AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 10511125

1730 questions total · 24pages · All types, answers revealed

Page 14

Page 15 of 24

Page 16
1051
MCQmedium

A company is running an Amazon RDS for MySQL DB instance in a VPC. The security team requires that all connections to the database use SSL/TLS. The DBA has enabled 'require_secure_transport' parameter in the DB parameter group. However, after applying the change and rebooting, some applications that were previously connecting successfully are now failing. What is the most likely cause?

A.The security group inbound rule for the database port is missing.
B.The option group does not have the SSL option enabled.
C.The application is not configured to connect using SSL/TLS.
D.The DB subnet group does not include the application's subnet.
AnswerC

require_secure_transport rejects non-SSL connections.

Why this answer

Option C is correct because enabling require_secure_transport forces the server to accept only SSL connections. If the application does not use SSL, the connection will be rejected. Option A is wrong because the DB subnet group does not affect SSL enforcement.

Option B is wrong because the security group controls network access, not SSL. Option D is wrong because the option group is irrelevant for this setting.

1052
MCQhard

A database administrator has the IAM policy shown above attached to their user. When they try to run the AWS CLI command `aws rds describe-db-instances --region us-west-2`, they receive an access denied error. Why does this fail?

A.The user must use multi-factor authentication (MFA) to perform the describe action.
B.The user does not have permission to describe DB instances in any region.
C.The policy includes a condition key that denies access when the region is not us-east-1.
D.The policy explicitly restricts the resource to a specific DB instance ARN in us-east-1, and the command specifies a different region.
AnswerD

The resource ARN includes region us-east-1, so it does not apply to us-west-2.

Why this answer

Option B is correct. The resource statement in the first Allow explicitly limits access to the specific DB instance ARN in us-east-1. The second Allow allows rds:DescribeDBInstances on any resource, but the explicit resource restriction in the first statement does not grant access to resources in other regions.

Since the command specifies us-west-2, the instance is not in that region, and the policy does not allow DescribeDBInstances on any resource in us-west-2. Option A is wrong because DescribeDBInstances is allowed on the specific resource, but not in us-west-2. Option C is wrong because there is no condition.

Option D is wrong because the policy does not require MFA.

1053
Multi-Selectmedium

A company is running a critical application on Amazon DynamoDB. The table has a partition key of 'user_id' and a sort key of 'timestamp'. The application frequently queries for all items for a given user within a date range. The read capacity is often throttled during peak hours. Which THREE steps should the database specialist take to resolve the throttling?

Select 3 answers
A.Enable DynamoDB adaptive capacity to automatically adjust throughput
B.Change the partition key to 'timestamp' to improve read distribution
C.Decrease the provisioned write capacity units (WCU) to free up resources for reads
D.Increase the provisioned read capacity units (RCU) for the table
E.Implement DynamoDB Accelerator (DAX) to cache frequent reads
AnswersA, D, E

Adaptive capacity helps manage uneven access patterns and reduces throttling.

Why this answer

Option A is correct because DynamoDB adaptive capacity automatically manages throughput to accommodate uneven access patterns, such as when a single 'user_id' partition receives more reads than provisioned. It allows the table to absorb throttling by redistributing unused capacity from other partitions, which directly addresses the peak-hour throttling without manual intervention.

Exam trap

The trap here is that candidates may think decreasing WCU can reallocate resources to reads, but DynamoDB's read and write capacity are independent, so reducing one does not benefit the other.

1054
MCQmedium

A company is deploying a multi-AZ Aurora MySQL database. They need to ensure that failover happens automatically with minimal data loss. Which configuration should be used?

A.Deploy an Aurora Global Database with a primary in one region and a secondary in another region.
B.Use a Multi-AZ RDS for MySQL deployment.
C.Create an Aurora cluster with one primary and two readers in different Availability Zones.
D.Configure a single-AZ Aurora instance and enable cross-Region replication.
AnswerC

Aurora automatically fails over to a reader with minimal data loss.

Why this answer

Option C is correct because an Aurora cluster with one primary and two readers in different Availability Zones provides automatic failover with minimal data loss. Aurora uses a shared cluster volume that is replicated six ways across three AZs, ensuring that during a failover, the promoted reader has access to all committed transactions with no data loss. This configuration meets the requirement for multi-AZ high availability and automatic failover within a single region.

Exam trap

The trap here is that candidates often confuse Multi-AZ RDS for MySQL with Aurora's multi-AZ architecture, not realizing that Aurora's distributed storage and reader promotion provide superior automatic failover with minimal data loss compared to traditional RDS Multi-AZ.

How to eliminate wrong answers

Option A is wrong because an Aurora Global Database is designed for cross-region disaster recovery, not for automatic failover within a single region; it introduces replication lag of up to 1 second, which can result in data loss during a failover. Option B is wrong because Multi-AZ RDS for MySQL uses synchronous replication to a standby instance, but it is not Aurora and does not leverage Aurora's distributed storage engine, which provides faster failover and better durability. Option D is wrong because a single-AZ Aurora instance with cross-Region replication does not provide automatic failover within the same region; it only replicates asynchronously to another region, and a failure in the primary AZ would cause downtime until manual intervention.

1055
MCQeasy

A company has an Amazon DynamoDB table with auto scaling enabled. During a traffic spike, the application experiences high write latencies. Which action should the company take to troubleshoot the latency issue?

A.Monitor the ThrottledWriteEvents metric in CloudWatch.
B.Switch the table to on-demand capacity mode.
C.Disable auto scaling and manually increase write capacity.
D.Increase the read capacity of the table.
AnswerA

ThrottledWriteEvents indicates if writes are being throttled, causing high latency.

Why this answer

Option B is correct because CloudWatch metrics for ThrottledWriteEvents help identify if auto scaling is keeping up. Option A is wrong because disabling auto scaling may cause throttling. Option C is wrong because changing to on-demand may not be cost-effective and is not a troubleshooting step.

Option D is wrong because increasing read capacity does not affect write latency.

1056
MCQhard

A company is running a MongoDB-compatible Amazon DocumentDB cluster. The application is experiencing high write latency during peak hours. The cluster has one writer and two readers. The DBA suspects that the issue is due to a large number of indexes on the collection. What should the DBA do to verify this hypothesis without affecting production?

A.Take a snapshot of the cluster and restore it to a new cluster to test index changes.
B.Use AWS DMS to replicate data to a test cluster and perform index testing there.
C.Enable the profiler on the production cluster to capture slow queries and analyze the index usage.
D.Create a clone of the cluster using the 'Clone Cluster' feature and test index changes on the clone.
AnswerD

Cloning creates a copy of the cluster quickly without impacting the source.

Why this answer

Option D is correct because creating a clone of the cluster in the same account allows testing in an isolated environment without impacting production. Option A is incorrect because using the profiler to identify slow queries does not directly test the impact of indexes. Option B is incorrect because AWS DMS is used for migration, not for testing index impact.

Option C is incorrect because restoring a snapshot into a new cluster is disruptive as it requires taking a snapshot and restoring, which can be time-consuming and does not provide real-time data.

1057
MCQhard

A company is using an Amazon RDS for SQL Server database with Multi-AZ deployment. They need to migrate to Amazon RDS for SQL Server in a different AWS region. The database is 1 TB and cannot tolerate more than 15 minutes of downtime. Which strategy minimizes downtime?

A.Create a cross-region read replica in the target region and promote it to a standalone instance.
B.Take a snapshot of the source RDS instance and restore it in the target region. Then update the application connection string.
C.Set up cross-region replication using native SQL Server log shipping or DMS with ongoing replication, then perform a DNS cutover to the target instance.
D.Use AWS DMS to perform a full load to a new RDS instance in the target region. During the final sync, stop the source and resume from the target.
AnswerC

This approach keeps the target synchronized and allows a quick cutover with minimal downtime.

Why this answer

Option D is correct because setting up cross-region replication (using native SQL Server log shipping or DMS) allows continuous data sync and a quick DNS cutover. Option A is wrong because a snapshot restore takes time and does not provide ongoing sync. Option B is wrong because creating a read replica across regions is not supported for SQL Server.

Option C is wrong because a new instance would require full data load.

1058
MCQmedium

A company is deploying a MySQL RDS instance using this CloudFormation template. After deployment, they notice that the database is not automatically backed up at the scheduled time. What is the most likely cause?

A.The storage type gp2 does not support automated backups.
B.The PreferredBackupWindow is not defined, so backups are disabled.
C.MultiAZ is enabled, which disables automated backups.
D.The BackupRetentionPeriod must be greater than 0 to enable automated backups; however, it is set to 7, so this is not the issue. The actual cause might be that the DB instance is using a storage engine not supported for backups (e.g., MyISAM).
AnswerD

RDS automated backups require InnoDB; MyISAM tables cause backup failure.

Why this answer

Option C is correct because to enable automated backups, the BackupRetentionPeriod must be greater than 0. In the snippet, it is set to 7, so backups should be enabled. However, automated backups are only supported for InnoDB storage engine; if the instance uses MyISAM, backups may fail.

But the question asks for most likely cause; another common issue is that the backup window is too short or conflicts with maintenance, but the snippet shows valid windows. Option A is wrong because MultiAZ does not affect backups. Option B is wrong because storage type gp2 supports backups.

Option D is wrong because the backup window is defined.

1059
MCQhard

A company has an Amazon Aurora MySQL DB cluster with one writer and two readers. The application is reporting increased read latency. The DB cluster is using Aurora Auto Scaling for readers. Which metric should be used to trigger scaling out readers?

A.ReadLatency
B.ReaderNodeCPU
C.CPUUtilization
D.AverageActiveConnections
AnswerD

Aurora Auto Scaling uses the number of active connections to the reader to add or remove readers.

Why this answer

Aurora Auto Scaling for readers uses the 'AverageActiveConnections' metric to determine when to add readers. Option B is correct. Option A is incorrect because the auto scaling is based on connections, not CPU.

Option C is incorrect because ReaderNodeCPU is not a predefined metric for auto scaling. Option D is incorrect because ReadLatency is an effect, not a scaling trigger.

1060
MCQmedium

A database administrator is troubleshooting why Amazon RDS Enhanced Monitoring is not displaying metrics for a DB instance. The IAM role attached to the instance has the policy shown in the exhibit. What is the likely cause?

A.The policy denies the 'rds:DescribeDBInstances' action.
B.The policy is missing the 'rds:CreateDBInstance' action.
C.The policy does not include 'monitoring:ListMetrics'.
D.The resource is set to '*' instead of the specific DB instance ARN.
AnswerB

Enhanced Monitoring requires this permission.

