AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 76150

1730 questions total · 24pages · All types, answers revealed

Page 1

Page 2 of 24

Page 3
76
MCQeasy

A company is running a MySQL database on Amazon RDS and needs to store JSON documents that are frequently queried by fields within the JSON. The company wants to reduce development complexity and improve query performance. Which RDS MySQL feature should the database specialist recommend?

A.Migrate the JSON data to Amazon DynamoDB and use DynamoDB's document model
B.Use the JSON data type in MySQL 8.0 and utilize JSON path expressions in queries
C.Store JSON documents in a VARCHAR(MAX) column and use LIKE operations for queries
D.Store JSON documents as BLOBs and parse them in application code
AnswerB

MySQL's JSON data type allows efficient storage and querying using JSON path expressions and indexes.

Why this answer

Option B is correct because MySQL 8.0's native JSON data type stores JSON documents in an optimized binary format, enabling efficient indexing and querying via JSON path expressions (e.g., `JSON_EXTRACT`, `->`, `->>`). This reduces development complexity by allowing direct SQL access to JSON fields without application-level parsing, and improves query performance through generated columns and virtual indexes.

Exam trap

The trap here is that candidates may assume DynamoDB (Option A) is the only way to handle JSON efficiently, overlooking MySQL 8.0's native JSON support which avoids cross-service complexity while providing comparable query capabilities.

How to eliminate wrong answers

Option A is wrong because migrating to DynamoDB introduces a separate NoSQL service, increasing architectural complexity and requiring application changes, whereas the requirement is to stay within RDS MySQL. Option C is wrong because storing JSON in VARCHAR(MAX) and using LIKE operations is inefficient—LIKE cannot leverage indexes for JSON field queries and requires full table scans, degrading performance. Option D is wrong because storing JSON as BLOBs and parsing in application code offloads query logic to the client, increasing development complexity and preventing server-side indexing or optimization of JSON fields.

77
MCQeasy

A company is migrating a 10 GB MySQL database to Amazon RDS for MySQL. They have a 1 Gbps connection to AWS. The migration must be completed in the least amount of time with minimal manual effort. Which tool should be used?

A.AWS Schema Conversion Tool (SCT).
B.AWS Snowball Edge.
C.mysqldump and mysql command-line tools.
D.AWS Database Migration Service (DMS).
AnswerD

DMS automates the migration process and can complete quickly over high bandwidth.

Why this answer

Option A is correct because AWS DMS is a fully managed service that can migrate data efficiently with minimal manual effort. Option B is wrong because mysqldump requires manual steps and downtime. Option C is wrong because SCT is for schema conversion, not data migration.

Option D is wrong because Snowball is overkill for 10 GB.

78
MCQmedium

A company is migrating a 500 GB Oracle database to Amazon RDS for Oracle. They want to minimize downtime and use AWS DMS for ongoing replication. The source database is in a corporate data center behind a firewall. What is the recommended network setup for the DMS replication instance?

A.Deploy the DMS replication instance in a VPC that has a VPN or AWS Direct Connect connection to the corporate data center.
B.Launch the DMS replication instance with a public IP address and allow inbound traffic from the corporate firewall.
C.Create a VPC endpoint for the DMS service and route traffic through it.
D.Install the DMS replication software on a server in the corporate data center to connect directly to the source.
AnswerA

This provides a private network path for DMS to access the source database.

Why this answer

Option B is correct because DMS replication instances are deployed in a VPC, and to connect to an on-premises database, you need a VPN or Direct Connect for a private connection. Option A is wrong because DMS cannot use a public IP for the source; it needs network connectivity. Option C is wrong because DMS replication instances are not deployed in a corporate data center.

Option D is wrong because DMS does not support VPC endpoints for source connectivity; it uses standard IP connectivity.

79
MCQhard

A security auditor notices that the DynamoDB table 'UserData' is encrypted with a KMS key (exhibit). The company policy requires that all DynamoDB tables use an AWS managed key for encryption. What must be done to comply with the policy?

A.Create a new DynamoDB table with SSE enabled using the AWS managed key, then export data from the existing table and import into the new table.
B.Delete the customer managed KMS key and recreate it as an AWS managed key.
C.Modify the table's SSE configuration to use the AWS managed key.
D.Use the UpdateTable API to change the KMS key to the AWS managed key.
AnswerA

Key can only be set at creation.

Why this answer

Option A is correct because you cannot change the encryption key of an existing table; you must create a new table with the AWS managed key and migrate data. Option B is wrong because you cannot change the key on an existing table. Option C is wrong because deleting the key would break access.

Option D is wrong because the table is already encrypted, just not with the required key.

80
MCQhard

A company is deploying a new application that requires low-latency reads from a relational database across multiple AWS Regions. The application is read-heavy and can tolerate eventual consistency. Which deployment option meets these requirements?

A.Deploy Amazon RDS for PostgreSQL with Multi-AZ and read replicas in the same Region.
B.Deploy a single Amazon RDS for MySQL instance with cross-Region read replicas.
C.Deploy Amazon Aurora Global Database with a primary Region and read replicas in secondary Regions.
D.Deploy Amazon DynamoDB Global Tables in multiple Regions.
AnswerC

Aurora Global Database provides low-latency reads in secondary Regions with eventual consistency.

Why this answer

Option D (Aurora Global Database with read replicas in secondary Regions) is correct because it provides low-latency reads and eventual consistency. Option A (Single RDS instance with cross-Region read replicas) is possible but read replicas are asynchronous and may have more lag. Option B (DynamoDB Global Tables) is NoSQL.

Option C (RDS Multi-AZ) is within a single region.

81
Multi-Selecthard

A company is planning to migrate a 2 TB Oracle database to Amazon Aurora PostgreSQL. The database contains large objects (LOBs) and uses stored procedures. Which TWO steps should the company take as part of the migration? (Choose two.)

Select 2 answers
A.Set up AWS DMS ongoing replication to keep the target in sync after migration.
B.Use AWS Schema Conversion Tool (SCT) to convert the Oracle schema and stored procedures to PostgreSQL-compatible format.
C.Configure AWS DMS with full LOB mode to migrate large objects.
D.Use AWS DMS native Oracle to PostgreSQL endpoint to migrate data without schema conversion.
E.Enable RDS Proxy to reduce connection overhead during migration.
AnswersB, C

SCT converts schema and code objects like stored procedures.

Why this answer

Option B is correct because the AWS Schema Conversion Tool (SCT) is specifically designed to convert Oracle schema objects, including stored procedures, to PostgreSQL-compatible format. Since the migration involves stored procedures, SCT is necessary to handle the syntax and logic differences between Oracle PL/SQL and PostgreSQL PL/pgSQL, ensuring the target database schema is ready for migration.

Exam trap

AWS often tests the misconception that DMS can handle schema conversion automatically, but DMS only migrates data; schema conversion requires a separate tool like SCT.

82
Matchingmedium

Match each DynamoDB concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Single attribute used to distribute data across partitions

Attribute that determines order within a partition

Index with a different partition and sort key for alternate query patterns

Index with the same partition key but different sort key

Time-ordered sequence of item-level changes in a table

Why these pairings

Core DynamoDB concepts for data modeling and querying.

83
MCQhard

A company is migrating a 3 TB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. The migration must have minimal downtime. The on-premises network bandwidth to AWS is 1 Gbps. The database supports a critical application that cannot be stopped for more than 30 minutes. The migration team has set up AWS DMS with ongoing replication using CDC. The initial full load is expected to take 8 hours. During the migration, the DMS task fails with an error indicating that the source database's transaction log is being cleaned before DMS can capture changes. The source database has a transaction log retention period of 24 hours. The migration team notices that the CDC phase falls behind during peak hours. What should the team do to complete the migration successfully within the downtime window?

A.Use AWS Snowball to transfer the full database and then use DMS for CDC
B.Increase the network bandwidth using AWS Direct Connect
C.Increase the transaction log retention period on the source database and use a larger DMS replication instance
D.Decrease the transaction log retention period to free up space
AnswerC

Longer log retention prevents cleanup before DMS captures changes; larger instance boosts CDC throughput.

Why this answer

The issue is that DMS cannot keep up with changes during peak hours, causing the transaction logs to be cleaned before DMS reads them. Increasing the source database's transaction log retention period gives DMS more time to catch up. Using a larger DMS replication instance will increase processing capacity.

Option C is the best combination. Option A (Snowball) would take too long. Option B (Direct Connect) doesn't solve the log retention issue.

Option D (decrease retention) makes the problem worse.

84
MCQmedium

A company is running a MongoDB-compatible database on Amazon DocumentDB. The application performs frequent updates to a small subset of fields in documents. The company notices that write latency is high. What should the database specialist recommend to reduce write latency?

A.Review and remove unnecessary indexes on the collection.
B.Increase the instance size of the DocumentDB cluster.
C.Enable multi-master writes to distribute write load.
D.Change the storage type from standard to provisioned IOPS.
AnswerA

Fewer indexes mean less work during writes, reducing latency.

Why this answer

Option A is correct because unnecessary indexes impose a write penalty on every insert, update, and delete operation. In Amazon DocumentDB, each write must update all indexes on the collection, so removing unused indexes reduces the per-document write overhead and directly lowers write latency for frequent updates to a small subset of fields.

Exam trap

The trap here is that candidates often assume scaling up hardware (Option B) or changing storage (Option D) is the default fix for high write latency, but the exam tests understanding that index overhead is the most common cause of write amplification in DocumentDB and MongoDB-compatible databases.

