AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 14261500

1730 questions total · 24pages · All types, answers revealed

Page 19

Page 20 of 24

Page 21
1426
MCQhard

A gaming company uses Amazon DynamoDB with global tables across two regions. They notice increased write latency and throttling during peak hours. The access pattern is mostly writes to a small set of hot partitions. Which design change would best address this?

A.Implement write sharding using a random suffix on the partition key
B.Enable DynamoDB Accelerator (DAX)
C.Switch to DynamoDB on-demand capacity mode
D.Increase write capacity using auto scaling
AnswerA

Write sharding distributes writes evenly across partitions.

Why this answer

The correct answer is A because the issue is hot partitions caused by a small set of partition keys receiving the majority of writes. By implementing write sharding with a random suffix on the partition key, you distribute writes across multiple partitions, reducing throttling and write latency. This directly addresses the root cause of uneven access patterns, unlike the other options that either cache reads, adjust capacity mode, or scale capacity without solving the partition-level bottleneck.

Exam trap

The trap here is that candidates often confuse throughput scaling (options C and D) with partition-level distribution, failing to recognize that hot partitions require a key design change, not just capacity adjustments.

How to eliminate wrong answers

Option B is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that primarily improves read performance, not write latency or throttling on hot partitions. Option C is wrong because switching to on-demand capacity mode handles traffic spikes but does not resolve the underlying hot partition issue; throttling can still occur at the partition level if a single partition exceeds its throughput limit. Option D is wrong because increasing write capacity with auto scaling only raises the table-level throughput, but if writes are concentrated on a few partitions, those partitions will still hit their individual limits and cause throttling.

1427
MCQeasy

A company is using Amazon RDS for MySQL and needs to restrict access to the database to only specific Amazon EC2 instances in the same VPC. Which security mechanism should be used?

A.Configure a DB security group that allows inbound traffic from the EC2 security groups.
B.Create an IAM policy that allows the EC2 instances to connect to the RDS instance.
C.Create a DB subnet group that includes only the subnets where the EC2 instances reside.
D.Modify the network ACL for the DB subnet to allow traffic from the EC2 instances' IP addresses.
AnswerA

RDS security groups can reference source security groups for fine-grained access.

Why this answer

Option A is correct because RDS security groups control inbound traffic at the instance level and can reference EC2 security groups. Option B is wrong because network ACLs are stateless and apply to subnets, not individual instances. Option C is wrong because IAM policies control API access, not network traffic.

Option D is wrong because the DB subnet group defines subnet availability, not access control.

1428
MCQmedium

A data engineer is troubleshooting a slow-running query on an Amazon Redshift cluster. The query involves large table joins and aggregations. Which diagnostic step should be taken FIRST to understand the query execution plan and identify bottlenecks?

A.Monitor the WLM queue metrics for the query.
B.Check the SVV_TABLE_INFO view for table distribution and sort keys.
C.Run the EXPLAIN command on the query to review the execution plan.
D.Query the STL_QUERY system table to review the query text.
AnswerC

EXPLAIN reveals how Redshift will execute the query.

Why this answer

Option B is correct because the EXPLAIN command shows the query execution plan, including join types, distribution styles, and sort keys, which helps identify bottlenecks. Option A is incorrect because STL_QUERY logs completed queries but does not provide the plan. Option C is incorrect because SVV_TABLE_INFO gives table statistics, not the query plan.

Option D is incorrect because WLM metrics show queue performance, not individual query plans.

1429
MCQmedium

A company is using Amazon RDS for PostgreSQL and needs to implement column-level encryption for sensitive data. The application must be able to encrypt and decrypt data transparently. Which approach should be taken?

A.Enable RDS encryption at rest using a KMS key, which will automatically encrypt all columns.
B.Use AWS Lambda to encrypt data before writing to the database and decrypt after reading.
C.Use the AWS KMS Encrypt and Decrypt APIs directly in the application code.
D.Install the pgcrypto extension on the RDS instance and use its functions to encrypt data at the column level.
AnswerD

pgcrypto provides transparent column-level encryption.

Why this answer

Option A is correct because pgcrypto is a PostgreSQL extension that provides column-level encryption functions. Option B is wrong because RDS encryption is at rest, not column-level. Option C is wrong because Lambda would require application changes.

Option D is wrong because KMS is not directly used for column-level encryption in RDS.

1430
MCQmedium

A company is using Amazon DynamoDB with a TTL attribute to automatically delete expired items. The security team is concerned that deleted items might still be recoverable from backups. They need to ensure that once an item is deleted by TTL, it is not included in future on-demand backups. Additionally, they want to ensure that the TTL deletion itself is logged for audit purposes. What should they do?

A.Disable TTL and implement a custom deletion process that logs deletions before removing items.
B.Enable DynamoDB Streams on the table and use a Lambda function to log TTL deletion events to CloudWatch Logs.
C.Use AWS CloudTrail to log the UpdateTimeToLive API call.
D.Enable AWS CloudTrail data events for DynamoDB to capture TTL deletions.
AnswerB

Streams capture TTL deletions as REMOVE events.

Why this answer

Option A is correct. DynamoDB Streams can capture TTL deletions as 'REMOVE' events. By streaming these events to CloudWatch Logs via Lambda, they can audit the deletions.

On-demand backups capture the current state of the table, so TTL-deleted items will not be included if the backup is taken after the deletion. Option B is wrong because CloudTrail does not capture data plane events like TTL deletions. Option C is wrong because point-in-time recovery can restore to any point, including before TTL deletion, but the question is about future backups.

Option D is wrong because TTL deletions are not captured in CloudTrail.

1431
MCQhard

A company has an Amazon RDS for SQL Server DB instance that stores financial data. The security team requires that the data be encrypted at rest using a customer-managed key stored in AWS KMS. Additionally, they want to ensure that the key cannot be deleted without authorization. What should be done?

A.Create a customer-managed KMS key, enable key rotation, and set a deletion protection policy.
B.Enable encryption on the RDS instance and use the default KMS key.
C.Use AWS CloudHSM to generate and store the encryption key, and associate it with the RDS instance.
D.Enable AWS CloudTrail to log key deletion attempts.
AnswerA

KMS supports customer-managed keys with rotation and deletion protection.

Why this answer

Option D is correct because enabling key rotation and deletion protection on the KMS key provides the required controls. Option A is wrong because enabling encryption on RDS does not by itself protect the key from deletion. Option B is wrong because CloudHSM keys are not managed through KMS.

Option C is wrong because CloudTrail only logs actions, it does not prevent deletion.

1432
MCQmedium

A company has a requirement to automatically rotate the password for an Amazon RDS for MySQL DB instance every 90 days. The password is stored in AWS Secrets Manager. Which combination of steps will meet this requirement?

A.Enable IAM database authentication for the RDS instance and rotate the IAM keys every 90 days.
B.Store the password in AWS Systems Manager Parameter Store and configure a scheduled AWS Lambda function to update the parameter and the RDS password.
C.Store the password in Secrets Manager and configure automatic rotation with a Lambda function that updates the RDS password every 90 days.
D.Use an AWS Lambda function to manually update the RDS password and store the new password in Secrets Manager, triggered by a CloudWatch Events rule every 90 days.
AnswerC

Secrets Manager supports automatic rotation for RDS with a custom Lambda rotation function.

Why this answer

Option A is correct. Secrets Manager can automatically rotate secrets for RDS databases using a Lambda rotation function. You can configure the rotation interval to 90 days.

Option B is incorrect because Systems Manager Parameter Store does not have built-in rotation for RDS passwords. Option C is incorrect because manual rotation does not meet the automatic requirement. Option D is incorrect because IAM database authentication does not rotate passwords; it uses IAM credentials.

1433
MCQeasy

A developer needs to securely store database credentials for an application that runs on Amazon EC2 and connects to an Amazon RDS for PostgreSQL database. The credentials must be automatically rotated every 90 days. Which AWS service should the developer use to meet these requirements?

A.AWS Systems Manager Parameter Store
B.AWS CloudHSM
C.AWS Identity and Access Management (IAM) roles
D.AWS Secrets Manager
AnswerD

Supports automatic rotation of database credentials.

Why this answer

Option B is correct because AWS Secrets Manager supports automatic rotation of database credentials. Option A is wrong because SSM Parameter Store can store secrets but does not natively rotate RDS credentials. Option C is wrong because CloudHSM is for hardware security modules, not credential storage.

Option D is wrong because IAM Roles can be used for EC2 to access RDS but do not store credentials; also RDS PostgreSQL does not support IAM authentication by default.

1434
Multi-Selectmedium

A company is migrating a 1 TB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. The migration must have minimal downtime. Which TWO steps should be taken to achieve this?

Select 2 answers
A.Configure AWS DMS with ongoing replication from the source to the target.
B.Use AWS SCT to convert the schema to Amazon Aurora.
C.Use pglogical extension to replicate data from on-premises to RDS.
D.Take a full backup using pg_dump and import it into RDS during a maintenance window.
E.Create an RDS Read Replica of the on-premises database.
AnswersA, C

Ongoing replication keeps data in sync with minimal downtime.

Why this answer

DMS with ongoing replication enables minimal downtime by continuously syncing changes. Using pglogical to replicate changes is another approach. Option B (importing a backup) causes downtime.

Option D (creating a read replica) is not possible from on-premises. Option E (SCT for schema conversion) may be needed but not for minimal downtime.

1435
MCQhard

An application using the above IAM policy is trying to perform a Scan operation on the 'Orders' table. What will happen?

A.The Scan operation will succeed because the Deny is on all resources but the Allow is specific to the table.
B.The Scan operation will succeed because the policy allows other operations on the table.
C.The Scan operation will fail because the policy does not explicitly allow Scan.
D.The Scan operation will fail because the explicit Deny on dynamodb:Scan overrides the Allow.
AnswerD

Explicit Deny always overrides Allow.

Why this answer

Option D is correct because the explicit Deny for dynamodb:Scan overrides any Allow. Option A is wrong because the Deny is explicit and not ambiguous. Option B is wrong because the policy explicitly denies Scan.

Option C is wrong because the policy does not allow Scan; the explicit Deny applies.