Why this answer

Option D is correct because Enhanced Monitoring requires the 'rds:CreateDBInstance' permission for the monitoring role, which is missing. Option A is wrong because the actions listed are valid. Option B is wrong because the resource is '*' which includes all.

Option C is wrong because the actions are allowed, not denied.

1061
MCQmedium

A company is deploying an RDS MySQL database using the above CloudFormation template. After deployment, the database automatically reboots during the maintenance window. The company wants to reduce the impact of maintenance events. Which parameter change would minimize unavailability?

A.Set AutoMinorVersionUpgrade to true in the template.
B.Increase BackupRetentionPeriod to 30 days to have more recovery points.
C.Increase AllocatedStorage to 500 GB to improve performance during maintenance.
D.Change PreferredMaintenanceWindow to a less busy time.
AnswerA

Automatic minor version upgrades ensure the database is updated during maintenance windows, reducing the need for manual updates that could cause longer downtime.

Why this answer

Setting AutoMinorVersionUpgrade to true ensures that minor version upgrades are applied automatically during the maintenance window, but more importantly, it enables the use of a Multi-AZ deployment's automatic failover to reduce downtime. In a Multi-AZ RDS MySQL setup, the primary database reboots during maintenance, but the standby instance takes over with minimal interruption. This parameter change minimizes unavailability by leveraging the failover mechanism, whereas other options do not directly address the impact of maintenance reboots.

Exam trap

The trap here is that candidates often assume changing the maintenance window to a less busy time (Option D) reduces impact, but it only shifts the downtime without reducing its length; the correct answer focuses on enabling Multi-AZ failover through AutoMinorVersionUpgrade, which actually minimizes unavailability during maintenance events.

How to eliminate wrong answers

Option B is wrong because increasing BackupRetentionPeriod to 30 days provides more recovery points for point-in-time restore, but it does not reduce the impact of maintenance events; backups are taken asynchronously and do not affect availability during a reboot. Option C is wrong because increasing AllocatedStorage to 500 GB improves I/O performance and throughput, but it does not prevent or shorten the downtime caused by a maintenance reboot; storage size is unrelated to the failover or reboot process. Option D is wrong because changing PreferredMaintenanceWindow to a less busy time only shifts when the reboot occurs, but it does not reduce the duration or impact of the unavailability; the database still reboots and becomes unavailable during that window.

1062
Multi-Selectmedium

A security engineer is designing access controls for an Amazon DynamoDB table containing customer data. Which TWO actions enforce least privilege access?

Select 2 answers
A.Use IAM conditions to restrict access to specific attributes.
B.Grant dynamodb:* action to all users.
C.Implement fine-grained access control using IAM policy conditions.
D.Use a resource-based policy on the DynamoDB table.
E.Attach a VPC endpoint policy that allows all actions.
AnswersA, C

Conditions can limit access to specific attributes.

Why this answer

Options B and D are correct. Using IAM conditions to restrict access to specific attributes (B) and using fine-grained access control with IAM (D) enforce least privilege. Option A is wrong because wildcard actions grant full access.

Option C is wrong because DynamoDB does not have VPC endpoints that limit table access. Option E is wrong because resource-based policies are not supported for DynamoDB tables.

1063
MCQmedium

A company is migrating an on-premises MySQL database to Amazon Aurora MySQL. The database is 2 TB and the migration must have minimal downtime. The network bandwidth between the on-premises data center and AWS is 1 Gbps. Which migration approach is most appropriate?

A.Use mysqldump to export the data, upload to Amazon S3, and import into Aurora
B.Take a snapshot of the on-premises database and restore it to Aurora
C.Use AWS Snowball Edge to transfer the data physically to AWS
D.Use AWS Database Migration Service (DMS) with ongoing replication to keep the target in sync
AnswerD

DMS supports continuous replication, allowing minimal downtime migration.

Why this answer

AWS DMS can migrate data with minimal downtime. Using DMS with a full load and ongoing replication (change data capture) allows the source to remain active until the cutover. Option B (Aurora S3) is for importing from S3, not for live migration.

Option C (RDS snapshot) is for RDS to Aurora, not on-premises. Option D (Snowball) is for large data volumes with limited bandwidth, but 2 TB at 1 Gbps can be transferred in about 5 hours (theoretical), so DMS is feasible and minimizes downtime.

1064
Multi-Selectmedium

Which TWO metrics should be monitored to detect an Amazon RDS for MySQL instance that is experiencing memory pressure? (Choose 2.)

Select 2 answers
A.SwapUsage
B.DatabaseConnections
C.ReadIOPS
D.FreeableMemory
E.CPUUtilization
AnswersA, D

High swap usage indicates memory pressure.

Why this answer

B and D are correct. SwapUsage indicates memory pressure when it exceeds 0. FreeableMemory shows available memory.

A is wrong because CPUUtilization is CPU, not memory. C is wrong because DatabaseConnections affects memory but is indirect. E is wrong because ReadIOPS is disk I/O.

1065
MCQmedium

A social media startup stores user posts in Amazon DynamoDB with a partition key of user_id and sort key of post_timestamp. The application frequently queries the five most recent posts for a given user. Which design pattern improves query performance and reduces cost?

A.Enable DynamoDB Accelerator (DAX) for the table
B.Increase the read capacity units on the table
C.Use a global secondary index on post_timestamp
D.Create a local secondary index on user_id and post_timestamp
AnswerD

LSI allows efficient query on user_id with sorted results.

Why this answer

Option D is correct because a Local Secondary Index (LSI) on user_id (hash key) and post_timestamp (range key) allows DynamoDB to efficiently query the five most recent posts for a given user without scanning the entire table. Since the LSI shares the same partition key as the base table, it provides strongly consistent reads and avoids the overhead of a separate index, reducing both latency and consumed read capacity.

Exam trap

The trap here is that candidates often choose a GSI on post_timestamp (Option C) thinking it will help with sorting, but without user_id as the partition key, the GSI cannot efficiently scope the query to a single user, leading to full scans and higher costs.

How to eliminate wrong answers

Option A is wrong because DAX is an in-memory cache that reduces read latency but does not improve query efficiency for retrieving the top N items by sort key; it still requires a full scan or query with filtering, and adds cost without addressing the core pattern. Option B is wrong because increasing read capacity units only raises the provisioned throughput, not the efficiency of the query; the same expensive scan or filter would still be performed, increasing cost linearly with capacity. Option C is wrong because a Global Secondary Index (GSI) on post_timestamp alone cannot efficiently retrieve the five most recent posts for a specific user without a partition key; it would require a full scan of the index or a query with a filter on user_id, which is inefficient and costly.

1066
Multi-Selecthard

Which THREE steps should be taken to troubleshoot high replica lag in an Amazon Aurora MySQL DB cluster? (Choose THREE.)

Select 3 answers
A.Review network latency between the writer and replica
B.Increase the instance size of the replica
C.Check the replica's CPU and memory utilization
D.Disable binary logging on the writer
E.Examine the replication thread status using SHOW SLAVE STATUS
AnswersA, C, E

Network latency can increase replication lag.

Why this answer

Options B, D, and E are correct. Checking the replica's load (B), examining replication threads (D), and reviewing network latency (E) are common troubleshooting steps. Option A (increasing instance size) is a solution, not a troubleshooting step.

Option C (disabling binary logging) would break replication.

1067
Multi-Selectmedium

A company is running a PostgreSQL database on Amazon RDS. They need to improve read performance for a reporting application that runs complex queries. The reporting application can tolerate slightly stale data. Which THREE actions should they take? (Choose three.)

Select 3 answers
A.Modify the DB parameter group to optimize settings for reporting workloads, such as increasing shared_buffers and work_mem.
B.Upgrade the RDS instance to a larger instance class with more vCPUs and memory.
C.Create one or more read replicas of the RDS instance and direct reporting queries to them.
D.Enable Multi-AZ on the RDS instance.
E.Implement an Amazon ElastiCache cluster to cache query results.
AnswersA, B, C

Tuning PostgreSQL parameters can improve performance for complex queries.

Why this answer

To improve read performance, you can create read replicas to offload queries, adjust instance class for more CPU/memory, and use parameter groups to optimize for reporting workloads (e.g., increased shared_buffers, work_mem). Option A (Multi-AZ) improves availability, not read performance. Option B (read replicas) distributes read traffic.

Option C (ElastiCache) can cache results of frequent queries. Option D (instance class) provides more resources. Option E (parameter groups) allows tuning.

So the correct three are B, D, and E. Option C is also valid but not typically 'action' on RDS; it's an additional service. The question says 'actions they should take' which could include using ElastiCache.

However, the exam often considers creating read replicas, modifying instance class, and optimizing parameters as direct actions. I'll choose B, D, E.

1068
MCQhard

A company is running a production Amazon RDS for PostgreSQL database. The database experiences high write latency during peak hours. The company wants to reduce latency without changing the application code. Which solution is MOST cost-effective and scalable?

A.Change the storage type to Provisioned IOPS (io1)
B.Enable RDS Proxy to pool database connections
C.Increase the instance size to a larger DB instance class
D.Add a Multi-AZ standby to offload writes
AnswerC

Vertical scaling can improve write throughput.

Why this answer

Increasing the instance size to a larger DB instance class directly addresses high write latency by providing more CPU and memory resources, which improves the database's ability to process write operations faster. This is the most cost-effective and scalable solution because it does not require application code changes and can be scaled vertically as needed, whereas other options either do not reduce write latency or introduce unnecessary complexity.

Exam trap

AWS often tests the misconception that Multi-AZ standby can offload writes, but in reality, the standby is a synchronous replica that does not accept write traffic and only provides failover redundancy.

How to eliminate wrong answers

Option A is wrong because changing to Provisioned IOPS (io1) improves I/O performance but does not address the underlying compute or memory bottleneck causing high write latency; it also incurs additional cost without guaranteeing latency reduction if the instance is already undersized. Option B is wrong because RDS Proxy pools database connections to reduce connection overhead and improve scalability, but it does not reduce write latency on the database itself; it is designed for connection management, not write performance. Option D is wrong because adding a Multi-AZ standby provides high availability and failover support, but it does not offload writes; the standby is a read-only replica that cannot handle write traffic, so it does not reduce write latency on the primary instance.