How to eliminate wrong answers

Option B is wrong because increasing instance size primarily improves throughput and reduces resource contention (CPU/memory), but it does not address the fundamental write amplification caused by indexing; the write penalty per document remains the same. Option C is wrong because DocumentDB does not support multi-master writes; it uses a single primary writer with replica readers, and enabling a non-existent feature would not reduce write latency. Option D is wrong because DocumentDB uses a shared storage volume with built-in SSD-backed storage; it does not offer separate provisioned IOPS as a configurable storage type, and changing storage type is not applicable.

85
MCQmedium

Refer to the exhibit. A company has attached this IAM policy to an IAM role used by an application running on Amazon EC2. The application needs to decrypt data in an S3 bucket that is encrypted with the specified KMS key. However, the application is receiving access denied errors. What is the most likely cause?

A.The policy does not include 'kms:Decrypt' for the specific key.
B.The application is decrypting the data by calling KMS directly instead of using S3's server-side decryption.
C.The policy is missing a 'Principal' element.
D.The IAM role does not have a trust policy that allows EC2 to assume it.
AnswerB

The 'kms:ViaService' condition requires that the call be made via S3, not directly to KMS.

Why this answer

The policy condition 'kms:ViaService' restricts KMS operations to only when they are made through S3. However, the condition also includes 'kms:CallerAccount' which is redundant but not harmful. The error likely occurs because the EC2 instance does not have the correct IAM role, or the policy is missing 'kms:Decrypt' for the specific ciphertext.

But the most common mistake is that the application is not using the S3 service to decrypt; if the application reads the encrypted object and then calls KMS directly to decrypt, the 'kms:ViaService' condition will fail because the call is not via S3. Option B addresses this. Option A is wrong because the condition is present.

Option C is wrong because the role is not explicitly denied. Option D is wrong because the policy allows KMS actions.

86
MCQeasy

A database specialist is troubleshooting a slow Amazon RDS for PostgreSQL query. The specialist has enabled Performance Insights and sees that the database load is high. Which additional tool can provide detailed information about the specific queries causing the load?

A.Use VPC Flow Logs to analyze network traffic to the database.
B.Use Amazon CloudWatch Logs to analyze the PostgreSQL error logs.
C.Use Enhanced Monitoring to view OS-level metrics and correlate with performance insights.
D.Use AWS CloudTrail to view database API calls.
AnswerC

Enhanced Monitoring provides OS metrics that help diagnose resource contention.

Why this answer

Option B is correct because Enhanced Monitoring provides OS-level metrics, while Performance Insights provides query-level details. Option A is wrong because CloudWatch Logs is for log files. Option C is wrong because AWS CloudTrail is for API calls.

Option D is wrong because VPC Flow Logs capture network traffic.

87
MCQhard

A company is migrating a 2 TB Oracle database to Amazon RDS for Oracle. The database has a large number of stored procedures, triggers, and functions. The company wants to minimize changes to the application code. Which AWS service should be used to assess and convert the database schema?

A.AWS Schema Conversion Tool (SCT)
B.AWS Database Migration Service (DMS)
C.AWS CloudEndure Migration
D.AWS CodeCommit
AnswerA

SCT assesses and converts schema objects to the target database.

Why this answer

AWS SCT is specifically designed to assess and convert database schemas, including stored procedures, to Amazon RDS. DMS focuses on data migration. CloudEndure is for server migration.

CodeCommit is for code versioning.

88
MCQmedium

A company is designing a database for a global e-commerce platform that requires sub-millisecond read latencies from multiple AWS regions. The data is mostly read, with occasional writes. Which database solution meets these requirements?

A.Amazon ElastiCache for Redis with global datastore.
B.Amazon DynamoDB with Global Tables.
C.Amazon Aurora MySQL with Aurora Global Database.
D.Amazon RDS for MySQL with Multi-AZ and read replicas.
AnswerB

DynamoDB Global Tables provide sub-millisecond latency and multi-region replication.

Why this answer

Amazon DynamoDB with Global Tables is the correct choice because it provides a fully managed, multi-Region, multi-master database that replicates data across AWS Regions with sub-second latency, enabling sub-millisecond read latencies for a globally distributed, mostly-read workload. The occasional writes are handled efficiently by the multi-master design, which automatically resolves conflicts using last-writer-wins semantics, ensuring strong eventual consistency.

Exam trap

The trap here is that candidates often confuse 'global read replicas' (like Aurora Global Database) with a true multi-Region, multi-master database that can provide sub-millisecond reads from any Region, leading them to choose Aurora MySQL despite its replication lag and single-writer limitation.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis with global datastore is an in-memory cache, not a durable database; it does not provide the persistence and durability guarantees required for an e-commerce platform's core data, and its global datastore is designed for cross-Region replication of cached data, not as a primary database for occasional writes. Option C is wrong because Amazon Aurora MySQL with Aurora Global Database is designed for low-latency reads in secondary Regions (typically under 1 second), but it cannot achieve sub-millisecond read latencies from multiple Regions due to the replication lag inherent in its storage-based replication, and it is not a multi-master solution (only one primary Region accepts writes). Option D is wrong because Amazon RDS for MySQL with Multi-AZ and read replicas is limited to a single AWS Region; read replicas in other Regions would introduce latency of hundreds of milliseconds or more, and Multi-AZ only provides high availability within one Region, not global sub-millisecond reads.

89
MCQeasy

A database administrator notices that the free storage space on an Amazon RDS for PostgreSQL DB instance is decreasing rapidly. The instance has automated backups enabled with a retention period of 7 days. Which action should be taken to monitor storage usage and prevent running out of space?

A.Create a lifecycle policy to automatically move old backup files to Amazon S3 Glacier.
B.Set up a CloudWatch alarm on the FreeStorageSpace metric to notify when space is low.
C.Increase the allocated storage for the DB instance immediately.
D.Enable Performance Insights to track storage usage.
AnswerB

CloudWatch alarms provide proactive monitoring and alerting for storage usage.

Why this answer

Option B is correct because CloudWatch metrics provide real-time tracking of FreeStorageSpace. Option A is wrong because increasing storage is reactive, not proactive. Option C is wrong because RDS manages backups separately and does not use S3 for instance storage.

Option D is wrong because Performance Insights is for performance metrics, not storage monitoring.

90
Multi-Selecthard

A company is running a critical Oracle database on Amazon RDS. The DBA wants to set up monitoring to detect if the database is experiencing a high number of full table scans, which may indicate missing indexes. Which TWO metrics should the DBA monitor? (Choose TWO.)

Select 2 answers
A.TableScanRows
B.FullTableScans
C.BufferCacheHitRatio
D.UserCommits
E.RedoLogSpaceUsage
AnswersA, B

Shows the number of rows scanned in full table scans.

Why this answer

Options B and D are correct. FullTableScans (B) directly counts full scan operations. TableScanRows (D) indicates the number of rows read via full scans.

Option A is wrong because BufferCacheHitRatio indicates cache efficiency, not full scans. Option C is wrong because UserCommits shows transaction commits. Option E is wrong because RedoLogSpaceUsage relates to write-ahead logging.

91
MCQhard

An IAM policy is attached to a user. Which of the following actions will be allowed?

A.Delete a DB instance named 'prod-db'.
B.Create a new DB instance named 'prod-db'.
C.Delete a DB instance named 'test-db'.
D.Delete a DB instance named 'dev-db'.
AnswerB

CreateDBInstance is allowed by the Allow statement.

Why this answer

Option D is correct. The policy allows DescribeDBInstances and CreateDBInstance on all resources. The Deny statement only denies DeleteDBInstance on databases with the prefix 'prod-'.

Therefore, creating a new DB instance named 'prod-db' is allowed because the Deny only applies to DeleteDBInstance, not CreateDBInstance. Option A is incorrect because deleting any database with prefix 'prod-' is denied. Option B is incorrect because deleting 'test-db' is allowed (no deny), but the question asks for an action that is allowed.

Option C is incorrect because deleting 'dev-db' is allowed, but again the question expects a specific allowed action. Option D is correct because CreateDBInstance is allowed.

92
MCQeasy

A company runs a MySQL database on Amazon RDS and wants to capture data changes to replicate to a separate reporting database. Which AWS service should be used to capture these changes with minimal impact on the source database?

A.Use Amazon DynamoDB Streams to capture changes from the RDS instance.
B.Enable MySQL native replication from the RDS instance to the reporting database.
C.Use Amazon Kinesis Data Streams with a custom application to poll the binlog.
D.Use AWS Database Migration Service (DMS) with ongoing replication enabled.
AnswerD

DMS can capture changes from RDS MySQL binlog with minimal impact.

Why this answer

Option D is correct because AWS DMS with ongoing replication (change data capture) captures changes from the source RDS MySQL binlog with minimal impact. Option A is wrong because RDS does not support native MySQL replication to external targets easily. Option B is wrong because DynamoDB Streams is for DynamoDB, not RDS.

Option C is wrong because Kinesis Data Streams is not designed to directly capture RDS changes; requires additional configuration.

93
MCQhard

A company uses Amazon DynamoDB with global tables in a multi-Region active-active configuration. The application writes to the table in us-east-1 and reads from us-west-2. Recently, a network partition occurred between the two regions, and after recovery, some data was lost. What is the most likely reason for the data loss?

A.The application used eventually consistent reads, causing stale data to be overwritten.
B.The last-writer-wins conflict resolution used timestamp-based coordination without clock synchronization.
C.The table had a TTL attribute that expired the data before replication completed.
D.The network partition caused the replication to stop, and data was not replicated.
AnswerB

Without synchronized clocks, an older write from one region may have a higher timestamp and overwrite a newer write.

Why this answer

Global tables use last-writer-wins (LWW) conflict resolution based on timestamps. If clocks are not synchronized, an older write from one region can overwrite a newer write. Option A (network partition caused inconsistent replication) is not the direct cause; Option B (LWW with unsynchronized clocks) is correct.

Option C (Consistent Reads) is unrelated; Option D (TTL) is not relevant.