1436
MCQhard

A social media application uses Amazon DynamoDB with a table that has a partition key of 'user_id' and a sort key of 'post_timestamp'. The application frequently queries for the 10 most recent posts by a specific user. The query pattern uses a 'begins_with' condition on the sort key with a timestamp prefix. Recently, the query latency has increased significantly for users with many posts. Which design change would improve query performance?

A.Create a local secondary index (LSI) with 'user_id' as partition key and 'post_timestamp' as sort key, and query using reverse order with a limit of 10.
B.Enable DynamoDB Accelerator (DAX) to cache the query results.
C.Create a global secondary index (GSI) with 'post_timestamp' as partition key and 'user_id' as sort key.
D.Change the table's partition key to 'post_id' to distribute data more evenly.
AnswerA

LSI allows efficient query for most recent posts by user without scanning all posts.

Why this answer

Option D is correct because creating a secondary index with 'user_id' as partition key and 'post_timestamp' as sort key, and using a 'Query' with reverse order and limit 10, avoids scanning all posts. Option A is wrong because a global secondary index still requires scanning if not optimized. Option B is wrong because changing partition key to 'post_id' would break the query pattern.

Option C is wrong because DynamoDB Accelerator (DAX) caches results but doesn't reduce the read capacity consumed per query; the query still scans all items for a user.

1437
Multi-Selectmedium

A security team needs to audit all SQL statements executed against an Amazon Aurora MySQL DB cluster. Which combination of actions should be taken to achieve this? (Choose TWO.)

Select 2 answers
A.Enable AWS CloudTrail for the Aurora DB cluster.
B.Enable Enhanced Monitoring for the DB cluster.
C.Enable RDS event subscription for the DB cluster.
D.Set the server_audit_logging parameter to 1 in the DB cluster parameter group.
E.Configure the DB cluster to publish audit logs to Amazon CloudWatch Logs.
AnswersD, E

This enables the audit plugin for Aurora MySQL.

Why this answer

Options B and C are correct. To audit SQL statements in Aurora MySQL, you need to enable advanced audit (database activity streams) or use the Aurora MySQL audit plugin. Enabling the audit plugin is done by setting the server_audit_logging parameter to 1 in the DB cluster parameter group.

Then you can publish the audit logs to Amazon CloudWatch Logs for analysis. Option A is incorrect because RDS event subscription does not capture SQL statements. Option D is incorrect because CloudTrail captures API calls, not database-level SQL.

Option E is incorrect because Enhanced Monitoring captures OS metrics, not SQL.

1438
Multi-Selecteasy

Which TWO of the following are advantages of using Amazon DynamoDB over Amazon RDS for MySQL for a workload that requires high scalability and low maintenance? (Select TWO.)

Select 2 answers
A.Strong consistency by default
B.Support for complex joins and transactions
C.No need to manage database servers or patches
D.Built-in read replicas for scaling reads
E.Automatic scaling of read/write capacity
AnswersC, E

DynamoDB is serverless and fully managed.

Why this answer

DynamoDB automatically scales throughput and storage, and it is fully managed with no server administration. Option C is true for RDS, not DynamoDB. Option D is false because DynamoDB supports both consistency models.

Option E is true for RDS, not DynamoDB.

1439
MCQhard

You are managing an Amazon RDS for PostgreSQL Multi-AZ DB instance that handles a high-traffic e-commerce application. Recently, the database has been experiencing intermittent slowdowns during peak hours. You have enabled Enhanced Monitoring and Performance Insights. After reviewing the Performance Insights dashboard, you notice that the 'db.sql.queries.avg_latency' metric spikes during the slowdowns, and the top SQL queries are all simple SELECT statements on a frequently accessed 'orders' table. The table has over 10 million rows and is indexed on 'order_id', 'customer_id', and 'order_date'. The average query latency for these SELECT statements jumps from 5 ms to over 500 ms during the spikes. You also observe that the 'ReadIOPS' metric on the DB instance is consistently below the provisioned IOPS limit of the gp2 storage. The DB instance type is db.r5.large with 16 GB memory. The 'DatabaseConnections' metric shows that the number of connections is well within the max_connections limit (set to 200). However, the 'CPUCreditBalance' for the underlying EC2 instance, which is a T3 medium, drops to near zero during the spikes. The 'CPUUtilization' metric is below 50%. Which of the following is the MOST likely cause and the appropriate action to resolve the issue?

A.The issue is due to CPU credit exhaustion on the T3 instance. Change the DB instance class from db.t3.medium to a dedicated CPU instance type such as db.r5.large.
B.The issue is due to a memory bottleneck causing queries to spill to disk. Increase the instance memory by moving to a db.r5.xlarge instance.
C.The issue is caused by a connection pool exhaustion. Increase the max_connections parameter and use connection pooling.
D.The issue is caused by a missing index on the 'orders' table. Add a composite index on the columns used in the WHERE clauses.
AnswerA

The T3 instance uses CPU credits; when credits are exhausted, performance is throttled. Changing to a dedicated instance eliminates credit-based performance.

Why this answer

The correct answer is A. The 'CPUCreditBalance' dropping to near zero on a T3 instance indicates CPU credit exhaustion, which throttles the baseline CPU performance and causes query latency spikes. Even though 'CPUUtilization' is below 50%, T3 instances rely on CPU credits for burstable performance; when credits are exhausted, the instance is limited to the baseline (e.g., 10% for t3.medium), causing severe latency increases for simple SELECT statements.

Moving to a dedicated CPU instance like db.r5.large eliminates credit-based throttling and provides consistent performance.

Exam trap

The trap here is that candidates see low CPU utilization and assume no CPU issue, but T3 instances can be throttled even at moderate utilization when credits are exhausted, and the 'CPUCreditBalance' metric is the key indicator.

How to eliminate wrong answers

Option B is wrong because the 'ReadIOPS' metric is below the provisioned gp2 limit, and the queries are simple SELECTs with indexes, so a memory bottleneck causing disk spill is unlikely; increasing memory would not resolve CPU credit exhaustion. Option C is wrong because 'DatabaseConnections' is well within the max_connections limit (200), and connection pool exhaustion would show high connection counts or wait events, not CPU credit depletion. Option D is wrong because the table is already indexed on the relevant columns ('order_id', 'customer_id', 'order_date'), and the issue is CPU credit exhaustion, not missing indexes.

1440
MCQmedium

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The application team reports increased latency during peak hours. Which AWS service should the database specialist use to identify the root cause?

A.Enable Performance Insights for the RDS instance and analyze the database load.
B.Enable AWS Config to track configuration changes to the RDS instance.
C.Use the CloudWatch Metrics Dashboard to analyze database connections.
D.Run an Amazon Inspector assessment on the RDS instance.
AnswerA

Performance Insights provides detailed database performance analysis and helps identify bottlenecks.

Why this answer

Option B is correct because Performance Insights provides database performance metrics and helps identify bottlenecks. Option A is wrong because CloudWatch Metrics Dashboard shows aggregated metrics but does not provide detailed database performance analysis. Option C is wrong because AWS Config is for resource configuration auditing.

Option D is wrong because Amazon Inspector is for security assessments.

1441
MCQeasy

A company is migrating a 100 GB MySQL database to Amazon Aurora MySQL. The migration must have minimal downtime and the source database is currently in use. Which approach should the company take?

A.Create an Aurora Replica from the on-premises MySQL database and promote it.
B.Export the database using mysqldump and import it into Aurora during a maintenance window.
C.Take a physical backup of the MySQL database, upload to S3, and restore to Aurora.
D.Use AWS DMS with ongoing replication from the source MySQL database to Aurora.
AnswerD

DMS supports ongoing replication to keep the target in sync with minimal downtime.

Why this answer

Creating an Aurora Replica from a MySQL dump is not possible; Aurora Replicas can only be created from an existing Aurora instance. Using DMS with ongoing replication allows minimal downtime. mysqldump requires downtime. Backup and restore also requires downtime.

1442
Multi-Selectmedium

A company is using Amazon DynamoDB with provisioned capacity. They notice an increase in throttled write requests. The workload consists of writes to a single partition key. Which TWO actions would help reduce throttling?

Select 2 answers
A.Add a global secondary index with a different partition key.
B.Increase the provisioned write capacity units.
C.Enable DynamoDB auto scaling with adaptive capacity.
D.Use DynamoDB Accelerator (DAX) for write caching.
E.Implement write sharding by adding a suffix to the partition key.
AnswersB, C

More capacity directly reduces throttling.

Why this answer

Options A and C are correct. Using DynamoDB Accelerator (DAX) reduces read load but does not help with writes; option B is irrelevant. Option D is for read scaling.

Option E (using write sharding) distributes writes across partitions. Option C (increasing write capacity) directly addresses throttling. Option A (adaptive capacity) helps but may not fully resolve hot partition; however, it is a valid action.

The question expects A and C as the most direct.

1443
MCQhard

Refer to the exhibit. A DBA is monitoring a DMS migration task from on-premises Oracle to Amazon RDS for Oracle. The full load completed successfully with 50 tables. However, the DBA notices that the CDC phase has not started. What is the most likely reason?

A.The task was not configured with CDC enabled
B.The full load encountered errors on some tables
C.The source Oracle database is not generating redo logs
D.The replication task was stopped after the full load completed
AnswerD

The StopDate is set, indicating the task stopped before CDC could begin.

Why this answer

Option B is correct because if the task is stopped after full load, CDC will not start. The stop date is 1 hour after start, indicating the task stopped. Option A is wrong because tables loaded shows 50, not errored.

Option C is wrong because DMS does not require manual CDC enable. Option D is wrong because the task might be stopped, not pending.

1444
Multi-Selectmedium

A database specialist is troubleshooting an Amazon RDS for PostgreSQL instance that has high replication lag between the primary and a read replica. Which TWO metrics should the specialist review to identify the cause? (Select TWO.)

Select 2 answers
A.WriteIOPS on the primary
B.ReadIOPS on the replica
C.DatabaseConnections on the primary
D.ReplicaLag
E.NetworkThroughput between primary and replica
AnswersB, D

High read activity on the replica can cause lag.

Why this answer

Option A is correct because 'ReplicaLag' directly measures the lag. Option B is correct because 'ReadIOPS' can indicate heavy read activity on the replica that may cause lag. Option C is wrong because 'WriteIOPS' on the primary does not directly indicate replica lag.

Option D is wrong because 'DatabaseConnections' is about connections, not replication. Option E is wrong because 'NetworkThroughput' is not a direct indicator of replication lag.