1069
MCQhard

A company is designing a multi-tenant SaaS application on Amazon RDS for PostgreSQL. Tenants have vastly different data sizes and access patterns. The current design uses a separate schema per tenant, but some tenants experience slow queries while others are fine. Which approach would best isolate tenant performance and simplify management?

A.Use row-level security (RLS) policies within a single schema to restrict tenant data access.
B.Keep the current schema design and add a tenant_id index to all tables.
C.Use a separate database per tenant.
D.Use Amazon RDS Proxy to manage connections and improve performance.
AnswerC

Separate databases provide strong performance isolation and allow per-tenant resource allocation and backup.

Why this answer

Option C is correct because using a separate database per tenant provides the strongest resource isolation at the database instance level. This design prevents noisy neighbors—tenants with large data volumes or heavy access patterns from degrading the performance of other tenants—and simplifies management tasks such as backup, restore, and point-in-time recovery on a per-tenant basis. Amazon RDS for PostgreSQL supports multiple databases within a single DB instance, and each database operates with its own catalog, tables, and connection pool, ensuring that query execution and memory allocation are not shared across tenants.

Exam trap

The trap here is that candidates often confuse logical data isolation (RLS or schema-per-tenant) with performance isolation, assuming that indexing or connection pooling can solve resource contention, when in fact only physical separation (separate databases) guarantees that one tenant's workload does not impact another's performance.

How to eliminate wrong answers

Option A is wrong because row-level security (RLS) policies operate within a single schema and do not isolate performance; all queries still compete for the same shared buffer pool, CPU, and I/O resources, so a heavy tenant can still cause slowdowns for others. Option B is wrong because adding a tenant_id index to all tables only improves query performance for individual queries but does nothing to prevent resource contention between tenants; the underlying shared infrastructure remains a bottleneck. Option D is wrong because Amazon RDS Proxy manages connection pooling and reduces connection overhead, but it does not isolate tenant workloads or prevent resource contention at the database engine level; it is a connection management layer, not a performance isolation mechanism.

1070
Multi-Selecthard

A company is designing a data lake on Amazon S3 with Amazon Redshift Spectrum for analytics. The data includes JSON logs from web servers. Which THREE design practices should the company follow to optimize query performance and cost?

Select 3 answers
A.Compress files using gzip or snappy.
B.Use many small files to maximize parallelism.
C.Partition the data by date (e.g., year/month/day) in S3.
D.Convert JSON files to Apache Parquet format.
E.Create indexes on the S3 data using AWS Glue.
AnswersA, C, D

Compression reduces storage and I/O.

Why this answer

Option A is correct because compressing JSON files with gzip or Snappy reduces the data size stored in S3, lowering storage costs and minimizing the amount of data that Redshift Spectrum must scan over the network. Redshift Spectrum can read compressed files directly, and compression often improves query performance by reducing I/O, even though it adds a small CPU overhead for decompression.

Exam trap

Cisco often tests the misconception that more files equals more parallelism, but in Redshift Spectrum, excessive small files increase overhead and reduce performance, while the correct approach is to use fewer, larger files in a columnar format with partitioning.

1071
MCQeasy

A DBA sees the above error log entries for an Amazon RDS for PostgreSQL DB instance. What is the most likely cause?

A.The user 'myuser@mycompany.com' is using an incorrect password.
B.There is a network connectivity issue between the client and the database.
C.The database has reached its maximum number of connections.
D.The user 'myuser@mycompany.com' does not exist in the database.
AnswerA

Authentication failure typically indicates wrong password.

Why this answer

Option A is correct because the error message indicates authentication failure, likely due to an incorrect password. Option B is wrong because the error says authentication failure, not about the user's existence. Option C is wrong because resource limits cause different errors.

Option D is wrong because network issues cause timeout errors, not authentication failures.

1072
Multi-Selecteasy

An Amazon RDS for MySQL instance is running out of storage. Which TWO actions can be taken to resolve this issue without downtime?

Select 2 answers
A.Enable storage auto scaling to automatically add storage.
B.Delete unnecessary data from the instance.
C.Modify the DB instance to increase allocated storage.
D.Take a snapshot and restore to a larger instance.
E.Convert the instance to Amazon Aurora.
AnswersA, C

Auto scaling adds storage when needed without manual intervention.

Why this answer

RDS supports modifying storage to increase allocated storage without downtime. You can also enable storage auto scaling to automatically increase storage. Option C (deleting data) may free space but is not recommended as a proactive measure.

Option D (snapshot and restore) involves downtime. Option E (conversion to Aurora) is a migration, not a direct fix.

1073
MCQhard

A company is migrating a 5 TB MySQL database to Amazon Aurora MySQL. The migration must have zero downtime and the source database is continuously written to. The team plans to use AWS DMS with ongoing replication. However, they notice that the target Aurora instance is not receiving all changes from the source. Which configuration change is most likely required to resolve this?

A.Create an Amazon RDS read replica of the source database and use it as the source endpoint.
B.Set the target table preparation mode to 'Do nothing' in the DMS task.
C.Enable binary logging (binlog) on the source MySQL database with row-based logging.
D.Configure a VPC endpoint for the DMS replication instance.
AnswerC

DMS needs binlogs for ongoing replication; if not enabled, it cannot capture changes.

Why this answer

Option D is correct because AWS DMS uses binary logs (binlogs) for ongoing replication from MySQL. If binlogs are not enabled or retained properly, DMS cannot capture changes. Option A is wrong because DMS does not require a VPC endpoint; it uses a replication instance in a VPC.

Option B is wrong because DMS requires a target database, but not necessarily a read replica. Option C is wrong because DMS replication tasks have a target table preparation mode, but the issue is about capturing changes, not applying them.

1074
Multi-Selecteasy

A database administrator needs to monitor the free storage space on an Amazon RDS for SQL Server instance. Which TWO CloudWatch metrics should be used? (Choose two.)

Select 2 answers
A.DatabaseConnections
B.ReadLatency
C.BinLogDiskUsage
D.FreeStorageSpaceInPercent
E.FreeStorageSpace
AnswersD, E

Percentage of free storage space.

Why this answer

Option A (FreeStorageSpace) and Option D (FreeStorageSpaceInPercent) are correct. Option B is wrong because BinLogDiskUsage is for MySQL. Option C is wrong because DatabaseConnections is connections.

Option E is wrong because ReadLatency is for read operations.

1075
MCQhard

Refer to the exhibit. A company's production RDS MySQL instance 'mydb' is configured as shown. The application experiences write latency spikes during peak hours. Which action would most effectively reduce write latency?

A.Change the storage type to Provisioned IOPS (io1) and allocate sufficient IOPS.
B.Create a Read Replica in a different region.
C.Increase the allocated storage to 1 TB to improve baseline IOPS.
D.Enable Multi-AZ deployment to provide a standby instance.
AnswerA

Provisioned IOPS provides consistent, low-latency write performance.

Why this answer

The instance is single-AZ, so enabling Multi-AZ provides a standby in another AZ, but does not directly reduce write latency. Upgrading to storage optimized instances (db.r5d) is not necessarily. Enabling Multi-AZ with synchronous standby can increase write latency due to sync replication.

Actually, Multi-AZ does not improve write performance; it adds sync replication overhead. However, the correct answer here is to enable Multi-AZ to improve availability and potentially reduce latency by offloading reads? No, write latency spikes are typically due to storage I/O. The instance uses gp2, which has baseline IOPS of 1500 for 500 GB.

Provisioned IOPS (io1) would improve consistent write performance. Option D (increase allocated storage) increases baseline IOPS but not as effective as provisioned IOPS. Option A (Multi-AZ) might increase latency.

Option B (read replica) helps reads. Option C (provisioned IOPS) directly improves write performance.

1076
MCQhard

A company is using Amazon RDS for PostgreSQL with automated backups. The security team requires that backups be encrypted at rest. The DB instance is currently unencrypted. What is the most efficient way to enable encryption for future backups?

A.Enable encryption by setting the 'backup_encryption' parameter in the DB parameter group.
B.Modify the DB instance to enable encryption.
C.Enable encryption on the S3 bucket where backups are stored.
D.Create a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the encrypted snapshot to a new DB instance.
AnswerD

This is the standard method to migrate an unencrypted RDS instance to an encrypted one.

Why this answer

Option C is correct because you cannot enable encryption on an existing unencrypted RDS instance directly; you must take a snapshot, copy it with encryption, and restore to a new encrypted instance. Option A is wrong because modifying the instance does not allow enabling encryption. Option B is wrong because enabling encryption on the backup destination (S3) does not encrypt the backup data itself if the source is unencrypted.

Option D is wrong because you cannot enable encryption on an existing instance.

1077
MCQeasy

A company wants to encrypt data at rest for an existing Amazon RDS for Oracle DB instance. The database is currently unencrypted. What is the simplest way to enable encryption with minimal downtime?

A.Create an encrypted read replica and promote it to a standalone instance.
B.Modify the DB instance and enable encryption using the RDS console.
C.Create a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the encrypted snapshot to a new DB instance.
D.Enable encryption directly on the existing DB instance by modifying the DB instance settings.
AnswerC

This is the standard method to migrate an unencrypted RDS instance to an encrypted one with minimal downtime.

Why this answer

Option B is correct because you cannot directly enable encryption on an existing unencrypted RDS instance. You must create a snapshot, copy it with encryption enabled, and then restore the snapshot to a new encrypted instance. You then redirect traffic to the new instance.

Option A is wrong because modifying the DB instance does not support enabling encryption. Option C is wrong because enabling encryption on an existing instance is not supported. Option D is wrong because creating a read replica does not encrypt the master instance, and the replica can only be encrypted if the master is already encrypted.

1078
MCQeasy

A company wants to restrict access to an Amazon DynamoDB table so that only specific IAM users can read and write data. What is the BEST way to achieve this?

A.Use a resource-based policy on the DynamoDB table.
B.Create an IAM policy that grants access to the DynamoDB table and attach it to the specific IAM users.
C.Use DynamoDB Accelerator (DAX) with IAM authentication.
D.Create a VPC endpoint for DynamoDB and allow only traffic from that VPC.
AnswerB

IAM policies are the standard way to control access to DynamoDB.

Why this answer

Using an IAM policy with conditions to allow only specific users is the most precise method. Option A is correct. Option B is wrong because VPC endpoints do not restrict which users can access the table.

Option C is wrong because resource-based policies are not supported for DynamoDB. Option D is wrong because DynamoDB Accelerator does not provide access control.

