AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 12011275

1730 questions total · 24pages · All types, answers revealed

Page 16

Page 17 of 24

Page 18
1201
MCQhard

A database administrator is using AWS DMS to migrate an on-premises Oracle database to Amazon RDS for PostgreSQL. The migration has been running for several hours, but the full load phase is taking much longer than expected. The CPU utilization on the DMS replication instance is consistently below 10%. What is the MOST likely cause of the slow performance?

A.The source database has large LOBs that are being transferred in full LOB mode.
B.The target database engine is not compatible with DMS.
C.The DMS task is not configured to use parallel tables.
D.The target RDS instance is throttling write operations due to low IOPS.
AnswerD

Low IOPS on the target can cause DMS to wait, leading to low CPU on the replication instance.

Why this answer

Option C is correct because when migrating to a target with limited write capacity (e.g., RDS instance with low IOPS), DMS may be throttled by the target's write throughput, while the replication instance itself is underutilized. Option A is incorrect because DMS can use multiple tasks, but the issue is not about parallelism. Option B is incorrect because DMS uses its own engine, not PostgreSQL.

Option D is incorrect because using LOBs can slow down migration, but the symptom is low CPU on the replication instance, not high.

1202
MCQeasy

A company uses Amazon RDS for PostgreSQL with a single-AZ deployment. The operations team needs to ensure that the database is available during a planned maintenance event that requires a reboot. The maintenance window is set for 30 minutes. The database size is 200 GB and the application can tolerate a few minutes of downtime. Which action should the team take to minimize downtime during the reboot?

A.Take a manual snapshot before the maintenance window and restore it if needed
B.Create a read replica and promote it to primary after the reboot
C.Schedule the reboot during a low-traffic period
D.Modify the DB instance to be Multi-AZ
AnswerD

Multi-AZ provides automatic failover with minimal downtime during maintenance.

Why this answer

Option C is correct because enabling Multi-AZ allows a failover to the standby with minimal downtime during maintenance. Option A is wrong because a manually created snapshot does not reduce downtime during a reboot. Option B is wrong because read replicas do not automatically take over on reboot.

Option D is wrong because a DB instance restart still requires the instance to be unavailable during reboot.

1203
Multi-Selecthard

A company runs an e-commerce platform on Amazon Aurora MySQL. The platform experiences high traffic during flash sales. To handle the load, they want to offload read traffic to read replicas. However, they are concerned about replication lag causing stale data for inventory checks. Which three strategies can reduce replication lag? (Choose three.)

Select 3 answers
A.Enable binary log replication with parallel apply on replicas.
B.Use a lower transaction isolation level (e.g., READ COMMITTED) on replicas.
C.Implement synchronous replication between writer and replicas.
D.Use Aurora Auto Scaling to add read replicas during peak traffic.
E.Increase the instance size of the writer instance.
AnswersA, B, D

Parallel apply speeds up replication.

Why this answer

Option A (Use Aurora Auto Scaling) is correct because it adds replicas to distribute load. Option B (Use Binary Log Replication with parallel apply) is correct because it improves replication throughput. Option D (Use lower isolation levels on replicas) is correct because it reduces locking and improves apply speed.

Option C is wrong because increasing instance size of replicas helps, but not of the writer; the bottleneck is replica apply. Option E is wrong because synchronous replication would impact write performance.

1204
MCQhard

A company is using an Amazon RDS for MySQL database and needs to audit all database login events. The audit logs must be stored in Amazon S3 for long-term retention. Which steps should be taken to accomplish this?

A.Enable the 'general_log' parameter and set 'log_output' to 'FILE', then copy the log file to S3 manually.
B.Enable CloudTrail data events for RDS to capture login events and store in S3.
C.Enable the 'audit_log' plugin and configure RDS to publish logs to an S3 bucket.
D.Enable the 'audit_log' plugin, publish logs to CloudWatch Logs, and create an export task to S3.
AnswerD

This is the standard method to get audit logs into S3.

Why this answer

Option C is correct because RDS for MySQL supports audit logs via the 'audit_log' plugin, which can be published to CloudWatch Logs, and then exported to S3. Option A is wrong because RDS does not natively publish logs directly to S3. Option B is wrong because CloudTrail does not capture database login events.

Option D is wrong because the general log is not the same as audit log and may not capture all login events as required.

1205
MCQmedium

A company uses Amazon ElastiCache for Redis as a caching layer for a web application. They observe a sudden increase in CPU utilization on the cache cluster, and the application experiences higher latency. Which action should be taken to diagnose the issue?

A.Enable query profiling on the ElastiCache cluster.
B.Monitor Amazon CloudWatch metrics for the ElastiCache cluster to identify the cause.
C.Disable persistence to reduce CPU overhead.
D.Immediately scale up to a larger node type.
AnswerB

Correct. CloudWatch metrics provide insight into CPU usage, cache hits/misses, and other performance indicators.

Why this answer

Option A is correct because CloudWatch metrics like CPUUtilization and CacheHits are the first step to diagnose. Option B is wrong because increasing node size is a solution, not a diagnostic step. Option C is wrong because ElastiCache does not have a built-in query profiler.

Option D is wrong because disabling persistence is unrelated.

1206
Multi-Selecteasy

A company uses Amazon DynamoDB and wants to audit access to a table. Which TWO services can be used together to log and monitor data plane operations? (Choose TWO.)

Select 2 answers
A.Amazon CloudWatch Logs
B.S3 access logs
C.AWS CloudTrail
D.VPC Flow Logs
E.AWS Config
AnswersA, C

CloudWatch Logs can store and monitor CloudTrail logs.

Why this answer

Option B is correct because CloudTrail logs data events for DynamoDB. Option C is correct because Amazon CloudWatch Logs can be used to store and monitor the logs. Option A is wrong because VPC Flow Logs capture network traffic.

Option D is wrong because AWS Config records configuration changes. Option E is wrong because S3 access logs log access to S3, not DynamoDB.

1207
MCQeasy

A developer wants to grant an IAM user read-only access to an Amazon DynamoDB table named 'Orders' in the 'us-east-1' region. Which IAM policy should be attached to the user?

A.{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["dynamodb:GetItem","dynamodb:Query","dynamodb:Scan"],"Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/Orders"}]}
B.{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["dynamodb:*"],"Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/Orders"}]}
C.{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["dynamodb:GetItem","dynamodb:PutItem","dynamodb:UpdateItem"],"Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/Orders"}]}
D.{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Action":["dynamodb:PutItem","dynamodb:UpdateItem","dynamodb:DeleteItem"],"Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/Orders"}]}
AnswerA

This allows read-only actions on the table.

Why this answer

Option B is correct because it allows only Scan, Query, and GetItem on the specified table. Option A is wrong because it uses a 'Deny' effect for write operations but allows all DynamoDB actions by default. Option C is wrong because it grants full access to the table.

Option D is wrong because it includes PutItem and UpdateItem.

1208
MCQeasy

A company is using Amazon DynamoDB to store session data for a web application. The session data expires after 24 hours. Which DynamoDB feature should the company use to automatically delete expired items?

A.A retention policy on the DynamoDB table
B.DynamoDB Time to Live (TTL)
C.DynamoDB Streams
D.A scheduled AWS Lambda function that scans and deletes expired items
AnswerB

TTL automatically deletes expired items based on a timestamp attribute.

Why this answer

DynamoDB Time to Live (TTL) is the correct choice because it provides a cost-effective, fully managed mechanism to automatically delete expired items based on a timestamp attribute in the table. TTL works by comparing the current time to the epoch time value stored in the designated TTL attribute; when the value is in the past, DynamoDB marks the item for deletion, typically within 48 hours. This eliminates the need for custom code or additional AWS services, directly addressing the requirement to remove session data after 24 hours.

Exam trap

The trap here is that candidates may overcomplicate the solution by choosing a custom Lambda-based approach (Option D) or misidentifying Streams (Option C) as a deletion mechanism, when DynamoDB's native TTL feature is the simplest, most cost-effective, and fully managed answer.

How to eliminate wrong answers

Option A is wrong because DynamoDB does not support a native 'retention policy' on tables; retention policies are a feature of services like Amazon S3 or CloudWatch Logs, not DynamoDB. Option C is wrong because DynamoDB Streams capture item-level changes (inserts, updates, deletes) in near-real-time but do not themselves delete items; they are a notification mechanism, not a data lifecycle management feature. Option D is wrong because while a scheduled Lambda function that scans and deletes expired items could technically work, it is an inefficient, custom solution that consumes read/write capacity and incurs additional cost and complexity, whereas TTL provides the same functionality natively and at no extra cost.

1209
Multi-Selectmedium

A company is running an Amazon RDS for MySQL instance with Multi-AZ. The primary instance in us-east-1a fails, and the standby in us-east-1b is promoted. The application cannot connect after failover. Which TWO steps should the database administrator take to restore connectivity?

Select 2 answers
A.Update the application's connection string to point to the new writer endpoint.
B.Reboot the new primary instance to reset connections.
C.Update the security group to allow inbound traffic from the application.
D.Wait for DNS propagation and flush the application's DNS cache.
E.Create a read replica and promote it to a new primary.
AnswersA, D

Explicitly updating the endpoint ensures immediate connectivity.

Why this answer

Option A is correct because the CNAME updates automatically, but DNS caching may cause delays. Option D is correct because updating the connection string to the new writer endpoint ensures connectivity. Option B is wrong because rebooting the new primary is not required.

Option C is wrong because modifying security group is unnecessary; it already allows traffic. Option E is wrong because read replicas are not related.

1210
MCQeasy

A company has an Amazon RDS for MySQL database that contains sensitive data. The security team requires that all data be encrypted at rest using a customer-managed key stored in AWS KMS. Which action should be taken to meet this requirement?

A.Enable encryption on the existing RDS instance by modifying the instance.
B.Create a new RDS instance with encryption enabled using the KMS key, migrate data, and delete the old instance.
C.Configure the DB parameter group to require encryption at rest.
D.Create a snapshot of the unencrypted database and restore it as an encrypted database.
AnswerB

This is the only way to achieve encryption at rest with a customer-managed KMS key for an existing database.

