AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 16511725

1730 questions total · 24pages · All types, answers revealed

Page 22

Page 23 of 24

Page 24
1651
MCQmedium

A company stores sensitive data in an Amazon S3 bucket that is accessed by an Amazon Redshift cluster. The security team requires that the data in transit between Redshift and S3 be encrypted. Which configuration ensures this?

A.Enable server-side encryption (SSE-S3) on the S3 bucket.
B.Ensure that the Redshift cluster has SSL enabled, which encrypts data in transit by default for COPY/UNLOAD operations to S3.
C.Configure a VPC endpoint for S3.
D.Use client-side encryption on the data before uploading to S3.
AnswerB

Redshift uses SSL for data transfer to S3 by default.

Why this answer

Option B is correct. Redshift automatically uses SSL encryption for data in transit when moving data to and from S3 using COPY/UNLOAD commands. Option A is incorrect because server-side encryption (SSE-S3) encrypts data at rest, not in transit.

Option C is incorrect because client-side encryption encrypts data before sending, but Redshift handles this automatically with SSL. Option D is incorrect because VPC endpoints do not encrypt data in transit; they provide private connectivity.

1652
Multi-Selecthard

A company is using Amazon DynamoDB with on-demand capacity mode. The application experiences occasional throttling during traffic spikes. The database administrator wants to implement a solution to reduce throttling. Which THREE actions should the administrator take? (Choose THREE.)

Select 3 answers
A.Use DynamoDB Accelerator (DAX) to cache frequently accessed items.
B.Enable auto scaling for the table.
C.Switch the table to provisioned capacity mode with auto scaling.
D.Implement exponential backoff and retry logic in the application.
E.Design the application to handle throttling by retrying with backoff.
AnswersA, D, E

DAX reduces read traffic to the table, decreasing the chance of read throttling.

Why this answer

Options A, C, and D are correct. Implementing retry logic with exponential backoff handles throttling gracefully. Using DynamoDB Accelerator (DAX) reduces read load on the table, which can help with read throttling.

Designing the application to handle throttling by retrying ensures resilience. Option B is incorrect because switching to provisioned capacity may not be cost-effective and does not inherently reduce throttling. Option E is incorrect because enabling auto scaling is not applicable to on-demand mode.

1653
MCQmedium

A company is migrating a PostgreSQL database to Amazon RDS for PostgreSQL. The source database uses custom functions written in PL/Python. What should the company consider?

A.Rewrite the functions in PL/pgSQL or another supported language.
B.Modify the DB parameter group to enable PL/Python.
C.Use RDS Custom for PostgreSQL to install PL/Python.
D.Migrate to Aurora PostgreSQL which supports PL/Python.
AnswerA

RDS PostgreSQL supports only specific procedural languages; PL/Python is not one of them.

Why this answer

Amazon RDS for PostgreSQL does not support PL/Python because it requires the installation of an untrusted procedural language, which poses security risks in a managed database environment. The correct approach is to rewrite the custom functions in a supported language such as PL/pgSQL, PL/Perl, or PL/Tcl, which are trusted languages available in RDS for PostgreSQL.

Exam trap

The trap here is that candidates assume RDS Custom or Aurora PostgreSQL can bypass the PL/Python limitation, but AWS does not support untrusted languages in any managed PostgreSQL offering, and RDS Custom still relies on the standard PostgreSQL engine which lacks PL/Python support.

How to eliminate wrong answers

Option B is wrong because modifying the DB parameter group cannot enable PL/Python; RDS for PostgreSQL does not include the PL/Python extension and does not allow installation of untrusted languages. Option C is wrong because RDS Custom for PostgreSQL still does not support PL/Python; RDS Custom provides OS-level access but the PostgreSQL engine itself must support the language, and PL/Python is not bundled or supported by AWS. Option D is wrong because Aurora PostgreSQL also does not support PL/Python; it shares the same limitations as RDS for PostgreSQL regarding untrusted procedural languages.

1654
Multi-Selecteasy

Which TWO AWS services can be used together to migrate an on-premises MySQL database to Amazon Aurora MySQL with minimal downtime? (Select TWO.)

Select 2 answers
A.AWS Schema Conversion Tool (SCT)
B.Amazon Route 53
C.AWS CloudFormation
D.AWS Database Migration Service (DMS)
E.AWS Global Accelerator
AnswersA, D

Converts schema for compatibility.

Why this answer

AWS Database Migration Service (DMS) can perform continuous replication from an on-premises MySQL source to an Amazon Aurora MySQL target using change data capture (CDC), enabling near-zero downtime. The AWS Schema Conversion Tool (SCT) is used to assess and convert the source schema, including any incompatible objects, to ensure the Aurora target is ready for migration. Together, SCT handles schema transformation while DMS handles the ongoing data replication.

Exam trap

The trap here is that candidates often assume a single service like DMS alone can handle schema conversion, but DMS does not convert incompatible schema objects — that is the specific role of SCT, and both are required for a complete migration with minimal downtime.

1655
MCQhard

Refer to the exhibit. A company has an S3 bucket with server-side encryption using AWS KMS. The bucket policy allows access to a user, but the user receives 'Access Denied' when trying to download an object. The IAM policy for the user is shown. What is the MOST likely cause?

A.The user does not have MFA enabled.
B.The KMS key ID in the policy is incorrect.
C.The policy does not allow kms:Decrypt for the S3 bucket.
D.The policy has a condition that limits kms:Decrypt to when the request is made through the S3 service, but the user might be using a different service to access the object (e.g., directly via KMS API).
AnswerD

The condition 'kms:ViaService' ensures decryption only through S3.

Why this answer

The policy restricts kms:Decrypt to requests coming via S3 service only. If the user is using the AWS CLI with the S3 API directly (not via S3 service principal), the condition fails. Option A is correct.

Option B is wrong because the key ID is correct in the policy. Option C is wrong because condition is the issue, not MFA. Option D is wrong because the policy allows kms:Decrypt for S3.

1656
MCQhard

A company uses Amazon DynamoDB with fine-grained access control based on user identity. The IAM policy for a user includes a condition that restricts access to items where the 'department' attribute equals 'engineering'. However, the user is receiving an 'AccessDeniedException' when trying to query items. What is the most likely cause?

A.The user is not using the correct IAM role.
B.The 'department' attribute is not the partition key of the table.
C.The DynamoDB table is not configured to require SSL.
D.The IAM policy is missing a 'Condition' block.
AnswerB

Fine-grained access control using 'LeadingKeys' requires the condition on the partition key.

Why this answer

Fine-grained access control in DynamoDB uses IAM policy conditions with the 'dynamodb:LeadingKeys' or 'dynamodb:Attributes' condition keys. The 'department' attribute must be the partition key of the table for 'LeadingKeys' to work. If 'department' is not the partition key, the condition cannot be evaluated for the query.

Option A is possible but less likely if the user is using the correct role. Option C is wrong because DynamoDB does not require SSL for all operations. Option D is wrong because Condition check is exactly how it works.

1657
Multi-Selecthard

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer. The application uses Amazon RDS for MySQL. Recently, the database CPU utilization spikes to 100% during peak hours. The team observes that the spike is caused by a large number of slow queries. They need to identify and resolve the issue with minimal disruption. Which combination of steps should they take? (Choose two.)

Select 2 answers
A.Enable RDS Performance Insights to identify the slow queries
B.Upgrade to a larger instance type
C.Increase the DB instance storage to improve I/O
D.Create a read replica and direct reporting queries to the replica
E.Implement connection pooling using Amazon RDS Proxy
AnswersA, D

Performance Insights provides a dashboard to analyze database performance and identify problematic queries.

Why this answer

Option B: Enabling RDS Performance Insights helps identify the slow queries and their resource consumption. Option D: Creating a read replica for reporting queries offloads read traffic from the primary, reducing CPU load. Option A is not a quick identification step.