1079
Matchingmedium

Match each AWS service to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Relational database service with managed instances

NoSQL key-value and document database

In-memory caching service supporting Redis and Memcached

Petabyte-scale data warehouse

MongoDB-compatible document database

Why these pairings

These are core AWS database services with distinct use cases.

1080
MCQhard

A company is running an Amazon DynamoDB table with on-demand capacity. The application is experiencing high latency for GetItem operations. CloudWatch shows that 'ThrottledRequests' is zero, but 'ConsumedReadCapacityUnits' is consistently below the provisioned limit. The table has a global secondary index (GSI) with a different partition key. What is the most likely cause of the high latency?

A.High write activity on the base table causing read latency
B.Insufficient provisioned read capacity on the base table
C.Throttling on the global secondary index due to uneven access patterns
D.Throttling on the base table due to hot partitions
AnswerC

GSI throttling can cause backpressure on the base table.

Why this answer

Option D is correct because GSIs have their own capacity and if the GSI is throttled, writes to the base table can be throttled, affecting read latency. Option A is wrong because throttled requests are zero. Option B is wrong because on-demand capacity does not have a provisioned limit.

Option C is wrong because hot partitions would cause throttling.

1081
MCQmedium

A database engineer is troubleshooting an Amazon Aurora MySQL DB cluster that is experiencing frequent failovers. The failovers are occurring during periods of low write activity. The engineer notices that the primary instance's writer endpoint is being used for read traffic from a legacy application. What is the most likely cause of the failovers?

A.A high replication lag between the primary and replica instances
B.A long-running write transaction is blocking the failover
C.Insufficient storage for the Aurora cluster volume
D.The primary instance is overloaded due to read traffic from the writer endpoint
AnswerD

Directing read traffic to the writer endpoint increases load, leading to failovers.

Why this answer

Option D is correct because using the writer endpoint for read traffic can overload the primary instance and cause failovers. Option A is wrong because the issue is not about replica lag. Option B is wrong because there is no mention of storage issues.

Option C is wrong because failovers do not cause write blocking; they are the result.

1082
MCQhard

A company runs an e-commerce platform on AWS. The application uses an Amazon RDS for MySQL Multi-AZ database instance. The security team recently conducted an audit and found that the database is accessible from the internet because the public accessibility setting is enabled. The security team has disabled public accessibility and updated the security group to allow inbound traffic only from the application's security group. However, after these changes, the application can no longer connect to the database. The application is running on EC2 instances in the same VPC. The RDS instance is also in the same VPC. The security group for the RDS instance allows inbound MySQL traffic (port 3306) from the application's security group. The application's security group allows all outbound traffic. The application's EC2 instances have a public IP address and are in a public subnet. The RDS instance is in a private subnet. The VPC has an internet gateway attached. What is the most likely cause of the connection failure?

A.The RDS instance is in a private subnet and cannot receive inbound traffic from the public subnet EC2 instances without a VPC peering or VPN.
B.The security group for the RDS instance still allows traffic from the public IP addresses of the EC2 instances, but the EC2 instances now have different public IPs.
C.The application is using the RDS public DNS name, which no longer resolves after disabling public accessibility.
D.The EC2 instances need a NAT gateway to communicate with the RDS instance in the private subnet.
AnswerC

After disabling public accessibility, the public DNS name may still resolve to the private IP, but the application might be using the public endpoint. Actually, the RDS DNS name changes? Typically, the endpoint remains the same but becomes private. The application might be using the public DNS name which now resolves to a private IP, but that should work. However, if the application is configured to use the public endpoint, it might fail if the security group does not allow traffic from the application's security group? I'm leaning towards Option D as the most common issue.

Why this answer

Option C is correct. When public accessibility is disabled, RDS removes the public IP address. The application's EC2 instances are in a public subnet with public IPs, but they need to communicate with the RDS instance in a private subnet.

Since public accessibility is disabled, the RDS instance has only a private IP. The EC2 instances can reach the private IP if they are in the same VPC. However, the issue might be that the security group rule referencing the application's security group is not working because the application's security group is not correctly associated, or there is a network ACL issue.

Actually, the most common cause is that the RDS instance's security group is not allowing traffic from the application's security group, but the question says it does allow. Another cause could be that the application is trying to connect using the public DNS name which now resolves to a private IP, but the EC2 instances might not have a route to the private subnet? Wait, they are in the same VPC, so they can reach. The likely cause is that the security group rule is configured with the application's security group ID, but the application's security group is not correctly associated with the EC2 instances, or there is a misconfiguration in the security group rules.

Option A is wrong because disabling public accessibility does not change the security group. Option B is wrong because you don't need a NAT gateway for same VPC traffic. Option D is wrong because the RDS instance does not need an internet gateway.

The correct answer is that the security group rule might be incorrectly set up, but the question states it allows. Maybe the application is using the public DNS name which after disabling public accessibility, the DNS name still resolves to the private IP? That should work. The most likely is that the security group for the RDS instance is not allowing traffic from the application's security group because the application's security group is in a different region? No.

I think the intended answer is Option A: the security group is still configured to allow traffic from the public IP of the EC2 instances, not from the application's security group. But the question says it allows from the application's security group. Actually, the answer might be Option C: the RDS instance is in a private subnet and requires a NAT gateway for outbound traffic, but not for inbound.

Inbound traffic from the same VPC does not require a NAT gateway. So Option C is plausible if the application's EC2 instances are in a public subnet and the RDS is in a private subnet, they can still communicate if the security group allows. Perhaps the issue is that the application's EC2 instances have a public IP and are trying to connect via the public endpoint, which is no longer available.

The correct action is to ensure the application uses the private DNS name. But the question asks for the most likely cause. I'll go with Option C: The RDS instance is in a private subnet and requires a NAT gateway for inbound connections from the internet, but since the application is in the same VPC, it doesn't.

Actually, the answer is likely that the security group for the RDS instance is still referencing the old public IPs, but the question says it references the application's security group. Hmm.

1083
Multi-Selectmedium

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. Which TWO AWS services can be used to assess the source database for compatibility and migration readiness?

Select 2 answers
A.Amazon Kinesis
B.AWS Schema Conversion Tool (SCT)
C.AWS Database Migration Service (DMS)
D.AWS Glue
E.Amazon CloudWatch
AnswersB, C

SCT assesses and converts schema.

Why this answer

AWS DMS can assess source database compatibility and perform data migration. AWS SCT can assess schema compatibility and convert the schema. Option C (CloudWatch) is for monitoring.

Option D (Kinesis) is for streaming. Option E (Glue) is for ETL.

1084
MCQhard

A company is running Amazon Redshift and notices that queries are slow. The administrator runs the STL_ALERT_EVENT_LOG and sees many 'Nested Loop Join' alerts. What is the MOST likely cause?

A.Insufficient concurrency scaling.
B.Incorrect sort keys on the tables.
C.Insufficient compression on the tables.
D.Incorrect distribution keys on the tables.
AnswerD

Missing dist keys cause large data movement.

Why this answer

Option A is correct because nested loop joins often indicate missing distribution keys. Option B is incorrect because sort keys affect order, not joins. Option C is incorrect because compression affects storage.

Option D is incorrect because workload management affects concurrency.

1085
MCQmedium

A company is using Amazon Redshift for data warehousing. The security team requires that all data is encrypted at rest using a hardware security module (HSM). Additionally, the team wants to ensure that only specific IAM roles can access the database. Which configuration will meet these requirements?

A.Create the Redshift cluster with encryption enabled using a KMS key, and configure the cluster to use an HSM for key storage.
B.Create the Redshift cluster with encryption enabled using an HSM, and attach an IAM role to the cluster to control access.
C.Create the Redshift cluster without encryption, then use the AWS CLI to enable encryption using a KMS key.
D.Create the Redshift cluster with encryption using a KMS key, and then import the HSM certificate into the cluster.
AnswerB

HSM provides hardware-based encryption and IAM roles can be used for access control.

Why this answer

Option B is correct because Redshift supports HSM for encryption at rest, and IAM roles can be attached to the cluster for access control. Option A is wrong because HSM and KMS are mutually exclusive. Option C is wrong because KMS does not meet the HSM requirement.

Option D is wrong because encryption cannot be enabled after cluster creation.

1086
MCQmedium

A gaming company uses Amazon DynamoDB for player profiles. The access pattern is to retrieve a player's profile by 'player_id'. Each profile includes a list of 'achievements' that can grow up to 400 KB. Recently, the application has been encountering 'ProvisionedThroughputExceededException' errors. The table has 1000 read capacity units (RCU) and 500 write capacity units (WCU). The average item size is 200 KB. What is the MOST likely cause of the throttling?

A.The item size exceeds the DynamoDB item size limit of 400 KB.
B.The read capacity units are set too low for the number of partitions.
C.The partition key 'player_id' is causing hot partitions.
D.The application is using strongly consistent reads, which consume double the read capacity.
AnswerD

Strongly consistent reads consume twice as many RCUs as eventually consistent reads.

Why this answer

Strongly consistent reads in DynamoDB consume twice the read capacity units (RCUs) as eventually consistent reads. With an average item size of 200 KB, each strongly consistent read consumes 200 KB / 4 KB = 50 RCUs (rounded up). If the application is using strongly consistent reads, a single read of a 200 KB item uses 50 RCUs, which can quickly exhaust the 1000 RCU table capacity, especially under concurrent access, leading to ProvisionedThroughputExceededException.

Exam trap

The trap here is that candidates may overlook the RCU consumption difference between strongly consistent and eventually consistent reads, assuming all reads consume the same capacity, and instead blame hot partitions or item size limits.

How to eliminate wrong answers

Option A is wrong because the item size limit for DynamoDB is 400 KB, and the profile includes a list of achievements that can grow up to 400 KB, so it does not exceed the limit. Option B is wrong because read capacity units are provisioned per table, not per partition; DynamoDB distributes RCUs across partitions automatically, and the total RCU of 1000 is sufficient for the described access pattern if reads are eventually consistent. Option C is wrong because while hot partitions can cause throttling, the access pattern is to retrieve by 'player_id', which is the partition key, and there is no indication of uneven access distribution; the primary issue is the high RCU consumption per read due to strongly consistent reads.

1087
Multi-Selecteasy

Which TWO AWS services can be used to centrally manage database credentials and automate rotation for Amazon RDS? (Choose two.)

Select 2 answers
A.AWS Secrets Manager
B.AWS Key Management Service (KMS)
C.IAM database authentication
D.AWS Systems Manager Parameter Store
E.AWS CloudHSM
AnswersA, D

Secrets Manager can store and automatically rotate RDS credentials.