Why this answer

Option D is correct because RDS encryption at rest with a customer-managed KMS key is enabled at launch time and cannot be enabled after creation. Option A is wrong because enabling encryption on an existing unencrypted instance is not supported. Option B is wrong because you cannot modify an existing instance to add encryption.

Option C is wrong because encryption is set at launch, not by modifying the DB parameter group.

1211
MCQhard

A company is migrating a 4 TB Oracle database to Amazon Aurora PostgreSQL using AWS DMS. The migration completes successfully but the application experiences high latency on the Aurora cluster. The DMS task used LOB mode 'full LOB mode'. What is the most likely cause of the latency?

A.The Aurora cluster was underprovisioned for parallel load
B.Full LOB mode caused large LOBs to be stored in the Aurora cluster, leading to increased I/O
C.The DMS task was configured with 'ongoing replication' causing continuous write load
D.The DMS task replicated data to a different region, causing network latency
AnswerB

Full LOB mode stores LOBs inline, which can cause write amplification and high latency.

Why this answer

Option A is correct because full LOB mode stores LOBs inline, increasing storage and I/O. Option B is wrong because CDC is not the cause. Option C is wrong because DMS does not use cross-region replication.

Option D is wrong because parallel load is not the issue.

1212
MCQhard

A company has an Amazon Redshift cluster that stores sensitive financial data. The security team requires that all data be encrypted at rest and that the encryption keys be rotated annually. Which solution meets these requirements?

A.Use AWS KMS with automatic key rotation to encrypt the Redshift cluster.
B.Create the cluster with AWS CloudHSM-backed encryption and rotate the key annually.
C.Enable encryption on the existing cluster by modifying the cluster settings.
D.Create a new encrypted cluster with a KMS key and configure automatic key rotation.
AnswerA

AWS KMS supports automatic annual key rotation, and Redshift can use KMS keys for encryption.

Why this answer

Option D is correct because Redshift supports encryption at rest with AWS KMS, and KMS keys can be rotated automatically or manually yearly. Option A is wrong because Redshift does not allow you to change the encryption key type after the cluster is created. Option B is wrong because enabling encryption on an existing unencrypted cluster is not possible without a snapshot restore.

Option C is wrong because CloudHSM is not required and does not provide automatic key rotation.

1213
MCQhard

A company is designing a multi-tenant SaaS application using Amazon Aurora PostgreSQL. Each tenant's data must be isolated for security and compliance. The application has a few large tenants and many small tenants. Queries must be able to access data across tenants for reporting, but with strict access controls. Which design best meets these requirements?

A.Use a single Aurora cluster with a separate schema per tenant and implement row-level security policies.
B.Create a separate database per tenant in the same Aurora cluster.
C.Create a separate Aurora cluster per tenant.
D.Use a single Aurora cluster with a single schema but add a tenant_id column to every table.
AnswerA

Schemas provide logical isolation and RLS enforces access controls per tenant.

Why this answer

Option A is correct because it uses a single Aurora cluster with a separate schema per tenant and row-level security (RLS) policies. This design provides strong tenant isolation at the schema level while allowing cross-tenant reporting queries with strict access controls enforced by RLS policies, which automatically filter rows based on the current session's tenant context. It balances security, compliance, and operational efficiency for a mix of large and small tenants.

Exam trap

The trap here is that candidates often assume that physical separation (separate clusters or databases) is always required for compliance, but Aurora PostgreSQL's row-level security can provide logical isolation that meets security requirements while enabling efficient cross-tenant reporting.

How to eliminate wrong answers

Option B is wrong because creating a separate database per tenant in the same Aurora cluster does not provide sufficient isolation for security and compliance; databases in the same cluster share the same underlying storage and can be accessed by any user with appropriate privileges, and cross-database queries are cumbersome and less secure. Option C is wrong because creating a separate Aurora cluster per tenant introduces significant operational overhead, cost, and complexity, especially for many small tenants, and makes cross-tenant reporting queries extremely difficult without complex federated query mechanisms. Option D is wrong because using a single schema with a tenant_id column on every table lacks native isolation; it requires application-level filtering that can be bypassed, does not enforce strict access controls at the database level, and makes it harder to manage tenant-specific data lifecycle and compliance requirements.

1214
MCQmedium

A company is deploying a new DynamoDB table for a global application. The table must have low latency reads and writes across multiple AWS regions. Which configuration should be used?

A.Enable DynamoDB Accelerator (DAX) in each region.
B.Use DynamoDB Accelerator (DAX) with cross-region replication.
C.Use DynamoDB global tables with replicate streams.
D.Create a single table in the primary region and use Amazon CloudFront for reads.
AnswerC

Global tables automatically replicate data across regions for low latency access.

Why this answer

Option C is correct because DynamoDB global tables provide multi-region replication. Option A is wrong because DAX only caches in one region. Option B is wrong because a single table in one region does not provide global low latency.

Option D is wrong because DynamoDB Accelerator is for in-memory caching, not replication.

1215
MCQeasy

A company needs to deploy a globally distributed application with a database that supports multi-region writes and automatic conflict resolution. Which AWS database service should be used?

A.Amazon DynamoDB Global Tables
B.Amazon Aurora Global Database
C.Amazon RDS for MySQL with Multi-AZ
D.Amazon ElastiCache for Redis
AnswerA

DynamoDB Global Tables support multi-region active-active writes with conflict resolution.

Why this answer

Option D is correct because Amazon DynamoDB Global Tables supports multi-region writes and automatic conflict resolution. Option A is wrong because RDS for MySQL Multi-AZ is single-region. Option B is wrong because Aurora Global Database is for reads, not writes in multiple regions.

Option C is wrong because ElastiCache is a cache, not a primary database.

1216
MCQeasy

A database specialist is troubleshooting a connectivity issue with an Amazon RDS for PostgreSQL instance. The instance is in a VPC with a public subnet. The security group allows inbound traffic on port 5432 from the application server's IP address. The application server is in the same VPC but in a private subnet. Despite the security group configuration, the application cannot connect. Which action should the specialist take to resolve the issue?

A.Launch the RDS instance in the default VPC.
B.Change the DB subnet group to include the application server's subnet.
C.Add a network ACL rule allowing inbound traffic on port 5432 from the application server's public IP.
D.Modify the RDS instance to be publicly accessible.
E.Update the security group inbound rule to allow traffic from the application server's private IP address.
AnswerE

The application connects from its private IP within the VPC, so the security group should allow that private IP.

Why this answer

Option E is correct because the application server is in a private subnet, so it communicates with the RDS instance using its private IP address. The security group inbound rule must allow traffic from the application server's private IP (or the security group of the application server) on port 5432. The current rule only allows the application server's public IP, which is not used for traffic within the VPC, causing the connection failure.

Exam trap

The trap here is that candidates may confuse public and private IP addressing within a VPC, assuming that allowing the application server's public IP in the security group is sufficient, when in fact traffic between instances in the same VPC always uses private IPs.

How to eliminate wrong answers

Option A is wrong because launching the RDS instance in the default VPC does not resolve the IP mismatch; the application server's private IP would still need to be allowed in the security group. Option B is wrong because the DB subnet group defines which subnets the RDS instance can be placed in, not which subnets can connect to it; the application server's subnet is irrelevant for connectivity rules. Option C is wrong because network ACLs are stateless and apply at the subnet level, but the issue is that the security group is allowing the wrong IP (public instead of private); additionally, the application server's public IP is not used for VPC-internal traffic.

Option D is wrong because making the RDS instance publicly accessible would expose it to the internet, which is unnecessary and less secure; the application server is in the same VPC, so private connectivity should be used.

1217
MCQhard

A company uses Amazon RDS for MySQL with Multi-AZ and read replicas. The database has a table storing user sessions with 50 million rows. The application team reports that queries using 'SELECT * FROM sessions WHERE user_id = ? ORDER BY login_time DESC LIMIT 10' are slow. The EXPLAIN plan shows a full table scan. Which design change would BEST improve query performance?

A.Implement an application-level cache using ElastiCache
B.Create a composite index on (user_id, login_time)
C.Partition the table by user_id
D.Upgrade to a larger instance type with more memory
AnswerB

This index covers both the WHERE and ORDER BY clauses.

Why this answer

Option A is correct because a composite index on (user_id, login_time) allows the database to find rows by user and order by time without scanning. Option B is wrong because increasing instance size does not address the missing index. Option C is wrong because caching may help but does not fix the root cause.

Option D is wrong because partitioning by user_id may help, but a composite index is more effective for this specific query.

1218
MCQmedium

An organization is using Amazon DynamoDB with on-demand capacity. They notice that the 'ThrottledRequests' metric is non-zero during a specific hour each day. The table stores session data and has a partition key of 'user_id'. The workload is uniform. What is the most likely cause of throttling?

A.The table has on-demand capacity and cannot throttle.
B.The account-level read/write capacity limit is exceeded.
C.A global secondary index is consuming write capacity.
D.The partition key is not evenly distributed.
AnswerD

Uneven access pattern can cause a hot partition leading to throttling even on on-demand tables.

Why this answer

Option D is correct because the 'ThrottledRequests' metric indicates that requests are being throttled due to partition-level capacity limits. Even with on-demand capacity, DynamoDB imposes a per-partition throughput limit (typically 1,000 WCU or 3,000 RCU per partition). If the partition key 'user_id' is not evenly distributed, a single partition can become a hot key, exceeding its limit and causing throttling despite the table having on-demand capacity.

Exam trap

The trap here is that candidates assume on-demand capacity eliminates all throttling, but DynamoDB still throttles at the partition level when a hot key causes uneven distribution, even with on-demand mode.

How to eliminate wrong answers

Option A is wrong because on-demand capacity can still throttle requests when a single partition exceeds its throughput limit, contrary to the misconception that on-demand mode never throttles. Option B is wrong because account-level read/write capacity limits are separate from DynamoDB throttling; the 'ThrottledRequests' metric reflects partition-level throttling, not account-level limits. Option C is wrong because a global secondary index consuming write capacity would affect the index's own throttling metrics, not the base table's 'ThrottledRequests' metric, and the question specifies the table stores session data with a uniform workload.

