client and database

Managed service to create and control encryption keys

Why these pairings

Security mechanisms for protecting AWS databases.

931
Multi-Selecthard

A database administrator is responsible for managing an Amazon RDS for Oracle DB instance. The DBA needs to ensure that all changes to the DB instance's security group rules are logged for audit purposes. Which TWO services can be used together to achieve this? (Select TWO.)

Select 2 answers
A.Amazon Inspector
B.AWS Config
C.AWS CloudTrail
D.Amazon CloudWatch Logs
E.Amazon VPC Flow Logs
AnswersC, D

CloudTrail records API calls that modify security group rules.

Why this answer

Options A and B are correct. AWS CloudTrail logs API calls, including those that modify security group rules (e.g., AuthorizeSecurityGroupIngress). CloudTrail logs can be sent to Amazon CloudWatch Logs for monitoring and alerting.

Option C is incorrect because AWS Config tracks configuration changes but does not provide real-time log streaming to CloudWatch Logs. Option D is incorrect because VPC Flow Logs capture network traffic, not API calls. Option E is incorrect because Amazon Inspector is for security assessments.

932
MCQmedium

A social media application stores user posts in a DynamoDB table with a partition key of user_id and a sort key of timestamp. The most frequent query is to retrieve the 10 most recent posts for a given user. Which secondary index design would optimize this query?

A.Create a GSI with user_id as the partition key and timestamp as the sort key.
B.Use DynamoDB Streams to populate an Amazon Elasticsearch cluster for search queries.
C.Create an LSI with user_id as the partition key and timestamp as the sort key.
D.Query the base table using the sort key timestamp with a limit of 10.
AnswerC

An LSI uses the same partition key and a different sort key, enabling efficient range queries.

Why this answer

Option B is correct because a local secondary index (LSI) with the same partition key but a different sort key allows efficient retrieval of recent posts per user. Option A is wrong because a global secondary index (GSI) would require additional provisioned throughput and is unnecessary. Option C is wrong because using the sort key directly without an index still requires a scan.

Option D is wrong because Elasticsearch adds operational complexity and cost for this simple query pattern.

933
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle using AWS DMS. The migration fails with an error indicating that DMS cannot capture changes from the source because the archive log mode is not enabled. What should be done?

A.Disable ongoing replication and perform a full load only.
B.Set up an Oracle Data Guard standby and use it as the source.
C.Use AWS Schema Conversion Tool (SCT) to convert the schema.
D.Enable archive log mode on the source Oracle database.
AnswerD

DMS requires archive logging to capture changes for ongoing replication.

Why this answer

Option B is correct because DMS requires archive log mode for ongoing replication. Option A is wrong because DMS can use full load without archive logs, but for ongoing replication it needs them. Option C is wrong because setting up a standby does not help DMS.

Option D is wrong because SCT does not affect capture.

934
MCQmedium

A company is experiencing high read latency on their Amazon RDS for MySQL Multi-AZ DB instance. The application performs many small, random reads. Which configuration change would most likely reduce the read latency without incurring additional compute costs?

A.Increase the allocated storage size to improve I/O throughput.
B.Enable Performance Insights to monitor and optimize queries.
C.Enable Multi-AZ DB cluster deployment with two readable standby instances and route read traffic to the standby.
D.Increase the instance size from db.r5.large to db.r5.xlarge.
AnswerC

This offloads read traffic to the standby, reducing load on the primary and improving read latency.

Why this answer

Option B is correct because Amazon RDS provides the Multi-AZ DB cluster deployment option which includes two readable standby instances, allowing read traffic to be offloaded to the standby to reduce load on the primary. Option A is incorrect because increasing the instance size would increase compute costs. Option C is incorrect because enabling Performance Insights does not reduce read latency.

Option D is incorrect because increasing the allocated storage does not directly improve read latency for random reads.

935
Multi-Selecteasy

Which TWO of the following are valid methods to secure data at rest for an Amazon RDS for MySQL DB instance?

Select 2 answers
A.Enable SSL/TLS for connections to the DB instance.
B.Enable encryption at rest using AWS KMS.
C.Use the '--enable-encryption' flag when creating the DB instance.
D.Implement Transparent Data Encryption (TDE) using Oracle-compatible settings.
E.Use Amazon RDS encryption at the table level using the ENCRYPT option.
AnswersB, C

RDS supports encryption at rest using KMS.

Why this answer

Option B (encryption at rest using AWS KMS) and Option C (enabling encryption when creating the instance) are correct. Option A is incorrect because SSL/TLS secures data in transit, not at rest. Option D is incorrect because RDS does not support Transparent Data Encryption (TDE) for MySQL.

Option E is incorrect because RDS encryption is not enabled at the table level.

936
Multi-Selecteasy

A company is deploying a new Amazon DynamoDB table with on-demand capacity. The table will store session data for a web application. Which THREE features should be enabled to improve performance and durability?

Select 3 answers
A.Auto scaling
B.Time to Live (TTL)
C.DynamoDB Accelerator (DAX)
D.Point-in-time recovery (PITR)
E.Global tables
AnswersA, C, D

Auto scaling adjusts capacity to handle traffic spikes.

Why this answer

Auto scaling is correct because DynamoDB on-demand capacity automatically scales throughput based on traffic patterns, eliminating the need for manual capacity management. However, the question asks for features to improve performance and durability, and auto scaling is not applicable to on-demand tables (it is for provisioned mode). For on-demand, throughput adjusts instantly, so auto scaling is irrelevant and should not be selected.

The correct features for performance and durability are TTL (to automatically expire old session data, reducing storage costs and improving query performance), DAX (to provide in-memory caching for microsecond read latency), and PITR (to protect against accidental writes or deletes by enabling continuous backups).

Exam trap

The trap here is that candidates often assume auto scaling is always beneficial for performance, but DynamoDB on-demand mode already handles scaling automatically, making auto scaling redundant and incorrect for this scenario.

937
Multi-Selectmedium

A database engineer is troubleshooting high CPU usage on an Amazon RDS for PostgreSQL instance. Amazon CloudWatch shows CPU Utilization consistently above 90% during business hours. Which combination of actions should the engineer take to identify the root cause? (Choose TWO.)