94
MCQhard

A company recently migrated their PostgreSQL database to Amazon Aurora PostgreSQL. They notice that the average query latency has increased, especially for complex read queries. The DB instance size is adequate and CPU utilization is below 50%. What is the MOST likely cause of the increased latency?

A.The Auto Scaling policy for the Aurora cluster is set to scale down too aggressively.
B.The Aurora cluster volume uses a smaller buffer cache than the original RDS instance.
C.The Aurora cluster is using the parallel query feature which adds overhead for complex queries.
D.The application is sending all read queries to the primary instance instead of offloading them to Aurora Replicas.
AnswerD

Without using Aurora Replicas, the primary handles all read traffic, leading to contention and higher latency.

Why this answer

Aurora PostgreSQL uses a shared cluster volume, and by default, writes are sent to the primary instance. Read replicas (Aurora Replicas) can offload read traffic. If the application is not using read replicas for read queries, all queries hit the primary, which may become overloaded even if CPU is low due to other bottlenecks like memory or I/O.

However, the most typical cause for increased read latency after migration to Aurora is the lack of read replicas or incorrect query optimization. Option D (Aurora Replicas not used) is the most likely. Option A (buffer cache) is possible but less likely with adequate memory.

Option B (Auto Scaling) doesn't cause increased latency. Option C (parallel query) is a feature that can improve performance, not degrade it.

95
MCQmedium

A company is migrating a 1 TB Microsoft SQL Server database from on-premises to Amazon RDS for SQL Server. The on-premises database uses TDE for encryption. The company must ensure that the migrated database in RDS also uses TDE. Which solution meets this requirement?

A.Export the on-premises database with TDE certificates and import them into RDS.
B.Take a native backup of the on-premises database with TDE, upload to S3, and restore to RDS.
C.Use AWS SCT to convert the database to Amazon Aurora and enable encryption.
D.Use AWS DMS with ongoing replication to an RDS instance that has TDE enabled.
AnswerD

DMS can migrate data to an RDS instance with TDE enabled, and the data will be encrypted at rest.

Why this answer

RDS for SQL Server supports TDE using transparent data encryption. The DMS replication can preserve encryption if the target is configured correctly. Option A requires manual certificate management not supported in RDS.

Option B uses non-TDE encryption. Option D requires downtime.

96
Multi-Selectmedium

Which TWO of the following are recommended best practices for designing a relational database on Amazon RDS? (Select TWO.)

Select 2 answers
A.Use read replicas to scale read-heavy workloads
B.Use LOB data types to store large text fields
C.Use non-EBS-optimized instances to reduce costs
D.Enable Multi-AZ for high availability
E.Store large binary objects (BLOBs) in the database
AnswersA, D

Read replicas offload read traffic.

Why this answer

Amazon RDS read replicas offload read traffic from the primary DB instance, improving performance for read-heavy workloads by providing additional read-only endpoints. This is a core best practice for scaling read capacity without increasing load on the source instance.

Exam trap

The trap here is that candidates often confuse Multi-AZ (which provides high availability) with read replicas (which provide read scaling), or mistakenly believe that storing BLOBs in the database is acceptable for performance, ignoring the impact on backup and replication overhead.

97
MCQeasy

A company is using Amazon ElastiCache for Redis to cache database query results. The application team reports that cache hit ratio has dropped significantly. What is the first step to investigate?

A.Run the Redis INFO command to see memory usage
B.Review the ElastiCache event logs for node failures
C.Check the CacheHitRate and Evictions metrics in CloudWatch
D.Check the Redis AOF persistence logs
AnswerC

These metrics directly indicate cache effectiveness.

Why this answer

When the cache hit ratio drops significantly, the first step is to investigate whether the cache is evicting keys due to memory pressure or if the working set no longer fits. CloudWatch metrics such as `CacheHitRate` and `Evictions` provide immediate visibility into these conditions without requiring direct Redis access. This aligns with the AWS Well-Architected Framework's principle of observability before making configuration changes.

Exam trap

The trap here is that candidates assume the first step should be a low-level Redis command (INFO) or logs, but AWS best practice emphasizes using CloudWatch metrics for initial investigation because they provide aggregated, historical data without requiring direct access to the cluster.

How to eliminate wrong answers

Option A is wrong because running the Redis INFO command requires direct access to the Redis endpoint and does not provide historical trend data; it only shows a point-in-time snapshot, which is insufficient for diagnosing a drop in cache hit ratio over time. Option B is wrong because ElastiCache event logs record node lifecycle events (e.g., failover, maintenance) but do not capture cache performance metrics like hit ratio or evictions; they are useful for operational incidents, not performance degradation. Option D is wrong because AOF persistence logs are used for durability and data recovery, not for monitoring cache efficiency; checking them would not reveal why the cache hit ratio has dropped.

98
MCQmedium

A company is designing a global application that requires a database with multi-master writes across multiple AWS Regions with sub-second conflict resolution. Which AWS database service should they choose?

A.Amazon ElastiCache for Redis Global Datastore
B.Amazon RDS with Multi-AZ
C.Amazon DynamoDB Global Tables
D.Amazon Aurora Global Database
AnswerC

Multi-master writes across Regions.

Why this answer

Amazon DynamoDB Global Tables provides multi-Region, multi-master replication with eventual consistency and sub-second conflict resolution. Option A (Aurora Global Database) has a single primary. Option C (RDS Multi-AZ) is single-Region.

Option D (ElastiCache) is a cache.

99
MCQhard

A company is using Amazon Aurora MySQL-Compatible Edition. The database has frequent deadlocks, and the application team suspects that the isolation level is causing the issue. The current isolation level is REPEATABLE READ. The team wants to reduce deadlocks while maintaining data consistency. Which isolation level should be recommended?

A.READ UNCOMMITTED
B.READ COMMITTED
C.SNAPSHOT ISOLATION
D.SERIALIZABLE
AnswerB

READ COMMITTED reduces the number of locks held, thereby decreasing the likelihood of deadlocks while still preventing dirty reads.

Why this answer

Option A is correct because READ COMMITTED reduces locking and is less prone to deadlocks compared to REPEATABLE READ, while still providing consistent reads at the statement level. Option B is wrong because READ UNCOMMITTED can cause dirty reads and is not typically used for transactional databases. Option C is wrong because SERIALIZABLE increases locking and can increase deadlocks.

Option D is wrong because SNAPSHOT ISOLATION is not directly supported by MySQL; it is a SQL Server feature.

100
Multi-Selectmedium

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The DBA receives an alert that the standby replica is lagging behind the primary. Which TWO actions should the DBA take to investigate the issue? (Choose TWO.)

Select 2 answers
A.Check the 'Replica Lag' metric for any read replicas.
B.Verify network latency between the primary and standby.
C.Check the 'ReplicaLag' metric in Amazon CloudWatch.
D.Increase the allocated storage to improve IOPS.
E.Change the replication type from asynchronous to synchronous.
AnswersB, C

High network latency can cause replication lag.

Why this answer

Option A and Option C are correct. Option A checks the replication lag metric. Option C checks network latency, which can affect replication.

Option B is wrong because Multi-AZ does not have read replicas. Option D is wrong because storage type does not directly cause lag. Option E is wrong because Multi-AZ uses synchronous replication, not async.

101
MCQeasy

A developer is deploying an application that uses Amazon DynamoDB as its database. The application experiences sudden spikes in traffic. Which DynamoDB feature should the developer use to handle the spikes without manual intervention?

A.DynamoDB Accelerator (DAX)
B.DynamoDB on-demand capacity mode
C.DynamoDB auto scaling
D.DynamoDB global tables
AnswerC

Auto scaling adjusts read/write capacity automatically based on traffic.

Why this answer

DynamoDB auto scaling adjusts capacity based on traffic patterns. Option A is incorrect because on-demand capacity is suitable for unpredictable workloads but may be more expensive. Option C is incorrect because DAX is a caching layer, not a scaling feature.

Option D is incorrect because global tables are for multi-Region replication.

102
Multi-Selecteasy

Which TWO AWS services can be used to monitor the performance of an Amazon DynamoDB table and send alerts when throttling occurs? (Choose two.)

Select 2 answers
A.Amazon Inspector
B.Amazon CloudWatch Alarms
C.VPC Flow Logs
D.AWS Config
E.Amazon CloudWatch
AnswersB, E

CloudWatch Alarms can trigger notifications based on metrics.

Why this answer

Options A and D are correct. Amazon CloudWatch provides metrics and alarms for DynamoDB. AWS CloudTrail logs API calls but does not monitor performance metrics.

Option B is incorrect because AWS Config tracks resource changes, not performance. Option C is incorrect because VPC Flow Logs capture network traffic. Option E is incorrect because Amazon Inspector is a security assessment service.

103
Multi-Selectmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. Which TWO methods can the database specialist use to minimize downtime during the migration?

Select 2 answers
A.Use Oracle Recovery Manager (RMAN) to back up and restore.
B.Use Oracle GoldenGate to replicate data continuously.
C.Use AWS Database Migration Service (DMS) with ongoing replication.
D.Take a full database backup and restore to RDS.
E.Use Oracle Data Pump to export and import the database.
AnswersB, C

GoldenGate provides real-time replication with minimal downtime.

Why this answer

Options B and D are correct. AWS DMS with ongoing replication (B) and Oracle GoldenGate (D) both support near-zero downtime migration. Option A is wrong because exporting/importing causes downtime.

Option C is wrong because RMAN is not directly supported for RDS. Option E is wrong because a backup/restore causes downtime.

104
MCQeasy

A company is migrating a PostgreSQL database to Amazon RDS for PostgreSQL. They want to automate the deployment of the RDS instance using infrastructure as code. Which AWS service should they use?