1219
MCQhard

A gaming company uses Amazon DynamoDB to store player scores. The table has a partition key of 'game_id' and a sort key of 'player_id'. They notice that during peak hours, write requests for a popular game 'g123' are throttled, while other games are unaffected. What is the most likely cause and solution?

A.Enable DynamoDB Accelerator (DAX) to cache writes.
B.The write capacity is too low; increase the table's write capacity units.
C.Use a composite partition key with a random suffix to distribute writes.
D.Enable auto-scaling on the table to handle burst write traffic.
AnswerC

Write sharding spreads writes across partitions, avoiding a hot key.

Why this answer

Option D is correct because the partition key 'game_id' causes a hot partition for game 'g123'. Using a write shard pattern distributes writes across multiple partitions. Option A (increase WCUs) may not help if the partition is hot.

Option B (DAX) is for reads, not writes. Option C (auto-scaling) won't solve hot partition issue.

1220
Multi-Selectmedium

A company is deploying a new application on Amazon RDS for PostgreSQL. The security policy requires that all data be encrypted at rest and in transit. Which TWO actions should the company take to meet these requirements?

Select 2 answers
A.Use a client-side encryption library to encrypt data before sending to the database.
B.Enable encryption for automated backups separately.
C.Enable encryption at rest by specifying a KMS key when creating the DB instance.
D.Create an encrypted read replica and promote it to master.
E.Set the parameter rds.force_ssl to 1 in the DB parameter group.
AnswersC, E

This encrypts the data at rest.

Why this answer

Options A and D are correct. To encrypt data at rest, you must enable encryption when creating the DB instance (Option A). To encrypt data in transit, you must enforce SSL/TLS connections by setting the parameter rds.force_ssl to 1 (Option D).

Option B is wrong because using a client-side encryption library is not necessary if you use RDS encryption and SSL. Option C is wrong because RDS automatically encrypts automated backups if the instance is encrypted. Option E is wrong because enabling encryption on a read replica does not encrypt the master.

1221
MCQhard

A company's DynamoDB table uses provisioned capacity and has a global table for disaster recovery. Write requests to the replica region are failing with ProvisionedThroughputExceededException even though the replica table shows low consumed capacity. What is the MOST likely cause?

A.Auto-scaling is disabled on the replica table
B.The replica table is exhausting its burst capacity
C.The replica table's write capacity is insufficient for replication writes
D.DAX is enabled on the replica table
AnswerC

Global tables replicate writes asynchronously; if replica's write capacity is lower than the replication traffic, throttling occurs.

Why this answer

Option D is correct because replicas have independent capacity; if replication writes exceed provisioned capacity, throttling occurs. Option A is wrong because burst capacity is not relevant to throttling. Option B is wrong because auto-scaling doesn't cause throttling.

Option C is wrong because DAX is for reads.

1222
Multi-Selecthard

Which TWO are best practices for designing a DynamoDB table for high-traffic e-commerce application? (Select TWO.)

Select 2 answers
A.Create Global Secondary Indexes to support different access patterns.
B.Use a constantly increasing value (e.g., timestamp) as the partition key.
C.Design the table to use scan operations for most queries.
D.Use a composite primary key (partition key and sort key) to organize data.
E.Use a single attribute as the partition key with low cardinality.
AnswersA, D

GSIs allow querying on non-key attributes.

Why this answer

Option A is correct because Global Secondary Indexes (GSIs) allow you to support multiple query patterns without duplicating data or redesigning the base table. In a high-traffic e-commerce application, you might need to query orders by customer ID, by status, or by date; GSIs provide alternative access patterns with their own partition and sort keys, enabling efficient queries without full table scans.

Exam trap

The trap here is that candidates often think a monotonically increasing partition key (like a timestamp) is acceptable for time-series data, but in DynamoDB it creates a hot partition, whereas in other databases it might be fine; Cisco tests your understanding of DynamoDB's partitioning model and the importance of high-cardinality, evenly distributed partition keys.

1223
MCQmedium

A company is using Amazon Aurora MySQL. The database performance has degraded, and the DBA wants to identify the queries that are waiting for locks. Which system table should be queried to find information about locking conflicts?

A.information_schema.TABLES
B.information_schema.PROCESSLIST
C.performance_schema.events_waits_current
D.information_schema.INNODB_LOCKS
AnswerD

INNODB_LOCKS shows current InnoDB locks.

Why this answer

Option C is correct because INNODB_LOCKS shows current locks and InnoDB lock conflicts. Option A is wrong because PERFORMANCE_SCHEMA provides performance data but not specifically locks. Option B is wrong because INFORMATION_SCHEMA.PROCESSLIST shows current processes but not lock details.

Option D is wrong because INFORMATION_SCHEMA.TABLES shows table metadata.

1224
Multi-Selecteasy

Which TWO use cases are best suited for Amazon RDS Multi-AZ deployments? (Choose 2.)

Select 1 answer
A.Offloading read traffic from the primary database
B.Disaster recovery across AWS Regions
C.Improving write performance for a write-intensive workload
D.Scaling read capacity for a read-heavy application
E.Ensuring database availability during an Availability Zone outage
AnswersE

Multi-AZ provides automatic failover to a standby in another AZ.

Why this answer

Option E is correct because Amazon RDS Multi-AZ deployments automatically provision and maintain a synchronous standby replica in a different Availability Zone (AZ). If the primary DB instance fails or the AZ becomes unavailable, Amazon RDS automatically fails over to the standby replica, ensuring database availability with minimal downtime. This is the primary purpose of Multi-AZ: high availability and automatic failover, not performance scaling.

Exam trap

The trap here is that candidates confuse Multi-AZ (synchronous replication for high availability) with Read Replicas (asynchronous replication for read scaling), leading them to incorrectly select options about offloading reads or scaling read capacity.

1225
MCQmedium

A company is running an Amazon RDS for SQL Server Multi-AZ DB instance. During a recent failover test, the application experienced a timeout of 60 seconds. The application uses a connection string that points to the CNAME of the DB instance. Which configuration change would reduce the failover time?

A.Create a read replica and promote it to a standalone instance during failover.
B.Modify the application to use the IP address of the DB instance instead of the CNAME.
C.Enable TDS Keep-Alive on the client side to detect and recover from connection drops faster.
D.Disable Multi-AZ and use a single-AZ instance to avoid failover overhead.
AnswerC

TDS Keep-Alive helps the client detect a broken connection sooner and reconnect to the new primary, reducing perceived downtime.

Why this answer

Option D is correct because enabling TDS Keep-Alive on the client side ensures the connection is monitored and can be re-established quickly after failover. Option A is wrong because the CNAME is the correct endpoint for Multi-AZ, and changing it would not help. Option B is wrong because read replicas are for read scaling, not failover.

Option C is wrong because Multi-AZ already provides automatic failover; disabling it would increase downtime.

1226
MCQeasy

A company needs to ensure that all changes to an Amazon RDS DB instance are logged for auditing purposes. Which AWS service should be enabled?

A.AWS CloudTrail
B.AWS Config
C.Amazon GuardDuty
D.Amazon Inspector
AnswerA

CloudTrail records all RDS API calls for auditing.

Why this answer

AWS CloudTrail is the correct service because it records API activity for Amazon RDS, including calls to create, modify, or delete DB instances, as well as changes to security groups, parameter groups, and automated backups. CloudTrail logs these events to an S3 bucket or CloudWatch Logs, providing a durable audit trail for all management-plane operations on the RDS DB instance. This directly meets the requirement to log all changes for auditing purposes.

Exam trap

The trap here is that candidates often confuse AWS Config (which tracks configuration changes) with CloudTrail (which tracks API calls), but Config only records the state of resources after a change, not the who, what, or when of the API action that caused it.

How to eliminate wrong answers

Option B (AWS Config) is wrong because it evaluates resource configurations against desired policies and tracks configuration changes over time, but it does not log API-level actions or provide an audit trail of who made the change and when; it focuses on compliance and configuration drift, not operational auditing. Option C (Amazon GuardDuty) is wrong because it is a threat detection service that monitors for malicious activity using VPC Flow Logs, DNS logs, and CloudTrail events, but it does not itself log changes to RDS instances; it consumes logs for security analysis. Option D (Amazon Inspector) is wrong because it is a vulnerability assessment service that scans EC2 instances and container images for software vulnerabilities and unintended network exposure; it has no capability to log or audit changes to RDS DB instances.

1227
MCQeasy

A database administrator notices that an Amazon RDS for Oracle instance has a high number of connections, causing performance degradation. Which tool can be used to identify the active sessions and their queries?

A.Amazon Inspector
B.Performance Insights
C.RDS Enhanced Monitoring
D.AWS CloudTrail
AnswerB

Performance Insights shows active sessions and their queries.

Why this answer

Option D is correct because Performance Insights provides a dashboard to monitor active sessions and the queries they are running. Option A is wrong because AWS CloudTrail logs API calls, not database sessions. Option B is wrong because RDS Enhanced Monitoring provides OS metrics, not database session details.

Option C is wrong because Amazon Inspector is a security assessment tool.

1228
Multi-Selecthard

Which TWO techniques can reduce read latency for frequently accessed data in Amazon DynamoDB? (Choose 2.)

Select 2 answers
A.Use strongly consistent reads
B.Increase write capacity units
C.Decrease read capacity units
D.Add Global Secondary Indexes (GSI) for common query patterns
E.Enable DynamoDB Accelerator (DAX)
AnswersD, E

GSIs can provide efficient access to data.

Why this answer

Adding Global Secondary Indexes (GSI) allows you to pre-materialize alternative query patterns, enabling efficient lookups on non-key attributes without scanning the entire table. This reduces read latency for frequently accessed data by providing a pre-sorted and partitioned index that DynamoDB can query directly, avoiding expensive full-table scans.

Exam trap

The trap here is that candidates often confuse strongly consistent reads with performance optimization, not realizing that consistency guarantees come at the cost of higher latency, not lower.