Select 2 answers
A.Enable Enhanced Monitoring and review OS process list.
B.Review the slow query log to identify long-running queries.
C.Scale up the DB instance to a larger instance class.
D.Enable Performance Insights and review the top SQL queries.
E.Install pg_stat_statements extension and query it.
AnswersB, D

Slow query logs can reveal queries that consume significant CPU resources.

Why this answer

Option B is correct because reviewing the slow query log directly identifies long-running queries that can cause sustained high CPU usage on RDS for PostgreSQL. Option D is correct because Performance Insights provides a visual dashboard of database load and top SQL queries, making it easy to pinpoint which queries are consuming the most CPU resources.

Exam trap

The trap here is that candidates often choose Option E (pg_stat_statements) thinking it is the only way to get query-level details, but Performance Insights (Option D) provides the same data with less effort and is the recommended AWS-native approach for this scenario.

938
MCQhard

A company attaches the above IAM policy to a user. The user tries to modify the DB instance 'prod-db' in us-east-1. What is the result?

A.The user cannot describe DB instances.
B.The user can modify prod-db because the Allow statement covers it.
C.The user cannot modify prod-db.
D.The user cannot modify any DB instance.
AnswerC

Explicit Deny blocks the action.

Why this answer

Option C is correct because the Deny statement explicitly denies ModifyDBInstance on prod-db, overriding the Allow. Option A is incorrect because Deny overrides Allow. Option B is incorrect because the Deny is specific to prod-db.

Option D is incorrect because the user can still describe instances.

939
MCQhard

A social media company runs a multi-region application on Amazon DynamoDB with global tables. The application is deployed in us-east-1 and eu-west-1. Recently, they enabled DynamoDB Streams on the table to trigger an AWS Lambda function for real-time analytics. The Lambda function runs in us-east-1. After enabling streams, they notice that the Lambda function is triggered multiple times for the same update, and the application's write latency in eu-west-1 has increased. The company has strict latency requirements. A database specialist is asked to resolve the issue. What should the database specialist recommend?

A.Increase the Lambda function's reserved concurrency to handle duplicate events faster.
B.Create a separate Lambda function in eu-west-1 and use a local stream.
C.Modify the Lambda function to check the 'awsRegion' attribute in the stream record and ignore records from other regions.
D.Disable DynamoDB Streams on the eu-west-1 replica table.
AnswerC

This prevents duplicate processing of the same write event.

Why this answer

Option C is correct because global tables replicate writes across regions, and each write generates a stream record. The Lambda function should filter on the 'awsRegion' attribute in the stream record to avoid processing the same update from different regions. Option A is wrong because disabling streams in eu-west-1 would break the replication.

Option B is wrong because using a dedicated stream for each region is not supported. Option D is wrong because increasing Lambda concurrency doesn't prevent duplicate processing.

940
Multi-Selectmedium

A security administrator is setting up a new Amazon RDS for SQL Server database. The company requires that all data be encrypted at rest and in transit. Additionally, the database must be accessible only from a specific CIDR range. Which TWO actions should the administrator take? (Choose TWO.)

Select 2 answers
A.Enable encryption at rest using AWS KMS.
B.Configure a security group that allows inbound traffic from the specific CIDR range.
C.Enable encryption in transit by modifying the RDS option group to include SSL.
D.Modify the DB parameter group to restrict network access.
E.Use AWS CloudHSM to manage encryption keys for the database.
AnswersA, B

Encryption at rest is a requirement.

Why this answer

Options A and D are correct. Option A: Enabling encryption at rest is a requirement. Option D: Configuring the security group to allow inbound traffic from the specific CIDR range meets the network access restriction.

Option B is wrong because encryption in transit is typically handled by the database engine (SSL/TLS), not by an RDS option. Option C is wrong because the DB parameter group does not control network access. Option E is wrong because encryption at rest uses KMS, not CloudHSM by default.

941
MCQhard

A company is designing a new e-commerce platform using Amazon DynamoDB. The workload requires single-digit millisecond latency for user session data, which is accessed by session token. The session data is temporary and should be automatically deleted after 24 hours. Which DynamoDB design should the database specialist recommend?

A.Create an AWS Lambda function that runs every hour and deletes expired session data
B.Store session data in Amazon S3 with a lifecycle policy to delete objects after 24 hours
C.Use DynamoDB Accelerator (DAX) to cache session data and set a 24-hour TTL on the cache
D.Enable DynamoDB Time to Live (TTL) on the session token attribute
AnswerD

TTL automatically deletes items after a specified expiry timestamp, meeting the 24-hour deletion requirement.

Why this answer

DynamoDB Time to Live (TTL) automatically deletes expired items after a specified timestamp, making it ideal for session data that must be removed after 24 hours. This approach requires no additional infrastructure, meets the single-digit millisecond latency requirement by using the session token as the primary key, and ensures automatic cleanup without manual intervention or added cost.

Exam trap

The trap here is that candidates may confuse DynamoDB TTL with a feature that provides real-time or immediate deletion, when in fact TTL deletes items asynchronously in the background, typically within a few minutes to 48 hours, which is acceptable for temporary session data but not for compliance-driven immediate removal.

How to eliminate wrong answers

Option A is wrong because using a Lambda function to delete expired data adds operational complexity, potential cost, and latency, and does not guarantee immediate deletion at the exact 24-hour mark, whereas DynamoDB TTL provides a native, serverless solution. Option B is wrong because Amazon S3 does not support single-digit millisecond latency for session data access and is not designed for real-time key-value lookups required by session token access. Option C is wrong because DAX is a caching layer that improves read performance but does not provide automatic deletion of expired data; setting a TTL on the cache only evicts items from the cache, not from the underlying DynamoDB table, leaving stale data in the table.

942
Multi-Selectmedium

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The primary instance recently experienced an unexpected failover due to a hardware failure. The database is 2 TB in size and has high write throughput. Which TWO actions should the database administrator take to minimize recovery time and ensure data durability?