Option C is a long-term solution. Option E is not directly helpful for identifying slow queries.

1658
MCQeasy

A company is using Amazon DynamoDB with on-demand capacity. The application experiences increased latency during peak hours. The DynamoDB table receives about 5,000 writes per second and 10,000 reads per second. The read latency is high, but write latency is acceptable. What should the company do to reduce read latency?

A.Enable DynamoDB Streams to offload read traffic.
B.Create a read replica of the DynamoDB table.
C.Enable DynamoDB Accelerator (DAX) for the table.
D.Switch to provisioned capacity and enable auto scaling.
AnswerC

DAX caches reads, reducing latency.

Why this answer

Option A is correct. DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache that reduces read latency. Option B is wrong because auto scaling is for provisioned capacity, not on-demand.

Option C is wrong because read replicas are not a DynamoDB feature. Option D is wrong because DynamoDB Streams does not cache data.

1659
Multi-Selecthard

A company is migrating a 2 TB Oracle database to Amazon Aurora MySQL. The database has custom PL/SQL packages and triggers. The migration must be completed with minimal application changes. Which THREE steps should the company take? (Choose three.)

Select 3 answers
A.Use AWS DMS to perform live migration with ongoing replication.
B.Use AWS Schema Conversion Tool (SCT) to convert the schema and code.
C.Use Amazon S3 to store and transfer database dump files.
D.Manually rewrite all PL/SQL packages to MySQL syntax.
E.Test the application thoroughly against the target database.
AnswersA, B, E

DMS minimizes downtime.

Why this answer

AWS DMS supports live migration with ongoing replication, which is essential for migrating a 2 TB Oracle database to Amazon Aurora MySQL with minimal downtime. It can handle continuous changes from the source while the target is being loaded, ensuring near-zero application disruption.

Exam trap

The trap here is that candidates may assume manual rewriting is required for all PL/SQL code, overlooking that SCT automates most of the conversion, or they may choose S3-based dump transfer as a simpler option without considering the need for minimal downtime and ongoing replication.

1660
Multi-Selecteasy

A company wants to monitor the performance of an Amazon RDS for MySQL instance. Which TWO metrics are available in Amazon CloudWatch by default? (Choose 2.)

Select 2 answers
A.FreeableMemory
B.CPUUtilization
C.QueryThroughput
D.ReadThrottleEvents
E.DatabaseConnections
AnswersB, E

Default metric for RDS.

Why this answer

Option A is correct because CPUUtilization is a default metric. Option B is correct because DatabaseConnections is a default metric. Option C is incorrect because it is a metric for DynamoDB.

Option D is incorrect because it is for Redshift. Option E is incorrect because it is not a default metric.

1661
MCQhard

A healthcare company stores patient records in Amazon DynamoDB. Each record includes patient_id (partition key), visit_date (sort key), and a large JSON attribute for medical history. The application frequently queries recent visits for a patient and scans historical data for analytics. The scans on the medical history attribute cause high RCU consumption. The company wants to reduce costs and improve query performance. Which design should be implemented?

A.Compress the medical history attribute using gzip before storing in DynamoDB.
B.Move the medical history attribute to a separate table with patient_id as partition key and visit_date as sort key. Use DynamoDB Streams to keep both tables in sync.
C.Enable DynamoDB Accelerator (DAX) for the table to cache frequent queries.
D.Use Amazon S3 to store the medical history as a separate object and reference it from DynamoDB.
AnswerB

Separating the large attribute reduces RCU consumption for queries that do not need it.

Why this answer

Option B is correct because it separates the large, infrequently accessed medical history attribute from the frequently queried core record, reducing the item size for common queries and thus lowering RCU consumption. By using DynamoDB Streams to synchronize the two tables, you maintain data consistency without adding complexity to the application, and queries against the main table become faster and cheaper since they no longer read the large JSON payload.

Exam trap

The trap here is that candidates often choose compression (Option A) thinking it reduces storage and read costs, but DynamoDB does not natively support compression and charges based on the actual stored item size, so compression must be handled at the application layer and does not reduce RCU consumption.

How to eliminate wrong answers

Option A is wrong because compressing the medical history attribute with gzip before storing it in DynamoDB does not reduce RCU consumption; DynamoDB charges for the actual stored size of the item, and compression is not transparent to read operations—the application would still need to read the compressed data and decompress it, and the item size remains the same from DynamoDB's perspective. Option C is wrong because enabling DAX caches query results but does not reduce the RCU cost of the initial scan or query; DAX is a cache layer that speeds up repeated reads but does not change the fact that scanning the large medical history attribute consumes high RCUs per request. Option D is wrong because while storing medical history in S3 and referencing it from DynamoDB is a valid pattern, it introduces latency for retrieving the history and requires additional application logic to fetch the S3 object; more importantly, it does not address the high RCU consumption from scans on the DynamoDB table itself, as the scans would still need to read the reference attribute (which is small) but the question specifically targets the scans on the medical history attribute causing high RCU consumption.

1662
MCQhard

A company runs an OLTP workload on an RDS for MySQL instance. The database has a table with 50 million rows. The application frequently runs queries that join this table with a small lookup table (1000 rows) using a foreign key. The queries are slow. Which design change would most improve performance?

A.Partition the large table by the foreign key column.
B.Scale up the RDS instance to a larger size.
C.Add an index on the foreign key column in the large table.
D.Create a read replica and direct all read queries to it.
AnswerC

An index on the join column allows the database to quickly find matching rows, dramatically improving join performance.

Why this answer

Option D is correct because proper indexing on the join column eliminates full table scans. Option A is wrong because increasing instance size is a vertical scaling approach that may help but is not as effective as indexing. Option B is wrong because read replicas distribute read traffic but do not speed up individual queries.

Option C is wrong because partitioning can help with data management but not necessarily join performance.

1663
MCQeasy

A startup is deploying a new web application on AWS. The application uses Amazon RDS for PostgreSQL as its database. The developers need to create the initial schema and load test data. They have a SQL script file that creates tables and inserts 10,000 rows. The DB instance is a db.t3.micro with 20 GB gp2 storage. The developers connect to the RDS instance using pgAdmin from their local machine and run the script. The script fails with a 'connection reset' error after inserting 5,000 rows. What is the MOST likely cause?

A.The DB instance ran out of memory or CPU credits due to the intensive script
B.The max_connections parameter was set too low
C.The storage volume reached its maximum capacity
D.The security group blocked the connection due to a timeout
AnswerA

db.t3.micro has limited resources; the script may overwhelm it.

Why this answer

Option A is correct because the db.t3.micro instance has limited memory and CPU credits; a large script can exhaust resources and cause a connection reset. Option B is wrong because the storage is 20 GB and 10,000 rows of test data are small. Option C is wrong because security group timeout is not typical for a connection reset.

Option D is wrong because the default max_connections for db.t3.micro is typically sufficient for a single connection.

1664
MCQhard

A financial services company uses Amazon RDS for MySQL with Multi-AZ and read replicas. The application suddenly reports increased write latency. The DB instance is a db.r5.large with 300 GB of General Purpose SSD (gp2) storage. CloudWatch metrics show Write IOPS is at 2,500 and Write Latency averages 50 ms. What is the most likely cause?

A.The read replica is under-provisioned causing replication lag.
B.The gp2 volume has exhausted its I/O credit balance.
C.The Write IOPS has exceeded the gp2 volume's maximum burst IOPS of 3,000.
D.Multi-AZ synchronous replication is causing high latency.
AnswerB

Exhausted credits cause throttling and increased latency.

Why this answer

Option B is correct because gp2 volumes have a baseline of 3 IOPS per GB, so 300 GB provides 900 baseline IOPS, but can burst up to 3,000 IOPS using I/O credits. Sustained 2,500 IOPS may exhaust the credit balance, leading to throttling and increased latency. Option A is wrong because read replicas do not affect primary write latency.