1229
MCQeasy

A company is migrating an on-premises MySQL database to Amazon RDS. The database is used for a critical e-commerce application that requires high availability with automatic failover. Which RDS deployment option should the company choose to meet these requirements?

A.Multi-Region deployment with Read Replicas
B.Single-AZ instance with a standby in the same AZ
C.Multi-AZ deployment with a standby in a different AZ
D.Single-AZ instance with a Read Replica
AnswerC

Multi-AZ provides automatic failover to a standby in a different AZ.

Why this answer

Option C is correct because a Multi-AZ deployment for Amazon RDS MySQL automatically provisions and maintains a synchronous standby replica in a different Availability Zone (AZ). In the event of an AZ failure or primary instance failure, Amazon RDS automatically fails over to the standby, providing high availability with minimal downtime. This meets the requirement for automatic failover without manual intervention.

Exam trap

The trap here is that candidates often confuse Multi-AZ with Read Replicas, assuming that a Read Replica can provide automatic failover, but in RDS MySQL, Read Replicas require manual promotion and do not offer synchronous replication or automatic failover.

How to eliminate wrong answers

Option A is wrong because Multi-Region deployment with Read Replicas is designed for disaster recovery across regions and does not provide automatic failover within a single region; failover would require manual promotion of a read replica. Option B is wrong because a Single-AZ instance with a standby in the same AZ is not supported by RDS; Multi-AZ requires the standby to be in a different AZ to protect against AZ-level failures. Option D is wrong because a Single-AZ instance with a Read Replica provides read scaling and can be manually promoted for disaster recovery, but it does not offer automatic failover or synchronous replication, which are required for high availability.

1230
MCQeasy

A database administrator notices that the /var/log/mysql/error.log file on an Amazon RDS for MySQL DB instance is growing rapidly. The administrator wants to monitor the log file size and receive alerts when it exceeds a certain threshold. Which AWS service should be used to set up this monitoring?

A.AWS CloudTrail
B.Amazon S3
C.Amazon RDS Enhanced Monitoring
D.Amazon CloudWatch Logs
AnswerD

CloudWatch Logs can monitor log file size and trigger alarms.

Why this answer

Option D is correct because CloudWatch Logs can monitor log file sizes and trigger alarms based on metric filters. Option A is wrong because CloudTrail does not monitor log file sizes. Option B is wrong because RDS Enhanced Monitoring provides OS-level metrics, not log file metrics.

Option C is wrong because S3 is a storage service, not a monitoring service.

1231
Multi-Selecthard

A company is running a production Amazon DynamoDB table with on-demand capacity. The table experiences occasional throttling during traffic spikes. The table's partition key is a timestamp, and the workload is write-heavy. The operations team needs to reduce throttling. Which THREE actions should the team take? (Choose three.)

Select 3 answers
A.Add a random suffix to the partition key to distribute writes evenly.
B.Increase the read capacity units for the table.
C.Use DynamoDB Accelerator (DAX) to cache read-heavy queries.
D.Switch to provisioned capacity mode with auto scaling.
E.Enable DynamoDB global tables to distribute write traffic.
AnswersA, C, D

This prevents hot partitions.

Why this answer

Option A is correct because adding a random suffix to the timestamp partition key breaks the sequential write pattern, distributing writes evenly across all partitions. This prevents hot partitions, which are the root cause of throttling in a write-heavy workload with a monotonically increasing partition key.

Exam trap

The trap here is that candidates assume on-demand capacity eliminates all throttling, but they overlook that throttling can still occur at the partition level due to uneven access patterns, which requires application-level key design changes to resolve.

1232
MCQhard

A company is running an Amazon DynamoDB table with on-demand capacity mode. The table experiences occasional throttling during peak hours. The application team wants to understand the read/write patterns to optimize the table design. Which approach should the database specialist take to analyze the throttling events?

A.Enable DynamoDB Accelerator (DAX) to cache reads and reduce throttling.
B.Use AWS CloudTrail to log all DynamoDB API calls and analyze the logs.
C.Switch to provisioned capacity mode with auto scaling to handle the spikes.
D.Enable CloudWatch Contributor Insights for DynamoDB to identify throttled requests.
AnswerD

Contributor Insights analyzes throttled requests and helps identify the top contributors, such as specific partition keys.

Why this answer

CloudWatch Contributor Insights analyzes high-cardinality attributes and provides detailed information about throttling requests, such as which items or partitions are causing throttling.

1233
MCQeasy

A developer accidentally deleted a critical table from an Amazon RDS for MySQL DB instance. Automated backups are enabled with a retention period of 7 days. The deletion occurred 3 hours ago. Which action can restore the table with minimal data loss?

A.Perform a point-in-time restore to a time just before the deletion.
B.Use AWS Database Migration Service to replicate the table from another source.
C.Restore the DB instance from the latest automated snapshot.
D.Use the MySQL binary log to replay transactions up to the deletion.
AnswerA

Point-in-time recovery allows restoring to any second within the retention period.

Why this answer

Option B is correct because point-in-time recovery can restore to a time before the deletion. Option A is incorrect because restoring from the latest snapshot would lose transactions after the snapshot. Option C is incorrect because the table cannot be restored directly; the whole instance must be restored.

Option D is incorrect because DMS is for migration, not recovery.

1234
MCQmedium

A company's Amazon RDS for MySQL instance is experiencing high CPU utilization. The company's application is write-heavy. The database administrator wants to reduce the load on the primary instance. Which solution is MOST effective?

A.Increase the instance size of the RDS instance.
B.Create a read replica and redirect read traffic to it.
C.Enable Multi-AZ deployment to distribute writes.
D.Use Amazon ElastiCache to cache frequent writes.
AnswerD

Caching reduces database writes by serving data from cache.

Why this answer

Option C is correct because creating a read replica offloads read queries, not writes. Option D is correct because Multi-AZ with standby provides high availability but does not offload reads. Option A is incorrect because increasing instance size addresses symptoms temporarily.

Option B is incorrect because adding a read replica does not reduce write load.

1235
Multi-Selectmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all connections to the database be encrypted in transit. Which TWO steps should be taken to enforce this requirement?

Select 2 answers
A.Set the rds.force_ssl parameter to 1 in the DB parameter group.
B.Configure the database to require a client-side SSL/TLS certificate.
C.Enable Oracle native network encryption (NNE) in the sqlnet.ora file.
D.Use AWS Secrets Manager to store database credentials and enable Kerberos authentication.
E.Use AWS Direct Connect or a VPN to connect to the VPC.
AnswersA, B

Option D is correct: Setting rds.force_ssl=1 forces all connections to use SSL/TLS.

Why this answer

Setting the rds.force_ssl parameter to 1 in the DB parameter group forces all connections to the Oracle RDS instance to use SSL/TLS encryption. This is the direct method to enforce encryption in transit for Amazon RDS for Oracle, as it rejects any non-SSL connections at the database level.

Exam trap

The trap here is that candidates may confuse Oracle Native Network Encryption (NNE) with SSL/TLS, but RDS for Oracle does not support NNE; only SSL/TLS is available for encryption in transit.

1236
MCQhard

A company has an Amazon RDS for MySQL Multi-AZ DB instance that stores sensitive financial data. The security team has enabled encryption at rest using a KMS key. They also need to ensure that database audit logs are encrypted and stored in an S3 bucket. The logs must be accessible only by the security team via a VPC endpoint. The log data must be retained for 7 years. Which solution meets these requirements with the LEAST operational overhead?

A.Configure RDS to publish audit logs directly to an S3 bucket with a bucket policy that restricts access to the security team's IAM roles.
B.Install a custom audit plugin on the RDS instance that writes logs to a separate RDS table, then use AWS Lambda to export the table to S3 periodically.
C.Enable MySQL audit logs and publish them to Amazon CloudWatch Logs. Use a CloudWatch Logs subscription filter to stream logs to an S3 bucket encrypted with KMS, with a bucket policy that restricts access via VPC endpoint.
D.Enable RDS audit logs and send them to Amazon Kinesis Data Firehose, which writes to an S3 bucket with encryption and VPC endpoint restrictions.
AnswerC

This uses managed services with minimal custom code.

Why this answer

Option C is correct because enabling MySQL audit logs, pushing them to CloudWatch Logs, and using CloudWatch subscription filter to S3 with bucket policies restricting access via VPC endpoint and encryption with KMS is the least overhead. Option A is wrong because RDS doesn't directly push audit logs to S3. Option B is wrong because RDS for MySQL does not support sending audit logs to Firehose directly.

Option D is wrong because it requires custom Lambda code and operational overhead.

1237
MCQeasy

A company is deploying a new web application on Amazon RDS for MySQL and expects read-heavy traffic. The database must be highly available. Which deployment approach meets these requirements?

A.Deploy a Multi-AZ instance without read replicas.
B.Deploy a Multi-AZ instance and create read replicas.
C.Deploy a Single-AZ instance with a Multi-AZ read replica.
D.Deploy a Single-AZ instance and use ElastiCache for caching.
AnswerB

Multi-AZ for HA, read replicas for read scaling.

Why this answer

Option C is correct because Multi-AZ provides high availability and read replicas offload read traffic. Option A is wrong because it lacks read scaling. Option B is wrong because it lacks high availability.

Option D is wrong because Multi-AZ only provides high availability, not read scaling.

1238
Multi-Selecthard

A company is using Amazon DynamoDB with global tables. The application is experiencing high write latency in one region. Which THREE factors could contribute to this issue? (Choose three.)

Select 3 answers
A.Replication lag from global tables causing write conflicts.
B.Insufficient read capacity units provisioned for the table.
C.High network latency between the application and the DynamoDB endpoint.
D.The table's auto scaling configuration is set to increase write capacity too aggressively.
E.Insufficient write capacity units provisioned for the table.
AnswersA, C, E

Global tables replicate asynchronously, and conflicts can increase latency.

Why this answer

Option A (network latency), Option C (throttling due to insufficient write capacity), and Option D (replication lag) are correct. Option B is wrong because auto scaling doesn't increase latency; it adds capacity. Option E is wrong because read capacity affects reads, not writes.

1239
MCQeasy

A developer accidentally exposed an Amazon RDS snapshot to the public. What is the quickest way to remediate this issue?