Select 2 answers
A.Increase the DB instance class to a larger size to handle the write load.
B.Disable Multi-AZ and use a single-AZ deployment to avoid future failovers.
C.Enable automated backups with a retention period of 1 day to allow point-in-time recovery.
D.Take a manual snapshot of the DB instance immediately.
E.Verify that the failover completed successfully by checking the RDS event log and monitoring the new primary's status.
AnswersC, E

Automated backups enable point-in-time recovery, helping restore to the latest transaction.

Why this answer

Option B is correct because enabling automated backups with a short retention period ensures point-in-time recovery. Option D is correct because verifying that the Multi-AZ failover completed successfully confirms data consistency. Option A is wrong because increasing instance size may not directly improve failover time.

Option C is wrong because disabling Multi-AZ reduces availability. Option E is wrong because manual snapshots are not as immediate as automated backups for recovery.

943
MCQeasy

A company is using Amazon Redshift for data warehousing. The operations team notices that queries are running slower than usual. Which Amazon Redshift system view should be used to identify the queries that are consuming the most resources?

A.SVV_VACUUM_PROGRESS
B.STL_QUERY
C.PG_TABLE_DEF
D.STV_TBL_PERM
AnswerB

STL_QUERY records all query execution details, including duration and resource usage.

Why this answer

Option A is correct because STL_QUERY contains query execution details including resource consumption. Option B is wrong because STV_TBL_PERM shows table permissions, not query performance. Option C is wrong because PG_TABLE_DEF shows table definitions.

Option D is wrong because SVV_VACUUM_PROGRESS shows vacuum progress, not query performance.

944
MCQeasy

A company has an Amazon Aurora MySQL DB cluster with one writer and two readers. The application is experiencing high read latency. CloudWatch shows that the 'AuroraBinlogReplicaLag' metric is high for one of the reader instances. What is the most likely cause?

A.The Aurora cluster storage is experiencing high I/O latency
B.The reader instance is not keeping up with the write workload from the writer
C.The reader instance is undersized and needs to be scaled up
D.The DB cluster parameter group is misconfigured
AnswerB

Binlog replication lag means the reader is behind in applying changes.

Why this answer

Option A is correct because high binlog replication lag on a reader indicates that the reader is falling behind in applying changes from the writer. Option B is wrong because instance size affects performance but not specifically lag. Option C is wrong because storage is shared across all instances in Aurora.

Option D is wrong because parameter groups are shared across the cluster.

945
MCQhard

A company is moving a self-hosted MySQL database to Amazon Aurora MySQL. The current database uses InnoDB with full-text indexes and triggers. The migration must be done with zero downtime. Which approach meets these requirements?

A.Use AWS DMS with ongoing replication from the source MySQL database
B.Use mysqldump to export the database and import into Aurora
C.Set up MySQL replication from on-premises to Aurora using native binlog replication
D.Export data to Amazon S3 and use Aurora's LOAD DATA FROM S3 command
AnswerA

DMS supports CDC and handles full-text indexes and triggers.

Why this answer

AWS DMS can migrate MySQL to Aurora MySQL with ongoing replication (CDC), supporting InnoDB tables, full-text indexes, and triggers. Option A fails because mysqldump causes downtime. Option B fails because Aurora does not support replication from external MySQL.

Option D is incorrect because S3 bucket loading is not supported for MySQL.

946
MCQhard

A financial services company runs a production Amazon Aurora MySQL database cluster (1 writer, 2 readers) in us-east-1. The database stores critical trading data. The company's disaster recovery policy requires an RPO of 5 seconds and an RTO of 1 minute for a regional failure. The current setup does not include any cross-region replication. The database is 5 TB in size. The operations team needs to implement a solution that meets the DR requirements with minimal cost and operational overhead. Which solution should the team implement?

A.Enable automated backups and configure cross-Region snapshot copy. Use point-in-time recovery in the secondary region.
B.Deploy an Aurora Global Database with a secondary cluster in us-west-2. Configure the secondary cluster as a failover target.
C.Use AWS Database Migration Service (DMS) to continuously replicate changes to an Aurora cluster in us-west-2.
D.Create cross-Region read replicas in us-west-2 and set up a replication channel. In disaster, promote a replica.
AnswerB

Global Database offers low RPO/RTO.

Why this answer

Aurora Global Database provides replication across regions with typical RPO of seconds and RTO of minutes. It is the most appropriate solution for low RPO/RTO with minimal overhead. Option B is correct.

Option A (cross-region read replicas) can have replication lag exceeding 5 seconds. Option C (automated backups) have RPO of 5 minutes. Option D (DMS) adds cost and complexity.

947
MCQeasy

A company is using Amazon DynamoDB with on-demand capacity for a serverless web application. The application experiences occasional throttling. The DynamoDB table has a simple primary key (partition key only). The throttled requests are related to a small number of partition keys. What is the MOST likely cause?

A.On-demand capacity has a per-partition throughput limit that is too low.
B.The partition key design leads to uneven access patterns, causing a hot partition.
C.The table uses a composite primary key, which limits throughput.
D.The table's read/write capacity mode is set to provisioned instead of on-demand.
AnswerB

A hot partition exceeds the partition's throughput limit, causing throttling.

Why this answer

Option B is correct because throttling on a few partition keys indicates a hot partition. Option A is wrong because on-demand capacity handles overall traffic, but partition-level limits still apply. Option C is wrong because a simple primary key is fine, but the data distribution is the issue.

Option D is wrong because on-demand capacity automatically scales, but not per partition beyond the limit.

948
MCQeasy

A company needs to migrate a SQL Server database to Amazon RDS for SQL Server. The database uses stored procedures with xp_cmdshell. What should the company do?

A.Rewrite the stored procedures to remove dependency on xp_cmdshell before migration.
B.Use RDS Custom for SQL Server to retain full control.
C.Enable xp_cmdshell in the RDS parameter group.
D.Disable xp_cmdshell in the stored procedures and migrate as-is.
AnswerA

xp_cmdshell is not supported; procedures must be modified to use alternatives.