Option C is wrong because Multi-AZ synchronous replication adds minimal latency, typically 1-2 ms. Option D is wrong because 2,500 IOPS is below the burst maximum of 3,000 IOPS for gp2, so the issue is credit exhaustion, not hitting the maximum.

1665
Multi-Selectmedium

A company is migrating a 500 GB PostgreSQL database from on-premises to Amazon Aurora PostgreSQL. They need to minimize downtime and ensure that all data changes made during migration are synchronized. Which three components are required for this migration? (Choose THREE.)

Select 3 answers
A.AWS Database Migration Service (DMS) replication instance
B.AWS Schema Conversion Tool (SCT)
C.Amazon Aurora PostgreSQL cluster as the target
D.Source PostgreSQL database configured with logical replication
E.AWS VPN connection between on-premises and AWS
AnswersA, C, D

DMS orchestrates the migration and replication.

Why this answer

Options A, B, and D are correct. AWS DMS performs the migration with ongoing replication. An Aurora PostgreSQL target database is needed.

The source database must be configured to allow replication. Option C is wrong because SCT is not needed when source and target are both PostgreSQL. Option E is wrong because a VPN is optional, not required.

1666
MCQhard

A company runs a critical application on Amazon RDS for PostgreSQL. The application team reports that the database occasionally becomes unresponsive for a few seconds. CloudWatch metrics show 'CPUSurplusCreditsCharged' and 'CPUSurplusCredits' are not 0. The instance is a db.t3.medium. What is the likely cause and how should it be fixed?

A.The instance is out of CPU credits and is being throttled; switch to a larger or non-burstable instance
B.Enable Enhanced Monitoring to diagnose the issue
C.Increase the allocated storage to improve I/O
D.The instance is experiencing a failover; enable Multi-AZ
AnswerA

Burstable instances rely on CPU credits; when exhausted, performance is limited, causing unresponsiveness.

Why this answer

Option A is correct because t3 instances are burstable and use CPU credits. When credits are exhausted, they can use surplus credits, which incur charges. If the workload is consistently high, the instance may run out of credits and become throttled, causing unresponsiveness.

The fix is to switch to a T3 unlimited mode (but that incurs charges) or use a non-burstable instance (e.g., m5). Option B is wrong because modifying Multi-AZ does not affect CPU credits. Option C is wrong because enabling Enhanced Monitoring does not fix credit exhaustion.

Option D is wrong because storage optimization does not affect CPU credits.

1667
MCQhard

A financial services company runs an Amazon Aurora MySQL database. The application performs complex joins and aggregations on large tables, causing high CPU utilization on the writer instance. The team wants to reduce load without changing the application code. Which solution would best address this issue?

A.Create one or more Aurora Replicas and route read traffic to them.
B.Switch to asynchronous replication to reduce load on the primary.
C.Enable Aurora Auto Scaling to increase storage capacity.
D.Migrate to Aurora Serverless v2 for automatic scaling.
AnswerA

Read replicas offload SELECT queries from the writer.

Why this answer

Creating one or more Aurora Replicas and routing read traffic to them offloads the complex joins and aggregations from the writer instance, reducing CPU utilization without requiring application code changes. Aurora Replicas share the same underlying storage volume as the writer, so they serve read queries with minimal replication lag while the writer focuses on write operations.

Exam trap

The trap here is that candidates may confuse scaling compute capacity (Aurora Serverless v2) with offloading read traffic, but only read replicas directly reduce CPU load on the writer by moving read-heavy operations to separate instances.

How to eliminate wrong answers

Option B is wrong because switching to asynchronous replication does not reduce CPU load on the primary; it only changes how data is replicated to replicas, and Aurora already uses asynchronous replication between the writer and replicas. Option C is wrong because Aurora Auto Scaling for storage capacity increases storage automatically but does not offload compute or reduce CPU utilization on the writer instance. Option D is wrong because migrating to Aurora Serverless v2 provides automatic scaling of compute capacity but does not inherently separate read and write workloads; the writer instance would still handle all complex queries, so CPU load would remain high.

1668
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database contains sensitive data that must be encrypted at rest. Which action should the company take to enable encryption on the RDS instance?

A.Modify the existing RDS DB instance and enable encryption.
B.Create a new RDS DB instance with encryption enabled and migrate the data.
C.Enable Oracle Transparent Data Encryption (TDE) on the existing RDS instance.
D.Take a snapshot of the existing database, encrypt the snapshot, and restore from it.
AnswerB

Encryption can only be enabled at creation time.

Why this answer

Amazon RDS for Oracle supports encryption at rest using AWS KMS. Encryption can only be enabled when the DB instance is created; you cannot encrypt an existing unencrypted RDS instance. You must either create a new encrypted instance and migrate the data, or use Oracle features like TDE.

Option A is correct because you create a new encrypted instance. Option B is wrong because you cannot modify an existing instance to add encryption. Option C is wrong because you cannot encrypt a snapshot and restore from it if the original instance was unencrypted.

Option D is wrong because Oracle TDE is an option but requires additional configuration; the simplest solution is to create a new encrypted instance.

1669
MCQmedium

A company is running an Amazon RDS for MySQL Multi-AZ DB instance. The primary instance in us-east-1a experiences an unexpected failure. After the automatic failover, the application team reports that write latency has increased significantly. The new primary instance is in us-east-1b. The DB instance class and storage configuration are identical. What is the MOST likely cause of the increased write latency?

A.The DB instance class in us-east-1b is a different size than the original.
B.The application is connecting to the DB instance in a different Availability Zone, increasing network latency.
C.The Multi-AZ configuration uses asynchronous replication, causing higher latency.
D.The new primary is in the same Availability Zone as the application, but the standby is in a different AZ, causing synchronous replication overhead.
AnswerB

The new primary is in us-east-1b, and if the application is in us-east-1a, cross-AZ latency increases write latency.

Why this answer

Option B is correct because after failover, the new primary DB instance resides in us-east-1b, while the application likely continues to connect to the original endpoint or is still running in us-east-1a. This cross-AZ network hop introduces additional latency for write operations, as the application must send data over the network between Availability Zones. The DB instance class and storage are identical, so performance differences are not due to hardware changes.

Exam trap

The trap here is that candidates may assume Multi-AZ failover is transparent and does not affect performance, but cross-AZ network latency for writes can increase significantly if the application remains in the original AZ.

How to eliminate wrong answers

Option A is wrong because the question explicitly states that the DB instance class and storage configuration are identical, so a size difference is not a factor. Option C is wrong because Multi-AZ replication is synchronous, not asynchronous; asynchronous replication would be used for cross-Region read replicas, not for Multi-AZ failover. Option D is wrong because the new primary is in us-east-1b, not the same AZ as the application (which is in us-east-1a), and synchronous replication overhead applies to the standby, not to the application's write path.

1670
Multi-Selecthard

A company's Amazon Aurora MySQL DB cluster is experiencing a failover event. Which THREE metrics in CloudWatch should be examined to understand the cause of the failover?

Select 3 answers
A.ACUUtilization
B.ReadLatency
C.BinLogDiskUsage
D.DatabaseConnections
E.FailoverCount
AnswersA, D, E

High ACU utilization can trigger failover.

Why this answer

Option A is correct because FailoverCount shows how many failovers occurred. Option B is correct because DatabaseConnections can indicate if connections were dropped or maxed out. Option D is correct because ACUUtilization can show resource exhaustion that may trigger failover.

Option C is wrong because BinLogDiskUsage is about binary logs, not failover cause. Option E is wrong because ReadLatency is a symptom but not a direct cause of failover.