A.Delete the snapshot and create a new one from the source DB instance.
B.Copy the snapshot to a new snapshot and delete the original.
C.Share the snapshot with only the required AWS account.
D.Modify the snapshot permissions to set it to private.
AnswerD

This immediately revokes public access.

Why this answer

The quickest remediation is to modify the snapshot and set it to private. Option A is incorrect because deleting the snapshot may cause data loss. Option C is incorrect because copying a public snapshot still results in a public snapshot.

Option D is incorrect because sharing with a specific account does not revoke public access.

1240
MCQhard

A company runs a critical e-commerce application on Amazon RDS for PostgreSQL with a db.r5.2xlarge instance and 500 GB of gp2 storage. The application experiences periodic write spikes during flash sales. During these events, the WriteIOPS metric exceeds the provisioned baseline IOPS of 1,500, and the database becomes unresponsive for several seconds. The DBA has configured a CloudWatch alarm on WriteIOPS, but the alarm triggers after the performance issue occurs. The company needs to ensure that the database can handle these spikes without downtime. The budget allows for moderate cost increases. What should the DBA do?

A.Increase the allocated storage to 1,000 GB to increase baseline IOPS to 3,000.
B.Modify the DB instance to use gp3 storage with provisioned IOPS of 5,000.
C.Enable Performance Insights to identify the problematic queries and tune them.
D.Add a read replica and redirect read traffic to it to reduce write contention.
AnswerB

gp3 provides a baseline of 3,000 IOPS for any storage size and allows provisioning additional IOPS up to 16,000, independent of storage. This handles write spikes cost-effectively.

Why this answer

Option B is correct because gp3 storage provides a baseline of 3,000 IOPS regardless of storage size, and allows provisioning up to 16,000 IOPS independently. By setting provisioned IOPS to 5,000, the database can handle write spikes without exceeding the IOPS limit, preventing unresponsiveness. This solution fits the moderate cost increase budget, as gp3 is typically 20% cheaper than gp2 for equivalent performance.

Exam trap

The trap here is that candidates assume increasing gp2 storage (Option A) is the only way to raise baseline IOPS, overlooking gp3's ability to provision higher IOPS independently without massive storage growth.

How to eliminate wrong answers

Option A is wrong because increasing gp2 storage to 1,000 GB only raises baseline IOPS to 3,000 (3 IOPS per GB), which may still be insufficient for severe write spikes and incurs higher storage costs without addressing burst balance depletion. Option C is wrong because Performance Insights identifies query performance issues but does not resolve IOPS bottlenecks; tuning queries cannot increase the underlying storage IOPS limit. Option D is wrong because read replicas handle read traffic only and do not reduce write IOPS on the primary instance; write spikes still affect the primary database.

1241
Multi-Selecteasy

A company is troubleshooting an Amazon DynamoDB table that is experiencing high latency. The table uses on-demand capacity. Which TWO steps should be taken to diagnose the issue?

Select 2 answers
A.Increase the provisioned read capacity
B.Examine CloudWatch metrics for throttling and latency patterns
C.Consider using DynamoDB Accelerator (DAX) for caching
D.Disable TTL to reduce write overhead
E.Split the table into multiple partitions manually
AnswersB, C

CloudWatch provides key performance metrics.

Why this answer

Option A is correct because CloudWatch metrics can show throttling, latency, and utilization. Option D is correct because DynamoDB Accelerator (DAX) can reduce latency if the issue is high read volume. Option B is wrong because increasing capacity is not needed for on-demand.

Option C is wrong because partitions are managed automatically. Option E is wrong because disabling TTL is unrelated.

1242
MCQmedium

Refer to the exhibit. A database specialist is investigating performance degradation on an Amazon RDS for MySQL DB instance. The BurstBalance metric shows the values above. What does this indicate, and what action should be taken?

A.The instance has exhausted its I/O burst credits; scale up the allocated storage to increase baseline I/O.
B.The instance is experiencing high read load; add a read replica to offload reads.
C.The instance's compute capacity is insufficient; change the instance class to a larger size.
D.The instance is experiencing a memory bottleneck; enable Performance Insights to analyze query performance.
AnswerA

Larger storage volumes have higher baseline I/O and accumulate burst credits faster.

Why this answer

Option B is correct because BurstBalance dropping to 0 indicates that the instance has exhausted its I/O burst credits, causing I/O throttling. Scaling up storage to a larger size increases the baseline I/O performance and burst credit earning rate. Option A is wrong because read replicas do not increase I/O credits.

Option C is wrong because enabling Performance Insights only helps diagnose, not resolve. Option D is wrong because changing the instance class does not affect I/O credits.

1243
MCQeasy

A company is designing a new application that requires a relational database with strong consistency and support for transactions. The application will be accessed by users worldwide, and the database must provide low-latency reads in multiple regions. The company expects the workload to be unpredictable, with periods of very low activity followed by sudden spikes. They want to minimize operational overhead and only pay for the resources they use. Which AWS database solution should they choose?

A.Amazon Redshift with cross-Region snapshots.
B.Amazon Aurora Serverless v2 with Aurora Global Database.
C.Amazon RDS for PostgreSQL with read replicas in multiple regions.
D.Amazon DynamoDB with Global Tables.
AnswerB

Aurora Serverless v2 automatically scales capacity, supports ACID transactions, and Global Database provides low-latency multi-region reads.

Why this answer

Amazon Aurora Serverless v2 is a good choice for unpredictable workloads because it auto-scales capacity based on demand and you pay only for what you use. It also supports Aurora Global Database for low-latency reads in multiple regions. RDS does not have serverless capability.

DynamoDB is serverless but not relational. Redshift is for analytics. So the best is Aurora Serverless v2 with Global Database.

1244
MCQhard

A company has an Amazon RDS for MySQL DB instance with automated backups enabled. The database is 500 GB in size. The company wants to create a new test database from the current state with minimal impact on production. Which approach meets these requirements?

A.Take a snapshot of the DB instance and restore it to a new instance.
B.Create a read replica and promote it to a standalone instance.
C.Use mysqldump to export the database and import into a new instance.
D.Create a manual DB snapshot from the automated backup and restore.
AnswerA

Snapshots are taken asynchronously with minimal performance impact, and restore creates a new instance.

Why this answer

Option B is correct because restoring a snapshot to a new instance creates a copy without affecting the source. Option A is wrong because creating a read replica increases load on the source. Option C is wrong because exporting to S3 and re-importing is more complex and slower.

Option D is wrong because a manual backup before restore adds overhead.

1245
MCQhard

An IAM policy is attached to a user to restrict access to a DynamoDB table. What does this policy allow the user to do?

A.Read and write items only where the partition key equals 'customer_123'
B.Read and write any item in the Orders table
C.Scan the entire Orders table
D.Perform all DynamoDB actions on the Orders table
AnswerA

The condition restricts operations to items with LeadingKeys 'customer_123'.

Why this answer

The IAM policy uses a condition key `dynamodb:LeadingKeys` with a condition operator `ForAllValues:StringEquals` to restrict access to items where the partition key equals 'customer_123'. This allows the user to perform read and write operations only on items matching that specific partition key value, enforcing fine-grained access control at the item level.

Exam trap

The trap here is that candidates often assume a policy restricting access to a specific partition key still allows a full table Scan, but DynamoDB's fine-grained access control with `dynamodb:LeadingKeys` explicitly denies any operation that does not specify the allowed partition key, including Scans.

How to eliminate wrong answers

Option B is wrong because the policy explicitly restricts access to items with partition key 'customer_123', not any item in the table. Option C is wrong because a Scan operation would access all items in the table, which violates the partition key restriction; the policy does not allow scanning the entire table. Option D is wrong because the policy does not allow all DynamoDB actions; it only allows specific actions (like GetItem, PutItem, UpdateItem, DeleteItem, Query) conditioned on the partition key value, and actions like CreateTable or DeleteTable are not permitted.

1246
MCQmedium

Refer to the exhibit. A DBA sees the above error log entries for an Amazon RDS for MySQL DB instance. Which action should the DBA take to resolve the 'Too many connections' error?

A.Modify the DB parameter group to increase max_connections
B.Reboot the DB instance
C.Modify the DB security group to allow more connections
D.Reset the DB instance master user password
AnswerA

Increasing max_connections allows more connections.

Why this answer

Option B is correct because increasing the max_connections parameter allows more concurrent connections. Option A is wrong because rebooting does not increase the connection limit. Option C is wrong because modifying the security group does not affect database connections.

Option D is wrong because the error is not about authentication.

1247
MCQeasy

A security audit reveals that an Amazon RDS for MySQL DB instance is accessible from the internet. The security team requires that the database be accessible only from a specific set of application servers within the same VPC. Which solution should be implemented?

A.Modify the DB instance's security group to allow inbound traffic only from the application servers' security group.
B.Apply a network ACL that denies inbound traffic from 0.0.0.0/0 and allows from the application servers' IP range.
C.Enable encryption at rest on the DB instance to prevent unauthorized access.
D.Move the DB instance to a private subnet and configure a bastion host for access.
AnswerA

Security group references allow traffic from instances with that security group.

Why this answer

Option B is correct because a security group with an inbound rule that references the application servers' security group restricts access to only those instances. Option A is wrong because network ACLs are stateless and block all traffic if not correctly configured, but security groups are more appropriate for instance-level access. Option C is wrong because changing the subnet to private and using a bastion host is unnecessary if the app servers are in the same VPC.

Option D is wrong because enabling encryption does not restrict network access.

1248
MCQeasy

A company needs to audit all SQL queries executed on an Amazon RDS for SQL Server database. Which AWS service should be used?

A.Amazon RDS Database Activity Streams
B.Amazon VPC Flow Logs
C.Amazon CloudWatch Logs
D.AWS CloudTrail
AnswerA

Database Activity Streams capture database activity such as SQL queries in near real-time.

Why this answer

Option C is correct because database activity streams provide a near real-time feed of database activity for auditing. Option A is wrong because CloudTrail logs API calls, not SQL queries. Option B is wrong because CloudWatch Logs can store logs but needs a source; RDS does not natively send SQL logs to CloudWatch.