Why this answer

Amazon RDS for SQL Server does not support the xp_cmdshell extended stored procedure because it allows execution of operating system commands, which violates the managed service model where AWS controls the host OS. The correct approach is to rewrite the stored procedures to remove dependency on xp_cmdshell before migration, using alternatives such as SQL Server Agent jobs, CLR integration, or external scripting via AWS Lambda or EC2.

Exam trap

The trap here is that candidates assume RDS Custom for SQL Server provides full OS control, but AWS still restricts xp_cmdshell and other OS-level features, making rewriting the only viable option.

How to eliminate wrong answers

Option B is wrong because RDS Custom for SQL Server does not enable xp_cmdshell; even with RDS Custom, AWS restricts access to the underlying OS and does not allow enabling xp_cmdshell due to security policies. Option C is wrong because xp_cmdshell cannot be enabled in an RDS parameter group; the RDS parameter group does not expose the 'xp_cmdshell' configuration option, and attempting to set it will be ignored or cause an error. Option D is wrong because simply disabling xp_cmdshell in the stored procedures and migrating as-is will break the procedures; the procedures must be rewritten to use alternative methods that do not rely on xp_cmdshell at all.

949
MCQhard

A gaming company uses Amazon DynamoDB for player session data. Each session has a partition key of `game_id` and a sort key of `session_id`. The table has a global secondary index (GSI) on `player_id` for leaderboard queries. Recently, the company noticed that write traffic to the GSI is causing throttling on the base table, even though the base table's write capacity is not fully utilized. What is the MOST likely cause?

A.The application is using strongly consistent reads on the GSI, which consumes double the read capacity.
B.The GSI is not designed with a high-cardinality partition key, causing write hot spots on the GSI.
C.Point-in-time recovery (PITR) is enabled, consuming extra write capacity.
D.The table's auto-scaling settings are not configured correctly for the GSI.
AnswerB

A hot GSI partition can throttle writes, affecting the base table writes.

Why this answer

The correct answer is B. A global secondary index (GSI) has its own provisioned read and write capacity, separate from the base table. If the GSI's partition key (player_id) has low cardinality (e.g., only a few distinct player_id values), writes to the base table will concentrate on a small number of GSI partitions, causing throttling on the GSI.

This throttling on the GSI then back-pressures the base table, resulting in write throttling on the base table even if its own write capacity is underutilized.

Exam trap

The trap here is that candidates often assume throttling on the base table is always caused by the base table's own capacity settings, overlooking that GSIs have independent capacity and can cause back-pressure on the base table when their partition key design leads to hot spots.

How to eliminate wrong answers

Option A is wrong because strongly consistent reads are not supported on GSIs in DynamoDB; GSIs only support eventually consistent reads, so this option describes an impossible scenario. Option C is wrong because point-in-time recovery (PITR) does not consume write capacity; it uses separate backup storage and does not affect the table's provisioned write throughput. Option D is wrong because auto-scaling settings for the GSI are independent of the base table; misconfigured auto-scaling could cause throttling on the GSI itself, but the question states the base table's write capacity is not fully utilized, and the core issue is the GSI's partition key cardinality causing hot spots, not auto-scaling misconfiguration.

950
MCQmedium

A company is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The database is 2 TB and has a daily change rate of 10%. They have a 1 Gbps network connection to AWS. They want to minimize downtime during the migration. Which migration approach should they use?

A.Use AWS Schema Conversion Tool (SCT) to convert schema, then import data
B.Use AWS Database Migration Service (DMS) with ongoing replication
C.Use pg_dump to export the database and pg_restore to import
D.Create an Aurora read replica from the Oracle database
AnswerB

DMS supports continuous change data capture (CDC) to minimize downtime.

Why this answer

AWS DMS can perform continuous replication from Oracle to Aurora PostgreSQL with minimal downtime. Option A is wrong because pg_dump/restore would require a long downtime for the initial load and catch-up. Option B is wrong because an Aurora read replica cannot be created from an external Oracle database.

Option D is wrong because the Schema Conversion Tool (SCT) is for schema conversion, not data migration.

951
MCQhard

A database administrator is trying to delete the RDS instance named 'prod-critical' using the AWS CLI. The IAM policy shown is attached to the user. What will happen?

A.The delete will succeed only if the user includes a condition.
B.The delete will fail because the Deny statement explicitly denies the action for that resource.
C.The delete will fail because the policy has a syntax error.
D.The delete will succeed because the Allow statement grants permission.
AnswerB

Deny overrides Allow, so the delete fails.

Why this answer

Option A is correct because the Deny statement explicitly denies the delete action for that specific resource, and Deny always overrides Allow. Option B is wrong because the Allow does not apply to the specific resource due to the Deny. Option C is wrong because the Deny is explicit.

Option D is wrong because the Deny is on the action, not condition.

952
MCQeasy

A company wants to deploy a MySQL database that automatically scales read capacity based on traffic without manual intervention. Which AWS database offering should they use?

A.Amazon DynamoDB with auto scaling
B.Amazon RDS for MySQL with Multi-AZ deployment
C.Amazon RDS for MySQL with a Single-AZ deployment
D.Amazon Aurora with Auto Scaling for read replicas
AnswerD

Aurora Auto Scaling automatically adjusts the number of read replicas based on CPU or connections.

Why this answer

Amazon Aurora with Auto Scaling for read replicas is correct because it automatically adjusts the number of Aurora Replicas based on changes in read workload, scaling read capacity without manual intervention. Aurora's Auto Scaling monitors the average CPU utilization or connections of the reader fleet and adds or removes replicas to maintain a target metric, providing seamless read scaling for MySQL-compatible databases.

Exam trap

The trap here is that candidates often confuse Multi-AZ deployments (which provide failover, not read scaling) with read replica auto scaling, or they incorrectly assume DynamoDB's auto scaling applies to MySQL workloads, when the question explicitly requires a MySQL database.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL database, not a MySQL database, and its auto scaling adjusts write and read capacity units, not read replicas for a relational MySQL workload. Option B is wrong because Amazon RDS for MySQL with Multi-AZ deployment provides high availability by maintaining a standby replica in a different Availability Zone, but it does not automatically scale read capacity; the standby is not used for read traffic unless a failover occurs. Option C is wrong because Amazon RDS for MySQL with a Single-AZ deployment offers no read replica scaling at all; it is a single instance that cannot automatically add read capacity based on traffic.