Why this answer

Options A and D are correct. AWS Secrets Manager and AWS Systems Manager Parameter Store (SecureString) can both store RDS credentials, but Secrets Manager has built-in rotation for RDS. Option B is wrong because IAM database authentication eliminates the need for credentials but does not store them.

Option C is wrong because KMS manages encryption keys, not secrets. Option E is wrong because CloudHSM provides hardware security modules, not secret management.

1088
Multi-Selectmedium

A company is migrating a 500 GB SQL Server database to Amazon RDS for SQL Server. The migration must minimize downtime and support ongoing replication. Which TWO AWS services should be used together?

Select 2 answers
A.AWS Lambda
B.AWS Snowball Edge
C.AWS RDS SQL Server native backup and restore
D.AWS Database Migration Service (DMS)
E.AWS Schema Conversion Tool (SCT)
AnswersD, E

DMS supports ongoing replication with change data capture.

Why this answer

Options A and D are correct. AWS DMS can perform ongoing replication, and AWS SCT can convert the schema and assess any incompatibilities. Option B is wrong because Snowball is for offline transfer, not minimal downtime.

Option C is wrong because RDS does not support native SQL Server replication as a target. Option E is wrong because Lambda is not needed for migration.

1089
Multi-Selectmedium

Which THREE factors should be considered when choosing between Amazon RDS and Amazon DynamoDB for a new application? (Choose THREE.)

Select 3 answers
A.The requirement for encryption at rest.
B.The need for multi-AZ high availability.
C.The query patterns and access methods required by the application.
D.The need for complex transactions and joins.
E.The expected scalability and throughput requirements.
AnswersC, D, E

RDS supports SQL queries, while DynamoDB is NoSQL with key-value and document queries.

Why this answer

Option C is correct because the choice between Amazon RDS (relational) and DynamoDB (NoSQL) hinges on the application's data access patterns. RDS supports complex SQL queries with joins, aggregations, and secondary indexes, while DynamoDB is optimized for key-value and document queries with predictable, low-latency access patterns. If the application requires flexible querying with ad-hoc filters, RDS is appropriate; if it needs high-throughput, single-key lookups or simple query patterns, DynamoDB is better suited.

Exam trap

The trap here is that candidates assume encryption at rest or multi-AZ HA are exclusive to one service, but both RDS and DynamoDB fully support these features, making them irrelevant for choosing between the two.

1090
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database has a large table with a BLOB column storing PDF files. Which migration approach minimizes downtime?

A.Use Oracle Data Pump to export the table and import into RDS.
B.Use Oracle RMAN to back up the database and restore to RDS.
C.Export the table without the BLOB column, then import the BLOBs separately.
D.Use AWS Database Migration Service (DMS) with ongoing replication.
AnswerD

DMS can perform a full load and then continuously replicate changes to minimize downtime.

Why this answer

Option B is correct because AWS DMS can perform ongoing replication to keep the target in sync during the full load, minimizing downtime. Option A is wrong because exporting and importing BLOBs can be time-consuming and cause significant downtime. Option C is wrong because direct backup restore requires a compatible format and may not support ongoing replication.

Option D is wrong because disabling BLOB columns during migration is not practical for the application.

1091
MCQhard

A database specialist is troubleshooting a degraded Amazon Aurora MySQL database cluster. The primary instance is showing elevated read latency and the replica lag is increasing. The DB cluster has one writer and one reader instance. The writer instance is using 90% of its allocated memory, and the reader instance is using 70%. Which action is most likely to reduce read latency and replica lag?

A.Increase the allocated storage for the cluster to improve I/O throughput.
B.Increase the writer instance size to provide more memory for write operations.
C.Increase the reader instance size to provide more buffer pool memory.
D.Add a second reader instance to distribute the read load.
AnswerC

More memory on the reader allows a larger buffer pool, reducing read latency and helping catch up replication.

Why this answer

Option D is correct because increasing the instance size of the reader provides more memory for the buffer pool, improving read performance and reducing replica lag. Option A is wrong because increasing the writer instance size does not directly help read latency on the reader. Option B is wrong because adding another reader does not help if the existing reader is under-resourced.

Option C is wrong because increasing storage does not directly improve memory or query performance.

1092
MCQeasy

A company needs to store JSON documents that are up to 10 KB in size. The documents are accessed by a primary key, and the company requires single-digit millisecond latency. Which database service should be used?

A.Amazon Neptune
B.Amazon DynamoDB
C.Amazon S3
D.Amazon RDS for MySQL with JSON data type
AnswerB

Provides single-digit ms latency for key-value access.

Why this answer

Option A is correct because DynamoDB is a key-value and document database that provides single-digit millisecond latency at scale. Option B is wrong because RDS for MySQL can store JSON but may not provide consistent single-digit ms latency under load. Option C is wrong because Neptune is for graph data.

Option D is wrong because S3 has higher latency for small objects.

1093
MCQhard

A company is using Amazon DynamoDB with auto scaling. The application is experiencing increased read latency. The monitoring shows that the ReadThrottleEvents metric is high. Which action should the company take to reduce read throttling?

A.Implement DynamoDB Accelerator (DAX) for caching.
B.Switch the table to on-demand capacity mode.
C.Enable DynamoDB Streams on the table.
D.Increase the write capacity units.
AnswerA

DAX caches reads, reducing pressure on the table.

Why this answer

Option C is correct because DynamoDB Accelerator (DAX) reduces read latency and throttling by caching. Option A is wrong because increasing write capacity doesn't help reads. Option B is wrong because enabling Streams may add overhead.

Option D is wrong because switching to on-demand may increase cost but not necessarily fix throttling if workload is bursty.

1094
MCQmedium

A company needs to audit access to an Amazon DynamoDB table. The audit should capture which IAM user or role performed each action. Which AWS service should be used?

A.VPC Flow Logs
B.AWS CloudTrail
C.Amazon GuardDuty
D.AWS Config
AnswerB

CloudTrail logs all API calls and identifies the principal making the call.

Why this answer

Option A is correct because AWS CloudTrail records API calls including the identity of the caller. Option B is wrong because VPC Flow Logs capture network traffic, not API calls. Option C is wrong because Amazon GuardDuty is a threat detection service.

Option D is wrong because AWS Config tracks resource configuration changes, not API calls.

1095
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all connections to the database use Oracle Native Network Encryption (NNE). How should this be configured?

A.Enable IAM database authentication.
B.Modify the sqlnet.ora file on the RDS instance to require encryption.
C.Create a custom DB parameter group with the encryption parameters set to REQUIRED.
D.Enable encryption at rest using Oracle TDE.
AnswerC

This configures NNE through parameter group.

Why this answer

RDS for Oracle supports NNE by modifying the custom DB parameter group to set the SQLNET.ENCRYPTION_SERVER and SQLNET.ENCRYPTION_TYPES parameters. Option A is wrong because enabling encryption at rest does not affect network encryption. Option B is wrong because RDS does not allow direct modification of sqlnet.ora files; you must use parameter groups.

Option C is wrong because IAM database authentication does not encrypt the connection.

1096
MCQmedium

A financial services company uses Amazon DynamoDB to store transaction records. Each transaction has a partition key of customer_id and a sort key of transaction_timestamp. The application queries transactions for a specific customer within a date range. Recently, the query latency increased significantly for customers with a large number of transactions. The company needs to improve query performance without changing the application code. The table is provisioned with 5000 RCUs and 2000 WCUs. Which design change should be made to optimize for this workload?

A.Create a global secondary index with customer_id as partition key and transaction_timestamp as sort key.
B.Enable DynamoDB Accelerator (DAX) on the table.
C.Increase the provisioned RCUs to 10000.
D.Change the sort key to a composite key including a tenant identifier.
AnswerA

A GSI with the same key structure allows efficient querying without impacting the base table.

Why this answer

Option A is correct because creating a global secondary index (GSI) with customer_id as the partition key and transaction_timestamp as the sort key allows efficient querying of transactions for a specific customer within a date range. The existing table's sort key is transaction_timestamp, but the GSI provides a separate index optimized for this access pattern, avoiding full table scans on large customer partitions. This improves query performance without requiring application code changes, as the application can query the GSI directly.

Exam trap

The trap here is that candidates often confuse caching (DAX) with query optimization, or assume that increasing RCUs alone will solve latency issues, when the real bottleneck is the inefficient scan of large partitions due to the lack of an appropriate index.

How to eliminate wrong answers

Option B is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that reduces read latency for frequently accessed items, but it does not address the underlying issue of inefficient querying on large partitions; it would only cache results after the first slow query and does not optimize the query pattern itself. Option C is wrong because increasing RCUs to 10000 only adds more read capacity, which does not solve the problem of scanning through many items in a large partition; the query still has to read all items matching the partition key and filter by sort key, leading to high latency regardless of RCU allocation. Option D is wrong because changing the sort key to a composite key including a tenant identifier would require application code changes and does not directly optimize the existing query pattern; it also introduces unnecessary complexity and potential data modeling issues.

1097
MCQhard

Refer to the exhibit. A security engineer has applied this key policy to a customer managed KMS key used to encrypt a Secrets Manager secret containing database credentials. An application running on an Amazon EC2 instance in the same account and region is unable to decrypt the secret. What is the MOST likely cause?

A.The condition kms:ViaService restricts the decryption to requests made via Secrets Manager, but the application is calling KMS directly.
B.The KMS key ARN in the resource field is incorrect.
C.The policy is missing an encryption context that matches the secret's encryption context.
D.The policy only allows Decrypt, but the application needs Encrypt permission.
AnswerA

Option B is correct: The condition kms:ViaService requires the request to come via Secrets Manager, but the application likely decrypts directly using the KMS API.

Why this answer

The condition `kms:ViaService` in the key policy restricts the `Decrypt` permission to requests that originate specifically from the AWS Secrets Manager service. When the application on the EC2 instance calls KMS directly (e.g., via the `Decrypt` API) to decrypt the secret, the request does not come through Secrets Manager, so the condition is not satisfied and the request is denied. This is the most likely cause of the decryption failure.

Exam trap

The trap here is that candidates often overlook the `kms:ViaService` condition and assume the policy is correct, focusing instead on encryption contexts or permissions, when the real issue is that the condition restricts the source of the request to a specific AWS service.