A.Amazon EC2 Auto Scaling.
B.AWS Management Console.
C.AWS CloudFormation.
D.AWS Command Line Interface (CLI).
AnswerC

CloudFormation enables declarative provisioning of RDS instances.

Why this answer

AWS CloudFormation is the correct service for automating the deployment of an RDS for PostgreSQL instance using infrastructure as code. It allows you to define the entire RDS instance configuration—including DB instance class, storage, backup retention, and security groups—in a declarative JSON or YAML template, which can be version-controlled and reused for consistent, repeatable deployments.

Exam trap

The trap here is that candidates often confuse the AWS CLI (a scripting tool) with infrastructure as code, but the CLI lacks the declarative, state-management, and drift-detection capabilities that define true IaC services like CloudFormation.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling is designed to automatically adjust the number of EC2 instances based on demand, not to provision or manage RDS instances; it cannot create or configure a PostgreSQL database. Option B is wrong because the AWS Management Console is a manual, point-and-click interface that does not support infrastructure as code or automation; it is not suitable for repeatable, version-controlled deployments. Option D is wrong because the AWS Command Line Interface (CLI) is a scripting tool that can automate RDS creation via commands, but it is not an infrastructure-as-code service—it lacks declarative templates, drift detection, and stack management capabilities that CloudFormation provides.

105
MCQhard

A company is migrating a 500 GB database from Amazon RDS for MySQL to Amazon Aurora MySQL. The migration must be completed with minimal downtime and no data loss. The RDS instance is Multi-AZ. Which approach should be used?

A.Use AWS DMS with ongoing replication from RDS to Aurora
B.Take a snapshot of the RDS instance and restore to Aurora
C.Set up native MySQL replication from the RDS Multi-AZ standby to Aurora
D.Create an Aurora MySQL read replica from the RDS MySQL instance, then promote it
AnswerD

Aurora MySQL supports creating a read replica from RDS MySQL, allowing minimal downtime.

Why this answer

Option A is correct because creating an Aurora read replica from the RDS MySQL instance allows for a nearly zero-downtime promotion. Option B is wrong because a snapshot restore is offline. Option C is wrong because DMS would introduce additional complexity and potential data loss.

Option D is wrong because replication from a Multi-AZ standby is not supported.

106
MCQhard

A company is using Amazon DynamoDB with auto scaling for a social media application. The table has a partition key of 'user_id'. The application performs many small writes (update user profile) and reads (fetch user profile). Recently, the application's response time has increased. The DBA checks CloudWatch and sees that 'ConsumedWriteCapacityUnits' is close to 'ProvisionedWriteCapacityUnits', and 'WriteThrottleEvents' is low. However, 'ReadThrottleEvents' is high. The table has 1000 WCU and 1000 RCU provisioned. The auto scaling is configured to add capacity when utilization exceeds 70%. The DBA also notices that 'ReadThrottleEvents' spikes during peak hours. What should the DBA do to reduce read throttling?

A.Decrease the provisioned write capacity to 500 WCU to free up resources.
B.Increase the auto scaling target utilization to 90% to allow more headroom.
C.Change the storage type to General Purpose SSD (gp2) to improve I/O.
D.Increase the provisioned read capacity to 2000 RCU or implement DAX caching.
AnswerD

Increasing RCU reduces throttling; DAX offloads reads.

Why this answer

Option D is correct because increasing RCU or using DAX can reduce read throttling. Option A is wrong because auto scaling target should be 70%, not 90%. Option B is wrong because decreasing WCU doesn't help reads.

Option C is wrong because GP2 is for RDS, not DynamoDB.

107
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. They want to use Oracle GoldenGate for replication. Which AWS service can be used to simplify the setup of GoldenGate on AWS?

A.AWS DMS
B.Amazon RDS for Oracle with GoldenGate enabled
C.AWS CloudFormation
D.AWS Marketplace
AnswerD

Marketplace offers pre-configured GoldenGate AMIs for EC2.

Why this answer

AWS DMS can use Oracle GoldenGate as a source or target when configured, but it's not a managed GoldenGate service. AWS Marketplace offers pre-configured GoldenGate images. EC2 can be used to install GoldenGate manually.

RDS does not support installing GoldenGate directly.

108
MCQeasy

A company needs to store and analyze JSON documents that contain nested fields. The data is used for real-time dashboards and ad-hoc queries. The team wants a fully managed solution that supports both key-value lookups and SQL-like queries. Which AWS service should they use?

A.Amazon DynamoDB
B.Amazon Redshift
C.Amazon RDS for PostgreSQL with JSONB
D.Amazon DocumentDB
AnswerA

DynamoDB supports JSON documents, key-value lookups, and PartiQL for SQL-like queries.

Why this answer

Amazon DynamoDB is correct because it is a fully managed NoSQL key-value and document database that supports single-digit millisecond latency for key-value lookups, and its PartiQL-compatible query language enables SQL-like queries on JSON documents with nested fields. DynamoDB also integrates with AWS services like Lambda and Kinesis for real-time dashboards, and its adaptive capacity handles ad-hoc query patterns without manual scaling.

Exam trap

The trap here is that candidates often choose Amazon DocumentDB because it is a document database, but they overlook DynamoDB's superior key-value lookup performance and PartiQL's SQL-like query capability, which are explicitly required for real-time dashboards and ad-hoc queries in a fully managed serverless environment.

How to eliminate wrong answers

Option B (Amazon Redshift) is wrong because it is a columnar data warehouse optimized for complex analytical queries on structured data, not for real-time key-value lookups or storing JSON documents with nested fields; its JSON support is limited and incurs higher latency for point lookups. Option C (Amazon RDS for PostgreSQL with JSONB) is wrong because while JSONB supports nested JSON and SQL queries, it is not fully managed in the sense of serverless scaling for unpredictable workloads, and it requires manual provisioning and maintenance of database instances, unlike DynamoDB's auto-scaling. Option D (Amazon DocumentDB) is wrong because it is a MongoDB-compatible document database that supports JSON-like documents and SQL-like queries via MongoDB's aggregation framework, but it is not optimized for single-digit millisecond key-value lookups and does not natively support PartiQL or DynamoDB's consistent low-latency access patterns for real-time dashboards.

109
MCQhard

A team is deploying a new Amazon Aurora MySQL database and needs to load 5 TB of data from an existing Amazon RDS for MySQL database with minimal downtime. The data is stored in InnoDB tables. Which approach is MOST efficient?

A.Take a snapshot of the RDS for MySQL instance and restore to Aurora
B.Use AWS DMS with full load and ongoing replication
C.Use mysqldump to export the database and import into Aurora
D.Create an Aurora read replica from the RDS for MySQL instance using binlog replication
AnswerD

This method minimizes downtime by replicating data continuously.

Why this answer

Option D is correct because creating an Aurora read replica from an RDS for MySQL instance using binlog replication allows the Aurora cluster to synchronize with the source database in near real-time. Once the replica lag reaches zero, you can promote the Aurora cluster to become the primary database, achieving minimal downtime. This approach leverages the native MySQL binlog replication, which is efficient for large datasets like 5 TB and avoids the overhead of exporting or snapshotting the entire database.

Exam trap

The trap here is that candidates often assume AWS DMS is the best tool for all migrations, but for homogeneous MySQL-to-Aurora migrations with large datasets and minimal downtime, native binlog replication is more efficient because it avoids the overhead of DMS's change data capture (CDC) and schema conversion layers.

How to eliminate wrong answers

Option A is wrong because taking a snapshot of the RDS for MySQL instance and restoring it to Aurora requires a significant downtime window to ensure data consistency, and the snapshot does not capture ongoing changes, so it cannot achieve minimal downtime. Option B is wrong because AWS DMS with full load and ongoing replication can be used, but it is less efficient for a 5 TB dataset compared to binlog replication due to the overhead of the DMS transformation engine and the need to handle schema conversion; additionally, DMS may introduce additional latency and complexity for a homogeneous MySQL-to-Aurora migration. Option C is wrong because using mysqldump to export and import 5 TB of data would require a prolonged downtime period, as the export locks tables or requires a consistent snapshot, and the import process is slow, making it unsuitable for minimal downtime.

110
MCQmedium

A company is running an RDS for MySQL database and needs to ensure that all connections to the database use SSL encryption. Which configuration step is required?

A.Set 'require_secure_transport' to ON in the DB parameter group.
B.Enable 'Enable SSL' in the RDS console.
C.Set 'rds.force_ssl' to 1 in the DB parameter group.
D.Set 'ssl' to 'require' in the DB parameter group.
AnswerA

This forces all connections to use SSL.

Why this answer

Option A is correct because setting 'require_secure_transport' to ON in the DB parameter group forces all connections to the RDS for MySQL database to use SSL/TLS encryption. This parameter is supported in MySQL 5.7 and later, and when enabled, the server rejects non-encrypted connections, ensuring compliance with security policies.

Exam trap

The trap here is that candidates confuse the MySQL-specific parameter 'require_secure_transport' with the PostgreSQL-specific parameter 'rds.force_ssl', or assume a generic 'Enable SSL' console option exists, leading them to pick incorrect answers.

How to eliminate wrong answers

Option B is wrong because there is no 'Enable SSL' toggle in the RDS console; SSL is always available for RDS MySQL, but enforcement requires a parameter group change. Option C is wrong because 'rds.force_ssl' is not a valid parameter for RDS MySQL; this parameter exists for RDS for PostgreSQL, not MySQL. Option D is wrong because setting 'ssl' to 'require' is not a valid parameter in the MySQL DB parameter group; the correct parameter is 'require_secure_transport'.

111
MCQhard

A company is using Amazon RDS for SQL Server with Multi-AZ deployment. The security team requires that all database activity be monitored for suspicious queries. The database specialist enabled RDS Database Activity Streams and configured AWS Lambda to process the stream. However, the Lambda function fails to process some events when the database fails over to the standby instance. What is the most likely cause?