Option D is wrong because VPC Flow Logs capture network traffic, not SQL queries.

1249
MCQmedium

A database engineer is monitoring an Amazon RDS for PostgreSQL instance and notices that the 'DiskQueueDepth' metric is consistently above 100. The instance uses gp2 storage with 1000 GB allocated. What is the most likely cause of the high disk queue depth?

A.Replication lag between the primary and standby instance
B.The instance has reached the IOPS limit of the gp2 volume
C.Insufficient memory allocated to the instance
D.Network throughput limit is being exceeded
AnswerB

For a 1000 GB gp2 volume, baseline IOPS is 3000; sustained I/O beyond that causes queuing.

Why this answer

Option B is correct because a consistently high DiskQueueDepth (above 100) on an Amazon RDS for PostgreSQL instance with gp2 storage indicates that the volume is saturating its IOPS limit. gp2 volumes provide a baseline of 3 IOPS per GB (up to 16,000 IOPS), so a 1000 GB gp2 volume has a baseline of 3000 IOPS. When the workload exceeds this baseline, the volume relies on burst credits, and once credits are exhausted, IOPS are throttled to the baseline, causing I/O requests to queue up and the DiskQueueDepth metric to rise.

Exam trap

The trap here is that candidates may confuse DiskQueueDepth with memory or network metrics, or assume that any high queue depth automatically indicates a hardware failure, rather than recognizing it as a symptom of IOPS exhaustion on gp2 storage.

How to eliminate wrong answers

Option A is wrong because replication lag between primary and standby instances is measured by the 'ReplicaLag' metric, not DiskQueueDepth, and it does not directly cause high disk queue depth on the primary instance. Option C is wrong because insufficient memory allocated to the instance would manifest as high swap usage or low FreeableMemory, not as a high DiskQueueDepth, which is a storage I/O metric. Option D is wrong because network throughput limits are tracked by metrics like 'NetworkThroughput' or 'NetworkPacketsIn/Out', and exceeding them would cause packet loss or latency, not a buildup of I/O requests at the disk level.

1250
MCQeasy

A database specialist sees the above error in the application logs for an Amazon RDS for MySQL DB instance. The application is a web server running on an EC2 instance. What is the most likely cause?

A.The database user password has expired.
B.A user attempted to execute an invalid SQL query.
C.The database connection timed out due to inactivity or network connectivity issues.
D.The database instance has run out of disk space.
AnswerC

Common cause of 'server has gone away'.

Why this answer

Option A is correct. The error 'MySQL server has gone away' typically occurs when the connection to the database is closed, often due to a timeout or network issue. Option B is wrong because it is a connection error, not a query execution error.

Option C is wrong because disk space issues cause different errors. Option D is wrong because authentication errors are different.

1251
MCQhard

A company runs a multi-tenant SaaS application on Amazon RDS for PostgreSQL. Each tenant has an isolated database. Recently, the application experienced a sudden increase in connection errors and slow query performance. Amazon RDS instance metrics show high CPU utilization and a high number of database connections. The application uses connection pooling with PgBouncer running on an EC2 instance. The team suspects the issue is due to a few noisy tenants opening too many connections. The current architecture uses one RDS instance per tenant. The company wants to optimize for workload-specific database design to handle noisy tenants without affecting other tenants. Which design should be implemented to isolate noisy tenants and reduce costs?

A.Use RDS for PostgreSQL with pg_partman to partition data by tenant and implement connection limits per tenant using PostgreSQL advisory locks.
B.Replace RDS with Amazon Aurora PostgreSQL and use Aurora Auto Scaling to handle connection spikes.
C.Move all tenants to a single RDS instance with separate schemas and use RDS Proxy to manage connections.
D.Create separate RDS instances for large tenants and use a single RDS instance for small tenants, with PgBouncer connection pooling per instance.
AnswerD

This isolates noisy tenants on dedicated instances while consolidating small tenants, balancing isolation and cost.

Why this answer

Option D is correct because it directly addresses the need to isolate noisy tenants by creating separate RDS instances for large (noisy) tenants while consolidating small tenants onto a single instance, each fronted by its own PgBouncer connection pool. This design prevents a single tenant's connection surge from affecting others, optimizes costs by avoiding over-provisioning for all tenants, and aligns with workload-specific database design principles for multi-tenant SaaS on RDS for PostgreSQL.

Exam trap

The trap here is that candidates may assume a single shared database with connection pooling (Option C) or a fully managed scaling solution (Option B) can solve noisy neighbor problems, but the DBS-C01 exam tests the understanding that workload isolation requires separate database instances or dedicated resources, not just connection management or auto-scaling of a shared cluster.

How to eliminate wrong answers

Option A is wrong because pg_partman is for table partitioning, not connection isolation, and advisory locks do not enforce per-tenant connection limits at the database level—they are application-level coordination mechanisms, not a substitute for connection pooling or instance isolation. Option B is wrong because Aurora Auto Scaling scales the entire cluster, not per-tenant, so a noisy tenant would still consume shared resources and cause contention; it also does not inherently isolate tenants or reduce costs compared to the targeted instance-per-tenant-group approach. Option C is wrong because moving all tenants to a single RDS instance with separate schemas and using RDS Proxy still shares CPU, memory, and I/O across all tenants, so a noisy tenant can degrade performance for others; RDS Proxy manages connections but does not provide workload isolation.

1252
MCQmedium

A company is migrating a 50 GB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. The network bandwidth between on-premises and AWS is 50 Mbps. The migration must complete within 24 hours. What is the most efficient way to transfer the initial data?

A.Use AWS Snowball to physically transfer the database backup to AWS, then load into RDS.
B.Use AWS DMS to perform a full load directly over the internet.
C.Set up a VPN connection and use AWS DMS with ongoing replication.
D.Use pg_dump to export the database and upload to S3 via the internet, then restore into RDS.
AnswerA

Snowball can transfer large data quickly regardless of network bandwidth.

Why this answer

Option B is correct because sending a physical device (AWS Snowball) avoids network constraints and is faster for large data over limited bandwidth. Option A is wrong because it would take too long over 50 Mbps (50 GB ~ 2.2 hours under ideal conditions, but actual throughput may be lower and includes overhead). Option C is wrong because S3 is not a direct migration path for databases.

Option D is wrong because VPN does not increase bandwidth.

1253
MCQhard

A company is migrating a 5 TB SQL Server database to Amazon RDS for SQL Server. The migration must be completed within 48 hours with minimal downtime. The network bandwidth between on-premises and AWS is 500 Mbps. What is the MOST efficient migration strategy?

A.Use AWS Snowball to transfer the full database to an RDS instance, then use AWS DMS for ongoing replication
B.Upgrade network bandwidth to 10 Gbps using AWS Direct Connect
C.Use AWS Database Migration Service (AWS DMS) with ongoing replication
D.Use AWS Schema Conversion Tool (AWS SCT) to migrate the schema, then use bulk insert
AnswerA

Snowball transfers data offline, avoiding network bandwidth limitations, then DMS handles ongoing changes.

Why this answer

Given the bandwidth and time constraints, using AWS DMS with ongoing replication is the best approach for minimal downtime. However, the initial load may be slow. Using Snowball to transfer the full database and then using DMS for ongoing replication is more efficient, as it avoids the initial load over the network.

Direct Connect doesn't solve bandwidth limitation. SCT is for schema conversion.

1254
MCQeasy

A company needs to rotate the master user password for an Amazon RDS for MySQL DB instance. What is the recommended way to do this without downtime?

A.Modify the DB instance and set a new password, which will cause a reboot for the change to take effect.
B.Update the DB parameter group with the new password.
C.Use the AWS Management Console, CLI, or API to modify the DB instance with a new master password.
D.Delete the DB instance and launch a new one with the new password.
AnswerC

The password change is applied immediately without requiring a reboot.

Why this answer

Option D is correct because modifying the DB instance and setting a new password in the console triggers a password update without reboot. Option A is wrong because it causes a reboot. Option B is wrong because you can update the password without deleting the instance.

Option C is wrong because updating the DB parameter group does not change the master password.

1255
MCQeasy

A company is deploying a new RDS for MySQL database and needs to ensure that connections are encrypted using TLS. Which parameter should be configured?

A.Set the ssl_ca parameter to the RDS CA certificate.
B.Set the require_secure_transport parameter to ON.
C.Set the tls_version parameter to TLSv1.2.
D.Set the rds.force_ssl parameter to 1 in the DB parameter group.
AnswerD

rds.force_ssl=1 enforces that all connections use SSL/TLS.

Why this answer

Option D is correct because rds.force_ssl=1 enforces TLS connections. Option A is wrong because ssl_ca is a certificate authority, not an enforcement parameter. Option B is wrong because require_secure_transport is for MySQL, not RDS.

Option C is wrong because tls_version sets the TLS version, not enforce encryption.

1256
MCQhard

A company uses Amazon Redshift for data warehousing. The security team requires that all data loaded into the cluster be encrypted at rest using a customer-managed KMS key. The cluster is currently unencrypted. What is the most efficient way to achieve this requirement with minimal data loss?

A.Unload the data from the existing cluster to S3, create a new encrypted cluster using the KMS key, and reload the data from S3.
B.Change the cluster parameter group to enable encryption.
C.Modify the cluster and enable encryption in the Redshift console.
D.Take a snapshot of the cluster, copy the snapshot with encryption, and restore from the encrypted snapshot.
AnswerA

This is the recommended approach to migrate data to an encrypted cluster.

Why this answer

Option B is correct because you cannot enable encryption on an existing Redshift cluster. You must unload data from the existing cluster, create a new encrypted cluster, and reload the data. Option A is wrong because encryption can only be set at cluster creation.

Option C is wrong because modifying the cluster does not enable encryption. Option D is wrong because Redshift does not support enabling encryption via parameter groups.

1257
MCQhard

A company runs a critical application on Amazon RDS for PostgreSQL with Multi-AZ. The database has a large table (over 500 GB) that is frequently updated. The operations team notices that the primary instance's CPU usage is consistently above 90%, and the replica lag between the primary and standby is increasing during peak hours. The application can tolerate a few seconds of downtime. The team needs to reduce CPU load and improve write performance without changing the application code. Which action should be taken?