1445
Multi-Selectmedium

A company is designing a database for an e-commerce platform that needs to store product catalog data. The data is highly relational with many-to-many relationships between products, categories, and suppliers. The platform requires ACID transactions and complex joins. Which TWO AWS database solutions are suitable for this workload? (Choose TWO.)

Select 2 answers
A.Amazon Aurora MySQL
B.Amazon RDS for PostgreSQL
C.Amazon ElastiCache for Redis
D.Amazon Neptune
E.Amazon DynamoDB
AnswersA, B

Aurora is a relational database with ACID support and complex join capabilities.

Why this answer

Amazon Aurora MySQL is a fully ACID-compliant relational database that supports complex joins and many-to-many relationships through foreign keys and junction tables. It is optimized for high-throughput e-commerce workloads with features like auto-scaling storage and up to 15 low-latency read replicas, making it suitable for product catalog data that requires transactional consistency.

Exam trap

The trap here is that candidates often choose DynamoDB for its scalability, overlooking that it cannot handle complex joins and many-to-many relational structures, or they select Neptune thinking it is suitable for any connected data, but it lacks SQL-based ACID transactions and relational integrity needed for product catalogs.

1446
MCQhard

Refer to the exhibit. A DBA is troubleshooting an issue where an IAM user cannot view CloudWatch metrics for an RDS DB instance. The IAM policy attached to the user is shown above. What is the MOST likely reason the user cannot view the metrics?

A.The policy does not include cloudwatch:DescribeAlarms
B.The policy does not include rds:DescribeDBInstances
C.The policy uses a Resource element of '*' which is not allowed for CloudWatch
D.The policy does not include cloudwatch:GetMetricStatistics
AnswerA

The CloudWatch console often requires DescribeAlarms to view metrics.

Why this answer

Option D is correct because the policy is missing the 'rds:DescribeDBInstances' action for the specific DB instance resource, but the issue is about CloudWatch metrics. However, the policy includes 'cloudwatch:GetMetricStatistics' and 'cloudwatch:ListMetrics' with Resource '*', which should allow viewing metrics. But the user cannot view metrics, so the problem might be that the user lacks permission to describe the DB instance to get its identifier.

Actually, the question is tricky: the policy allows describing DB instances, so the issue is likely that the user does not have permission to write to CloudWatch Logs? No. The exhibit shows an IAM policy that allows rds:DescribeDBInstances and cloudwatch:GetMetricStatistics and ListMetrics. The user should be able to view metrics.

However, the DBA cannot view metrics; the most likely reason is that the policy does not include permission to view CloudWatch alarms or dashboards. But the question says "cannot view CloudWatch metrics", so the policy includes GetMetricStatistics. Option A is wrong because the policy includes that action.

Option B is wrong because the resource is '*', so it's not restricted. Option C is wrong because the policy includes rds:DescribeDBInstances. Option D is correct because the user might need additional permissions like cloudwatch:DescribeAlarms or cloudwatch:GetMetricWidgetImage? Actually, the policy seems sufficient for viewing metrics via the console or API.

But a common issue is that the console requires additional permissions like cloudwatch:DescribeAlarms for the Metrics page to load. So D is plausible.

1447
MCQmedium

A security engineer creates the IAM policy shown in the exhibit and attaches it to an IAM user. What is the effect of this policy?

A.The user can delete any database except 'prod-db'.
B.The user can describe all databases except 'prod-db'.
C.The user can modify 'prod-db' but cannot delete it.
D.The user can modify any database except 'prod-db'.
AnswerC

Modify allowed, delete explicitly denied.

Why this answer

Option D is correct because the policy allows DescribeDBInstances and ModifyDBInstance on all resources, but explicitly denies DeleteDBInstance on the specific database 'prod-db'. Since an explicit deny overrides any allow, the user cannot delete that database. However, the user can modify all databases including 'prod-db'.

Option A is wrong because the deny is only for DeleteDBInstance. Option B is wrong because the user can modify all databases. Option C is wrong because the user can describe all databases.

1448
MCQeasy

A company has an RDS for SQL Server DB instance that stores sensitive data. The database administrator needs to ensure that all connections to the database use SSL/TLS encryption. What should the administrator do?

A.Configure the security group to only allow traffic from specific IP addresses.
B.Set the 'rds.force_ssl' parameter to 1 in the DB parameter group.
C.Enable AWS CloudTrail to monitor connections.
D.Delete the DB instance and create a new one with encryption enabled.
AnswerB

This forces all connections to use SSL.

Why this answer

Option C is correct because the 'rds.force_ssl' parameter forces all connections to use SSL. Option A is wrong because CloudTrail logs API calls, not connections. Option B is wrong because the security group controls network access, not encryption.

Option D is wrong because deleting the DB instance is drastic.

1449
Multi-Selectmedium

A company is designing a security strategy for an Amazon RDS for MySQL instance that stores Personally Identifiable Information (PII). Which TWO measures should be implemented to protect the data at rest?

Select 2 answers
A.Enable automatic backups with encryption.
B.Enable Amazon GuardDuty to monitor for suspicious activity.
C.Enable deletion protection on the DB instance.
D.Enable encryption at rest using AWS KMS.
E.Enable encryption in transit using SSL/TLS.
AnswersA, D

Backups should also be encrypted to protect data at rest.

Why this answer

Options A and D are correct. Option A: Enabling encryption at rest using KMS encrypts the underlying storage. Option D: Enabling automatic backups ensures that backup data is also encrypted.

Option B is wrong because encryption in transit is about data in motion, not at rest. Option C is wrong because Amazon GuardDuty is a threat detection service, not for data at rest protection. Option E is wrong because enabling deletion protection prevents accidental deletion but does not protect data at rest.

1450
MCQeasy

A company uses Amazon DynamoDB with provisioned capacity. The application team reports occasional ProvisionedThroughputExceededException errors. The database administrator notices that the errors occur during periods of high traffic. What is the most cost-effective way to handle these errors without over-provisioning capacity?

A.Increase the provisioned read and write capacity to the peak traffic level.
B.Use DynamoDB Accelerator (DAX) to cache frequently accessed items.
C.Implement exponential backoff and retry logic in the application.
D.Switch to on-demand capacity mode.
AnswerC

Exponential backoff retries handle throttling errors efficiently without over-provisioning.

Why this answer

Option D is correct because implementing exponential backoff with retries handles throttling errors gracefully without over-provisioning. Option A is incorrect because it is costly and inefficient to over-provision. Option B is incorrect because DynamoDB Accelerator (DAX) is a cache, but it does not increase write capacity; it can reduce read load but not write throttling.

Option C is incorrect because switching to on-demand may be more cost-effective for spiky traffic, but it is not the most cost-effective if traffic is predictable; the question asks for most cost-effective.

1451
MCQhard

A company is using Amazon ElastiCache for Redis to cache frequently accessed data. Recently, the application has been experiencing increased latency. The database specialist suspects that the cache hit ratio has decreased. Which CloudWatch metric should the specialist analyze to confirm this suspicion?

A.Monitor the 'CurrConnections' metric to see if there are too many connections.
B.Monitor the 'Evictions' metric to see if keys are being evicted.
C.Monitor 'CacheHits' and 'CacheMisses' metrics to calculate the hit ratio.
D.Monitor the 'ReplicationLag' metric to check replication delay.
AnswerC

Cache hit ratio = CacheHits / (CacheHits + CacheMisses).

Why this answer

Option A is correct because the cache hit ratio is calculated as CacheHits / (CacheHits + CacheMisses). Option B is wrong because CurrConnections shows current connections. Option C is wrong because Evictions shows number of evicted keys.

Option D is wrong because ReplicationLag shows replication delay.

1452
MCQhard

A company is designing a document management system using Amazon DocumentDB. Each document is up to 10 MB. The application needs to retrieve multiple documents by their IDs in a single request. The IDs are known at query time. Which query pattern is most efficient?

A.Use a find operation with the $or operator on the _id field.
B.Use a scan operation with a filter on the _id field.
C.Use a find operation with the $in operator on the _id field.
D.Issue multiple get operations in parallel.
AnswerC

Uses index on _id efficiently.

Why this answer

Option B is correct because $in operator allows a single query to fetch multiple documents by ID. Option A is wrong because scanning is inefficient. Option C is wrong because parallel queries increase overhead.

Option D is wrong because $or is less efficient than $in for the same field.

1453
MCQeasy

A developer needs to migrate a 500 GB MongoDB database to Amazon DocumentDB. Which approach will minimize application downtime?

A.Write a custom script to migrate data in batches
B.Export data from MongoDB, upload to S3, and import into DocumentDB
C.Use AWS DMS with ongoing replication from MongoDB to DocumentDB
D.Use AWS DataSync to transfer data files
AnswerC

Minimal downtime with live migration.

Why this answer

AWS DMS can perform a live migration with ongoing replication to minimize downtime. Option B is correct. Option A (Snapshot and restore) involves downtime.

Option C (Application-level migration) is manual and error-prone. Option D (AWS DataSync) is not for database migration.

1454
MCQhard

A company is using Amazon Aurora MySQL-Compatible Edition. The database administrator notices that the Aurora cluster has a high number of binary log (binlog) files in the cluster volume, consuming significant storage. The binlog retention period is set to 24 hours. What is the most efficient way to reduce the storage consumed by binlog files without compromising point-in-time recovery (PITR)?

A.Manually delete binlog files from the DB instance using the 'PURGE BINARY LOGS' command.
B.Use the 'Binary Log Export' feature to export binlogs to Amazon S3 and delete them from the cluster.
C.Disable binary logging on the Aurora cluster by setting the binlog_format parameter to OFF.
D.Reduce the binlog retention period to 1 hour.
AnswerC

Aurora does not require binlogs for PITR; disabling them saves storage and improves performance.

Why this answer

Option D is correct because Aurora MySQL does not rely on binlogs for PITR; it uses its own storage-based recovery. Disabling binlog altogether saves storage and reduces I/O. Option A is incorrect because reducing the retention period may not be sufficient if binlogs are still accumulating.

Option B is incorrect because binlog files are not stored on the DB instance but in the cluster volume; deleting them manually is not recommended. Option C is incorrect because using the Binary Log Export feature is for exporting logs, not reducing storage.