A.The security group does not allow the Lambda function to connect to the new primary instance.
B.The Lambda function does not re-establish the stream session after a failover event.
C.The parameter group for the standby instance does not have the activity stream enabled.
D.The KMS key used to encrypt the activity stream is not available in the standby instance's Region.
AnswerB

Activity streams require reconnection after failover.

Why this answer

Option D is correct because after failover, the stream session may be interrupted and the application must reconnect. Option A is wrong because the KMS key is used for encryption, not for connectivity. Option B is wrong because the security group applies to the RDS endpoint, which remains the same after failover.

Option C is wrong because the parameter group is applied to both instances.

112
MCQmedium

A company is migrating a 5 TB Oracle database to Amazon Aurora PostgreSQL. The database has a 4-hour maintenance window weekly. Which migration approach minimizes downtime?

A.Use Oracle Data Pump to export and pg_restore to import.
B.Use AWS Database Migration Service (DMS) with change data capture (CDC).
C.Use AWS Schema Conversion Tool (SCT) to convert schema and then copy data.
D.Use AWS DMS full load only and then manually sync.
AnswerB

DMS with CDC provides near-zero downtime.

Why this answer

Option B is correct because AWS DMS supports ongoing replication with minimal downtime. Option A is wrong because native export/import requires downtime. Option C is wrong because it adds unnecessary complexity.

Option D is wrong because SCT is for schema conversion, not data migration.

113
MCQmedium

A company is running a production Amazon Aurora MySQL database. The database performance has degraded over the past week. The DBA suspects an increase in lock waits. Which tool should be used to identify queries experiencing lock waits?

A.Amazon CloudWatch Logs
B.Amazon RDS Enhanced Monitoring
C.Amazon RDS Performance Insights
D.AWS Trusted Advisor
AnswerC

Performance Insights shows wait events like lock waits.

Why this answer

Option B is correct because Performance Insights shows wait events and SQL queries. Option A is wrong because CloudWatch Logs doesn't show lock waits directly. Option C is wrong because Enhanced Monitoring shows OS metrics.

Option D is wrong because AWS Trusted Advisor is for best practices.

114
MCQeasy

A web application uses Amazon DynamoDB as its database. The application frequently queries items using a secondary index. The index's partition key has high cardinality, but the query latency is higher than expected. Which action would MOST likely improve query performance?

A.Use a Scan operation instead of Query to retrieve items from the index.
B.Add additional sort key attributes to the index to better distribute the data.
C.Convert the global secondary index to a local secondary index.
D.Increase the read capacity units (RCU) for the global secondary index.
AnswerD

Insufficient read capacity on the index can cause throttling and higher latency.

Why this answer

DynamoDB secondary indexes have their own provisioned throughput. If the index's read capacity is insufficient, queries will be throttled or have higher latency. Increasing the read capacity for the index directly addresses this.

Option A (adding more sort keys) doesn't apply to queries on a secondary index. Option C (changing to global secondary index) is not needed if it's already a GSI. Option D (switching to scan) is less efficient.

115
MCQhard

A company is running an Oracle database on Amazon RDS. The database has a large table that is frequently accessed by multiple applications. The DBA notices that the table has a high number of index scans but the queries are still slow. Upon investigation, the buffer cache hit ratio is low. Which design change would BEST improve performance?

A.Convert the table to columnar storage using Amazon Redshift
B.Add a read replica to offload queries
C.Migrate the table to Amazon DynamoDB with DAX
D.Increase the instance size to provide more memory
AnswerD

More memory increases buffer cache capacity, reducing disk I/O.

Why this answer

Option B is correct because increasing the instance size provides more memory for the buffer cache, improving cache hit ratio. Option A is wrong because read replicas do not help with buffer cache on the primary. Option C is wrong because converting to columnar is for analytical workloads.

Option D is wrong because switching to DynamoDB would require application changes.

116
MCQmedium

A company is using Amazon RDS for MySQL and wants to restrict access to a specific database so that an application user can only perform SELECT and INSERT operations on tables within that database. The application user already exists. Which SQL statement should be executed?

A.GRANT SELECT ON app_db.* TO 'app_user'@'%';
B.GRANT CREATE, ALTER, SELECT, INSERT ON app_db.* TO 'app_user'@'%';
C.GRANT SELECT, INSERT ON app_db.* TO 'app_user'@'%';
D.GRANT ALL PRIVILEGES ON app_db.* TO 'app_user'@'%';
AnswerC

This grants exactly the required permissions.

Why this answer

Option D is correct because the GRANT statement with specific privileges (SELECT, INSERT) on the database name and wildcard tables (*) will grant the required permissions. Option A is wrong because it grants all privileges, which is too permissive. Option B is wrong because it grants DDL privileges (CREATE, ALTER).

Option C is wrong because it only grants SELECT, not INSERT.

117
MCQmedium

A company is designing a database for an IoT application that collects sensor data every second from millions of devices. The data is time-series and must be stored for 90 days, with occasional queries for recent data. Which AWS database solution is MOST cost-effective and performant?

A.Amazon Timestream
B.Amazon Redshift
C.Amazon DynamoDB with TTL to expire old data
D.Amazon RDS for MySQL with partitioning
AnswerA

Timestream is built for time-series data, cost-effective, and supports automatic retention.

Why this answer

Amazon Timestream is purpose-built for time-series data, offering automatic storage tiering (in-memory for recent data and magnetic for historical data) and serverless scaling, which makes it the most cost-effective and performant choice for ingesting sensor data every second from millions of devices and retaining it for 90 days with occasional queries on recent data.

Exam trap

The trap here is that candidates often choose DynamoDB with TTL because they associate it with high throughput and automatic expiration, but they overlook the lack of native time-series query support and the cost of provisioning for sustained high write capacity.

How to eliminate wrong answers

Option B (Amazon Redshift) is wrong because it is a columnar data warehouse optimized for complex analytical queries on large datasets, not for high-frequency time-series ingestion; its per-hour billing and compute overhead would be prohibitively expensive for this use case. Option C (Amazon DynamoDB with TTL) is wrong because while DynamoDB can handle high write throughput, it is a key-value and document database that lacks native time-series optimizations like automatic downsampling or time-based partitioning, and TTL only deletes expired items without providing efficient time-range queries. Option D (Amazon RDS for MySQL with partitioning) is wrong because a relational database with manual partitioning cannot scale to millions of writes per second without significant cost and operational overhead, and it lacks the serverless, auto-scaling ingestion and storage tiering that Timestream provides.

118
MCQhard

A company is migrating an on-premises Oracle database to AWS. The database is 5 TB and supports a critical OLTP application with high transaction rates. The application requires stored procedures, triggers, and strong consistency. Which AWS database service is most appropriate with minimal application changes?

A.Amazon Aurora PostgreSQL
B.Amazon DynamoDB
C.Amazon RDS for Oracle
D.Amazon Redshift
AnswerC

Fully compatible with Oracle, minimal changes needed.

Why this answer

Amazon RDS for Oracle is the most direct migration path with minimal changes because it is fully compatible with Oracle and supports stored procedures, triggers, and strong consistency. Option A (Aurora PostgreSQL) is wrong because it requires converting Oracle-specific features to PostgreSQL. Option C (DynamoDB) is wrong because it does not support stored procedures or triggers natively (except for DynamoDB Streams and Lambda).

Option D (Redshift) is wrong because it is a data warehouse, not for OLTP.

119
MCQmedium

A developer is trying to connect to an RDS for PostgreSQL instance using the endpoint shown in the exhibit. The connection fails with a timeout. Which of the following is the most likely cause?

A.The endpoint address is incorrect.
B.The DB instance requires SSL encryption to connect.
C.The security group does not allow inbound traffic on port 5432 from the client IP.
D.The DB instance is in a Multi-AZ configuration and requires a different endpoint.
AnswerC

Correct. A timeout often indicates network connectivity issues, such as security group rules blocking the port.

Why this answer

Option B is correct because the port 5432 is the default PostgreSQL port, but the security group may not allow inbound traffic on that port. Option A is wrong because the endpoint is correct. Option C is wrong because Multi-AZ does not affect connectivity.

Option D is wrong because there is no encryption requirement implied.

120
MCQmedium

A company is deploying a new application that requires a relational database with automatic failover and cross-Region disaster recovery. The application is read-heavy and expects up to 10 GB of data. Which combination of AWS services should be used?

A.Amazon RDS for MySQL with Multi-AZ and a read replica in another Region
B.Amazon S3 with AWS Glue and Amazon Athena
C.Amazon Aurora with Multi-AZ and an Aurora global database
D.Amazon DynamoDB with global tables
AnswerC

Aurora global database provides cross-Region replication and fast failover.

Why this answer

Aurora with Multi-AZ and cross-Region replica provides high availability and DR. Option A is incorrect because RDS Multi-AZ does not provide cross-Region DR. Option C is incorrect because S3 and Athena are not relational databases.

Option D is incorrect because DynamoDB global tables are for NoSQL.

121
MCQeasy

A company uses Amazon DynamoDB to store application logs. The logs have a TTL of 7 days. The operations team needs to run ad-hoc analytical queries on logs older than 7 days, which are automatically deleted by TTL. Which solution should the team implement to retain and analyze old logs?

A.Use DynamoDB Streams to export logs to Amazon S3 and query with Amazon Athena.
B.Disable TTL and use a scheduled Lambda function to archive logs to Amazon S3.
C.Increase the TTL to 30 days and query the logs directly in DynamoDB.
D.Use AWS Glue to crawl DynamoDB tables and create a data catalog for Athena queries.
AnswerA

Streams capture data before deletion, and Athena can query S3 data cost-effectively.