How to eliminate wrong answers

Option B is wrong because the KMS key ARN in the `Resource` field is used to identify the key itself, and if it were incorrect, the policy would not apply to the key at all, but the issue is a conditional denial, not a misidentification. Option C is wrong because encryption contexts are used in cryptographic operations (e.g., `kms:EncryptionContext:context_name`) and are not required in the key policy unless explicitly enforced via a condition; the policy shown does not include an encryption context condition, so missing one would not cause a denial. Option D is wrong because the application is trying to decrypt the secret, not encrypt it; the `Decrypt` permission is exactly what is needed, and the error is due to the `kms:ViaService` condition, not a missing `Encrypt` permission.

1098
MCQmedium

A company is designing a database for a real-time leaderboard in a mobile game. The leaderboard updates thousands of times per second and must return the top 100 scores with minimal latency. Which AWS database service is most suitable for this workload?

A.Amazon Neptune
B.Amazon ElastiCache for Redis
C.Amazon DynamoDB
D.Amazon Aurora
AnswerB

Redis sorted sets provide efficient leaderboard operations.

Why this answer

Amazon ElastiCache for Redis with sorted sets is optimized for real-time leaderboards because it provides in-memory operations with O(log N) complexity for adding scores and O(log N+m) for retrieving top N items. Option B (DynamoDB) is wrong because it is not designed for sorted range queries with frequent updates at high throughput without secondary indexes and provisioned throughput. Option C (Aurora) is wrong because it is a relational database with higher latency and not optimized for this specific pattern.

Option D (Neptune) is wrong because it is a graph database not suited for leaderboard operations.

1099
MCQeasy

A developer reports that an Amazon RDS for PostgreSQL database instance's storage is full and the instance is in 'storage-full' state. The team wants to resolve this without downtime. Which action should be taken?

A.Create a read replica and promote it
B.Modify the DB instance to increase allocated storage
C.Delete old automated snapshots
D.Reboot the DB instance
AnswerB

RDS supports dynamic storage scaling without downtime for most engines.

Why this answer

Option A is correct because modifying the allocated storage for an RDS instance is a dynamic operation that can increase storage without downtime. Option B is wrong because deleting old snapshots does not free up storage on the instance. Option C is wrong because creating a read replica requires the source to have available storage.

Option D is wrong because rebooting does not free storage.

1100
MCQmedium

A company is deploying a new web application that requires a highly available MariaDB database. The application is read-heavy and needs to scale read traffic. Which deployment approach meets these requirements?

A.Deploy Amazon Aurora MySQL with a read replica.
B.Deploy a Multi-AZ RDS for MariaDB with one or more read replicas.
C.Deploy a Multi-AZ RDS for MariaDB instance.
D.Deploy a single-AZ RDS for MariaDB with a read replica.
AnswerB

Combines HA and read scaling.

Why this answer

Option C is correct because Multi-AZ provides HA and read replicas scale reads. Option A is wrong because Multi-AZ alone does not scale reads. Option B is wrong because read replicas alone do not provide HA.

Option D is wrong because Aurora is a different engine.

1101
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all connections to the database use SSL/TLS encryption. Which step is necessary to enforce SSL connections?

A.Configure the security group to only allow traffic on port 443.
B.Modify the DB subnet group to use a private subnet.
C.Add the SSL option to the option group.
D.Set the 'rds.force_ssl' parameter to 1 in the DB parameter group.
AnswerD

This parameter forces SSL connections to the Oracle database.

Why this answer

Option A is correct because RDS for Oracle supports SSL/TLS, and you can set a parameter in the DB parameter group to require SSL. Option B is wrong because security groups control network access, not encryption. Option C is wrong because the option group defines features like timezone, not SSL enforcement.

Option D is wrong because the subnet group defines networking, not encryption.

1102
Multi-Selectmedium

A database administrator notices that an Amazon RDS for MySQL DB instance is experiencing high CPU utilization and increased latency during peak hours. The administrator wants to identify the queries causing the issue. Which TWO actions should be taken to diagnose the problem? (Select TWO.)

Select 2 answers
A.Enable Performance Insights on the DB instance.
B.Enable Amazon DevOps Guru for RDS.
C.Enable the slow query log and set a threshold for query duration.
D.Use RDS Proxy to manage connections.
E.Enable RDS Enhanced Monitoring.
AnswersA, C

Performance Insights provides detailed performance metrics and top SQL queries.

Why this answer

Option A: Enabling Performance Insights provides a performance schema and wait events to identify problematic queries. Option C: Enabling the slow query log captures queries that take longer than a specified time, helping to pinpoint slow queries. Option B: RDS Enhanced Monitoring is for OS-level metrics, not query-level.

Option D: Amazon DevOps Guru is for broader anomaly detection, not specific query identification. Option E: RDS Proxy is for connection pooling, not query analysis.

1103
MCQhard

A financial services company runs a critical application on Amazon RDS for MySQL. The database stores transaction data that must be retained for 7 years for regulatory compliance. The current retention policy stores all data in the same table, causing performance degradation on the main transactional table. The company needs to archive data older than 1 year while keeping it queryable. Which design should they implement?

A.Migrate to Amazon Redshift and use workload management to prioritize transactions.
B.Use Amazon ElastiCache for Redis to cache recent data and move old data to S3.
C.Use Amazon RDS for MySQL with a read replica for reporting, and set up a Lambda function to export partitions older than 1 year to Amazon S3 in Parquet format, queryable via Amazon Athena.
D.Migrate to Amazon DynamoDB with TTL to automatically expire old data.
AnswerC

Preserves relational structure for recent data, archives to S3 for cost-effective storage, and allows querying via Athena.

Why this answer

Option C is correct because it uses RDS for MySQL read replicas to offload reporting traffic, while a Lambda function archives partitions older than 1 year to Amazon S3 in Parquet format. This keeps the main transactional table lean, improves performance, and retains data for 7 years in a cost-effective, queryable format via Amazon Athena, meeting both compliance and queryability requirements.

Exam trap

The trap here is that candidates may think DynamoDB TTL is suitable for archiving, but TTL only deletes data, not retains it, and they may overlook the need for a queryable archive solution like Athena on S3.

How to eliminate wrong answers

Option A is wrong because migrating to Amazon Redshift is designed for analytical workloads, not for transactional OLTP operations, and would introduce unnecessary complexity and latency for the primary application. Option B is wrong because ElastiCache for Redis is an in-memory cache, not a persistent storage solution; moving old data to S3 without a query engine like Athena or Glue makes it non-queryable for compliance needs. Option D is wrong because DynamoDB TTL automatically deletes expired data, which violates the 7-year retention requirement since data older than 1 year must be retained, not deleted.

1104
Multi-Selecthard

A company uses Amazon DynamoDB for a high-traffic gaming leaderboard. The table has a partition key of 'game_id' and a sort key of 'score'. During a tournament, the application experiences throttling on a single partition. The application uses strongly consistent reads. Which TWO actions should be taken to resolve the throttling and maintain performance?

Select 2 answers
A.Redesign the partition key to include a random suffix to distribute writes across partitions.
B.Enable DynamoDB Accelerator (DAX) to cache the most frequently read items.
C.Increase the provisioned read capacity units (RCU) for the table.
D.Use eventually consistent reads for the leaderboard queries where possible.
E.Create a global secondary index (GSI) with a different partition key.
AnswersA, D

A write-sharding pattern ensures even distribution of write traffic and avoids hot partitions.

Why this answer

Options B and D are correct: Using a composite key with a shard attribute distributes writes across partitions, while switching to eventually consistent reads for non-critical reads reduces read capacity consumption. Option A is wrong because DAX does not help with write throttling. Option C is wrong because GSI does not distribute the base table's write load.

Option E is wrong because increasing RCU does not address the partition hot spot.

1105
Multi-Selectmedium

Which TWO of the following are valid ways to encrypt data at rest in Amazon DynamoDB? (Select TWO.)

Select 2 answers
A.Use AWS owned CMK for server-side encryption.
B.Enable Transparent Data Encryption (TDE).
C.Enable EBS encryption on the underlying storage.
D.Implement client-side encryption before sending data to DynamoDB.
E.Use a customer managed CMK from AWS KMS.
AnswersA, E

DynamoDB encrypts at rest by default using AWS owned keys.

Why this answer

Options C and D are correct. Option A is wrong because DynamoDB does not use EBS volumes. Option B is wrong because DynamoDB does not support TDE.

Option E is wrong because client-side encryption is not encryption at rest of the DynamoDB service.

1106
MCQeasy

A developer is connecting to an RDS for MySQL instance. What is the endpoint address that should be used in the database connection string?

A.mydb
B.mydb.123456789012.us-east-1.rds.amazonaws.com
C.3306
D.Z1R2S3V4X5Y6Z7
AnswerB

This is the DNS endpoint address.

Why this answer

Option B is correct because the endpoint address is the DNS name shown in the output. Option A is wrong because the instance ID is not the endpoint. Option C is wrong because the port is not the address.

Option D is wrong because the HostedZoneId is not used as the endpoint.

1107
MCQmedium

A company is migrating a self-hosted MongoDB database to Amazon DocumentDB. They need to ensure that indexes are created after the data load to improve migration performance. Which migration strategy should they use?

A.Use AWS Schema Conversion Tool (SCT) to convert the schema and then load data with DMS.
B.Use AWS DMS with 'create indexes before data load' option enabled.
C.Use AWS Database Migration Service (DMS) with the 'lob' mode set to 'Don't include LOB columns' and create indexes after the full load.
D.Use mongodump and mongorestore with the --writeConcern option set to 0.
AnswerC

Deferring index creation speeds up data migration; DMS can handle data transfer.

Why this answer

Option A (Use AWS DMS with 'lob' mode disabled and create indexes after load) is correct because creating indexes after data load improves migration speed. Option B (Use native mongodump/mongorestore) does not defer index creation. Option C (Use DMS with 'create indexes before load') slows down migration.

Option D (Use SCT for schema conversion) is not necessary for MongoDB to DocumentDB.

1108
MCQhard

A company uses Amazon DynamoDB with auto scaling enabled. The application experiences increased latency during peak hours. The DynamoDB table has a read capacity of 10,000 RCU and write capacity of 5,000 WCU. The auto scaling target utilization is 70%. During peak hours, the consumed read capacity reaches 8,000 RCU, but auto scaling does not increase capacity. What is the most likely reason?

A.The consumed capacity is still below the provisioned capacity, so no throttling occurs, and auto scaling does not trigger.
B.The auto scaling configuration has a maximum capacity that prevents scaling beyond a certain limit.
C.Auto scaling for DynamoDB does not support increasing read capacity; it only decreases capacity.
D.Auto scaling only scales out when the consumed capacity exceeds the provisioned capacity.
AnswerB

If the maximum capacity is set to 10,000 RCU, auto scaling cannot increase further.