1455
MCQeasy

A startup needs a fully managed relational database with automated backups and scaling. They expect unpredictable workloads. Which AWS service meets these requirements?

A.Amazon DynamoDB
B.Amazon Redshift
C.Amazon Aurora Serverless
D.Amazon ElastiCache
AnswerC

Fully managed relational database with auto-scaling and backups.

Why this answer

Amazon Aurora Serverless is a fully managed relational database that automatically scales capacity up or down based on application demand, making it ideal for unpredictable workloads. It also provides automated backups, continuous backups to Amazon S3, and point-in-time recovery, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse DynamoDB's on-demand scaling with relational database requirements, overlooking that DynamoDB is NoSQL and not relational, or they mistakenly think Redshift's scaling capabilities apply to transactional workloads.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, so it does not meet the requirement for a relational database. Option B is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical workloads, not a transactional relational database, and it does not automatically scale for unpredictable transactional workloads. Option D is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis or Memcached), not a relational database, and it does not provide automated backups or scaling for persistent relational data.

1456
MCQhard

A company is migrating a self-hosted MongoDB replica set to Amazon DocumentDB. The source MongoDB is version 4.0, and the target DocumentDB is 3.6. The migration must be online with minimal downtime. Which approach should be taken?

A.Use AWS DMS with ongoing replication from MongoDB to DocumentDB.
B.Use a custom application to capture MongoDB oplog changes and apply to DocumentDB.
C.Configure DocumentDB as a replica of the MongoDB primary.
D.Export MongoDB collection data to JSON files, then import into DocumentDB.
AnswerB

Custom replication using oplog is a common approach for near-zero downtime.

Why this answer

Option D is correct because DocumentDB doesn't support change streams from MongoDB 4.0; using a custom replication tool is needed. Option A is wrong because DocumentDB has no native replication capability. Option B is wrong because DMS supports MongoDB to DocumentDB but only offline full load.

Option C is wrong because it requires downtime.

1457
MCQhard

A company is using Amazon Aurora MySQL-Compatible Edition. The security team requires that all connections to the database use SSL/TLS. The application currently connects using a standard JDBC connection string without SSL. What changes are needed to enforce SSL connections?

A.Modify the DB cluster parameter group to set require_secure_transport to ON.
B.Modify the DB cluster parameter group to set require_secure_transport to ON and update the application connection string to use SSL parameters.
C.Modify the security group to only allow traffic on port 3306 with the SSL flag.
D.Create an IAM role that requires SSL for database access and assign it to the application.
AnswerB

This enforces SSL and ensures the application uses it.

Why this answer

Option D is correct. To enforce SSL for all connections, you must configure the DB cluster parameter group to set require_secure_transport to ON and update the application connection string to use SSL parameters. Option A is incomplete because modifying the parameter group alone does not enforce SSL for existing connections.

Option B is incorrect because modifying the security group does not enforce SSL. Option C is incorrect because using an IAM role does not enforce SSL.

1458
MCQmedium

A company is using Amazon DynamoDB to store customer session data. The security team requires that all data is encrypted at rest using a customer-managed KMS key, and that access to the key is restricted to specific IAM roles. The company also wants to ensure that DynamoDB Accelerator (DAX) cluster is encrypted. Which steps should be taken to meet these requirements?

A.Create the DynamoDB table with encryption using a customer-managed KMS key. Create the DAX cluster and enable encryption at rest using the same KMS key.
B.Create the DynamoDB table without encryption, then use the AWS CLI to enable encryption after creation.
C.Create the DynamoDB table with default encryption, and create the DAX cluster with a separate customer-managed KMS key.
D.Create the DynamoDB table with encryption using a customer-managed key, and enable encryption in transit on the DAX cluster using TLS.
AnswerA

Both DynamoDB and DAX support encryption with customer-managed KMS keys.

Why this answer

Option A is correct because DynamoDB tables are encrypted by default with KMS, and you can specify a customer-managed key. DAX clusters also support encryption using the same KMS key. Option B is wrong because DAX does not support encryption at rest with a different key.

Option C is wrong because DAX does not support encryption in transit separately. Option D is wrong because DynamoDB encryption cannot be enabled after table creation.

1459
MCQeasy

A developer reports that an Amazon ElastiCache for Redis cluster's memory usage is consistently above 90%. The application uses Redis for caching and session storage. Which configuration change would MOST effectively reduce memory pressure?

A.Enable eviction with volatile-LRU policy
B.Scale up to a larger node type
C.Enable AOF persistence to free memory
D.Disable replication to reduce memory overhead
AnswerA

Eviction removes less-used keys when memory is full.

Why this answer

Option B is correct because enabling eviction with a volatile-LRU policy frees memory by removing expired keys. Option A is wrong because scaling up increases memory but costs more. Option C is wrong because persistence writes to disk, not memory.

Option D is wrong because disabling replication does not reduce memory usage.

1460
Multi-Selectmedium

A company is running an Amazon RDS for MySQL DB instance in a VPC. The security team requires that all connections to the database use SSL/TLS. Which combination of steps should be taken to enforce this? (Choose two.)

Select 2 answers
A.Create a new DB subnet group that isolates the DB instance in a private subnet without internet access.
B.Update the security group for the DB instance to deny inbound traffic on port 3306 from sources that do not have SSL.
C.Require database users to connect using the --ssl-ca parameter with the RDS certificate.
D.Modify the DB parameter group associated with the DB instance, setting the 'rds.force_ssl' parameter to 1.
E.Modify the DB option group associated with the DB instance, enabling the SSL option.
AnswersC, D

This ensures the client verifies the server certificate, which is necessary for SSL connections.

Why this answer

To enforce SSL on RDS MySQL, you set the rds.force_ssl parameter to 1 in the DB parameter group and require users to connect using the --ssl-ca option. The option group is for features like Oracle TDE, not SSL enforcement. Security group rules control network access, not encryption enforcement.

Option E is unnecessary if you set the parameter.

1461
Multi-Selecthard

A team is using Amazon DynamoDB with auto scaling enabled. They notice that some requests are returning ProvisionedThroughputExceededException errors during a sudden traffic spike. The application uses strong consistent reads. Which two actions would help mitigate the throttling without over-provisioning capacity? (Choose two.)

Select 2 answers
A.Implement DynamoDB Accelerator (DAX) to cache read results.
B.Enable DynamoDB adaptive capacity.
C.Switch to eventually consistent reads for all queries.
D.Disable auto scaling and manually set higher capacity.
E.Use DynamoDB burst capacity for the spike.
AnswersA, B

Correct. DAX reduces the number of read requests to the table, lowering the consumed read capacity.

Why this answer

Option A and D are correct. Using DynamoDB Accelerator (DAX) reduces read load, and enabling adaptive capacity helps handle uneven access patterns. Option B is wrong because disabling auto scaling would worsen the issue.

Option C is wrong because eventual reads may not be acceptable. Option E is wrong because bursting is limited and not guaranteed.

1462
MCQmedium

A company uses Amazon DynamoDB to store session data for a web application. During peak hours, they experience occasional ProvisionedThroughputExceededException errors. The table has a read capacity of 1000 RCU and a write capacity of 500 WCU. The application uses strongly consistent reads. The traffic pattern shows short bursts of reads exceeding 1000 RCU. What is the MOST cost-effective way to handle these bursts without changing the application?

A.Enable DynamoDB Auto Scaling to adjust RCU dynamically
B.Increase RCU to 2000 and enable Auto Scaling
C.Switch to eventually consistent reads
D.Use DynamoDB Accelerator (DAX) for caching reads

Why this answer

DynamoDB supports burst capacity by accumulating unused capacity for up to 5 minutes (300 seconds). For short bursts, the existing burst capacity can absorb the spikes. Option B is wrong because doubling RCU would be expensive and unnecessary if bursts are short.

Option C is wrong because switching to eventually consistent reads would only double capacity but may not be acceptable for session data. Option D is wrong because DAX is an in-memory cache that adds cost and complexity.

1463
MCQmedium

A company is migrating a 2 TB Oracle database to Amazon Aurora PostgreSQL. The on-premises database is 2 TB and the network link is 1 Gbps. The migration must complete within 48 hours with minimal data loss. The DBA has extracted the schema using AWS SCT and created an Aurora cluster. The DBA now needs to transfer the data. The DBA tried using AWS DMS over the network but estimates it will take 72 hours due to network overhead. The DBA also considered using an AWS Snowball Edge device but is concerned about the time to order and ship the device. Which approach should the DBA take to meet the deadline?

A.Use AWS DMS with change data capture and optimize the network by enabling compression
B.Use AWS S3 to upload the database dump and then load into Aurora
C.Use AWS Snowball Edge to transfer the database dump and then use DMS for change data capture
D.Use AWS DMS to perform a full load and then stop replication, accepting some data loss
AnswerC

Snowball Edge can transfer the bulk data faster than the network, and DMS can capture ongoing changes.

Why this answer

Option C is correct. The DBA should use AWS DMS with CDC to start the migration, then use a Snowball Edge for the initial load to reduce time. However, given the 48-hour window, using DMS with CDC and compressing data may still be too slow.

Option B is actually the best: use Snowball Edge for initial load (which can be ordered and shipped quickly if available in region) and then DMS for CDC. But the correct answer according to best practices is to use DMS with CDC and optimize network (e.g., using compression, increasing instance size). However, the scenario suggests DMS alone is too slow.

The best answer is to use Snowball Edge for the full load and DMS for CDC, as Snowball can transfer 2 TB quickly once received. Option A is wrong because it abandons CDC. Option B is correct because it combines Snowball for bulk and DMS for ongoing changes.

Option C is wrong because it only uses DMS. Option D is wrong because it uses S3 only.

1464
MCQeasy

A company uses Amazon DynamoDB for a session management store. The application writes and reads session data frequently. The team notices that write requests occasionally fail with ProvisionedThroughputExceededException. They want a cost-effective solution to handle these bursts. What should they do?

A.Increase the provisioned write capacity to a higher fixed value
B.Use DynamoDB Accelerator (DAX) to cache writes
C.Implement an Amazon SQS queue to buffer writes
D.Enable DynamoDB Auto Scaling for the table
AnswerD

Auto Scaling adjusts capacity based on actual usage, handling bursts cost-effectively.