1671
MCQmedium

A company is using Amazon RDS for MySQL with automated backups enabled. The security team requires that all backups be encrypted at rest. Which configuration ensures that new automated backups are encrypted?

A.Create a new encrypted DB instance and migrate the data. Automated backups will inherit encryption.
B.Modify the DB instance to enable encryption at rest after creation.
C.Use AWS KMS to encrypt the S3 bucket where automated backups are stored.
D.Enable encryption at rest on the DB instance and also enable encryption on automated backups using the DBSnapshot option.
AnswerA

Creating an encrypted instance ensures all backups (automated and manual) are encrypted.

Why this answer

Option D is correct because enabling encryption on the RDS instance encrypts automated backups as well. Option A is wrong because enabling encryption at rest on the DB instance does encrypt backups, but the DBSnapshot option alone does not encrypt future automated backups. Option B is wrong because automated backups are stored in S3 but cannot be encrypted separately from the instance.

Option C is wrong because encryption at rest must be enabled at creation time; you cannot enable it later without a snapshot restore.

1672
MCQmedium

A company uses Amazon Redshift for data warehousing. They run a query that joins a large fact table (10 billion rows) with a small dimension table (1 million rows). The query is slow. The distribution style of the fact table is AUTO, and the dimension table has DISTSTYLE ALL. The join key is user_id. What is the MOST likely reason for the poor performance?

A.The dimension table does not have a sort key on user_id
B.The fact table's distribution key is not user_id, causing redistribution
C.The dimension table uses DISTSTYLE ALL, which is inefficient for joins
D.The fact table should have column compression disabled for the join key
AnswerB

AUTO may distribute by another key, leading to large data movement during join.

Why this answer

Redshift distributes data across slices. For joins, distribution keys should align to avoid data redistribution. With DISTSTYLE ALL on the dimension table, it is copied to all nodes, which is good.

The fact table uses AUTO, which may choose a suboptimal distribution key. If the fact table is distributed by user_id, it should be fine. However, the issue may be that the dimension table is not sorted on the join key, or the fact table's distribution key is not user_id.

Option B is wrong because DISTSTYLE ALL is actually beneficial for small tables. Option C is wrong because no sort key on dimension table is less critical. Option D is wrong because column compression helps scan performance but not joins.

1673
MCQhard

A company uses Amazon RDS for SQL Server with Multi-AZ deployment. During a failover test, the application experienced a longer downtime than expected. Which monitoring metric should be reviewed to understand the failover duration?

A.FailoverTime
B.WriteLatency
C.DatabaseConnections
D.ReplicaLag
AnswerA

FailoverTime is a CloudWatch metric specific to Multi-AZ failover duration.

Why this answer

Option B is correct because the FailoverTime metric in CloudWatch measures the time taken for a Multi-AZ failover. Option A is wrong because DatabaseConnections measures the number of connections, not failover time. Option C is wrong because ReplicaLag is for read replicas, not Multi-AZ.

Option D is wrong because WriteLatency measures write latency, not failover duration.

1674
Multi-Selecthard

Which THREE factors should be considered when choosing between a homogeneous migration and a heterogeneous migration to Amazon RDS? (Select THREE.)

Select 3 answers
A.Network latency between source and target.
B.Performance requirements of the target database.
C.Amount of application code changes needed.
D.Schema compatibility between source and target.
E.Licensing costs of the target database engine.
AnswersB, D, E

May influence engine choice.

Why this answer

Option B is correct because the performance requirements of the target database directly influence the choice between homogeneous and heterogeneous migrations. In a homogeneous migration (e.g., MySQL to RDS MySQL), the target engine is identical, so performance tuning is minimal. In a heterogeneous migration (e.g., Oracle to RDS PostgreSQL), the target engine has different query optimizers, indexing strategies, and concurrency models, which may require re-architecting to meet performance SLAs.

AWS DMS Schema Conversion Tool (SCT) can help assess performance impacts, but the target engine's inherent performance characteristics must be evaluated upfront.

Exam trap

The trap here is that candidates confuse migration method factors (e.g., network latency, downtime tolerance) with migration type factors (e.g., schema compatibility, licensing, performance), leading them to select A as a relevant consideration when it only applies to the migration approach, not the choice between homogeneous and heterogeneous.

1675
Multi-Selecteasy

A database administrator is monitoring an Amazon RDS for PostgreSQL DB instance. The administrator notices that the DB instance is using more memory than expected. Which TWO metrics in Amazon CloudWatch can help diagnose memory usage?

Select 2 answers
A.NetworkReceiveThroughput
B.FreeableMemory
C.ReadIOPS
D.DatabaseConnections
E.SwapUsage
AnswersB, E

This metric shows the amount of available RAM.

Why this answer

Option A is correct because FreeableMemory shows available memory. Option D is correct because SwapUsage indicates swapping, which occurs when memory is low. Option B is wrong because ReadIOPS is I/O metric.

Option C is wrong because DatabaseConnections shows connections, not memory. Option E is wrong because NetworkReceiveThroughput is network metric.

1676
MCQhard

A security engineer is designing a VPC with an RDS instance. The database must not be accessible from the internet, but EC2 instances in a private subnet must connect. Which security group configuration is MOST secure?

A.Set the RDS security group inbound rule to allow traffic from the VPC CIDR on port 3306.
B.Set the RDS security group inbound rule to allow traffic from 0.0.0.0/0 on port 3306.
C.Set the RDS security group inbound rule to allow traffic from the private subnet CIDR on port 3306.
D.Set the RDS security group inbound rule to allow traffic from the EC2 security group on port 3306.
AnswerD

This is the most secure, least-privilege approach.

Why this answer

Option D is the most secure because it uses a security group reference instead of a CIDR block. By referencing the EC2 security group as the source in the RDS security group inbound rule, only instances associated with that specific security group can communicate with the database on port 3306. This approach adheres to the principle of least privilege and automatically scales as instances are added or removed from the EC2 security group, without needing to update CIDR ranges.

Exam trap

The trap here is that candidates often choose a CIDR-based rule (like the private subnet CIDR) thinking it is sufficiently restrictive, but they overlook the superior security and operational benefits of using a security group reference, which is a key concept tested in the DBS-C01 exam for database security.

How to eliminate wrong answers

Option A is wrong because allowing traffic from the entire VPC CIDR (e.g., 10.0.0.0/16) is overly permissive; any resource in the VPC, including those in public subnets or unintended services, could reach the RDS instance, increasing the attack surface. Option B is wrong because allowing traffic from 0.0.0.0/0 on port 3306 makes the database publicly accessible from the internet, directly violating the requirement that the database must not be accessible from the internet. Option C is wrong because while it restricts traffic to the private subnet CIDR, it still allows any instance in that subnet (including compromised or unauthorized ones) to connect, and it does not automatically adjust if the subnet CIDR changes or if instances are added to a different private subnet.

1677
Multi-Selecthard

A company runs a MySQL-compatible database on Amazon RDS for a mission-critical application. The database experiences high write latency due to frequent index updates. The team wants to redesign the database to reduce write amplification and improve insert performance. Which TWO design changes could help?

Select 2 answers
A.Switch the storage engine from InnoDB to MyISAM
B.Use batch INSERT statements instead of single-row inserts
C.Upgrade to a larger RDS instance class
D.Remove unused or redundant indexes
E.Normalize the database schema to reduce data redundancy
AnswersB, D

Batch inserts reduce transaction overhead and log I/O.

Why this answer

Option A (removing unused indexes) directly reduces write amplification. Option C (batch inserts) reduces per-row overhead. Option B (increasing instance size) may not address root cause.

Option D (changing to InnoDB) is already MySQL's default engine; switching to MyISAM is not recommended. Option E (normalizing) might increase joins but not necessarily reduce write amplification.