Why this answer

Auto scaling uses the consumed capacity metric over a period. If the consumed capacity is consistently at 8,000 RCU, the target utilization is 70% of provisioned (10,000 RCU), so the current utilization is 80%, which is above the target. Auto scaling should increase capacity.

However, auto scaling has a cooldown period and also scales based on sustained consumption. Option A is not correct because auto scaling can scale out. Option B is not correct because the table is not throttled yet.

Option C is correct because auto scaling might be configured with a maximum capacity that limits scaling. Option D is not correct because auto scaling can increase RCU if needed.

1109
MCQmedium

A company is migrating a PostgreSQL database to Amazon Aurora PostgreSQL. They have set up AWS DMS with change data capture (CDC). However, after the initial load, the CDC replication is experiencing high latency. What is the MOST likely cause?

A.The target Aurora instance has insufficient storage.
B.The DMS instance is using an older engine version.
C.The source database has large transactions that are not committed quickly.
D.The network bandwidth is too low.
AnswerC

Large uncommitted transactions delay CDC.

Why this answer

Large uncommitted transactions on the source database cause DMS CDC to buffer changes until the transaction commits, leading to high latency. DMS must wait for the commit record before applying changes to the target Aurora instance, and during this time, CDC replication stalls, accumulating a backlog of changes.

Exam trap

The trap here is that candidates often assume network or infrastructure issues (like bandwidth or storage) are the primary cause of CDC latency, overlooking the fundamental constraint that DMS must wait for transaction commits before applying changes.

How to eliminate wrong answers

Option A is wrong because insufficient storage on the target Aurora instance would cause write failures or replication errors, not high latency in CDC replication. Option B is wrong because while older DMS engine versions may lack performance improvements, the most likely cause of CDC latency is source-side transaction behavior, not the DMS version. Option D is wrong because low network bandwidth would cause throughput issues or timeouts, but DMS CDC latency is primarily driven by transaction commit patterns on the source, not network speed.

1110
MCQhard

A company is migrating a PostgreSQL database to Amazon Aurora PostgreSQL. The current database has complex queries that join multiple tables and performs well. After migration, the same queries are slower on Aurora. What is the most likely cause?

A.The DB instance class does not have enough memory for the buffer cache.
B.Aurora PostgreSQL does not support complex joins; the queries must be rewritten.
C.Aurora PostgreSQL does not support indexes on joined columns.
D.The default DB parameter group is optimized for write-heavy workloads, not read-heavy.
AnswerA

Aurora's buffer cache is in memory; insufficient memory leads to more disk reads.

Why this answer

Option A is correct because after migrating to Aurora PostgreSQL, the same complex queries are slower, which often indicates that the buffer cache is too small to hold the working set of data. Aurora uses a distributed storage system where the buffer cache is managed by the DB instance's memory; if the instance class lacks sufficient memory, frequently accessed data pages must be read from storage more often, increasing I/O latency. This is a common performance bottleneck when migrating from on-premises PostgreSQL, where the buffer cache might have been larger or the working set fit entirely in memory.

Exam trap

The trap here is that candidates may assume Aurora PostgreSQL has inherent limitations with joins or indexes (options B and C), when in fact the most common post-migration performance issue is insufficient memory for the buffer cache, not a missing feature.

How to eliminate wrong answers

Option B is wrong because Aurora PostgreSQL fully supports complex joins, including hash joins, merge joins, and nested loop joins, just like standard PostgreSQL; no query rewriting is required. Option C is wrong because Aurora PostgreSQL supports indexes on joined columns, including B-tree, GiST, GIN, and BRIN indexes, and indexes are critical for join performance. Option D is wrong because the default DB parameter group in Aurora PostgreSQL is not optimized specifically for write-heavy workloads; it provides balanced settings, and performance issues with complex queries are more likely due to memory or configuration of the buffer cache, not a default parameter group bias.

1111
MCQeasy

A company needs to encrypt an existing unencrypted Amazon RDS for Oracle DB instance. Which set of steps should be followed?

A.Enable encryption using the AWS Management Console by selecting the instance and choosing 'Enable Encryption'.
B.Modify the DB instance and set the KMS key ID to enable encryption.
C.Copy the snapshot to an encrypted snapshot and then restore.
D.Take a snapshot of the instance, copy the snapshot with encryption enabled, and restore from the encrypted snapshot.
AnswerD

This is the standard method.

Why this answer

Option C is correct. Option A is wrong because encryption cannot be enabled by modifying the instance. Option B is wrong because you cannot add a KMS key to an existing instance.

Option D is wrong because you need to restore from an encrypted snapshot, not just copy it.

1112
MCQmedium

A company is using Amazon Redshift for data warehousing. The users report that queries are slow, and the CloudWatch metric 'CPUUtilization' shows high usage. The cluster has 4 dc2.large nodes. The administrator runs the following query: SELECT * FROM stl_query WHERE starttime > '2023-12-01' ORDER BY duration DESC LIMIT 10; This shows that the longest query runs for over 5 minutes. Which of the following is the MOST effective way to improve query performance?

A.Increase the size of the cluster volume by adding more storage
B.Add more nodes to the cluster (scale out)
C.Run the VACUUM command to reclaim space and improve query performance
D.Modify the workload management (WLM) queue to increase concurrency
AnswerB

Adding nodes increases compute capacity and parallelism.

Why this answer

Option C is correct because distributing data across more nodes allows parallel processing, which reduces query execution time. Option A is incorrect because the issue is CPU, not storage. Option B is incorrect because WLM queues manage concurrency, not individual query performance.

Option D is incorrect because vacuum reclaims space but does not directly speed up queries.

1113
Multi-Selectmedium

A company runs an Amazon RDS for MySQL DB instance with Multi-AZ. The application team reports that a recent schema change caused a significant increase in replication lag. The instance has a read replica in a different AWS Region. Which THREE actions should be taken to reduce replication lag?

Select 3 answers
A.Identify and optimize any long-running transactions or DDL statements that may be blocking replication.
B.Increase the DB instance class for both the primary and read replica to improve performance.
C.Monitor the ReplicaLag metric in Amazon CloudWatch to understand the trend and set alarms.
D.Set the transaction isolation level to READ COMMITTED to reduce locking.
E.Disable binary logging on the primary instance to reduce I/O overhead.
AnswersA, C, D

Long-running transactions can cause replication lag by holding locks or delaying binary log events.

Why this answer

Options A, C, and E are correct: Identifying and optimizing long-running transactions and DDL statements reduces lag. Monitoring replication metrics helps pinpoint the cause. Using a lower isolation level reduces locking.

Option B is wrong because disabling binary logging stops replication entirely. Option D is wrong because increasing instance class may help but is not a targeted fix; the other options address common causes of lag.

1114
Multi-Selectmedium

A company runs an Amazon RDS for SQL Server database. The database size is 500 GB. The company needs to create a test environment with a copy of the production database that refreshes daily. Which THREE steps should be taken to automate this? (Choose THREE.)

Select 3 answers
A.Use AWS Backup or AWS Lambda to take a manual snapshot of the production DB instance daily.
B.Update the test application's connection string to point to the new test instance.
C.Create a read replica of the production instance and promote it to the test environment.
D.Restore the snapshot to a new DB instance in the test environment.
E.Enable automated backups on the test instance after restoration.
AnswersA, B, D

Creates a consistent snapshot.

Why this answer

Option A creates a snapshot, Option B restores to a new instance, Option D updates the application endpoint. Option C is unnecessary because restoring from snapshot does not require backup. Option E is not needed as snapshot already provides point-in-time.

1115
Multi-Selecteasy

A company is deploying a new Amazon RDS for MySQL database in a VPC. The database must be accessible only from an application server running in the same VPC. The security team also wants to ensure that the database is not accessible from the internet. Which TWO configurations are required? (Choose TWO.)

Select 2 answers
A.Place the DB instance in a public subnet.
B.Modify the DB parameter group to restrict network access.
C.Configure the security group to allow inbound traffic only from the application server's security group.
D.Set the DB instance to be not publicly accessible.
E.Configure a network ACL to deny inbound traffic from 0.0.0.0/0.
AnswersC, D

This restricts access to the specific application server.

Why this answer

Options B and D are correct. Option B: Making the DB instance not publicly accessible ensures it cannot be reached from the internet. Option D: Configuring the security group to allow inbound traffic only from the application server's security group limits access.

Option A is wrong because a public subnet does not prevent internet access; it enables it. Option C is wrong because a network ACL is stateless and less specific than security groups. Option E is wrong because the parameter group does not control network access.

1116
MCQeasy

A company is using Amazon RDS for PostgreSQL for its transactional database. The application generates reports that query millions of rows, causing high CPU on the primary instance. The reports are not time-sensitive. What is the MOST cost-effective way to offload the reporting queries without affecting write performance?

A.Create an Amazon RDS Read Replica and direct reporting queries to the replica.
B.Use Amazon ElastiCache to cache report results.
C.Enable Multi-AZ to distribute reads to the standby instance.
D.Migrate reporting to Amazon Redshift.
AnswerA

Read Replicas can handle read traffic without impacting the primary.

Why this answer

Creating an Amazon RDS Read Replica offloads reporting queries to a separate read-only instance, preventing CPU contention on the primary. Since the reports are not time-sensitive, the replica can handle the large queries without impacting write performance, and it is cost-effective because you only pay for the replica's compute and storage.

Exam trap

The trap here is that candidates may confuse Multi-AZ standby instances with Read Replicas, mistakenly believing that the standby can serve read traffic, but AWS explicitly does not allow reads from the standby in a Multi-AZ deployment.

How to eliminate wrong answers

Option B is wrong because ElastiCache caches query results, but it does not offload the actual query processing from the primary instance; the initial query still runs on the primary, causing CPU spikes. Option C is wrong because Multi-AZ standby instances are not used for read traffic; they are only for failover and do not serve read requests. Option D is wrong because migrating to Amazon Redshift is overkill and more expensive for this use case; a Read Replica is simpler and more cost-effective for offloading reporting queries from RDS.

1117
Multi-Selectmedium

A company is using Amazon RDS for PostgreSQL with Multi-AZ deployment. The database administrator needs to perform a minor version upgrade with minimal downtime. Which TWO actions should the administrator take? (Choose TWO.)