953
MCQhard

A database specialist is troubleshooting an Amazon Aurora MySQL cluster. The writer instance's CPU is at 90% and there are frequent 'Lock wait timeout exceeded' errors. The application uses many short-lived connections. What should the specialist do FIRST to reduce lock contention?

A.Add additional read replicas to distribute read traffic
B.Increase the instance size to handle more concurrent transactions
C.Enable RDS Proxy to pool database connections
D.Reduce the maximum number of connections in the application
AnswerC

RDS Proxy reduces connection churn, decreasing lock contention.

Why this answer

Option A is correct because enabling RDS Proxy reduces connection churn and pools connections, reducing lock contention. Option B is wrong because increasing instance size adds CPU but doesn't directly address lock contention. Option C is wrong because reducing connections may increase contention per connection.

Option D is wrong because read replicas don't handle write locks.

954
MCQeasy

A company needs a database for a serverless web application that stores user sessions. The sessions expire after 24 hours. The database must be highly available and require no server management. Which AWS service is most appropriate?

A.Amazon ElastiCache for Redis with cluster mode.
B.Amazon DynamoDB with TTL.
C.Amazon RDS for PostgreSQL with Multi-AZ.
D.Amazon S3 with lifecycle policies.
AnswerB

DynamoDB is serverless, highly available, and supports TTL.

Why this answer

Amazon DynamoDB with TTL is the most appropriate choice because it provides a fully managed, serverless, highly available NoSQL database that can automatically expire user sessions after 24 hours using the Time to Live (TTL) feature. DynamoDB's on-demand capacity mode eliminates server management, and its built-in replication across multiple Availability Zones ensures high availability without any manual intervention.

Exam trap

The trap here is that candidates often confuse ElastiCache for Redis as a 'database' for sessions, but the question explicitly requires 'no server management' and 'highly available' — DynamoDB is the only fully serverless, managed database option that meets all criteria, while ElastiCache still requires cluster management and is not serverless.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis with cluster mode is an in-memory cache, not a durable database; while it can store sessions with TTL, it requires server management (e.g., node sizing, patching) and is not serverless. Option C is wrong because Amazon RDS for PostgreSQL with Multi-AZ requires server management (e.g., patching, scaling) and is not serverless; it also lacks a native TTL feature for automatic session expiration. Option D is wrong because Amazon S3 with lifecycle policies is an object storage service, not a database; it cannot efficiently handle high-frequency read/write operations for user sessions and lacks the low-latency query capabilities needed for session management.

955
MCQhard

Refer to the exhibit. The exhibit shows CloudWatch metrics from an Amazon RDS for PostgreSQL instance. The application is experiencing slow query performance. Which is the most likely cause?

A.High storage latency due to provisioned IOPS being fully utilized or EBS volume contention
B.High CPU utilization due to complex queries
C.Too many database connections causing context switching
D.Insufficient memory causing disk swaps
AnswerA

Read/Write latency significantly above expected values for provisioned IOPS storage.

Why this answer

Option A is correct because ReadLatency of 2.5 ms is high for a database with 5000 provisioned IOPS; typically sub-millisecond is expected. WriteLatency of 5 ms is also high. Memory usage is 450 MB out of 16 GB, so memory is fine.

Connections (100) are moderate. IOPS (5000 read, 2000 write) are within limits but latency is high, indicating potential throttling or contention. Option B: connections are not high.

Option C: memory is not pressured. Option D: CPU is not mentioned; high latency is often storage-related.

956
MCQmedium

A company is designing a database for a global application that requires active-active replication across two AWS Regions. The database must support multi-master writes with conflict resolution. Which AWS database service should they use?

A.Amazon Aurora Global Database
B.Amazon DynamoDB Global Tables
C.Amazon Redshift
D.Amazon RDS for MySQL with Multi-AZ
AnswerB

DynamoDB Global Tables provide multi-master active-active replication with conflict resolution.

Why this answer

Amazon DynamoDB Global Tables provide multi-Region, multi-master replication with conflict resolution based on last writer wins. Aurora Global Database supports replication but is primary-secondary (single master for writes). RDS Multi-AZ is multi-AZ, not multi-Region.

Redshift is not designed for this.

957
Multi-Selectmedium

A company is using Amazon RDS for MySQL and needs to comply with PCI DSS requirements. Which TWO actions should the company take to secure the database? (Choose TWO.)

Select 2 answers
A.Enable encryption at rest using AWS KMS.
B.Configure the database to write audit logs directly to an S3 bucket.
C.Enable audit logging to track database activities.
D.Enable public accessibility on the RDS instance to allow access from anywhere.
E.Change the default database port to a non-standard port.
AnswersA, C

Encryption at rest is required for data protection.

Why this answer

Options B and D are correct. Enabling encryption at rest protects data on disk, and enabling audit logging helps track access. Option A is wrong because public access should be disabled for security.

Option C is wrong because default port is fine; changing it is not a security requirement. Option E is wrong because S3 is not used for RDS audit logs; CloudWatch Logs is used.

958
MCQmedium

A developer reports that an application is unable to connect to an Amazon RDS for Oracle database. The security group for the database allows inbound traffic on port 1521 from the application's security group. The database is publicly accessible. What should be checked next?

A.Check the DB parameter group for the 'remote_listener' parameter.
B.Check the automated backup retention period.
C.Verify that the DB subnet group includes a public subnet with an internet gateway.
D.Review the CloudWatch Logs for error logs.
AnswerC

Public accessibility requires a public subnet and internet gateway.

Why this answer

Option A is correct because even if the security group allows traffic, the DB subnet group must be in a public subnet with an internet gateway. Option B is wrong because the issue is connectivity, not backups. Option C is wrong because CloudWatch Logs may not show connection attempts.

Option D is wrong because parameter groups don't control network access.