Why this answer

Option D is correct because DynamoDB Streams captures old images before TTL deletion, and Lambda can write them to S3 for analysis with Athena. Option A is wrong because DynamoDB cannot be queried by Athena directly. Option B is wrong because disabling TTL would increase costs.

Option C is wrong because exporting to S3 is not automatic via streams.

122
Multi-Selecteasy

Which TWO options are valid methods for migrating an on-premises SQL Server database to Amazon RDS for SQL Server with minimal downtime? (Choose TWO.)

Select 2 answers
A.Use AWS CloudEndure to replicate the entire server.
B.Copy the database files to Amazon S3 and restore to RDS.
C.Use SQL Server Import/Export Wizard.
D.Use AWS DMS with ongoing replication from the source.
E.Use native backup and restore with log shipping to RDS.
AnswersD, E

DMS can perform continuous replication to keep the target in sync.

Why this answer

Options B and D are correct because AWS DMS with ongoing replication and native backup/restore with log shipping can minimize downtime. Option A is wrong because import/export is offline. Option C is wrong because S3 is not used for direct migration.

Option E is wrong because CloudEndure is for servers.

123
MCQhard

A company wants to migrate a 2 TB PostgreSQL database from on-premises to Amazon Aurora PostgreSQL. The database has high write throughput and the migration must have minimal impact on source performance. Which solution is MOST appropriate?

A.Create a read replica of the on-premises database and promote it to Aurora.
B.Use AWS DMS with ongoing replication from the source to Aurora.
C.Use pglogical to set up logical replication from the source to Aurora.
D.Set up native PostgreSQL streaming replication from on-premises to Aurora.
AnswerC

pglogical provides logical replication with minimal overhead on the source.

Why this answer

Option C is correct because using pglogical for logical replication allows near real-time replication with minimal overhead on the source. Option A is wrong because AWS DMS with ongoing replication can add some overhead to the source due to continuous fetching of changes. Option B is wrong because native PostgreSQL streaming replication requires the source to be a primary server and may cause performance impact.

Option D is wrong because using a read replica reduces performance impact but requires a replica already set up.

124
MCQmedium

A company is running an Amazon RDS for SQL Server instance with Multi-AZ deployment. The security team requires that all data at rest be encrypted. The instance was originally launched without encryption. What is the most efficient way to enable encryption at rest for this existing instance?

A.Modify the DB instance and set the encryption attribute to true.
B.Use AWS Database Migration Service (DMS) to migrate the data to a new encrypted RDS instance.
C.Take a snapshot of the DB instance, copy the snapshot with encryption enabled, and restore the encrypted snapshot to a new DB instance.
D.Create a read replica with encryption enabled and promote it to become the primary instance.
AnswerC

This is the standard process to enable encryption on an existing RDS instance.

Why this answer

Option C is correct because you cannot directly enable encryption on an existing unencrypted RDS instance; you must create a snapshot, copy it with encryption, and restore the encrypted snapshot to a new instance. Option A is wrong because modifying the DB instance does not support enabling encryption. Option B is wrong because enabling encryption requires a snapshot copy, not just creating an encrypted read replica.

Option D is wrong because while you could migrate data manually, it is less efficient than snapshot restoration.

125
MCQmedium

Refer to the exhibit. A database administrator runs the AWS CLI command to describe events for an RDS instance. Which conclusion is most likely correct based on the output?

A.The Multi-AZ failover failed and the instance restarted.
B.The DB instance was manually restarted by an administrator.
C.The DB instance experienced a Multi-AZ failover and subsequently restarted.
D.The DB instance was restored from a snapshot and then restarted.
AnswerC

The sequence shows a failover completed, then the instance restarted.

Why this answer

Option C is correct. The output shows a failover event followed by a restart, which is typical after a failover. Option A is incorrect because the events show a failover, not a manual restart.

Option B is incorrect because the failover was completed, not failed. Option D is incorrect because there is no indication of a snapshot restore.

126
MCQhard

A security engineer is troubleshooting an issue where an application using IAM role 'app-role' with a trust policy to assume the 'app-user' user is unable to decrypt an RDS database that uses a customer-managed KMS key. The above key policy is attached to the KMS key. What is the likely cause of the failure?

A.The 'kms:ViaService' condition requires the request to come from RDS, but the application is making KMS API calls directly.
B.The policy has a missing 'Effect': 'Deny' statement that is blocking access.
C.The principal in the policy is 'app-user', but the application uses an IAM role that does not have the necessary permissions.
D.The condition 'kms:ViaService' restricts the key to be used only with RDS, but the application is using a different service.
AnswerC

The policy grants permissions to the user 'app-user', but the application uses a role. The role needs to be added to the key policy.

Why this answer

Option C is correct because the KMS key policy specifies the principal as 'app-user', which is an IAM user. However, the application uses an IAM role 'app-role' to make the decryption requests. Since the principal in the key policy does not include the role or its associated permissions, the KMS key policy denies access to the role, causing the decryption failure.

The trust policy on the role allows the user to assume it, but that does not grant the role any KMS permissions unless explicitly added.

Exam trap

The trap here is that candidates often confuse the trust policy of an IAM role with the permissions granted to the role, assuming that if a user can assume a role, the role inherits the user's KMS permissions, when in fact the role must be explicitly authorized in the key policy or via an IAM policy.

How to eliminate wrong answers

Option A is wrong because the 'kms:ViaService' condition in the key policy allows requests coming via RDS, not that the request must come from RDS; the application making direct KMS API calls would still be allowed if the principal matches, so this is not the cause. Option B is wrong because the policy does not have a missing 'Deny' statement; the issue is that the principal is incorrect, not that a Deny is needed. Option D is wrong because the 'kms:ViaService' condition is set to 'rds.amazonaws.com', which permits RDS to use the key, but the application is not using RDS to make the decryption call; however, the primary failure is the principal mismatch, not the service condition.

127
MCQmedium

Refer to the exhibit. A CloudFormation stack was deployed to create an RDS instance. The application team reports they cannot connect to the database using the endpoint provided. The security group allows inbound traffic on port 3306 from the application's security group. What is the most likely cause?

A.The RDS instance is in a Multi-AZ deployment and the endpoint is for the standby
B.The security group inbound rule is missing the port 3306
C.The database password is not provided in the stack outputs; the team may be using the wrong password
D.The RDS endpoint is incorrect; it should include the port number
AnswerC

The password is not output; they likely need to retrieve it from Secrets Manager.

Why this answer

Option D is correct because the output shows the DBName and MasterUsername, but not the password. The password is usually stored in Secrets Manager or parameter store and not output. Option A: the endpoint appears correct.

Option B: port 3306 is MySQL default, and the security group is allowed. Option C: Multi-AZ does not affect connectivity.

128
MCQhard

A media company is migrating a 5 TB MongoDB database to Amazon DocumentDB. The migration must have minimal downtime. The source MongoDB uses sharding across 10 shards. Which migration strategy is MOST appropriate?

A.Use native MongoDB replication to sync to DocumentDB
B.Use AWS DMS with MongoDB as source and DocumentDB as target, enabling CDC
C.Export data to S3 and use AWS Glue to load into DocumentDB
D.Use mongoexport to export data and mongoimport to import into DocumentDB
AnswerB

DMS supports MongoDB to DocumentDB migration with CDC for minimal downtime.

Why this answer

Option B is correct because DocumentDB supports reading from MongoDB oplog for CDC, enabling minimal downtime. Option A is wrong because mongoexport/import is offline. Option C is wrong because S3 is not suitable for CDC.

Option D is wrong because DMS does not support DocumentDB as a target.

129
MCQeasy

A company wants to migrate a 500 GB SQL Server database to Amazon RDS for SQL Server with the least amount of downtime. The on-premises network has a 1 Gbps connection to AWS. Which approach should be used?

A.Use AWS DMS with ongoing replication from on-premises to RDS
B.Use AWS Snowball to transfer the database backup, then restore to RDS
C.Copy database files to S3 and then use RDS import
D.Use native SQL Server backup to S3, then restore to RDS
AnswerA

DMS with CDC minimizes downtime by synchronizing changes until cutover.

Why this answer

Option B is correct because AWS DMS with ongoing replication allows for minimal downtime by keeping the target in sync until cutover. Option A is wrong because native backup/restore requires downtime during the restore. Option C is wrong because S3 is not a direct migration path.

Option D is wrong because Snowball requires shipping time and is not minimal downtime.

130
MCQeasy

A company is migrating an on-premises DynamoDB table to Amazon DynamoDB in another AWS region. What is the most efficient method to migrate the data?

A.Use DynamoDB global tables to replicate data across regions.
B.Export the table to S3 using AWS Data Pipeline, then import into DynamoDB in the target region.
C.Set up DynamoDB Streams and write a custom consumer to replicate data to the target region.
D.Use AWS DMS to replicate data from on-premises to DynamoDB.
AnswerA

Global tables automatically replicate data across regions, simplifying migration.

Why this answer

Option A is correct because DynamoDB global tables provide multi-region replication with minimal effort. Option B is wrong because AWS DMS does not support DynamoDB as a source. Option C is wrong because S3 export/import is an additional step.

Option D is wrong because setting up replication manually is less efficient than using global tables.

131
MCQmedium

A company is planning to migrate a MongoDB database to Amazon DocumentDB. The database has several sharded collections. Which migration strategy should be used?

A.Set up MongoDB replica set to replicate directly to DocumentDB.
B.Use AWS DMS with MongoDB as source and DocumentDB as target, enabling ongoing replication.
C.Use AWS Schema Conversion Tool (SCT) to convert the schema, then manually migrate data.
D.Export data using mongodump and import using mongorestore.
AnswerB

DMS supports homogeneous migration with minimal downtime.