A.Upgrade the DB instance class to a larger size with more vCPUs.
B.Increase the backup retention period to reduce I/O during backups.
C.Modify the DB instance to use asynchronous replication instead of synchronous.
D.Create a read replica in the same region and offload read queries to it.
AnswerA

More CPU capacity reduces the load on the primary and helps keep up with replication.

Why this answer

Option A is correct because upgrading to a larger instance class provides more CPU capacity, reducing the load and replication lag. Option B is wrong because read replicas are for read scaling, not for reducing write load on the primary. Option C is wrong because reducing replication lag is not achieved by changing backup retention.

Option D is wrong because switching to asynchronous replication is not possible in Multi-AZ and would compromise durability.

1258
MCQmedium

A company is designing a database for an IoT application that ingests millions of small sensor readings per second. The data is append-only and queries are primarily time-based aggregations with low latency requirements (under 10 ms). Which AWS database service is most suitable for this workload?

A.Amazon DynamoDB
B.Amazon ElastiCache
C.Amazon Aurora
D.Amazon Timestream
AnswerD

Timestream is purpose-built for time-series data with fast ingestion and aggregation.

Why this answer

Option C is correct because Amazon Timestream is a time-series database optimized for IoT data with fast ingestion and low-latency aggregations. Option A (Aurora) is relational and not optimized for high-velocity time-series. Option B (DynamoDB) is key-value, not designed for time-series aggregations efficiently.

Option D (ElastiCache) is an in-memory cache, not designed for persistent time-series storage.

1259
Multi-Selecteasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. Which TWO AWS services can assist in assessing the source database for compatibility issues?

Select 2 answers
A.AWS Database Migration Service (DMS)
B.AWS Trusted Advisor
C.Amazon CloudWatch
D.AWS Schema Conversion Tool (SCT)
E.Amazon Inspector
AnswersA, D

DMS can perform a validation to check data type compatibility.

Why this answer

AWS SCT can assess source schema for compatibility with RDS. AWS DMS can assess data types and conversion issues as part of its task validation. Trusted Advisor is for cost optimization, not database compatibility.

CloudWatch is for monitoring. Inspector is for security assessment.

1260
MCQhard

A company uses an Amazon RDS for PostgreSQL database with Multi-AZ deployment. The security team wants to audit all SQL queries executed against the database for compliance purposes. Which solution should be implemented to capture and store the queries?

A.Use AWS CloudTrail to capture SQL queries.
B.Enable Performance Insights and store the data in CloudWatch Logs.
C.Enable RDS event notifications for database queries.
D.Enable PostgreSQL query logging and publish logs to Amazon CloudWatch Logs.
AnswerD

PostgreSQL can log all queries, and those logs can be sent to CloudWatch Logs for storage and analysis.

Why this answer

Option C is correct because RDS for PostgreSQL supports log export to CloudWatch Logs, and enabling query logging captures SQL queries. Option A is wrong because RDS events do not contain SQL query details. Option B is wrong because RDS Performance Insights focuses on performance, not query auditing.

Option D is wrong because CloudTrail captures API calls, not SQL queries.

1261
MCQhard

A company uses Amazon DynamoDB with on-demand capacity mode for a critical application. During a marketing campaign, the application experienced throttled requests despite the on-demand mode. The table has a single partition key. The database specialist notices that the throttling occurs sporadically even though overall traffic is within limits. What is the most likely cause?

A.The table's provisioned capacity is set too low.
B.The table's partition key is causing a hot partition, leading to throttling on that partition.
C.The table's auto scaling is not configured correctly.
D.The application is exceeding the DynamoDB account-level throughput limits.
AnswerB

A single partition key can cause hot partitions; DynamoDB's on-demand mode partitions data, but a single hot key can still throttle.

Why this answer

On-demand mode accommodates traffic spikes, but if a single partition key is used, all traffic goes to one partition. DynamoDB partitions data by partition key; a single hot key can throttle requests even if overall throughput is within limits. Provisioned capacity is not used.

Auto scaling is not relevant. The partition limit is a hard limit.

1262
Multi-Selecteasy

Which TWO AWS services can be used to implement a serverless database architecture for variable workloads?

Select 2 answers
A.Amazon Redshift
B.Amazon Aurora Serverless v2
C.Amazon RDS Proxy
D.Amazon ElastiCache
E.Amazon DynamoDB
AnswersB, E

Aurora Serverless automatically scales capacity.

Why this answer

Amazon Aurora Serverless v2 is correct because it automatically scales database capacity up or down based on application demand, providing a serverless architecture for variable workloads without the need to manage database instances. Amazon DynamoDB is correct because it is a fully managed NoSQL serverless database that automatically scales throughput and storage to handle variable workloads, requiring no server provisioning or management.

Exam trap

The trap here is that candidates often confuse Amazon RDS Proxy (a connection management service) with a serverless database, or assume Amazon Redshift can function as a serverless transactional database, when in fact it is a data warehouse requiring cluster provisioning.

1263
MCQeasy

A startup is building a mobile application that requires a database to store user preferences and session data. The data is accessed by user ID and requires single-digit millisecond latency. The workload is read-heavy with occasional writes. Which database service is MOST cost-effective?

A.Amazon Aurora Serverless
B.Amazon ElastiCache for Memcached
C.Amazon DynamoDB with on-demand capacity
D.Amazon RDS for MySQL with provisioned IOPS
AnswerC

DynamoDB provides single-digit millisecond latency and is cost-effective for variable read-heavy workloads.

Why this answer

Amazon DynamoDB with on-demand capacity is the most cost-effective choice because it provides single-digit millisecond latency for key-value lookups by user ID, scales automatically to handle read-heavy workloads with occasional writes, and charges only for the reads and writes consumed, avoiding the cost of provisioning for peak capacity. The on-demand mode eliminates the need for capacity planning, making it ideal for unpredictable or variable traffic patterns typical of a startup's mobile application.

Exam trap

The trap here is that candidates often choose Amazon ElastiCache for Memcached (Option B) because of its low latency, but they overlook the requirement for a durable database that persists session data, whereas Memcached is a volatile cache with no built-in persistence or replication for data durability.

How to eliminate wrong answers

Option A is wrong because Amazon Aurora Serverless is a relational database designed for transactional workloads with ACID compliance, not optimized for simple key-value lookups with single-digit millisecond latency, and its cold-start latency and higher per-request cost make it less cost-effective for a read-heavy, occasional-write workload. Option B is wrong because Amazon ElastiCache for Memcached is an in-memory cache, not a durable database; it lacks persistence and data durability, making it unsuitable for storing user preferences and session data that must survive restarts. Option D is wrong because Amazon RDS for MySQL with provisioned IOPS incurs fixed costs for provisioned IOPS and instance hours, which is wasteful for a read-heavy workload with occasional writes, and its relational overhead adds unnecessary latency compared to a NoSQL key-value store.

1264
MCQeasy

A developer accidentally deleted an RDS database. Which action will allow the database to be restored with the least data loss?

A.Restore from the latest automated backup using point-in-time recovery.
B.Use the 'Recycle Bin' feature to recover the RDS instance.
C.Restore from the latest manual snapshot.
D.Create a new RDS instance and hope for the best.
AnswerA

Automated backups allow restoration to any point within the retention period, minimizing data loss.

Why this answer

Point-in-time recovery (PITR) allows you to restore an RDS DB instance to any second within the automated backup retention period, typically up to the last five minutes. This minimizes data loss because it replays transaction logs from the latest automated backup to the specified time, recovering changes made right up to the deletion moment. Automated backups are enabled by default with a 7-day retention, making PITR the most granular recovery option.

Exam trap

The trap here is that candidates may assume manual snapshots are the safest recovery method, but they lack the transaction log replay capability of PITR, leading to greater data loss than using automated backups with point-in-time recovery.

How to eliminate wrong answers

Option B is wrong because the Recycle Bin feature is available for Amazon RDS only in certain AWS Regions and for specific instance types, and it retains deleted instances for a limited time (default 1 day) but does not recover transaction logs, so data loss can be greater than PITR. Option C is wrong because manual snapshots capture the database at a specific point in time and do not include transaction logs for replay, so you lose all changes made after the snapshot was taken. Option D is wrong because creating a new RDS instance without restoring from a backup results in a blank database, losing all data entirely.

1265
MCQeasy

A database administrator notices that the CPU utilization on an Amazon RDS for PostgreSQL instance is consistently above 90% during peak hours. Which CloudWatch metric should be checked first to identify the cause of the high CPU usage?

A.DatabaseConnections
B.NetworkThroughput
C.SwapUsage
D.ReadIOPS
AnswerA

High connections can lead to high CPU from session management.

Why this answer

Option A is correct because DatabaseConnections can indicate high concurrent sessions causing CPU spikes. Option B is wrong because ReadIOPS may not directly cause CPU. Option C is wrong because SwapUsage is memory-related.

Option D is wrong because NetworkThroughput is network-related.

1266
MCQeasy

A company has an Amazon Redshift cluster with two dc2.large nodes. The cluster is used for daily ETL jobs and reporting. The operations team receives an alert that the cluster's disk space is 90% full. The ETL jobs are failing with 'disk full' errors. The team needs to resolve the issue quickly with minimal downtime. Which action should be taken?

A.Perform a deep copy to re-sort and reclaim space.
B.Run the VACUUM command to reclaim space from deleted rows.
C.Resize the cluster to a larger node type, such as dc2.large to ds2.xlarge, or add more nodes.
D.Unload old data to Amazon S3 and delete from the cluster.
AnswerC

Resizing increases the total storage capacity, resolving the disk full issue.

Why this answer

Option A is correct because resizing to a larger node type or adding nodes increases storage capacity. Option B is wrong because VACUUM only reclaims space from deleted rows; it may not free enough space. Option C is wrong because deep copy is a workaround to reorganize data but does not increase capacity.

Option D is wrong because unloading data to S3 does not free space on the cluster.