959
Multi-Selecthard

Which THREE factors should be considered when choosing between Amazon RDS Multi-AZ and Amazon Aurora for high availability? (Choose 3)

Select 3 answers
A.Aurora provides faster failover (typically under 30 seconds)
B.RDS Multi-AZ provides automatic scaling of storage
C.RDS Multi-AZ supports encryption at rest
D.Aurora automatically scales storage up to 128 TB per instance
E.Aurora supports up to 15 read replicas, while RDS Multi-AZ supports only 1 standby
AnswersA, D, E

Aurora failover is faster than RDS Multi-AZ.

Why this answer

Aurora's distributed storage architecture enables failover in under 30 seconds typically, because the storage layer is shared across all instances in the cluster. When the primary instance fails, Aurora simply promotes one of the existing read replicas to primary, without needing to remap storage volumes. This is significantly faster than RDS Multi-AZ, which requires a DNS change and a synchronous block-level replication failover that can take 60-120 seconds.

Exam trap

The trap here is that candidates confuse RDS Multi-AZ's synchronous replication with Aurora's shared storage architecture, assuming both have similar failover times, but Aurora's failover is consistently faster due to its distributed storage layer.

960
MCQhard

A team is using AWS DMS to migrate a 3 TB Oracle database to Amazon Aurora PostgreSQL. They configured the task as shown. After the full load completes, they notice that the target tables have no indexes, primary keys, or foreign keys. What is the most likely cause?

A.The migration task did not include transformation rules to create indexes and constraints.
B.The table selection rule uses wildcards and excludes system tables, which also excludes index definitions.
C.The TargetTablePrepMode is set to DROP_AND_CREATE, which creates tables without indexes or constraints.
D.The task is using a full load without LOB support, which prevents index creation.
AnswerC

DROP_AND_CREATE mode creates target tables with only the column definitions, not indexes or constraints.

Why this answer

When TargetTablePrepMode is set to DROP_AND_CREATE, AWS DMS drops the target table if it exists and then creates a new one using only the basic column definitions from the source. It does not migrate indexes, primary keys, or foreign keys because DMS is not designed to replicate schema objects beyond table structure and data. To preserve constraints and indexes, you must either pre-create them on the target or use a different prep mode like TRUNCATE_BEFORE_LOAD.

Exam trap

The trap here is that candidates assume DMS automatically replicates all schema objects, including indexes and constraints, when in fact DMS only migrates table structure and data, leaving schema objects like indexes and foreign keys to be handled separately.

How to eliminate wrong answers

Option A is wrong because transformation rules in DMS are used to rename tables, columns, or schemas, not to create indexes or constraints; index and constraint creation is not a feature of DMS transformation rules. Option B is wrong because wildcard table selection rules and exclusion of system tables affect which tables are migrated, not whether indexes or constraints are created on the target; DMS does not replicate index definitions regardless of table selection. Option D is wrong because LOB support settings control how large objects are handled during migration and have no impact on index or constraint creation; indexes are not created even when LOB support is enabled.

961
Multi-Selecthard

A company is deploying an Amazon DynamoDB table with on-demand capacity mode. The table will be accessed from multiple AWS Regions and requires strong consistency. Which THREE steps should be taken to meet these requirements?

Select 3 answers
A.Create a global secondary index
B.Use DynamoDB Accelerator (DAX)
C.Configure auto scaling
D.Enable DynamoDB global tables
E.Use strongly consistent reads
AnswersA, D, E

GSIs are needed for strong consistent reads on replicated data.

Why this answer

Options A, B, and D are correct. DynamoDB global tables (A) provide multi-region deployment, but they only support eventual consistency; however, for strong consistency, you need to use DynamoDB global tables with strong consistency (B) which is available in some regions, and you must have a global secondary index (D) to support strong consistent reads. Option C is wrong because DynamoDB Accelerator (DAX) is a caching layer that does not provide strong consistency across regions.

Option E is wrong because auto scaling is not needed when using on-demand capacity mode.

962
MCQhard

Refer to the exhibit. A developer runs a DynamoDB query against a global secondary index. The index's partition key is 'status' and sort key is 'created_at'. There are many items with status 'PENDING' in the table. Why does the query return zero items?

A.The query is incorrectly targeting the base table instead of the index.
B.The query must include a condition on the sort key to return results.
C.The key-condition-expression uses the wrong attribute name placeholder.
D.The global secondary index is not yet backfilled with data from the base table.
AnswerD

If the index was recently created, it may still be in the process of backfilling, so items are not yet available.

Why this answer

The query uses the index's partition key 'status' but does not specify a sort key condition. The index's sort key is 'created_at'. The query should return items with status 'PENDING' sorted by 'created_at'.

However, the response shows 0 items but consumed 0.5 capacity units, indicating the index exists but no items matched. This could happen if the index is not yet backfilled (if recently created) or if the index's partition key attribute is missing in the items. In DynamoDB, GSI items are only written if the attribute exists.

If items have a 'status' attribute set to 'PENDING', they should appear. The most likely cause is that the index is not fully populated yet (if recently created) or the 'status' attribute is missing in the items. The query syntax looks correct.

Option A (incorrect expression) is unlikely. Option B (missing sort key) is not required for query on partition key only. Option C (index not yet backfilled) is plausible.

Option D (using table name instead of index name) is incorrect because the query specifies --index-name. So C is correct.

963
MCQmedium

A healthcare application requires storing patient records that include structured data (e.g., name, age) and unstructured data (e.g., medical images). The application needs to query structured data with SQL and serve images via HTTPS. Which combination of AWS services provides the MOST efficient design?

A.Amazon DynamoDB for structured data and Amazon S3 for images with DynamoDB Accelerator (DAX)
B.Amazon RDS for MySQL for structured data and Amazon EFS for images
C.Amazon RDS for PostgreSQL for structured data and Amazon S3 for images with Amazon CloudFront
D.Amazon Redshift for structured data and Amazon S3 for images
AnswerC

RDS provides SQL; S3 and CloudFront serve images efficiently.

Why this answer

Option B is correct: RDS stores structured data with SQL, S3 stores images, and CloudFront caches images for low-latency access. Option A is wrong because DynamoDB does not support SQL. Option C is wrong because EFS is a file system, not optimized for image serving.

Option D is wrong because Redshift is a data warehouse, not suitable for transactional queries.