Select 2 answers
A.Disable Multi-AZ before the upgrade to reduce complexity.
B.Test the upgrade on a separate non-production environment first.
C.Modify the DB parameter group to set the new version parameters.
D.Schedule the upgrade during the maintenance window.
E.Take a snapshot of the DB instance before the upgrade.
AnswersB, D

Testing ensures compatibility and reduces risk of issues during the production upgrade.

Why this answer

Options A and D are correct. Performing the upgrade during the maintenance window allows RDS to handle the upgrade automatically with a failover, minimizing downtime. Testing the upgrade on a non-production environment first is a best practice to ensure compatibility.

Option B is incorrect because taking a snapshot before upgrade is a good practice but does not reduce downtime. Option C is incorrect because disabling Multi-AZ would cause downtime during the upgrade. Option E is incorrect because modifying the DB parameter group is not required for minor version upgrades.

1118
Multi-Selecteasy

A company is using Amazon RDS for MariaDB. The database administrator wants to monitor the database for slow queries. Which TWO services can be used to achieve this? (Choose TWO.)

Select 2 answers
A.Amazon RDS Performance Insights
B.AWS Config
C.Amazon CloudWatch Logs
D.Amazon RDS Enhanced Monitoring
E.AWS CloudTrail
AnswersA, C

Performance Insights helps identify and analyze slow queries.

Why this answer

RDS Performance Insights provides a dashboard for database performance and can identify slow queries. RDS Enhanced Monitoring provides OS-level metrics but not query-specific. CloudWatch Logs can capture slow query logs if enabled.

CloudTrail logs API calls. AWS Config tracks configuration.

1119
MCQhard

A company's Amazon RDS for PostgreSQL instance is experiencing high CPU utilization. The DB instance is a db.r5.xlarge with 500 GB of General Purpose SSD (gp2) storage. The application team reports that write-intensive batch jobs are causing latency. The DBA notices that the ReadIOPS metric is low but WriteIOPS is consistently near the instance's maximum. Which action would most effectively reduce write latency?

A.Change the storage type to Provisioned IOPS (io1) with the same IOPS.
B.Increase the allocated storage to 1,000 GB to increase baseline IOPS.
C.Add a read replica to distribute read traffic.
D.Enable Multi-AZ deployment to offload writes to a standby instance.
AnswerB

For gp2 volumes, baseline IOPS is 3 per GB, up to 16,000 IOPS. Increasing storage size increases baseline IOPS and burst balance duration, reducing write latency.

Why this answer

The correct answer is B because increasing the allocated storage for a gp2 volume from 500 GB to 1,000 GB doubles the baseline IOPS from 1,500 to 3,000 (gp2 baseline is 3 IOPS per GB). Since the write-intensive workload is hitting the maximum IOPS of the current volume, this increase directly raises the IOPS ceiling, reducing write latency without changing storage type.

Exam trap

The trap here is that candidates often assume Provisioned IOPS (io1) is always the answer for high IOPS workloads, but the question specifies that WriteIOPS is 'consistently near the instance's maximum' — increasing gp2 storage is a simpler, cost-effective way to raise the IOPS ceiling without changing storage type.

How to eliminate wrong answers

Option A is wrong because changing to io1 with the same IOPS (e.g., 1,500) does not increase the IOPS ceiling; it only provides consistent performance, but the bottleneck remains. Option C is wrong because a read replica offloads read traffic, not write traffic; writes still go to the primary instance, so write latency is unaffected. Option D is wrong because Multi-AZ deployment provides a standby for failover and offloads read traffic for the synchronous standby, but writes are still committed on the primary and replicated synchronously; it does not reduce write latency on the primary.

1120
MCQeasy

Refer to the exhibit. A database specialist is investigating an application outage that occurred at 14:25 UTC. The RDS event log shows the events above. What is the most likely cause of the outage?

A.A maintenance window update was applied, causing the instance to become unavailable.
B.The DB instance ran out of storage and became read-only.
C.A Multi-AZ failover occurred at 14:25 UTC, causing a brief outage.
D.The DB instance restarted at 14:30 UTC due to a manual reboot.
AnswerC

Failover involves promoting the standby, which causes a momentary outage.

Why this answer

Option A is correct because a Multi-AZ failover can cause a brief outage during the transition. The restart at 14:30 is likely the result of the failover. Option B is wrong because the restart occurred after the failover.

Option C is wrong because the events do not indicate a maintenance window. Option D is wrong because there is no evidence of insufficient storage.

1121
MCQhard

A database specialist sees the above error log entries from an Amazon RDS for MySQL DB instance. Which action should be taken to resolve the issue?

A.Increase the allocated storage for the DB instance.
B.Restore the DB instance from the latest automated snapshot.
C.Reboot the DB instance to clear the error.
D.Run the mysqlcheck command to repair the corrupted tables.
AnswerB

Correct: Restoring from a clean snapshot is the standard recovery method for page corruption.

Why this answer

The error log entries indicate corruption in the InnoDB tablespace, likely due to a crash or hardware failure. Restoring from the latest automated snapshot is the correct action because it provides a consistent, point-in-time recovery of the entire database, including all table structures and data, without relying on potentially corrupted files. This approach ensures data integrity and avoids further damage that could occur from attempting repairs on a corrupted instance.

Exam trap

The trap here is that candidates often confuse table-level repair commands (like mysqlcheck or REPAIR TABLE) with the need for a full database restore, not realizing that InnoDB corruption typically requires point-in-time recovery from a backup rather than a simple repair operation.

How to eliminate wrong answers

Option A is wrong because increasing allocated storage addresses disk space issues, not data corruption; the error logs point to logical corruption, not a full filesystem. Option C is wrong because rebooting the DB instance will not repair corrupted tables; it may even cause the instance to fail to start if the corruption is severe, and it does not fix underlying data integrity problems. Option D is wrong because mysqlcheck is designed for MyISAM tables and does not repair InnoDB tables; InnoDB corruption requires recovery from a backup or using the innodb_force_recovery parameter, not a simple command-line repair tool.

1122
MCQhard

A database specialist runs the CLI command shown. The output indicates the instance is Multi-AZ and available. The application, however, is experiencing intermittent connection timeouts to the database endpoint. What is the most likely cause?

A.A failover occurred due to a Multi-AZ event.
B.The MySQL engine version is not supported.
C.The DB instance class is not available in the current region.
D.The database storage is full.
AnswerA

Failover causes transient connection timeouts until DNS updates.

Why this answer

Option B is correct because Multi-AZ failover can cause transient connection timeouts if the application does not have proper retry logic. Option A is wrong because the instance status is 'available', not 'storage-full'. Option C is wrong because MySQL 8.0.28 is a supported version.

Option D is wrong because the instance class is db.r5.xlarge, which is a current generation instance.

1123
MCQeasy

A company is deploying a new web application that uses Amazon RDS for MySQL. To meet high availability requirements, the database must automatically failover to a standby in a different Availability Zone with minimal downtime. Which deployment configuration should be used?

A.Multi-AZ deployment with automatic failover
B.Single-AZ deployment with enhanced monitoring
C.Multi-AZ cluster deployment
D.Single-AZ deployment with a read replica
AnswerA

Multi-AZ provides a standby in a different AZ and automatic failover.

Why this answer

Option A is correct because a Multi-AZ deployment automatically creates a standby in a different AZ and handles failover. Option B is wrong because read replicas are for read scaling, not automatic failover. Option C is wrong because a single-AZ deployment does not provide automatic failover.

Option D is wrong because a cluster configuration exists for Aurora, not standard RDS for MySQL.

1124
MCQhard

A company runs a financial application on Amazon RDS for PostgreSQL that requires point-in-time recovery (PITR) with a recovery point objective (RPO) of 1 second and recovery time objective (RTO) of 5 minutes. Which configuration meets these requirements at the lowest cost?

A.Multi-AZ RDS with synchronous standby.
B.Single-AZ RDS with automated backups and manual snapshot restore.
C.Single-AZ RDS with a read replica and promote on failure.
D.Single-AZ RDS with cross-region snapshot copy.
AnswerA

Automatic failover within minutes, minimal data loss.

Why this answer

Multi-AZ RDS for PostgreSQL with synchronous standby replication provides automatic failover to a standby in a different Availability Zone, enabling an RTO of typically 1–2 minutes, well within the 5-minute requirement. Automated backups and transaction logs allow PITR with an RPO of 1 second by restoring to any point within the retention period, and the synchronous standby ensures zero data loss during failover, meeting the strict RPO at the lowest cost for this high-availability need.

Exam trap

The trap here is that candidates often assume a read replica can provide fast failover and low RPO, but they overlook that read replicas use asynchronous replication, which introduces lag and requires manual promotion, failing both the RPO and RTO requirements.

How to eliminate wrong answers

Option B is wrong because Single-AZ RDS with automated backups and manual snapshot restore cannot achieve an RTO of 5 minutes; restoring from a snapshot or automated backup takes significantly longer (often 15–60 minutes depending on database size) and does not provide automatic failover. Option C is wrong because Single-AZ RDS with a read replica and promote on failure does not guarantee an RPO of 1 second; read replicas use asynchronous replication, which can lag by seconds to minutes, and promotion is a manual or scripted process that increases RTO beyond 5 minutes. Option D is wrong because Single-AZ RDS with cross-region snapshot copy cannot meet the RTO of 5 minutes; restoring from a cross-region snapshot requires copying the snapshot to the target region and then restoring, which takes much longer than 5 minutes, and the RPO is limited by the snapshot schedule (e.g., every 5–30 minutes), not 1 second.

1125
Multi-Selecthard

A company's Amazon Redshift cluster is experiencing slow query performance. Which THREE diagnostic steps should be taken to identify the bottleneck?

Select 3 answers
A.Query STL_LOAD_ERRORS to check for data load errors
B.Query SVL_QUERY_REPORT to see step-level performance
C.Query STL_QUERY to analyze query execution times
D.Query STL_WLM_QUERY to check for queue waits
E.Query STV_BLOCKLIST to check disk allocation
AnswersB, C, D

Shows time spent per step.

Why this answer

Option A is correct because STL_QUERY provides query execution details. Option C is correct because SVL_QUERY_REPORT shows step-level execution. Option E is correct because STL_WLM_QUERY shows WLM queue waits.

Option B is wrong because STV_BLOCKLIST shows disk allocation, not performance. Option D is wrong because STL_LOAD_ERRORS is for load errors.

Page 14

Page 15 of 24

Page 16