Why this answer

Option A is correct because AWS DMS supports MongoDB as a source and DocumentDB as a target for continuous migration. Option B is wrong because mongodump/mongorestore does not handle sharding well and requires downtime. Option C is wrong because DocumentDB does not support native replication from MongoDB.

Option D is wrong because DocumentDB does not have a sharding feature like MongoDB.

132
MCQhard

Refer to the exhibit. A database administrator runs the AWS CLI command to check the status of an Amazon RDS MySQL DB instance. Based on the output, what action is required to apply the pending modifications?

A.Reboot the DB instance to apply the pending parameter group changes.
B.Take a snapshot of the DB instance before applying changes.
C.Modify the DB parameter group to change the parameter values.
D.Modify the DB instance to set the backup retention period to 7.
AnswerA

The ParameterApplyStatus shows 'pending-reboot', so a reboot is required to apply the parameter changes.

Why this answer

Option C is correct because the ParameterApplyStatus is 'pending-reboot', indicating that a reboot is required to apply the parameter changes. The backup window change and password update are also pending, but the parameter group changes specifically require a reboot. Option A is incorrect because modifying the backup window does not require a reboot.

Option B is incorrect because modifying the DB parameter group is already done; the status shows pending-reboot. Option D is incorrect because a snapshot is not required to apply changes.

133
MCQhard

An e-commerce company is migrating its PostgreSQL database to Amazon RDS for PostgreSQL. The database has multiple large tables (over 500 GB each) and the migration window is only 2 hours. Which strategy would be MOST effective to meet the time constraint?

A.Use a single DMS task with full LOB mode.
B.Use AWS DMS with parallel load by splitting tables into multiple tasks.
C.Increase the RDS instance size and use pg_dump.
D.Use AWS SCT to optimize schema and then one DMS task.
AnswerB

Parallel load accelerates migration.

Why this answer

AWS DMS parallel load with multiple tasks allows concurrent data transfer, reducing total time. Increasing instance size alone may not be enough if the network is the bottleneck. SCT doesn't speed up data transfer.

Homogeneous migration doesn't require SCT, but parallel load is more effective.

134
MCQhard

Refer to the exhibit. An RDS for PostgreSQL instance shows frequent checkpoints every 10 seconds. What is the most likely cause?

A.Autovacuum is not running, causing bloat.
B.The instance is running out of storage space.
C.There are too many concurrent connections.
D.The 'max_wal_size' parameter is set too low, causing frequent WAL switches.
AnswerD

Low max_wal_size leads to frequent checkpoints.

Why this answer

Option A is correct. Frequent checkpoints often indicate the log file size (max_wal_size) is too small, causing frequent WAL switches. Option B is wrong because full_storage? might cause issues but not specifically checkpoints.

Option C is wrong because high connections may cause load but not checkpoints directly. Option D is wrong because autovacuum runs independently.

135
MCQhard

A company is using Amazon DynamoDB with on-demand capacity mode. The application experiences occasional throttling on a table during peak hours. The table's read and write requests are within the throughput limits, but the provisioned read/write capacity is exceeded. What is the most likely cause of this throttling?

A.The table's previous peak throughput was lower than the current traffic, and DynamoDB is still adapting.
B.The table has a hot partition that is receiving more requests than the partition can handle.
C.The table has exceeded the maximum allowed throughput for on-demand capacity mode.
D.The table's provisioned read/write capacity is set too low.
AnswerA

On-demand capacity mode can throttle if traffic exceeds the table's previous peak by a large margin, as DynamoDB needs time to scale up.

Why this answer

Option B is correct because on-demand capacity mode automatically scales to handle up to the table's previous peak throughput, but it can throttle if there is a sudden spike beyond that peak. Option A is incorrect because on-demand capacity mode does not use provisioned capacity; it scales automatically. Option C is incorrect because partition hot spots can cause throttling even if total throughput is within limits, but the question states that read and write requests are within limits.

Option D is incorrect because on-demand capacity mode does not have a table-wide throughput limit; it scales automatically.

136
MCQhard

A company is migrating a 5 TB Microsoft SQL Server database to Amazon RDS for SQL Server. The migration must have minimal downtime. The source database is hosted on an EC2 instance. Which combination of steps should be taken?

A.Take a native backup of the source, upload to S3, and restore to RDS
B.Use AWS DMS with full load and ongoing replication
C.Create an RDS read replica from the EC2-hosted database
D.Use the SQL Server Import and Export Wizard
AnswerA

Native backup/restore is efficient for large databases and supports minimal downtime.

Why this answer

Option B is correct because taking a native backup of the source database, uploading it to S3, and restoring to RDS is the most efficient method for large databases with minimal downtime. Option A is wrong because AWS DMS with ongoing replication is a viable option but may be slower for initial load. Option C is wrong because creating a read replica from an EC2-hosted database is not supported.

Option D is wrong because using the Import Export wizard is manual and not suitable for large databases.

137
MCQhard

A security team is auditing IAM policies for Amazon RDS. They want to ensure that all RDS snapshots shared with other AWS accounts are encrypted. Which IAM policy condition key should be used to enforce this?

A.rds:Encrypted
B.rds:SnapshotEncrypted
C.rds:StorageEncrypted
D.s3:x-amz-server-side-encryption
AnswerA

This condition key checks whether the snapshot is encrypted.

Why this answer

Option C is correct because rds:Encrypted is a condition key that checks whether a snapshot is encrypted. Option A is wrong because rds:SnapshotEncrypted is not a valid condition key. Option B is wrong because s3:x-amz-server-side-encryption is for S3.

Option D is wrong because rds:StorageEncrypted is for DB instances, not snapshots.

138
MCQmedium

A company is launching a new application that requires an Amazon RDS for PostgreSQL database. The database will store highly sensitive data, and the security team mandates that all data at rest must be encrypted. The company also requires that the encryption keys be managed by the security team using AWS CloudHSM. What is the MOST efficient way to meet these requirements?

A.Enable EBS encryption on the RDS instance's underlying volumes using a KMS key.
B.Enable Transparent Data Encryption (TDE) using a CloudHSM key in the RDS instance.
C.Use AWS KMS with a customer-managed key (CMK) for RDS encryption.
D.Implement client-side encryption in the application before writing data to the database.
AnswerB

RDS for PostgreSQL supports TDE with CloudHSM.

Why this answer

Option C is correct because RDS for PostgreSQL supports TDE with CloudHSM, allowing the security team to manage keys while encrypting data at rest. Option A is wrong because EBS encryption is not supported for RDS instances. Option B is wrong because KMS does not allow customer-managed HSMs.

Option D is wrong because client-side encryption requires application changes and does not protect data at rest in the database.

139
MCQeasy

A DBA is investigating a sudden increase in database connections to an Amazon RDS for SQL Server instance. The application is running on Amazon EC2 instances behind an Application Load Balancer. Which tool can provide real-time information about active connections?

A.AWS Trusted Advisor
B.VPC Flow Logs
C.Amazon RDS Performance Insights
D.AWS CloudTrail
AnswerC

Performance Insights shows database load, including connections.

Why this answer

Option C is correct because RDS Performance Insights shows active session information including connections. Option A is wrong because CloudTrail tracks API calls, not connections. Option B is wrong because VPC Flow Logs track network traffic, not database connections.

Option D is wrong because Trusted Advisor gives best practice checks, not real-time connections.

140
Multi-Selectmedium

Which TWO AWS services can be used to monitor database security events in real time? (Choose 2.)

Select 2 answers
A.AWS WAF
B.Amazon GuardDuty
C.Amazon RDS Performance Insights
D.Amazon CloudWatch Logs
E.AWS CloudTrail
AnswersB, D

GuardDuty can detect threats based on database activity.

Why this answer

Amazon GuardDuty (Option B) is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, including database security events such as suspicious API calls or potential credential compromise. It uses machine learning, anomaly detection, and integrated threat intelligence to analyze AWS CloudTrail logs, VPC Flow Logs, and DNS logs in real time, making it suitable for monitoring database security events.

Exam trap

AWS often tests the distinction between services that provide real-time security monitoring (GuardDuty, CloudWatch Logs with metric filters) versus those that offer historical auditing (CloudTrail) or performance monitoring (Performance Insights), leading candidates to mistakenly select CloudTrail for real-time needs.

141
MCQeasy

A company is migrating an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). The application uses MongoDB's aggregation pipeline with $lookup and $unwind stages. What should the company verify before migration?

A.Check if all aggregation pipeline stages used by the application are supported in DocumentDB.
B.Verify that DocumentDB supports sharding for the collection.
C.Ensure the application uses the latest MongoDB driver.
D.Confirm that the application's secondary indexes can be migrated.
AnswerA

DocumentDB has limitations on some aggregation stages; verifying compatibility is essential.

Why this answer

Option A is correct because Amazon DocumentDB (with MongoDB compatibility) does not support all MongoDB aggregation pipeline stages. Specifically, the `$lookup` and `$unwind` stages are supported, but other stages like `$merge`, `$facet`, `$bucket`, `$bucketAuto`, `$graphLookup`, and `$search` are not. Before migration, the company must verify that every stage used in their application's aggregation pipelines is fully supported in DocumentDB to avoid runtime failures.

Exam trap

The trap here is that candidates assume DocumentDB is fully MongoDB-compatible and overlook the specific limitations in the aggregation pipeline, especially for advanced stages like `$facet` and `$graphLookup`, which are not supported.

How to eliminate wrong answers

Option B is wrong because DocumentDB does not support sharding in the same way as MongoDB; DocumentDB uses a single-writer, multi-reader architecture with automatic scaling, and sharding is not a feature that needs to be verified before migration. Option C is wrong because using the latest MongoDB driver is not a prerequisite for migration; DocumentDB supports MongoDB wire protocol version 3.6 and 4.0, and the driver version must be compatible with those versions, not necessarily the latest. Option D is wrong because secondary indexes are fully supported in DocumentDB and can be migrated automatically; the primary concern is aggregation pipeline compatibility, not index migration.