964
MCQmedium

A company runs an Amazon Redshift cluster with three nodes. The data warehouse team notices that some queries are slow due to high disk usage. The cluster has reached 80% storage capacity. What is the MOST cost-effective way to increase storage without interrupting operations?

A.Add one more node of the same type to the cluster.
B.Use classic resize to change to a node type with larger storage.
C.Perform an elastic resize to change to a node type with larger storage per node.
D.Create a second cluster and use Redshift Spectrum to offload queries.
AnswerC

Elastic resize completes in minutes and minimizes downtime.

Why this answer

Option C is correct because Redshift allows resizing to a larger node type, but that can be expensive. Option A is wrong because adding nodes increases both storage and compute, but may be more cost-effective depending on needs. Option C (elastic resize) is the best as it changes node type quickly with minimal downtime.

Option D is wrong because adding a node group is not a concept in Redshift.

965
Multi-Selecteasy

A company is deploying a new MySQL database on Amazon RDS. They need to ensure that the database is automatically backed up daily and retained for 30 days. Which TWO configurations should be set? (Choose 2)

Select 2 answers
A.Set backup retention period to 30 days.
B.Enable automated backups.
C.Set backup window.
D.Enable Multi-AZ deployment.
E.Create a manual snapshot daily.
AnswersA, B

Defines retention.

Why this answer

Options A and D are correct because automated backups are enabled by default and retention period can be set up to 35 days. Option B is wrong because manual snapshots are separate. Option C is wrong because it's not about backups.

Option E is wrong because it doesn't set retention.

966
MCQmedium

A company is designing a database for a social media application that requires low-latency access to user profiles and support for complex graph queries. Which AWS database service is most suitable for this workload?

A.Amazon DynamoDB
B.Amazon ElastiCache for Redis
C.Amazon Neptune
D.Amazon RDS for MySQL
AnswerC

Neptune is a graph database with support for graph queries.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data. It supports both property graph (Apache TinkerPop/Gremlin) and RDF (SPARQL) models, making it the ideal choice for social media applications that require low-latency traversal of complex relationships, such as friend-of-friend recommendations or influence paths.

Exam trap

The trap here is that candidates often mistake DynamoDB's low-latency key-value lookups as sufficient for graph queries, overlooking that DynamoDB cannot perform multi-step traversals without multiple round trips and client-side joins, which destroys performance for complex relationship queries.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a key-value and document database that excels at high-throughput, low-latency lookups by primary key but lacks native support for graph traversal queries (e.g., multi-hop joins or pathfinding) required for complex graph workloads. Option B is wrong because Amazon ElastiCache for Redis is an in-memory data store primarily used for caching, session management, and real-time analytics; it does not provide a graph query engine (like Gremlin or SPARQL) and cannot efficiently execute complex graph traversals across deeply connected data. Option D is wrong because Amazon RDS for MySQL is a relational database that uses SQL joins and recursive CTEs to model graphs, but these operations become exponentially slower as graph depth increases, failing to meet the low-latency requirements for complex graph queries at scale.

967
MCQhard

A company runs a document database using Amazon DocumentDB. They notice that some queries are taking much longer than expected. The explain plan shows a COLLSCAN. Which action would most improve query performance?

A.Increase the instance size to the next tier
B.Change the read consistency from eventual to strong
C.Increase the storage allocated to the instance
D.Create appropriate indexes on the fields used in query filters
AnswerD

Indexes prevent full collection scans.

Why this answer

Option A is correct because creating an index on the queried fields avoids collection scans. Option B is wrong because increasing instance size helps but doesn't address the root cause. Option C is wrong because changing consistency level affects read freshness, not performance.

Option D is wrong because increasing storage doesn't improve query speed.

968
MCQmedium

A company is running an Amazon RDS for MySQL Multi-AZ DB instance. They notice that the application is experiencing increased latency during peak hours. The DB instance's CPU utilization is consistently above 80%, and the Read Latency metric is high. Which action would most effectively reduce the latency without requiring application changes?

A.Create a read replica and direct read queries to it.
B.Disable Multi-AZ to free up resources.
C.Increase the DB instance class to a larger size.
D.Enable Multi-AZ on the DB instance.
AnswerA

Correct. Offloading read queries to a read replica reduces load on the primary instance and lowers read latency.

Why this answer

Option D is correct because Multi-AZ deployments with read replicas offload read traffic and reduce latency. Option A is wrong because increasing instance size may help but does not specifically address read latency. Option B is wrong because enabling Multi-AZ alone does not reduce read latency.

Option C is wrong because disabling Multi-AZ would remove the standby, reducing availability.

969
MCQhard

A company uses Amazon RDS for Oracle with a custom application that generates complex hierarchical queries using CONNECT BY. They want to migrate to Amazon Aurora to reduce licensing costs. Which migration strategy requires the fewest application changes?

A.Use AWS Database Migration Service (DMS) to migrate directly to Aurora with no application changes.
B.Migrate to Amazon Aurora MySQL and use its hierarchical query features.
C.Migrate to Amazon Aurora PostgreSQL and rewrite hierarchical queries to use recursive CTEs.
D.Migrate to Amazon RDS for SQL Server and use its recursive CTEs.
AnswerC

PostgreSQL supports recursive CTEs, which are equivalent to CONNECT BY.

Why this answer

Option C is correct because Aurora PostgreSQL supports recursive Common Table Expressions (CTEs) via the WITH RECURSIVE clause, which can be used to rewrite Oracle's CONNECT BY hierarchical queries with minimal application changes. This approach avoids the licensing costs of Oracle while preserving the hierarchical query logic, requiring only a syntax rewrite rather than a complete redesign. Aurora MySQL does not support CONNECT BY or recursive CTEs, making PostgreSQL the only Aurora engine that can handle this workload without significant application restructuring.

Exam trap

The trap here is that candidates assume Aurora MySQL can handle hierarchical queries because it is often marketed as Oracle-compatible, but it lacks CONNECT BY and recursive CTEs, making PostgreSQL the only Aurora engine that can natively support hierarchical queries with a straightforward rewrite.