1678
MCQmedium

A company runs a critical Amazon DynamoDB table with on-demand capacity. The table experiences throttling errors (ProvisionedThroughputExceededException) during peak hours. The table has a global secondary index (GSI) with a different partition key. What is the MOST likely cause of the throttling?

A.The base table's write capacity is insufficient for the workload.
B.The global secondary index is throttling due to uneven access patterns.
C.The partition key design causes hot partitions in the base table.
D.The table's read capacity is too low for the read-heavy workload.
AnswerB

GSIs on on-demand tables have their own capacity; hot partitions can cause throttling.

Why this answer

Option C is correct because on-demand tables can throttle if a GSI's write capacity is exceeded. Option A is incorrect because on-demand capacity scales automatically for the base table. Option B is incorrect because throttling is not due to read-heavy workloads on the base table.

Option D is incorrect because partition keys are automatically managed.

1679
MCQmedium

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The database experiences intermittent write latency spikes. CloudWatch shows elevated 'WriteLatency' and 'WriteIOPS' but normal 'CPUUtilization'. Which is the MOST likely cause?

A.A parameter group change was applied without rebooting
B.The instance is exceeding the provisioned IOPS burst balance
C.A read replica is being used for write operations
D.Multi-AZ replication is causing synchronous writes to the standby
AnswerB

When EBS burst balance depletes, write latency spikes occur even with low CPU.

Why this answer

Option D is correct because write spikes with high IOPS but low CPU often indicate storage performance issues like exceeding EBS burst balance. Option A is wrong because Multi-AZ replication does not cause write latency. Option B is wrong because read replica lag affects read, not write.

Option C is wrong because parameter group changes require reboot and affect all operations, not intermittent.

1680
Multi-Selecthard

A company uses Amazon DynamoDB to store order data. The table has a primary key (OrderID) and a Global Secondary Index (GSI) on CustomerID. The application often queries for all orders of a customer sorted by order date. The GSI projects only the keys. The queries are slow. What should the team do to improve query performance? (Choose two.)

Select 2 answers
A.Enable DynamoDB Accelerator (DAX) for the table
B.Increase the read capacity of the GSI
C.Modify the GSI to include OrderDate as a sort key
D.Use a Local Secondary Index (LSI) instead of a GSI
E.Change the GSI projection to include all attributes
AnswersC, E

Adding OrderDate as a sort key allows the GSI to return items sorted by order date without additional processing.

Why this answer

Option B: Adding a sort key (OrderDate) to the GSI allows sorting natively. Option D: If the GSI projects only keys, each query results in a fetch from the base table (expensive). Changing projection to INCLUDE or ALL avoids the extra fetch.

Option A would increase write costs unnecessarily. Option C may not help if the GSI is inefficient. Option E is not directly related.

1681
MCQeasy

A database administrator notices that an Amazon RDS for Oracle DB instance's CPU utilization is consistently above 90% during peak hours. The application is read-heavy. Which action can reduce CPU load?

A.Disable Multi-AZ to free up resources
B.Increase the allocated storage
C.Enable Performance Insights to optimize queries
D.Create a read replica and direct read traffic to it
AnswerD

Offloading reads to a read replica reduces CPU load on the primary instance.

Why this answer

Option B is correct because creating a read replica offloads read traffic from the primary instance, reducing CPU usage. Option A is wrong because increasing instance size may help but is more costly; also, read replica is a better practice for read-heavy workloads. Option C is wrong because disabling Multi-AZ reduces availability, not CPU.

Option D is wrong because enabling Performance Insights adds overhead, not reduces CPU.

1682
MCQeasy

A company needs to audit all SQL queries executed on an Amazon RDS for PostgreSQL instance. Which feature should the company enable?

A.pgAudit extension
B.Advanced Audit
C.Database Activity Streams
D.Fine-Grained Auditing
AnswerA

pgAudit provides detailed audit logs.

Why this answer

Option A is correct because RDS for PostgreSQL supports pgAudit extension. Option B is incorrect because it is not a feature. Option C is incorrect because it is for MySQL.

Option D is incorrect because it is for Oracle.

1683
MCQmedium

A company is migrating a 1 TB SQL Server database to Amazon RDS for SQL Server. The migration window is 4 hours. The on-premises network bandwidth is 1 Gbps. The database is not actively used during the migration window. The team wants to minimize migration time and cost. Which migration strategy is most appropriate?

A.Use SQL Server BCP utility to export data and then import using DTS.
B.Use AWS Snowball to transfer the database files.
C.Create a native backup, upload to S3, restore to RDS.
D.Use AWS DMS with full load only.
AnswerD

DMS can complete full load within 4 hours over 1 Gbps.

Why this answer

Option C is correct: using AWS DMS with full load is the fastest and most cost-effective. Option A is wrong because BCP/DTS may be slower. Option B is wrong because native backup/restore requires S3 transfer and is slower.

Option D is wrong because Snowball is unnecessary for 1 TB over 1 Gbps.

1684
Multi-Selectmedium

A company is deploying an Amazon Aurora MySQL database with read replicas. They need to ensure high availability and disaster recovery across AWS Regions. Which THREE components should be included?

Select 3 answers
A.Aurora Replicas in the same Region
B.Aurora Global Database
C.Auto Scaling groups
D.Amazon Route 53 with health checks and failover policy
E.Amazon CloudFront
AnswersA, B, D

Aurora Replicas provide high availability within the region.

Why this answer

Aurora Replicas in the same Region provide read scaling and automatic failover within an AWS Region. They share the same underlying storage volume as the primary instance, so failover is fast (typically under 30 seconds) and does not require data rehydration. This is a core component for high availability within a single Region.

Exam trap

The trap here is that candidates often confuse Auto Scaling groups (which scale compute resources) with database replication or failover mechanisms, or they mistakenly think CloudFront can serve as a database-level disaster recovery solution when it only caches content at the edge.

1685
MCQeasy

A gaming company runs a leaderboard application on Amazon DynamoDB. The application experiences sudden spikes in read traffic during tournaments. The table uses on-demand capacity and the reads are eventually consistent. However, some users report stale data for several seconds. What is the most likely cause?

A.The application is using eventually consistent reads.
B.The table is using on-demand capacity instead of provisioned capacity.
C.The table has a global secondary index (GSI) that is not updated synchronously.
D.The read capacity units are insufficient for the traffic spikes.
AnswerA

Eventually consistent reads can return stale data within about 1 second.

Why this answer

The correct answer is A because eventually consistent reads in DynamoDB can return stale data for up to one second under normal conditions, but during sudden spikes in read traffic, the replication lag can extend to several seconds. The application is using eventually consistent reads, which trade immediate consistency for higher throughput and lower latency, making stale data more likely during high-traffic periods like tournaments.

Exam trap

The trap here is that candidates may confuse eventual consistency with capacity issues, but DynamoDB's on-demand mode eliminates throttling, so stale data points directly to the consistency model rather than resource constraints.

How to eliminate wrong answers

Option B is wrong because on-demand capacity automatically scales to handle traffic spikes without throttling, so it does not cause stale data. Option C is wrong because global secondary indexes (GSIs) are updated synchronously with the base table in DynamoDB, meaning they always reflect the latest write; stale data from a GSI would only occur if the application used eventually consistent reads on the GSI itself. Option D is wrong because read capacity units are not applicable to on-demand capacity mode, which has no fixed capacity limits; insufficient capacity would cause throttling errors (e.g., ProvisionedThroughputExceededException), not stale data.

1686
Multi-Selecthard

Which THREE of the following are best practices for securing an Amazon Aurora MySQL database? (Select THREE.)

Select 3 answers
A.Enable encryption at rest using AWS KMS.
B.Enable audit logging to track database activity.
C.Store database credentials in application code for simplicity.
D.Use IAM database authentication for access.
E.Disable automated backups to reduce attack surface.
AnswersA, B, D

Encryption at rest protects data if storage is compromised.