142
Multi-Selecthard

A company is using Amazon DynamoDB with auto scaling for read and write capacity. During a traffic spike, write requests are being throttled even though the table's write capacity is below the maximum limit. Which TWO actions should the team take to resolve the throttling?

Select 2 answers
A.Enable DynamoDB Streams on the table to offload writes to a Lambda function
B.Create a DynamoDB global table to distribute writes across regions
C.Review the table's partition key design to ensure even distribution of write traffic
D.Decrease the read capacity to free up resources for writes
E.Pre-warm the table by temporarily increasing the write capacity manually before the expected spike
AnswersC, E

Uneven distribution can cause hot partitions and throttling.

Why this answer

Option A is correct because auto scaling may have a lag in provisioning capacity; pre-warming can help. Option C is correct because a hot partition can cause throttling even if overall capacity is not exhausted. Option B is incorrect because write sharding is not a built-in DynamoDB feature.

Option D is incorrect because global tables add complexity and are not a direct fix for throttling. Option E is incorrect because decreasing read capacity does not help writes.

143
MCQmedium

A company is migrating a 2 TB on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used?

A.AWS DMS
B.AWS Snowball Edge
C.AWS S3
D.RDS native PostgreSQL logical replication
AnswerA

DMS supports ongoing replication from on-premises to RDS, minimizing downtime.

Why this answer

Option C is correct because AWS Database Migration Service (DMS) supports ongoing replication from on-premises to RDS with minimal downtime. Option A is wrong because S3 is for storage, not database migration. Option B is wrong because Snowball is for large data transfer, not ongoing replication.

Option D is wrong because RDS does not support native pglogical replication from on-premises easily.

144
MCQmedium

A company runs a reporting application that queries an Amazon RDS for PostgreSQL database. The queries are complex and take a long time to run, causing performance degradation on the primary instance. The team wants to improve query performance without affecting the transactional workload. Which solution should they use?

A.Increase the instance size of the primary database
B.Create one or more read replicas and direct reporting queries to them
C.Migrate to Amazon RDS for MySQL and use Multi-AZ
D.Use Amazon ElastiCache to cache the results of complex queries
AnswerB

Read replicas offload read traffic, isolating reporting queries from transactional workload.

Why this answer

Read replicas offload read queries from the primary. Amazon RDS for PostgreSQL supports read replicas, and the reporting application can be configured to connect to the replica. Option A (increase instance) helps but may not be cost-effective.

Option C (Aurora) is an alternative but not necessary. Option D (ElastiCache) is for caching, not complex queries.

145
MCQhard

A company is migrating a 5 TB Oracle database to Amazon Aurora PostgreSQL. The migration must be completed within a weekend. The on-premises network has a 1 Gbps connection to AWS. What is the MOST efficient migration strategy?

A.Use AWS S3 Transfer Acceleration to upload the database dump to S3 and then load into Aurora
B.Use AWS DMS with direct connect to export the Oracle database directly to Aurora
C.Use AWS DMS with change data capture over the existing network connection
D.Use AWS Snowball Edge to transfer the data and then load into Aurora
AnswerD

Snowball Edge provides fast offline transfer, avoiding bandwidth limitations.

Why this answer

Option B is correct because AWS Snowball Edge can transfer the data offline faster than over a 1 Gbps link (5 TB at 1 Gbps would take ~11 hours, but with overhead and network issues, Snowball is more reliable). Option A is wrong because DMS over 1 Gbps may not complete within a weekend for 5 TB with limited bandwidth. Option C is wrong because S3 Transfer Acceleration does not help with database migration to Aurora directly.

Option D is wrong because Aurora does not support direct export from Oracle.

146
MCQeasy

Refer to the exhibit. A company is migrating from an on-premises MySQL database to Amazon RDS for MySQL. The DBA wants to connect to the RDS instance using the endpoint shown. What additional step is required to allow the DBA's client to connect?

A.Modify the security group to allow inbound traffic on port 3306 from the client IP
B.Create a Route 53 record for the endpoint
C.Create a MySQL user that matches the client's IP
D.Change the RDS instance to be publicly accessible
AnswerA

Security group rules control inbound traffic; port 3306 must be open.

Why this answer

Option C is correct because by default, RDS instances do not allow inbound traffic; a security group must allow traffic on port 3306. Option A is wrong because the endpoint is already public if the instance is public. Option B is wrong because the user already exists.

Option D is wrong because the DNS endpoint is already provided.

147
MCQmedium

A security engineer is designing a solution to encrypt data at rest for an Amazon Redshift cluster. The company requires that the encryption key be rotated automatically every year. Which solution meets these requirements?

A.Use a Lambda function to rotate the encryption key manually every year.
B.Enable encryption for the Redshift cluster using an AWS KMS key with automatic rotation.
C.Use a CloudHSM key to encrypt the Redshift cluster and configure automatic rotation in CloudHSM.
D.Store the Redshift cluster data in an S3 bucket with server-side encryption enabled.
AnswerB

Redshift supports KMS encryption with automatic key rotation.

Why this answer

Option B is correct. Amazon Redshift supports encryption at rest using AWS KMS with automatic key rotation. When you enable encryption for a Redshift cluster, you can choose a KMS key with automatic rotation enabled.

Option A is incorrect because Redshift does not support CloudHSM for encryption at rest; it uses KMS. Option C is incorrect because Redshift does not support S3 server-side encryption for the cluster itself. Option D is incorrect because manual rotation using a Lambda function is not the recommended approach when automatic rotation is available.

148
Multi-Selecteasy

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The security team wants to ensure that database administrators cannot view sensitive data. Which TWO actions should be taken to achieve this goal?

Select 2 answers
A.Use IAM database authentication for application access.
B.Enable audit logging to capture all data access.
C.Store database credentials in AWS Secrets Manager and enforce automatic rotation.
D.Enable encryption at rest using a customer-managed KMS key.
E.Disable query logging to prevent sensitive data from being written to logs.
AnswersA, C

IAM database authentication allows applications to connect without passwords, reducing the need for DBAs to handle credentials.

Why this answer

Option A is correct because IAM database authentication allows you to authenticate to your RDS MySQL instance using an IAM user or role instead of a traditional database password. This eliminates the need for database administrators to know or manage database credentials, as they can only access the database through IAM policies that grant specific, auditable permissions. By using IAM authentication, you enforce a separation of duties where DBAs cannot view sensitive data unless explicitly authorized by IAM policies.

Exam trap

The trap here is that candidates often confuse encryption at rest (which protects data on disk) with access control (which protects data from being queried), leading them to select encryption options when the real requirement is to prevent DBAs from viewing data through database connections.

149
MCQmedium

A company needs to build a reporting dashboard that queries a large dataset stored in Amazon S3. The queries are complex and require full SQL support. Which service should be used?

A.Amazon Redshift Spectrum
B.Amazon RDS
C.Amazon DynamoDB
D.Amazon Athena
AnswerD

Athena allows querying S3 data directly with standard SQL, no loading required.

Why this answer

Amazon Athena is the correct choice because it is a serverless, interactive query service that allows you to analyze data directly in Amazon S3 using standard SQL. It supports complex queries, including joins, window functions, and CTEs, and requires no infrastructure management, making it ideal for ad-hoc reporting on large datasets in S3.

Exam trap

AWS often tests the misconception that Redshift Spectrum is the only way to query S3 with SQL, but Athena is the serverless, cost-effective alternative for ad-hoc queries without a cluster.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift Spectrum is a feature of Amazon Redshift that queries data in S3, but it requires an active Redshift cluster and is not a standalone service; it is overkill for a simple reporting dashboard and incurs cluster costs. Option B is wrong because Amazon RDS is a relational database service for transactional workloads, not designed for querying large datasets stored in S3; it would require loading data into the database, which is inefficient for this use case. Option C is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support full SQL or complex queries like joins and aggregations; it is optimized for low-latency access at scale, not analytical reporting.

150
MCQmedium

A financial services company runs a critical application on Amazon RDS for Oracle. The workload is write-heavy with frequent small transactions. The DBA notices high latency during peak hours. Which design change would best address this?

A.Implement ElastiCache for Redis
B.Enable Multi-AZ deployment
C.Switch to Provisioned IOPS (io1 or io2) volume type
D.Add a read replica
AnswerC

Provides predictable high IOPS for write-heavy workloads.

Why this answer

Option C is correct because the workload is write-heavy with frequent small transactions, and high latency during peak hours indicates that the current storage volume is not meeting the IOPS demands. Provisioned IOPS (io1 or io2) volumes provide consistent, low-latency performance by guaranteeing a specific number of IOPS, which directly addresses the bottleneck caused by insufficient I/O capacity for write-intensive operations.

Exam trap

The trap here is that candidates often confuse high latency with a read performance issue and incorrectly choose a read replica or caching, when the problem is actually a write I/O bottleneck that requires a storage-level solution like Provisioned IOPS.

How to eliminate wrong answers

Option A is wrong because ElastiCache for Redis is an in-memory caching layer that reduces read latency for frequently accessed data, but it does not improve write latency for an RDS database; write operations still go to the database, and caching does not address storage I/O bottlenecks. Option B is wrong because Multi-AZ deployment provides high availability and automatic failover by maintaining a standby replica in a different Availability Zone, but it does not improve write performance or reduce latency during peak hours; in fact, synchronous replication to the standby can add slight latency to writes. Option D is wrong because a read replica offloads read traffic from the primary instance, but the workload is write-heavy, so adding a read replica does nothing to reduce write latency or improve write throughput.

Page 1

Page 2 of 24

Page 3