Why this answer

DynamoDB Auto Scaling adjusts throughput capacity automatically based on traffic patterns, handling bursts without manual intervention. Option B (increase table) would waste capacity. Option C (DAX) does not help with write throughput.

Option D (SQS) adds complexity.

1465
MCQhard

A company is migrating a 5 TB Oracle database to Amazon RDS for Oracle. The database has several large tables with LOB columns. The migration must have minimal downtime. Which approach should be taken?

A.Use Oracle GoldenGate to replicate data to RDS.
B.Use AWS DMS with LOB support and ongoing replication from Oracle to RDS.
C.Use Oracle Data Pump to export the database and import into RDS.
D.Copy the database files to Amazon S3 and use the rdsadmin.rds_restore_from_s3 procedure.
AnswerB

AWS DMS supports LOBs and can replicate changes continuously, minimizing downtime.

Why this answer

AWS DMS with LOB support and ongoing replication (change data capture, CDC) is the correct approach because it enables a near-zero downtime migration by continuously replicating changes from the source Oracle database to Amazon RDS for Oracle after an initial full load. DMS handles large LOB columns efficiently using its 'Full LOB mode' or 'Limited LOB mode' settings, which are critical for tables with LOB data. The combination of full load + CDC ensures minimal downtime, as the target remains synchronized until cutover.

Exam trap

The trap here is that candidates may choose Oracle GoldenGate (Option A) because it is a well-known replication tool, but the exam expects you to recognize that AWS DMS is the native, fully managed service designed for minimal-downtime migrations to RDS, and GoldenGate introduces unnecessary complexity and cost.

How to eliminate wrong answers

Option A is wrong because Oracle GoldenGate requires additional licensing costs and complex setup, and while it can achieve minimal downtime, it is not the simplest or most cost-effective AWS-native solution for this scenario; AWS DMS is the recommended service for database migrations to RDS. Option C is wrong because Oracle Data Pump is a logical export/import tool that requires the source database to be in a consistent state (often requiring downtime) and cannot provide ongoing replication, so it does not meet the minimal downtime requirement. Option D is wrong because the rdsadmin.rds_restore_from_s3 procedure is used for restoring physical backups (e.g., from RMAN or Oracle Transportable Tablespaces) to RDS, not for migrating a live database with minimal downtime, and it requires the database files to be in a specific format and typically involves downtime during the restore process.

1466
Multi-Selecthard

Which TWO design patterns help meet ACID compliance requirements in a distributed database environment while maintaining high availability?

Select 2 answers
A.Use an eventually consistent read model to improve performance.
B.Implement Amazon Aurora Global Database for cross-Region ACID transactions.
C.Adopt a saga pattern to manage distributed transactions.
D.Use Amazon DynamoDB Transactions for multi-item ACID operations.
E.Implement DynamoDB Streams to capture changes for audit.
AnswersB, D

Aurora Global Database provides ACID within each region.

Why this answer

Options B and D are correct. Amazon Aurora Global Database allows cross-region replication with ACID compliance within each region. Using DynamoDB Transactions provides ACID guarantees across multiple items within a single AWS account and region.

Option A (eventual consistency) is not ACID. Option C (saga pattern) is for eventual consistency in microservices. Option E (DynamoDB Streams) enable change data capture but not ACID.

1467
MCQeasy

A gaming company uses Amazon DynamoDB as the database for user profiles and game state. The application requires strongly consistent reads for the user's own profile, but eventually consistent reads for leaderboard queries. How should the company design the table and queries?

A.Create two separate tables: one for strong consistency and one for eventual consistency.
B.Use the ConsistentRead parameter set to true for profile queries and false for leaderboard queries.
C.Enable DynamoDB Accelerator (DAX) for strong consistency on all reads.
D.Configure DynamoDB Streams to replicate data to a second table for strong consistency.
AnswerB

This allows per-request consistency control.

Why this answer

DynamoDB supports both strongly consistent reads and eventually consistent reads on the same table, controlled by the `ConsistentRead` parameter in the `GetItem`, `Query`, or `Scan` API calls. Setting `ConsistentRead=true` for profile queries ensures the most up-to-date data, while `ConsistentRead=false` (the default) for leaderboard queries provides lower latency and higher throughput, which is ideal for read-heavy, non-critical data. This design avoids the cost and complexity of multiple tables or additional services.

Exam trap

The trap here is that candidates often assume strong consistency requires a separate table or a caching layer like DAX, but DynamoDB natively supports both consistency models on the same table via a simple API parameter, making the other options over-engineered or incorrect.

How to eliminate wrong answers

Option A is wrong because creating two separate tables for consistency levels is unnecessary and wasteful; DynamoDB supports both consistency models on a single table via the `ConsistentRead` parameter. Option C is wrong because DAX is a caching layer that provides eventually consistent reads by default and does not guarantee strongly consistent reads; it is designed for read-heavy workloads with relaxed consistency, not for enforcing strong consistency. Option D is wrong because DynamoDB Streams is used for change data capture and replication, not for serving strongly consistent reads; replicating to a second table would introduce eventual consistency between tables and add latency and cost without solving the requirement.

1468
MCQmedium

A company is migrating an on-premises Oracle OLTP database to Amazon Aurora PostgreSQL. The database has a complex schema with stored procedures, triggers, and sequences. During the migration, the team notices that the conversion tool reports several incompatibilities. Which strategy should the team use to handle the database schema changes with minimal downtime?

A.Deploy Amazon RDS for PostgreSQL with Babelfish to run Oracle PL/SQL code natively.
B.Use AWS Database Migration Service (DMS) with the AWS Schema Conversion Tool (SCT) to convert the schema and migrate data, then handle remaining incompatibilities during a cutover window.
C.Use pg_dump and pg_restore to migrate the schema, and then test and fix any errors.
D.Manually rewrite all stored procedures and triggers to PostgreSQL syntax before migration.
AnswerB

SCT automates schema conversion, and DMS supports minimal downtime via ongoing replication.

Why this answer

Option B is correct because AWS DMS can handle ongoing replication after initial load, and the AWS Schema Conversion Tool (SCT) can convert schema. Option A is wrong because converting manually is error-prone and time-consuming. Option C is wrong because Babelfish is for SQL Server, not Oracle.

Option D is wrong because writing a custom script is not recommended given available tools.

1469
MCQeasy

A developer is configuring an Amazon RDS for PostgreSQL DB instance. The application connects using IAM database authentication. Which setting must be enabled on the DB instance for IAM authentication to work?

A.Set the database port to 5432.
B.Set the 'rds.force_ssl' parameter to 1.
C.Ensure the DB instance is publicly accessible.
D.Change the master username to 'iam_user'.
AnswerB

IAM authentication requires SSL connections.

Why this answer

Option B is correct because IAM database authentication requires the 'rds.force_ssl' parameter to be set to 1 to enforce TLS connections. Option A is wrong because IAM authentication does not require the database port to be changed. Option C is wrong because the master username is still used for IAM authentication.

Option D is wrong because the DB instance can be in a VPC; IAM authentication works within a VPC.

1470
MCQeasy

A company is using Amazon RDS for MySQL. They want to audit all database logins and failed login attempts. Which option should they enable?

A.Set the parameter log_queries_not_using_indexes = 'ON' in the DB parameter group.
B.Set the parameter audit_log = 'ON' in the DB parameter group.
C.Set the parameter general_log = 'ON' in the DB parameter group.
D.Set the parameter slow_query_log = 'ON' in the DB parameter group.
AnswerB

The audit log captures connection events, including successful and failed logins.

Why this answer

Option A is correct because setting the parameter audit_log = 'ON' enables audit logging for MySQL, which logs connections and disconnections, including failed login attempts. Option B is wrong because general_log logs all queries, not just logins. Option C is wrong because slow_query_log logs only slow queries.

Option D is wrong because log_queries_not_using_indexes logs queries that do not use indexes, not login attempts.

1471
MCQhard

A financial services company uses Amazon DynamoDB to store transaction records. The table has a partition key of 'account_id' and a sort key of 'transaction_time'. Recent queries for a specific account's transactions within a time range are experiencing high latency. The table has read capacity units set to auto-scaling. Which design change would most improve query performance?

A.Change the sort key to a composite attribute for better filtering.
B.Enable DynamoDB Accelerator (DAX) for the table.
C.Increase the read capacity units for the table.
D.Create a global secondary index with a different partition key.
AnswerD

GSI with a different key distributes reads across partitions.

Why this answer

Option B is correct because using a secondary index with a different partition key can avoid hot partitions caused by frequent access to the same account. Option A (increasing RCUs) may not help if the partition is hot. Option C (changing sort key) won't help if the partition is overloaded.

Option D (DAX) caches results but doesn't fix the underlying hot partition issue.

1472
MCQmedium

A company is migrating a 10 TB SQL Server database to Amazon RDS for SQL Server. They need to minimize the migration time and cost. Which approach should they use?

A.Use AWS Snowball Edge to transfer backup files
B.Use AWS Schema Conversion Tool to convert schema and then bulk insert
C.Use AWS DMS with a full load and ongoing replication
D.Use native SQL Server backup to S3 and restore to RDS
AnswerC

Efficient and supports minimal downtime.

Why this answer

AWS DMS can migrate data efficiently and supports ongoing replication. Option C is correct. Option A (Native backup and restore) requires storage and manual steps.

Option B (SCT only) does not migrate data. Option D (Snowball) is for large data but adds latency.

1473
MCQmedium

A company uses Amazon RDS for PostgreSQL with Multi-AZ deployment. The primary instance fails, and a failover occurs. After the failover, the application is still unable to connect to the database endpoint. The database administrator checks the RDS console and sees that the new primary is in 'available' state. What should the administrator do next to diagnose the connectivity issue?

A.Verify that the security group for the RDS instance allows inbound traffic from the application
B.Check if the subnet group for the RDS instance is correctly configured
C.Check the DNS resolution of the RDS endpoint from the application server
D.Restart the RDS instance to force a new connection
AnswerC

The CNAME record should be updated; stale DNS could cause connection failures.

Why this answer

Option C is correct because the DNS CNAME of the RDS endpoint should have updated to point to the new primary. If the application is using the old IP or a cached DNS entry, it may not connect. Option A is incorrect because security group rules are usually unchanged.