Why this answer

Options A, B, and E are correct. Option C is wrong because storing secrets in application code is insecure. Option D is wrong because disabling automated backups reduces data durability.

1687
MCQmedium

Refer to the exhibit. A database engineer runs the command and receives the above output. The engineer wants to convert the database to Multi-AZ. Which command should be used?

A.aws rds reboot-db-instance --db-instance-identifier mydb --force-failover
B.aws rds create-db-instance --db-instance-identifier mydb --multi-az
C.aws rds modify-db-instance --db-instance-identifier mydb --multi-az
D.aws rds create-db-cluster --db-instance-identifier mydb --multi-az
AnswerC

The modify-db-instance command can update the Multi-AZ setting.

Why this answer

Option B is correct because 'modify-db-instance' with --multi-az is the correct AWS CLI command to enable Multi-AZ. Option A is wrong because 'create-db-instance' is for new instances, not modifying existing ones. Option C is wrong because 'reboot-db-instance' restarts the instance but does not change Multi-AZ.

Option D is wrong because 'create-db-cluster' is for Aurora, not for converting a single DB instance to Multi-AZ.

1688
MCQeasy

A company has an Amazon DynamoDB table that stores session data for a web application. The table's read capacity units (RCUs) are consistently near 100% utilization during peak hours, causing throttling. The application can tolerate eventually consistent reads. Which action should the application team take to reduce throttling?

A.Decrease the provisioned RCUs for the table.
B.Enable DynamoDB Accelerator (DAX) to cache the session data.
C.Change the read consistency to eventually consistent.
D.Increase the provisioned RCUs for the table.
AnswerC

Eventually consistent reads use half the RCUs of strongly consistent reads, allowing more read operations without increasing capacity.

Why this answer

Option A is correct because using eventually consistent reads consumes only half the RCUs compared to strongly consistent reads, effectively doubling the read capacity. Option B is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that can reduce read load but does not directly address the RCU consumption for reads that still hit the table. Option C is wrong because increasing RCUs would solve throttling but increase costs unnecessarily if eventually consistent reads suffice.

Option D is wrong because decreasing RCUs would worsen throttling.

1689
MCQmedium

A company uses Amazon RDS for Oracle with a Multi-AZ deployment for a critical OLTP application. During a recent failover test, they noticed that the application experienced a two-minute downtime. The team wants to reduce downtime to under 30 seconds during automatic failovers. What should they do?

A.Add a read replica to offload reads
B.Reduce the DNS TTL value to 5 seconds
C.Enable Automatic Failover in the RDS console
D.Migrate to Amazon Aurora with Multi-AZ and use the Aurora auto-failover feature
AnswerD

Aurora failover is typically under 30 seconds, and it provides faster recovery than RDS Multi-AZ.

Why this answer

Amazon RDS Multi-AZ failovers typically take 1-2 minutes. To reduce failover times, use Multi-AZ with two readable standbys in RDS for Oracle (if supported) or migrate to Amazon Aurora, which has faster failover (typically under 30 seconds) and also provides read replicas. Option A does not help.

Option B reduces failover detection time but not the failover process itself. Option D is about read replicas, not failover.

1690
MCQhard

A gaming company uses Amazon ElastiCache for Redis as a leaderboard for real-time game scores. The leaderboard is updated frequently by millions of users. The application uses sorted sets with player scores. Recently, the leaderboard update latency increased and the cache evictions spiked. The company needs to ensure low-latency updates and high availability. The current setup is a single Redis node. Which design should be implemented?

A.Upgrade to a larger single Redis node instance type to handle the load.
B.Replace Redis with DynamoDB for the leaderboard, using a global secondary index on score.
C.Use a Redis Cluster with multiple shards. Enable AOF persistence and use a read replica for the leaderboard queries.
D.Use ElastiCache for Redis with cluster mode disabled and enable Multi-AZ.
AnswerC

Redis Cluster distributes data across shards, reducing load per node. Read replicas can handle queries, and AOF ensures durability.

Why this answer

Option C is correct because Redis Cluster with multiple shards distributes the write load across shards, reducing per-node pressure and evictions. Enabling AOF persistence ensures durability, while using a read replica for leaderboard queries offloads read traffic from the primary shard, maintaining low-latency updates. This design provides both horizontal scaling and high availability, addressing the increased update latency and eviction spikes.

Exam trap

The trap here is that candidates may assume Multi-AZ (Option D) alone solves high availability and performance, but without sharding (cluster mode enabled), a single node remains a bottleneck for write-heavy workloads, and evictions will continue.

How to eliminate wrong answers

Option A is wrong because upgrading to a larger single Redis node instance type only provides vertical scaling, which has a hard ceiling and does not eliminate the single point of failure or the risk of evictions under sustained high write throughput. Option B is wrong because DynamoDB with a global secondary index on score is not optimized for real-time sorted set operations like ZADD and ZRANGE; it lacks the atomic, in-memory sorted set semantics that Redis provides for leaderboards, leading to higher latency and complexity for frequent updates. Option D is wrong because ElastiCache for Redis with cluster mode disabled and Multi-AZ only provides failover redundancy but does not shard data; a single node still handles all writes, so evictions and latency will persist under high load.

1691
Multi-Selectmedium

A company is deploying a new MySQL database on Amazon RDS. The database must be highly available and support cross-Region disaster recovery. Which TWO actions should be taken? (Choose two.)

Select 2 answers
A.Enable encryption at rest using AWS KMS.
B.Deploy a Multi-AZ instance in multiple regions.
C.Enable automated backups with a retention period of 35 days.
D.Create a cross-region read replica.
E.Enable Multi-AZ for automatic failover within a region.
AnswersD, E

Provides disaster recovery in another region.

Why this answer

Options A and C are correct. Enabling Multi-AZ provides high availability within a region. Creating a cross-region read replica provides disaster recovery.

Option B is wrong because automated backups are for point-in-time recovery, not cross-region DR. Option D is wrong because RDS does not support Multi-Region Multi-AZ. Option E is wrong because encryption is for security, not HA or DR.

1692
MCQmedium

A company is using Amazon ElastiCache for Redis to cache database query results. They notice that the cache hit ratio is low and many requests are hitting the database. The 'Evictions' metric is high. What is the MOST likely cause?

A.The replication factor is insufficient.
B.Encryption in transit is enabled.
C.The application is experiencing high network latency.
D.The cache node is too small for the workload.
AnswerD

A small cache leads to frequent evictions, reducing the cache hit ratio.

Why this answer

Option A is correct because high evictions indicate the cache is full, leading to item removal and low hit ratio. Option B is wrong because high latency does not directly cause evictions. Option C is wrong because insufficient replication factor does not cause evictions.

Option D is wrong because encryption in transit does not affect cache performance.

1693
MCQhard

A company is designing a social media application that requires storing user relationships (follows) and making graph queries like 'mutual friends.' Which database is most suitable?

A.Amazon ElastiCache for Redis
B.Amazon DynamoDB
C.Amazon Neptune
D.Amazon RDS for MySQL
AnswerC

Neptune is a graph database optimized for highly connected data and graph queries.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for storing and querying highly connected data. It supports both property graph and RDF models, and it uses Gremlin or SPARQL to efficiently traverse relationships like 'mutual friends' in a social media application, making it the ideal choice for graph queries.

Exam trap

The trap here is that candidates often choose DynamoDB for its scalability and low latency, overlooking that graph queries like 'mutual friends' require native graph traversal capabilities that DynamoDB's key-value model cannot efficiently provide.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis is an in-memory key-value store and cache, not a graph database; it lacks native graph traversal capabilities and would require complex application-side logic to compute mutual friends. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support graph queries; it would require multiple queries and client-side joins to resolve relationships, leading to poor performance and scalability for graph workloads. Option D is wrong because Amazon RDS for MySQL is a relational database that uses SQL joins to model relationships, which becomes inefficient and unscalable for deep graph traversals like mutual friends due to the exponential number of join operations required.