How to eliminate wrong answers

Option A is wrong because AWS DMS cannot translate Oracle-specific CONNECT BY syntax into an equivalent Aurora MySQL or PostgreSQL query; it only migrates data, not query logic, so the application would break without changes. Option B is wrong because Amazon Aurora MySQL does not support CONNECT BY or recursive CTEs, so hierarchical queries would require a complete rewrite using alternative methods like nested sets or adjacency lists, which is far more complex than a simple CTE rewrite. Option D is wrong because migrating to Amazon RDS for SQL Server does not reduce licensing costs (SQL Server requires its own licenses) and still requires rewriting queries to use recursive CTEs, offering no advantage over PostgreSQL in this scenario.

970
MCQmedium

A company is migrating a 2 TB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used for the migration?

A.AWS S3 Transfer Acceleration for direct database export
B.AWS Data Migration Service with AWS Glue
C.AWS Snowball Edge for offline data transfer
D.AWS Database Migration Service (DMS) with change data capture
AnswerD

AWS DMS supports ongoing replication with CDC for minimal downtime.

Why this answer

Option A is correct because AWS DMS supports ongoing replication from on-premises PostgreSQL to RDS for PostgreSQL using logical replication. Option B is wrong because S3 is for storage, not database migration. Option C is wrong because Snowball is for large data transfer offline, not minimal downtime replication.

Option D is wrong because Database Migration Service is the correct name, not Data Migration Service.

971
MCQmedium

A company uses Amazon ElastiCache for Redis as a caching layer for its e-commerce application. Recently, the cache hit ratio has dropped significantly, causing increased database load. The operations team needs to identify which cache keys are being evicted. What should they do?

A.Monitor the 'Evictions' metric in Amazon CloudWatch for the ElastiCache cluster.
B.Check the ElastiCache event history for eviction events.
C.Enable the 'INFO' command output to be logged to CloudWatch Logs.
D.Enable the Redis slow-log to capture eviction commands.
AnswerA

CloudWatch provides the evictions metric which tracks the number of evicted keys.

Why this answer

Option B is correct because the 'evictions' metric in CloudWatch shows the number of evicted keys, and enabling the 'Evicted' statistic can help monitor evictions. Option A is incorrect because the INFO command shows current evictions but not historical trends. Option C is incorrect because ElastiCache events do not include eviction details.

Option D is incorrect because slow-log shows slow commands, not evictions.

972
Multi-Selecteasy

A company is migrating a 200 GB MySQL database to Amazon Aurora MySQL. The migration must be completed within a 1-hour downtime window. Which TWO methods can achieve this?

Select 2 answers
A.Use AWS SCT to convert the schema and then perform a data load.
B.Use AWS DMS with full load only.
C.Use Percona XtraBackup to create a physical backup, upload to S3, and restore to Aurora.
D.Use mysqldump with parallel threads and import using mysql command.
E.Create an RDS Read Replica of the on-premises database and promote it.
AnswersC, D

XtraBackup is fast and Aurora supports restoring from it via S3.

Why this answer

Using mysqldump with parallel threads can speed up export/import. Percona XtraBackup creates a fast physical backup that can be restored to Aurora. DMS full load may be slower.

RDS read replica is not applicable. SCT is for schema conversion.

973
Multi-Selecthard

Which THREE factors should be considered when choosing between Amazon DynamoDB and Amazon RDS for a new application? (Choose three.)

Select 3 answers
A.Need for ACID transactions across multiple rows
B.Need for complex join queries across multiple tables
C.Need for automatic failover in multiple AWS Regions
D.Requirement for flexible schema with document data
E.Data size exceeding 10 TB
AnswersA, B, D

RDS supports full ACID; DynamoDB supports transactional APIs but limited.

Why this answer

Option A is correct because Amazon RDS supports ACID transactions across multiple rows using traditional SQL databases like MySQL or PostgreSQL, which is essential for applications requiring strict consistency (e.g., financial systems). Amazon DynamoDB, while supporting ACID transactions via the TransactGetItems and TransactWriteItems APIs, is optimized for single-item or limited multi-item operations and may not perform as well for complex multi-row transactional workloads. The need for ACID across multiple rows is a key differentiator favoring RDS.

Exam trap

The trap here is that candidates assume automatic failover across multiple Regions is unique to one service, but both DynamoDB (global tables) and RDS (cross-Region read replicas with manual promotion) can achieve this, making it a non-differentiating factor.

974
Multi-Selectmedium

A company is migrating a 200 GB Oracle database to Amazon RDS for Oracle. Which TWO steps should be taken to ensure a successful migration? (Choose two.)

Select 2 answers
A.Enable TDE encryption on the source database before migration.
B.Use AWS DMS only for heterogeneous migrations; use Oracle Data Pump instead.
C.Use AWS DMS with full load and ongoing replication.
D.Export the database using expdp and import using impdp.
E.Use AWS Schema Conversion Tool (SCT) to assess and convert the schema.
AnswersC, E

Minimizes downtime by replicating ongoing changes.

Why this answer

Options B and D are correct. Using AWS SCT helps convert the schema and identify potential issues. Using AWS DMS with ongoing replication minimizes downtime.

Option A is wrong because Oracle to RDS for Oracle is homogeneous; DMS supports it. Option C is wrong because manual export/import is error-prone and causes downtime. Option E is wrong because encrypting the source database adds complexity and may not be necessary.

975
Multi-Selecteasy

Which TWO methods can be used to securely connect to an Amazon RDS for PostgreSQL DB instance from an EC2 instance in the same VPC? (Select TWO.)

Select 2 answers
A.Use IAM database authentication.
B.Configure a security group that allows all traffic from the EC2 instance.
C.Use a bastion host to proxy the connection.
D.Connect using SSL/TLS.
E.Set up a VPC peering connection between the EC2 VPC and the RDS VPC.
AnswersA, D

IAM authentication provides secure authentication.

Why this answer

Using SSL/TLS encrypts the connection. Using IAM database authentication provides a secure authentication mechanism. A security group allows traffic but does not encrypt.

A VPC peering connection does not encrypt. A bastion host may add encryption but is not a method itself.

Page 12

Page 13 of 24

Page 14