Option B is incorrect because the subnet group is not the issue. Option D is incorrect because the primary is already in available state.

1474
Multi-Selectmedium

A company is designing a new application that requires a relational database with read replicas for reporting. The application has unpredictable traffic patterns. The company wants to minimize operational overhead and automatically scale compute capacity. Which THREE services should the company consider?

Select 3 answers
A.Amazon DynamoDB Accelerator (DAX)
B.Amazon RDS for MySQL with Multi-AZ
C.Amazon RDS for PostgreSQL with read replicas
D.Amazon Aurora Serverless v2
E.Amazon RDS Proxy
AnswersC, D, E

RDS for PostgreSQL supports read replicas, but does not auto-scale compute; however, it is a valid option if combined with other services.

Why this answer

Amazon RDS for PostgreSQL with read replicas is correct because it supports up to 15 read replicas for offloading reporting workloads, and with Multi-AZ deployment, it can automatically failover to a standby instance. However, for automatic scaling of compute capacity, you would need to combine it with a scaling solution like Aurora or use RDS for PostgreSQL with a manual scaling process, but the question specifically asks for automatic scaling, which is better addressed by Aurora Serverless v2. The read replicas provide the necessary separation for reporting without impacting the primary database.

Exam trap

The trap here is that candidates often confuse Multi-AZ with read replicas, thinking Multi-AZ provides read scaling, but Multi-AZ only provides a standby for failover, not read endpoints.

1475
MCQmedium

Refer to the exhibit. A company uses this DynamoDB table to store user session data. The application frequently queries by user_id alone to get all sessions for a user. However, the query is slow. What is the most likely cause?

A.The table's partition key is session_id, not user_id, so querying by user_id requires a scan.
B.The table has no sort key on user_id.
C.The table has too many items, causing slow scans.
D.The provisioned read capacity is too low.
AnswerA

Without a GSI on user_id, queries on user_id are scans.

Why this answer

The table's primary key is session_id, not user_id. Querying by user_id without a secondary index forces DynamoDB to perform a full table scan, which reads every item and is significantly slower than a query operation. This is the most likely cause of the slow performance.

Exam trap

The trap here is that candidates often assume any attribute can be queried efficiently, failing to recognize that DynamoDB requires a primary key or index for efficient lookups, and that a scan is the fallback for non-key attributes.

How to eliminate wrong answers

Option B is wrong because a sort key on user_id would not help; the table already has a sort key (timestamp), but the issue is that user_id is not the partition key, so queries by user_id still require a scan. Option C is wrong because while a large number of items can slow scans, the fundamental problem is the access pattern mismatch (scan vs. query), not just item count. Option D is wrong because low provisioned read capacity would cause throttling (ProvisionedThroughputExceededException), not inherently slow queries; the described slowness is due to scanning, not capacity limits.

1476
MCQeasy

A company is migrating an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). Which AWS service can perform the migration with minimal downtime using ongoing replication?

A.AWS Database Migration Service (AWS DMS)
B.Amazon CloudWatch
C.AWS Schema Conversion Tool (AWS SCT)
D.AWS Glue
AnswerA

DMS supports MongoDB to DocumentDB migration with ongoing replication.

Why this answer

Option A is correct because AWS DMS supports MongoDB as a source and DocumentDB as a target, with ongoing replication via change streams. Option B is wrong because AWS SCT is for schema conversion, not data migration. Option C is wrong because AWS Glue is an ETL service, not specialized for database migration with ongoing replication.

Option D is wrong because Amazon CloudWatch is a monitoring service.

1477
Multi-Selecteasy

A company is designing a database for a social media application that requires storing user profiles, posts, and follower relationships. The application needs low-latency queries for user timelines and social graph traversals. Which TWO AWS database services should the database specialist consider? (Choose TWO.)

Select 2 answers
A.Amazon Timestream
B.Amazon Neptune
C.Amazon Redshift
D.Amazon RDS for MySQL
E.Amazon DynamoDB
AnswersB, E

Neptune is a graph database purpose-built for social graph traversals.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data, such as social graphs. It supports property graph and RDF models, enabling low-latency traversals of follower relationships and user timelines using Gremlin or SPARQL queries.

Exam trap

The trap here is that candidates may choose Amazon RDS for MySQL (Option D) thinking relational databases can handle graph queries with joins, but they fail to recognize that Neptune provides native graph traversal performance that relational databases cannot match for deeply connected data.

1478
MCQeasy

A database administrator needs to monitor Amazon RDS for PostgreSQL connections and terminate idle connections that have been open for more than 1 hour. Which combination of steps should be taken?

A.Use Amazon RDS Performance Insights to view active connections and manually terminate idle connections via the AWS Management Console.
B.Configure an RDS event subscription for 'connection' events and send to Amazon SNS. Use SNS to notify an EC2 instance that runs a script to terminate idle connections.
C.Enable audit logging and stream to Amazon CloudWatch Logs. Create a metric filter for connection events. Use CloudWatch Alarm to trigger a Lambda function that runs a SQL query to terminate idle connections.
D.Enable RDS Enhanced Monitoring and configure a CloudWatch alarm to invoke an AWS Lambda function that terminates idle connections.
AnswerC

Audit logs capture connection events; metric filter and Lambda automate termination.

Why this answer

CloudWatch Logs capture connection logs. Lambda can query the database to terminate idle connections. Option A is correct.

Option B uses EC2 which is less automated. Option C uses RDS Event Notifications which do not include connection details. Option D lacks Lambda automation.

1479
Multi-Selectmedium

A company is designing a database for a global e-commerce platform with strong consistency requirements. The database must support cross-region disaster recovery with RPO < 1 second and RTO < 1 minute. Which TWO AWS database services meet these requirements?

Select 2 answers
A.Amazon Aurora Global Database
B.Amazon RDS Multi-AZ
C.Amazon Redshift with cross-region snapshot copy
D.Amazon ElastiCache for Redis with Global Datastore
E.Amazon DynamoDB Global Tables
AnswersA, E

Aurora Global Database replicates across regions with RPO of 1 second and RTO of 1 minute.

Why this answer

Option A (Aurora Global Database) provides cross-region replication with typical RPO of 1 second and RTO of 1 minute. Option D (DynamoDB Global Tables) offers multi-region replication with eventual consistency but also supports strongly consistent reads in each region; however, for global tables, RPO is typically < 1 second and failover can be automated within seconds. Option B (RDS Multi-AZ) is single-region.

Option C (Redshift) is not designed for OLTP. Option E (ElastiCache) is in-memory and not durable.

1480
MCQhard

A company uses Amazon DynamoDB for a shopping cart application. During a flash sale, write requests are throttled due to hot partitions. The access pattern is evenly distributed across items, but the partition key is the customer ID. Which design change would best mitigate throttling?

A.Enable DynamoDB adaptive capacity.
B.Change the partition key to a single value for all items.
C.Increase the provisioned write capacity to a higher fixed value.
D.Add a DAX cluster in front of DynamoDB.
AnswerA

Adaptive capacity rebalances throughput across partitions.

Why this answer

Option A is correct because DynamoDB adaptive capacity automatically adjusts throughput capacity based on traffic patterns, which helps mitigate hot partitions by redistributing unused capacity from less-accessed partitions to heavily accessed ones. This is ideal for the flash sale scenario where write requests are throttled due to uneven access across customer ID partitions, even though the overall access pattern is evenly distributed.

Exam trap

The trap here is that candidates may think increasing provisioned capacity (Option C) is the straightforward fix for throttling, but they overlook that hot partitions require a design-level solution like adaptive capacity or partition key redesign to distribute writes evenly.

How to eliminate wrong answers

Option B is wrong because changing the partition key to a single value for all items would create an extreme hot partition, causing all writes to target one partition and severely throttling the entire table. Option C is wrong because increasing provisioned write capacity to a higher fixed value does not address the root cause of hot partitions; it only increases overall throughput but still allows throttling on individual partitions if the access pattern is skewed. Option D is wrong because adding a DAX cluster in front of DynamoDB is a caching layer that primarily improves read performance and reduces read latency, but it does not mitigate write throttling or hot partition issues on the write path.

1481
MCQhard

A company runs a critical Oracle database on Amazon RDS. The database has a large table that is frequently accessed by multiple applications. The team wants to implement caching to reduce the load on the database. The cached data must be strongly consistent with the database. Which caching strategy should they use?

A.Eventual consistency with DynamoDB Accelerator (DAX)
B.Read-only cache with Amazon ElastiCache
C.Write-through cache using Amazon ElastiCache
D.Lazy loading with cache-aside pattern
AnswerC

Write-through ensures data is written to cache and DB together, maintaining strong consistency.

Why this answer

Write-through cache ensures that data is written to the cache and the database simultaneously, providing strong consistency. Lazy loading can lead to stale data. Read-only cache does not help with writes.

Eventual consistency is not acceptable.

1482
Multi-Selecthard

Refer to the exhibit. A database engineer is assigned this IAM policy. Which of the following actions can the engineer perform? (Choose two.)

Select 2 answers
A.Describe all automated snapshots
B.Delete a manual snapshot named dev-snapshot
C.Delete a manual snapshot named prod-database-snapshot
D.Delete a manual snapshot named prod-backup
E.Create a manual snapshot named test-snapshot
AnswersA, E

The Allow statement permits DescribeDBSnapshots for all resources.

Why this answer

Correct answers are B and D. B: The policy allows 'rds:DescribeDBSnapshots' for all resources. D: The policy allows 'rds:CreateDBSnapshot' for all resources, so creating a snapshot with any name is allowed.

A is wrong because the Deny statement blocks deletion of snapshots with names starting with 'prod-'. C is wrong because the Deny specifically targets the 'prod-*' pattern. E is wrong because the Deny applies to snapshots in us-east-1 only? Actually the Deny resource is specific to us-east-1, but the question says 'in any region' - the policy's Deny applies only to us-east-1, so deletion in other regions is allowed? Wait, the resource ARN specifies us-east-1, so Deny only applies to snapshots in that region.

But the question says 'prod-database-snapshot' - if it's in us-east-1, it's denied. However, the user is asking about 'a snapshot named prod-database-snapshot' - that matches the pattern. So C is wrong.