1694
MCQhard

A company runs a multi-tenant SaaS application on Amazon DynamoDB. Each tenant's data is stored in a separate table named with a tenant-specific prefix (e.g., tenant1_orders, tenant2_orders). The application uses DynamoDB Streams to replicate data to a central analytics table. Recently, the company added a new large tenant that generates 10x more write traffic than any other tenant. The DynamoDB Streams for the large tenant's table is falling behind by several hours, causing stale data in the analytics table. The company has already increased the write capacity of the large tenant's table to 50,000 WCUs, but the streams lag persists. The analytics table is also in DynamoDB and uses a Global Secondary Index (GSI) for querying. The streams processing Lambda function performs simple transformations and writes to the analytics table. The Lambda function is not throttled. Which action would resolve the streams lag?

A.Enable DynamoDB on-demand mode for the large tenant's table to allow automatic scaling of stream shards.
B.Remove the GSI from the analytics table to reduce write amplification.
C.Increase the Lambda function's reserved concurrency to the maximum.
D.Increase the write capacity of the large tenant's table to 100,000 WCUs.
AnswerA

On-demand mode adjusts the number of stream shards based on write traffic, which can help with lag.

Why this answer

Option A is correct because DynamoDB Streams shards are directly tied to the physical partitions of the table. When a table is in provisioned mode, the number of stream shards is fixed and determined by the table's partitions, which cannot scale independently. Enabling on-demand mode allows DynamoDB to automatically split partitions and thus increase the number of stream shards, enabling higher stream throughput to keep up with the large tenant's write volume.

This directly addresses the root cause of the streams lag without requiring manual partition management.

Exam trap

The trap here is that candidates assume increasing write capacity alone will resolve stream lag, but they overlook that stream shard count is tied to physical partitions, which only increase with on-demand mode or by triggering partition splits through sustained high throughput.

How to eliminate wrong answers

Option B is wrong because removing the GSI from the analytics table would reduce write amplification for writes to the analytics table, but the bottleneck is the DynamoDB Streams processing of the large tenant's source table, not the write capacity of the analytics table. Option C is wrong because the Lambda function is not throttled, so increasing reserved concurrency will not help; the issue is that the stream shards cannot process records fast enough due to insufficient shard count. Option D is wrong because increasing write capacity to 100,000 WCUs does not increase the number of stream shards; stream shard count is determined by the number of physical partitions, which only changes when partitions split, and provisioned WCUs alone do not trigger partition splits beyond the initial allocation.

1695
MCQmedium

A company is building a real-time chat application that requires storing messages with a maximum of 10,000 characters per message. The application needs sub-millisecond latency for reads and writes. The data must be durable and replicated across three Availability Zones. The development team wants to minimize operational overhead. Which AWS database service is most appropriate?

A.Amazon ElastiCache for Redis with replication
B.Amazon DynamoDB with DAX
C.Amazon RDS for PostgreSQL with Multi-AZ
D.Amazon Aurora MySQL with Multi-AZ
AnswerB

Serverless, sub-millisecond latency, durable, multi-AZ.

Why this answer

Amazon DynamoDB with DAX is the most appropriate choice because it provides single-digit millisecond latency for reads and writes, supports up to 400 KB per item (easily accommodating 10,000 characters), and offers built-in replication across three Availability Zones for durability. DAX (DynamoDB Accelerator) further reduces read latency to sub-millisecond by serving as an in-memory cache, while DynamoDB itself handles write durability and replication automatically, minimizing operational overhead.

Exam trap

The trap here is that candidates often choose ElastiCache for Redis (Option A) because of its sub-millisecond latency, overlooking the requirement for durable, multi-AZ replicated storage that Redis alone does not provide natively without additional configuration and operational overhead.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis is an in-memory data store that does not provide durable storage by default; while it can be configured with replication, it lacks the native multi-AZ durability guarantees required for persistent message storage and would require additional infrastructure for data persistence. Option C is wrong because Amazon RDS for PostgreSQL with Multi-AZ provides high availability but cannot achieve sub-millisecond latency for both reads and writes due to disk-based storage and synchronous replication overhead, and it requires manual scaling and management. Option D is wrong because Amazon Aurora MySQL with Multi-AZ offers better performance than standard RDS but still cannot guarantee sub-millisecond latency for writes due to its distributed storage architecture and replication across three AZs, and it introduces more operational complexity than a fully managed NoSQL solution like DynamoDB.

1696
MCQeasy

An administrator notices that the CloudWatch metric 'ReadLatency' for an Amazon RDS for SQL Server instance has increased significantly. Which of the following is the most likely cause?

A.The DB instance is experiencing high CPU utilization.
B.The DB instance is running out of memory.
C.The DB instance is using a burstable instance class that has exhausted its credits.
D.The DB instance does not have enough provisioned IOPS.
AnswerD

Insufficient IOPS can cause read operations to queue, increasing latency.

Why this answer

High ReadLatency indicates that read operations are taking longer. This can be due to high I/O wait, which can be caused by insufficient I/O throughput (provisioned IOPS). Option A is correct: insufficient IOPS can cause latency.

Option B is incorrect: high CPU may cause slower processing but not directly read latency. Option C is incorrect: network bandwidth does not directly affect storage latency. Option D is incorrect: memory pressure can cause swapping, which affects latency but not as directly as IOPS.

1697
Multi-Selectmedium

A company is deploying a new application using Amazon RDS for PostgreSQL. They require high availability with automatic failover and the ability to offload read traffic. Which TWO features should they enable? (Choose two.)

Select 2 answers
A.Multi-AZ deployment
B.Read replicas
C.Performance Insights
D.Global Database
E.Auto Scaling for read replicas
AnswersA, B

Multi-AZ provides automatic failover to a standby in another Availability Zone.

Why this answer

Multi-AZ deployment (Option A) provides high availability by automatically provisioning and maintaining a synchronous standby replica in a different Availability Zone. If the primary DB instance fails, Amazon RDS automatically fails over to the standby, ensuring minimal downtime. Read replicas (Option B) offload read traffic by creating asynchronous copies of the database that can serve read queries, reducing load on the primary instance.

Exam trap

The trap here is that candidates may confuse Multi-AZ with read replicas, thinking they serve the same purpose, or incorrectly assume that Global Database or Auto Scaling for read replicas are available for standard RDS PostgreSQL, when they are either Aurora-specific or not supported.

1698
MCQmedium

A developer is troubleshooting an application that uses Amazon DynamoDB. The application sometimes receives ProvisionedThroughputExceededException errors. The table has on-demand capacity mode. The errors occur in short bursts. What is the most likely cause?

A.The table has a low read/write capacity mode limit that needs to be increased.
B.The global secondary index (GSI) has a different throughput limit.
C.The table has reached the maximum provisioned throughput.
D.The request rate exceeds the partition's throughput capacity in a short burst.
AnswerD

On-demand can throttle if a single partition's throughput is exceeded.

Why this answer

On-demand capacity mode can handle up to the table's previous peak traffic. However, if traffic spikes suddenly, DynamoDB might throttle. Option D is correct because on-demand has a limit on the maximum throughput per partition.

Option A is wrong because indexes share the table's capacity. Option B is wrong because on-demand does not have provisioned limits. Option C is wrong because the table is on-demand, not provisioned.

1699
MCQhard

Refer to the exhibit. An application on an EC2 instance is trying to read an object from the S3 bucket 'data-lake-prod'. The instance is in a VPC with an IP address of 10.0.1.5. The application receives an Access Denied error. What is the cause?