1267
MCQhard

A company wants to migrate an on-premises MySQL database to Amazon RDS for MySQL. The database is 500 GB and experiences heavy write traffic. They need to minimize downtime and ensure no data loss. Which approach should they take?

A.Use AWS DMS with a full load task, then cut over the application to RDS.
B.Set up MySQL replication from the on-premises database to RDS, then promote the RDS instance when ready.
C.Create an RDS read replica of the on-premises database, then promote it to a standalone instance.
D.Use mysqldump to export the database and mysql command to import into RDS during a maintenance window.
AnswerB

Replication captures ongoing changes, minimizing downtime and ensuring data consistency.

Why this answer

Option D is correct because setting up MySQL replication from on-premises to RDS allows near-zero downtime migration. Option A is wrong because a dump and reload requires the source to be read-only. Option B is wrong because AWS DMS with full load only does not capture ongoing changes.

Option C is wrong because creating a read replica from on-premises is not supported; RDS read replicas are only for RDS instances.

1268
MCQmedium

A company's Amazon RDS for PostgreSQL instance is running out of storage. The DB instance has auto-scaling enabled, but the storage did not increase. What is the most likely cause?

A.The DB instance class does not support storage auto-scaling.
B.The DB instance is smaller than the minimum storage size for auto-scaling.
C.The DB instance has exceeded the Maximum Storage Duration setting.
D.The storage usage has not reached the maximum allocated storage.
AnswerD

Auto-scaling only occurs when storage is nearly full.

Why this answer

Option C is correct because auto-scaling only triggers when storage usage reaches the maximum allocated storage and there is at least 10% free space remaining. Option A is wrong because Maximum Storage Duration is the maximum time the instance can run on provisioned storage before scaling. Option B is wrong because there is no minimum storage size for scaling.

Option D is wrong because storage auto-scaling does not require modification to the DB instance class.

1269
MCQmedium

A company is running a production Amazon RDS for MySQL Multi-AZ DB instance. The database experiences intermittent high latency and the CloudWatch 'ReadLatency' metric spikes during periods of heavy read traffic. The application uses a single database endpoint. What is the MOST effective way to reduce read latency without changing the application code?

A.Enable a Multi-AZ deployment with one or more readable standby replicas.
B.Implement database sharding across multiple RDS instances.
C.Enable Multi-AZ on the existing DB instance to provide a standby for failover.
D.Increase the DB instance class to a larger size.
AnswerA

Readable standby replicas in Multi-AZ allow read traffic to be directed to the standby, reducing load on the primary and lowering read latency, without code changes.

Why this answer

Option C is correct because enabling Multi-AZ with a read replica allows read traffic to be offloaded to the standby replica, reducing load on the primary and improving read latency, all without application changes. Option A is wrong because increasing instance size may help but is less cost-effective and doesn't specifically target read-heavy workloads. Option B is wrong because enabling Multi-AZ alone does not provide a separate read endpoint.

Option D is wrong because Amazon RDS does not support sharding natively without application changes.

1270
Multi-Selecteasy

Which TWO database design considerations are critical when migrating a high-traffic e-commerce website from Oracle to Amazon Aurora MySQL? (Choose 2.)

Select 2 answers
A.Enable eventual consistency for read replicas to reduce latency
B.Review and adapt application SQL queries for MySQL compatibility
C.Evaluate the impact of Aurora's storage engine on query performance
D.Use Aurora Multi-Master to distribute write load
E.Compress all tables to reduce storage costs
AnswersB, C

Oracle and MySQL differ in SQL syntax.

Why this answer

Options A and D are correct: Aurora MySQL may have different SQL syntax, requiring code changes, and Aurora's storage engine differs from Oracle's, affecting performance. Option B is wrong because there is no eventual consistency mode in Aurora; it provides strong consistency. Option C is wrong because Aurora does not use read replicas for writes.

Option E is wrong because Aurora does not have native compression; table compression must be considered.

1271
MCQeasy

A company is running a MySQL database on Amazon RDS for a web application. The application experiences read-heavy traffic, and the company wants to improve read performance without changing the application code. Which design should the database specialist recommend?

A.Implement an Amazon ElastiCache Redis cluster in front of the database.
B.Create one or more read replicas of the RDS DB instance.
C.Increase the instance size of the RDS DB instance.
D.Enable DynamoDB Accelerator (DAX) for the RDS instance.
AnswerB

Read replicas offload read traffic from the primary instance, improving read performance without application changes.

Why this answer

Option B is correct because Amazon RDS read replicas allow you to offload read traffic from the primary DB instance without any application code changes. The application simply connects to the read replica endpoint(s) for SELECT queries, while writes continue to the primary instance. This directly addresses the read-heavy workload by distributing read requests across multiple copies of the database.

Exam trap

The trap here is that candidates may confuse read replicas with caching solutions like ElastiCache, but the key constraint is 'without changing the application code' — read replicas require only a connection string change, whereas caching requires code modifications to implement cache logic.

How to eliminate wrong answers

Option A is wrong because while ElastiCache Redis can improve read performance for cached data, it requires application code changes to implement cache-aside or other caching patterns, and it does not serve as a direct database read endpoint for existing queries. Option C is wrong because scaling up the instance size (vertical scaling) improves both read and write performance but does not specifically address read-heavy traffic in a cost-effective manner; it also does not distribute the read load across multiple nodes. Option D is wrong because DynamoDB Accelerator (DAX) is an in-memory cache for Amazon DynamoDB, not for Amazon RDS MySQL; it is incompatible with RDS and cannot be used to accelerate MySQL queries.

1272
MCQmedium

A company is using Amazon DynamoDB with on-demand capacity. The operations team notices that the number of throttled write requests has increased. Which metric should be monitored to determine if the table's write capacity is being exceeded?

A.ThrottledWriteRequests
B.WriteThrottleEvents
C.ProvisionedWriteCapacityUnits
D.ConsumedWriteCapacityUnits
AnswerB

This metric directly shows the number of throttled write requests.

Why this answer

Option D is correct because 'WriteThrottleEvents' directly indicates throttled writes. Option A is wrong because 'ConsumedWriteCapacityUnits' shows actual usage, not throttling. Option B is wrong because 'ProvisionedWriteCapacityUnits' is not applicable for on-demand.

Option C is wrong because 'ThrottledWriteRequests' is not a standard CloudWatch metric name (the correct name is WriteThrottleEvents).

1273
MCQhard

A database administrator runs the above AWS CLI command to troubleshoot replication issues. The DB instance 'mydb' is a read replica of 'my-source-db'. The administrator notices that the replica lag is increasing. Which of the following is the MOST likely cause?

A.The source DB instance is running a different MySQL version.
B.The read replica has Multi-AZ disabled.
C.The read replica is using a smaller instance class than the source.
D.The read replica is in a different AWS Region than the source.
AnswerD

Cross-Region replication introduces network latency, causing lag.

Why this answer

Option D is correct because when a read replica is in a different AWS Region than the source, the replication traffic must traverse the public internet or a VPN connection, introducing network latency and potential bandwidth constraints. This cross-region lag is a common cause of increasing replica lag, as the asynchronous MySQL replication relies on a single I/O thread to download the binary log events from the source, and any network delay directly impacts the replica's ability to keep up.

Exam trap

The trap here is that candidates often assume instance size (Option C) is the primary cause of replica lag, but the question explicitly mentions a cross-Region scenario (implied by the AWS CLI command targeting a different Region), making network latency the most likely culprit over compute capacity.

How to eliminate wrong answers

Option A is wrong because MySQL cross-version replication is supported as long as the source version is lower than or equal to the replica version, and version mismatch typically causes replication to fail entirely rather than just increasing lag. Option B is wrong because Multi-AZ on a read replica affects high availability and failover behavior, not the replication lag between the source and the replica. Option C is wrong because while a smaller instance class can contribute to lag if the replica lacks sufficient CPU or memory to apply changes, the most likely cause given the scenario of a cross-region replica is the network latency inherent in the geographic distance, not the instance size.

1274
MCQhard

Refer to the exhibit. A database administrator runs the AWS CLI command and gets the following output: {"Engine":"mysql","DBInstanceStatus":"available","MultiAZ":true,"SecondaryAvailabilityZone":"us-east-1b"}. What can be concluded about the database deployment?

A.The database is a Single-AZ deployment.
B.The database has a Read Replica in a different Availability Zone.
C.The database is an Amazon Aurora cluster.
D.The database is a Multi-AZ deployment with a standby in a different Availability Zone.
AnswerD

MultiAZ true and SecondaryAZ present.

Why this answer

MultiAZ is true and a SecondaryAvailabilityZone is present, indicating a Multi-AZ deployment. Option C is correct. Option A (Single-AZ) is false because MultiAZ is true.

Option B (Read Replica) is not indicated; Read Replicas have a different field. Option D (Aurora) is not correct because Engine is mysql.

1275
MCQhard

A company has an Amazon RDS for SQL Server Multi-AZ DB instance with a standby replica in a different AWS Region. The database is encrypted with a KMS key. The company needs to implement automated backups that are also encrypted and stored in a cross-region S3 bucket. The backups must be retained for 3 years. Which solution meets these requirements with the LEAST administrative effort?

A.Configure RDS to send automated backups directly to the cross-region S3 bucket using the AWS Backup service.
B.Enable automated backups on the RDS instance, configure cross-Region backup copy to a destination Region, and store the backups in an S3 bucket with S3 Object Lock enabled for retention.
C.Use AWS Database Migration Service (DMS) to continuously replicate the database to an S3 bucket in the target region.
D.Create manual snapshots of the RDS instance, copy them to the cross-region S3 bucket using AWS CLI, and set a lifecycle policy for retention.
AnswerB

RDS supports cross-Region automated backup copy and S3 Object Lock can enforce retention.

Why this answer

Option D is correct because enabling automated backups with cross-region copy to an S3 bucket with S3 Object Lock (which supports retention) is the least effort. Option A is wrong because RDS does not directly back up to S3. Option B is wrong because manual backups require operational overhead.

Option C is wrong because DMS is not designed for this purpose.

Page 16

Page 17 of 24

Page 18