E is wrong because the policy does not allow deletion of snapshots with prefix 'prod-'. The correct interpretation: The Deny only applies to the specific ARN with region us-east-1, so if the snapshot is in another region, deletion is allowed? But the policy does not explicitly allow deletion, so by default it's denied (unless there is an Allow). The policy only allows Create and Describe.

Deletion is not allowed anywhere because there is no Allow statement for Delete. So deletion is implicitly denied for all snapshots. Wait, IAM default is deny.

So without an explicit Allow for Delete, deletion is denied. So E is wrong. The correct answers are B and D.

1483
MCQmedium

A company is designing a database for a social media application that stores user posts. Each post can have multiple tags. The workload requires low-latency queries to find all posts with a specific tag. Which database design is most suitable?

A.Amazon ElastiCache for Memcached storing posts and tags as key-value pairs.
B.Amazon DynamoDB with a Global Secondary Index on the tag attribute.
C.Amazon RDS for MySQL with a normalized schema and JOIN queries.
D.Amazon Neptune with a graph model for tags and posts.
AnswerB

GSI provides fast query by tag.

Why this answer

Option A is correct because Amazon DynamoDB with a GSI on the tag attribute allows fast queries by tag. Option B is wrong because RDS for MySQL with a normalized schema would require joins, which are slower for this use case. Option C is wrong because ElastiCache is a cache, not a primary data store.

Option D is wrong because Neptune is for graph data, not for this simple tag lookup.

1484
MCQmedium

A company runs an e-commerce platform on Amazon RDS for PostgreSQL. During a flash sale, the database experiences high write load and read replicas lag significantly. The application uses read replicas for reporting queries. Which design change would most effectively reduce replica lag without compromising write performance?

A.Increase the instance size of the primary database.
B.Add more read replicas to distribute the reporting load.
C.Migrate to Amazon Aurora with read replicas.
D.Convert the RDS instance to a Multi-AZ deployment.
AnswerC

Aurora has faster replication (typically <100ms) and is designed to handle high write loads with minimal replica lag.

Why this answer

Option C is correct because Amazon Aurora's distributed storage architecture decouples compute from storage, allowing replicas to apply redo logs with minimal overhead compared to RDS for PostgreSQL's physical replication. Aurora's replicas share the same underlying storage volume, so replica lag is significantly reduced even under heavy write loads, while write performance on the primary remains unaffected due to the asynchronous, log-based replication mechanism.

Exam trap

The trap here is that candidates assume adding more replicas or scaling the primary will solve replication lag, but they fail to recognize that the fundamental replication mechanism in RDS for PostgreSQL (streaming WAL) is the bottleneck, whereas Aurora's shared-storage architecture inherently minimizes lag.

How to eliminate wrong answers

Option A is wrong because increasing the primary instance size may improve write throughput but does not address the root cause of replica lag, which is the replication bottleneck in RDS for PostgreSQL's streaming replication; the primary's larger size does not speed up log shipping or apply on replicas. Option B is wrong because adding more read replicas does not reduce lag on existing replicas; it may even increase replication overhead on the primary, potentially worsening lag for all replicas under high write load. Option D is wrong because Multi-AZ deployment provides high availability with synchronous replication to a standby instance, but it does not create read replicas or reduce lag for reporting queries; the standby is not used for reads and does not alleviate replica lag.

1485
MCQeasy

A company is using Amazon RDS for Oracle and wants to integrate with AWS CloudTrail to log database API calls. Which action is necessary?

A.Enable CloudTrail for the RDS instance.
B.Create a VPC endpoint for CloudTrail.
C.Configure Oracle Fine-Grained Auditing (FGA).
D.Install the pgAudit extension.
AnswerA

CloudTrail already logs RDS API calls; no special setup needed.

Why this answer

AWS CloudTrail is the service that logs API calls made to AWS services, including Amazon RDS. To capture database API calls (e.g., CreateDBInstance, ModifyDBInstance) for an RDS for Oracle instance, you must enable CloudTrail for the RDS instance by creating a trail that covers the RDS service. This logs management events at the AWS control plane level, not the database engine level.

Exam trap

The trap here is confusing AWS-level API logging (CloudTrail) with database engine-level auditing (FGA, pgAudit), leading candidates to select database-specific auditing tools instead of the correct AWS service for logging control plane API calls.

How to eliminate wrong answers

Option B is wrong because a VPC endpoint for CloudTrail is used to privately connect your VPC to CloudTrail without using the public internet, but it is not required to log RDS API calls; CloudTrail works over the public AWS API endpoints by default. Option C is wrong because Oracle Fine-Grained Auditing (FGA) is a database-level auditing feature that logs SQL operations within the Oracle database engine, not AWS API calls to the RDS service. Option D is wrong because the pgAudit extension is used for PostgreSQL databases to log database-level activity, not for Oracle RDS instances or AWS API logging.

1486
MCQmedium

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database is 2 TB and has a sustained write rate of 150 MB/s. The migration must have minimal downtime. Which AWS service or tool should be used for the initial data load and ongoing replication?

A.Use AWS Database Migration Service (AWS DMS) with full load and ongoing replication
B.Use pg_dump and pg_restore
C.Use AWS Schema Conversion Tool (AWS SCT) to convert schema and AWS DMS for data migration
D.Use AWS S3 Transfer Acceleration to upload data to Amazon S3, then restore to RDS
AnswerA

AWS DMS supports full load and ongoing replication with minimal downtime.

Why this answer

AWS DMS supports ongoing replication from on-premises to RDS with minimal downtime. Option A is incorrect because pg_dump/pg_restore cannot perform ongoing replication. Option B is incorrect because S3 is for storage, not database replication.

Option D is incorrect because the Schema Conversion Tool does not handle data migration.

1487
MCQhard

An IAM policy is attached to a user who is deploying a new RDS instance. What is the effect of this policy on the user's ability to modify an existing production database instance with the identifier 'prod-mydb'?

A.The user cannot modify the production database instance because the Deny statement explicitly denies ModifyDBInstance on production databases.
B.The user can modify the production database instance because the Allow statement grants full access to RDS actions.
C.The user can modify the production database instance if they use the AWS CLI instead of the console.
D.The user cannot modify any database instance because the Deny statement denies ModifyDBInstance on all resources.
AnswerA

Deny overrides Allow, and the resource pattern matches the production database.

Why this answer

Option B is correct because the Deny statement explicitly denies the ModifyDBInstance action on resources matching the ARN pattern for production databases. Since Deny overrides any Allow, the user cannot modify any production database. Option A is wrong because the user can still create and describe instances.

Option C is wrong because the user cannot modify any production instances regardless of region. Option D is wrong because the user cannot modify any production instance, even if they are not the owner.

1488
Multi-Selectmedium

A company is migrating a 500 GB SQL Server database to Amazon RDS for SQL Server. They need to minimize downtime. Which TWO actions should they take? (Choose two.)

Select 2 answers
A.Store database backup files in Amazon S3
B.Use AWS Schema Conversion Tool to convert the schema
C.Use AWS DMS with ongoing change data capture (CDC)
D.Set up AWS Direct Connect for the migration
E.After migration, enable Multi-AZ for high availability
AnswersC, E

Minimizes downtime by replicating changes.

Why this answer

Option A (DMS with CDC) and Option B (Migrate to Multi-AZ after migration) are correct. Option C (S3) is not needed. Option D (Direct Connect) improves bandwidth but not necessary for minimal downtime.

Option E (SCT) is for schema conversion, not needed if schema is compatible.

1489
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user. The user attempts to delete a DB instance named 'prod-db'. What will happen?

A.The delete will succeed because the Allow statement grants modify permission.
B.The delete will succeed because the resource is 'prod-db' which does not match the deny pattern.
C.The delete will fail because of the explicit Deny statement.
D.The delete will succeed only if the user has MFA enabled.
AnswerC

Explicit deny overrides any allow.

Why this answer

The Deny statement explicitly denies delete on any instance matching 'prod-*'. Since an explicit deny overrides any allow, the delete will fail. Option B is correct.

Option A is wrong because the deny overrides. Option C is wrong because the policy does not require MFA. Option D is wrong because the user cannot delete the instance.

1490
MCQmedium

A company uses Amazon DynamoDB for a time-series IoT application. Each device sends a data point every second. The application queries data by device ID and timestamp range. Which table design is most efficient?

A.Use a composite key of device ID and timestamp as the partition key.
B.Use device ID as the partition key and a random suffix as the sort key.
C.Use timestamp as the partition key and device ID as the sort key.
D.Use device ID as the partition key and timestamp as the sort key.
AnswerD

Allows efficient range queries on timestamp per device.

Why this answer

Option D is correct because it models the access pattern directly: using device ID as the partition key ensures all data for a device is co-located, and timestamp as the sort key enables efficient range queries (e.g., Query with KeyConditionExpression on timestamp between start and end). This design avoids hot partitions and allows DynamoDB to retrieve the exact time-series slice without scanning.

Exam trap

AWS often tests the misconception that a composite partition key (device ID + timestamp) is needed for uniqueness, but the trap here is that candidates forget the sort key's role in enabling range queries and instead try to force uniqueness into the partition key, which breaks the access pattern.

How to eliminate wrong answers

Option A is wrong because using a composite key of device ID and timestamp as the partition key would create a unique partition for each data point, making it impossible to query all data for a device across a time range without a full scan. Option B is wrong because using a random suffix as the sort key destroys the natural ordering of timestamps, preventing efficient range queries and forcing a scan to filter by time. Option C is wrong because using timestamp as the partition key leads to a single hot partition for each second (or time granularity), causing throttling and poor distribution, and querying by device ID would require a scan across all partitions.

1491
MCQmedium

Refer to the exhibit. A company is migrating an on-premises database to Amazon RDS for MySQL. During a test migration, the DMS task fails with the error shown. The source database is 500 GB and the target RDS instance has 500 GB allocated storage. What should be done to resolve this error and complete the migration?

A.Increase the DB instance class to a larger size
B.Increase the DMS task's allocated storage
C.Reduce the size of the source database
D.Enable storage autoscaling on the RDS instance
AnswerD

Autoscaling will automatically increase storage as needed.

Why this answer

Option A is correct because enabling storage autoscaling will allow the RDS instance to automatically increase storage when needed during the migration. Option B is wrong because the error is about storage, not instance class. Option C is wrong because the error is about the RDS instance, not the source.

Option D is wrong because DMS tasks do not require an increase in RDS storage allocation upfront; autoscaling handles it.

1492
Multi-Selectmedium

A company runs a self-managed Redis cluster on Amazon EC2 for caching. The cluster has one primary and two replicas, each on c5.large instances. The application experiences high latency during peak hours. CloudWatch metrics show that the primary node's CPU utilization is consistently above 80% and the network bandwidth is near the instance limit. The replicas show moderate CPU usage. The team wants to reduce latency without increasing cost significantly. Which combination of actions should the team take? (Choose two.)

Select 2 answers
A.Enable Redis Cluster Mode and distribute data across multiple shards.
B.Add more EC2 instances as additional replicas to offload reads.
C.Configure the application to read from replica nodes.
D.Upgrade the primary to a c5.2xlarge instance type.
E.Migrate to Amazon ElastiCache for Redis with Cluster Mode enabled.
AnswersA, E

Sharding spreads the load, reducing CPU and network pressure on individual nodes.

Why this answer

Option A and Option C are correct. Option A: Enabling Cluster Mode allows sharding data across multiple nodes, reducing load on each node. Option C: Using an ElastiCache Redis cluster with Cluster Mode enabled provides managed scaling and reduces the operational burden.

Option B is incorrect because it increases cost (more instances) and does not address vertical scaling limits. Option D is incorrect because using larger instances (vertical scaling) increases cost significantly and may still hit network limits. Option E is incorrect because read replicas help with read scaling, but the primary is the bottleneck for writes and CPU.

1493
Multi-Selecteasy

Which THREE actions should be taken to troubleshoot an Amazon RDS for PostgreSQL instance that is unresponsive? (Choose 3.)

Select 3 answers
A.Reboot the DB instance immediately
B.Modify the DB instance to a larger instance class
C.Verify that the security group allows inbound traffic on the database port
D.Check the database error logs in CloudWatch Logs
E.Review CloudWatch metrics for CPU, memory, and disk I/O
AnswersC, D, E

Network connectivity issues can make instance appear unresponsive.

Why this answer

Options A, C, and D are correct because checking logs, verifying security groups, and reviewing metrics are standard initial steps. Option B is wrong because rebooting without diagnostics may lose evidence. Option E is wrong because modifying instance class without cause may not help and could be disruptive.

1494
MCQeasy

A company is using Amazon DynamoDB and wants to ensure that only authorized users can access a specific table. Which AWS service should be used to manage access control?

A.AWS CloudHSM.
B.AWS Key Management Service (KMS).
C.Amazon VPC security groups.
D.AWS Identity and Access Management (IAM).
AnswerD

IAM policies define who can access DynamoDB tables.

Why this answer

Option B is correct because IAM is used to manage access to DynamoDB tables through policies. Option A is wrong because security groups control network traffic, not database access. Option C is wrong because CloudHSM is for encryption keys, not access control.

Option D is wrong because KMS is for encryption, not access control.

1495
MCQeasy

A financial services company needs a relational database with high availability and automatic failover across three Availability Zones in us-east-1. The workload consists of OLTP transactions with occasional analytic queries. Which database solution meets these requirements?

A.Amazon RDS for MySQL with Multi-AZ (2 AZs)
B.Amazon DynamoDB global tables
C.Amazon Aurora MySQL with Multi-AZ deployment across 3 AZs
D.Amazon Redshift with cross-region snapshots
AnswerC

Aurora provides automatic failover across 3 AZs and supports OLTP and analytics.

Why this answer

Amazon Aurora MySQL with Multi-AZ deployment across 3 AZs meets the requirements because Aurora automatically replicates your data six ways across three Availability Zones, with a primary DB instance in one AZ and two read replicas in the other two AZs. In the event of a failure, Aurora automatically fails over to a read replica in under 30 seconds without data loss, providing high availability and automatic failover across three AZs. Aurora also supports both OLTP transactions and can handle occasional analytic queries via Aurora Replicas or Aurora Global Database for read scaling.

Exam trap

The trap here is that candidates often confuse RDS Multi-AZ (which only supports 2 AZs) with Aurora's native multi-AZ replication across 3 AZs, or they mistakenly think DynamoDB global tables (a NoSQL service) can replace a relational database for OLTP workloads requiring ACID transactions.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL with Multi-AZ (2 AZs) only supports a standby replica in a single secondary AZ, not across three AZs, and failover is limited to two AZs, failing the requirement for three Availability Zones. Option B is wrong because Amazon DynamoDB global tables is a NoSQL key-value and document database, not a relational database, and while it provides multi-region replication, it does not support relational queries or ACID transactions in the same way as a relational database, and it does not offer automatic failover across three AZs in a single region. Option D is wrong because Amazon Redshift is a data warehouse optimized for analytic queries, not OLTP transactions, and cross-region snapshots provide disaster recovery but not automatic failover across three AZs for high availability.

1496
Multi-Selecthard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database contains sensitive personally identifiable information (PII). The security team requires that the data be encrypted in transit between the application and the RDS instance, and also encrypted at rest using a key managed by the company. Which THREE actions should the company take? (Choose THREE.)

Select 3 answers
A.Configure the RDS instance to require SSL/TLS connections.
B.Modify the DB parameter group to set the 'rds.force_ssl' parameter to 1.
C.Enable encryption at rest for the RDS instance at launch time.
D.Enable Transparent Data Encryption (TDE) using CloudHSM.
E.Create a customer managed key (CMK) in AWS KMS.
AnswersA, C, E

SSL/TLS encrypts data in transit.

Why this answer

Options A, C, and D are correct. Option A: enabling SSL/TLS encrypts data in transit. Option C: KMS customer managed key allows the company to manage the key for at-rest encryption.

Option D: RDS encryption must be enabled at launch. Option B is wrong because RDS does not support TDE with CloudHSM for Oracle. Option E is wrong because forcing SSL is a parameter, not an option group level action.

1497
MCQmedium

A company uses Amazon RDS for PostgreSQL with logical replication to a downstream system. The replication slot grows unbounded and causes storage full issues. Which action resolves this without data loss?

A.Disable logical replication and use DMS instead
B.Increase the allocated storage size of the RDS instance
C.Monitor the replication slot and advance it using pg_replication_slot_advance
D.Delete the replication slot and recreate it
AnswerC

Advancing the slot allows WAL cleanup.

Why this answer

Option C is correct because monitoring and advancing the replication slot prevents WAL accumulation. Option A is wrong because disabling replication causes data loss. Option B is wrong because increasing storage is a temporary fix, not a resolution.

Option D is wrong because deleting old WAL logs may break replication.

1498
MCQhard

An e-commerce company runs a multi-AZ deployment of Amazon RDS for MySQL. During a recent failover test, the application experienced a 30-second write outage. The application uses a connection pooling library. The DB instance has a 60-second TTL for DNS records. What is the MOST likely cause of the outage?

A.The connection pool had open connections to the old primary, and DNS TTL caused a delay in reconnecting to the new primary.
B.The application experienced a cold start after the failover.
C.The DNS record for the RDS endpoint was not updated after the failover.
D.The Multi-AZ failover took longer than 30 seconds to complete.
AnswerA

Stale connections and DNS caching can cause a brief outage until connections are refreshed.

Why this answer

Option B is correct because the application's connection pool may have stale connections to the old primary, and the DNS TTL of 60 seconds delays the resolution to the new primary. Option A is wrong because RDS failover typically completes in 1-2 minutes. Option C is wrong because Multi-AZ DNS records are updated automatically.

Option D is wrong because a cold start would cause longer outage.

1499
MCQmedium

A company is migrating a 3 TB PostgreSQL database from on-premises to Amazon Aurora PostgreSQL. They need to minimize downtime and ensure that the migration is completed within a maintenance window. Which approach should they use?

A.Use AWS DMS with full load and ongoing replication (CDC)
B.Use AWS SCT to convert the schema and then migrate data
C.Use pg_dump to export the database and pg_restore to import into Aurora
D.Take a file system snapshot and restore to Aurora
AnswerA

DMS with CDC supports minimal downtime by replicating changes.

Why this answer

AWS DMS with full load and ongoing replication (CDC) is the correct approach because it allows you to perform an initial full load of the 3 TB database while continuously capturing changes from the source PostgreSQL using logical replication (via the pglogical extension or native slot-based replication). This minimizes downtime by keeping the target Aurora PostgreSQL nearly synchronized, and you can switch over during a maintenance window with only a brief outage to apply any final lag.

Exam trap

The trap here is that candidates often choose pg_dump/pg_restore (Option C) because it is a familiar tool, but they overlook the requirement to minimize downtime, which CDC-based replication uniquely addresses.

How to eliminate wrong answers

Option B is wrong because AWS SCT is used for schema conversion (e.g., from Oracle or SQL Server to Aurora PostgreSQL), not for migrating data from PostgreSQL to PostgreSQL, and it does not provide ongoing replication to minimize downtime. Option C is wrong because pg_dump/pg_restore is a logical backup and restore method that requires the source database to be offline or read-only during the dump, causing significant downtime for a 3 TB database, and it does not support continuous replication. Option D is wrong because file system snapshots are not compatible with Aurora PostgreSQL; Aurora uses a distributed storage layer and cannot ingest raw file system snapshots from on-premises PostgreSQL.

1500
MCQhard

A company uses Amazon DynamoDB with On-Demand capacity for a gaming application. During a new game launch, write traffic spikes 10x normal for 30 minutes. Some write requests receive ProvisionedThroughputExceeded exceptions. What is the MOST likely cause and solution?

A.The partition key is not distributing writes evenly, causing a hot partition. Redesign the partition key for uniform access.
B.On-Demand capacity cannot handle sudden spikes. Switch to Provisioned capacity with auto scaling.
C.DynamoDB Streams is enabled, causing additional write throttling. Disable streams.
D.The table has a global secondary index with a different partition key that is unevenly accessed. Remove the GSI.
AnswerA

Hot partitions cause throttling even with On-Demand capacity.

Why this answer

On-Demand capacity can handle spikes but has per-partition throughput limits. If a hot partition exists, writes to that partition may exceed its limit. Option A is correct because uneven partition keys cause throttling.

Option B is incorrect because On-Demand does not have table-level limits. Option C is not the primary cause. Option D is incorrect as GSI writes also consume write capacity.

Page 19

Page 20 of 24

Page 21