A.An SCP is denying S3 access to the account.
B.A Deny statement with a source IP condition is blocking access.
C.The S3 bucket policy requires a specific VPC endpoint.
D.The IAM role does not have permission to read from the bucket.
AnswerB

The Deny with condition matches the IP and overrides the Allow.

Why this answer

Option B is correct. The Deny statement applies to the source IP 10.0.1.5 (within 10.0.0.0/8), overriding the Allow. Option A is wrong because the IAM role does allow s3:GetObject on the bucket.

Option C is wrong because there is no explicit condition on the Allow statement. Option D is wrong because the policy is attached to the role, not an SCP.

1700
MCQmedium

Refer to the exhibit. A database administrator is writing an IAM policy to manage Amazon RDS snapshots. The policy allows actions on all RDS resources but denies deletion of any DB instance with the prefix 'production-'. A developer attempts to delete a snapshot named 'production-snapshot-2020'. Will this action be allowed?

A.Yes, but only if the developer has the necessary permissions.
B.No, because the Deny statement overrides the Allow statement.
C.Yes, because the Deny statement only applies to deleting DB instances, not snapshots.
D.No, because the snapshot name starts with 'production-', which matches the resource pattern in the Deny statement.
AnswerC

The Deny is specific to 'rds:DeleteDBInstance', so snapshot deletion is allowed.

Why this answer

Option B is correct because the 'Deny' statement only applies to the 'rds:DeleteDBInstance' action, not to 'rds:DeleteDBSnapshot'. The 'Allow' statement explicitly allows 'rds:DeleteDBSnapshot' on all resources. Since there is no explicit deny for deleting snapshots, the allow takes effect.

Option A is incorrect because the deny only applies to deleting instances, not snapshots. Option C is incorrect because the policy does not deny snapshot deletion. Option D is incorrect because the developer is allowed to delete snapshots.

1701
MCQeasy

A company is deploying a new application that requires a MySQL-compatible database with automatic scaling of compute and storage resources. Which AWS service should be used?

A.Amazon Aurora MySQL
B.Amazon RDS for MySQL
C.Amazon DynamoDB
D.Amazon Redshift
AnswerA

Supports automatic scaling for compute and storage.

Why this answer

Amazon Aurora with Auto Scaling capabilities (Aurora Auto Scaling for replicas, storage auto scaling). Option A: RDS MySQL has manual scaling only. Option C: DynamoDB is NoSQL.

Option D: Redshift is data warehouse.

1702
MCQeasy

A company wants to ensure that only specific IAM users can perform certain operations on an Amazon RDS DB instance, such as creating snapshots or modifying the instance. Which AWS feature should be used to define these permissions?

A.VPC security groups
B.IAM policies
C.DB parameter groups
D.DB subnet groups
AnswerB

IAM policies define permissions for AWS actions on resources like RDS.

Why this answer

Option D is correct. IAM policies are used to grant permissions to IAM users, groups, or roles for specific AWS resources, including RDS. Options A, B, and C are not used for access control: Security groups control network traffic, DB subnet groups define network subnets, and parameter groups configure database engine settings.

1703
MCQmedium

A company is running a production Amazon RDS for MySQL DB instance. The application team reports intermittent high latency and connection timeouts. A quick check shows that the DB instance's CPU utilization is consistently above 90% during peak hours. The database size is 500 GB and the instance class is db.r5.large. Which combination of actions should a database specialist take to resolve the performance issue?

A.Increase the allocated storage to 1 TB and enable auto-scaling for storage.
B.Scale up the DB instance to db.r5.xlarge and review slow query logs to optimize poorly performing queries.
C.Enable Multi-AZ and increase the allocated storage to 1 TB to improve I/O performance.
D.Enable Performance Insights and create a CloudWatch alarm to notify when CPU exceeds 80%.
AnswerB

Scaling up provides more CPU and memory; slow query logs help identify and fix inefficient queries.

Why this answer

Option B is correct because scaling up the DB instance to db.r5.xlarge increases compute capacity, which directly addresses high CPU utilization. Additionally, reviewing slow query logs can identify inefficient queries causing CPU spikes. Option A is wrong because enabling Multi-AZ does not increase compute capacity; it only provides high availability.

Option C is wrong because enabling Performance Insights helps diagnose but does not resolve the issue. Option D is wrong because increasing the allocated storage does not affect CPU performance.

1704
Matchingmedium

Match each AWS database-related CLI command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Creates a new RDS DB instance

Inserts or replaces an item in a DynamoDB table

Returns details about Redshift clusters

Creates an ElastiCache cache cluster

Lists manual and automated DB snapshots

Why these pairings

Common AWS CLI commands for database services.

1705
MCQeasy

A company is running an Amazon Aurora MySQL-compatible edition DB cluster. The application reports that a recent schema change caused a significant increase in the number of deadlocks. Which parameter should the DBA check and possibly adjust to reduce deadlocks?

A.innodb_lock_wait_timeout
B.autocommit
C.max_connections
D.transaction_isolation
AnswerA

This timeout affects how long transactions wait for locks, influencing deadlock handling.

Why this answer

Option C is correct. The innodb_lock_wait_timeout controls how long a transaction waits for a lock before rolling back. Reducing it can help avoid long waits, but deadlocks are often resolved by MySQL automatically; adjusting this parameter may not directly reduce deadlocks but can help.

Actually, for deadlocks, the best practice is to examine the application logic. However, among the options, innodb_lock_wait_timeout is relevant. Option A is wrong because transaction isolation level affects concurrency but not deadlocks directly.

Option B is wrong because max_connections is about connection count. Option D is wrong because autocommit affects transaction behavior.

1706
Multi-Selecteasy

Which TWO AWS services can be used to migrate a MongoDB database to Amazon DocumentDB? (Choose 2.)

Select 2 answers
A.AWS DataSync
B.AWS Database Migration Service (AWS DMS)
C.Amazon S3
D.MongoDB native tools (mongodump and mongorestore)
E.Amazon Kinesis Data Streams
AnswersB, D

DMS supports MongoDB to DocumentDB migration.

Why this answer

AWS DMS supports migration from MongoDB to DocumentDB, and MongoDB's native mongodump and mongorestore can be used. Option C (S3) is not directly used. Option D (DataSync) is for file data.

Option E (Kinesis) is for streaming data.

1707
MCQhard

A company is running a MongoDB-compatible Amazon DocumentDB cluster with one writer and two readers. The application writes a large amount of data during batch processing, and after a batch completes, the writer's CPU is high, and the readers have significant replica lag. The team wants to reduce replica lag without affecting the batch performance. What should they do?

A.Change the storage type to Provisioned IOPS on all instances
B.Increase the instance size of the readers to improve apply throughput
C.Reduce the batch size to lower the write rate
D.Increase the instance size of the writer to handle the batch faster
AnswerB

Larger readers can apply oplog entries faster, reducing lag.

Why this answer

Option D is correct because the replica lag is due to the readers applying writes from the oplog; increasing the reader instance size gives them more CPU and memory to apply writes faster. Option A is incorrect because increasing the writer size does not directly help readers. Option B is incorrect because decreasing the batch size reduces writes but the team wants to maintain performance.

Option C is incorrect because changing the storage type does not affect replica lag.

1708
MCQmedium

A company is using Amazon DynamoDB with global tables. The company wants to monitor replication latency between regions. Which CloudWatch metric should the company use?

A.GlobalTableReplicationLag
B.ReplicaLag
C.WriteThrottleEvents
D.ReplicationLatency
AnswerD

This metric tracks replication lag.

Why this answer

Option A is correct because ReplicationLatency is the metric for global tables. Option B is incorrect for this purpose. Option C is incorrect because it is a custom metric.

Option D is incorrect because it is for RDS.

1709
MCQeasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. They need to validate that the schema is compatible. Which AWS service should they use?

A.AWS Schema Conversion Tool (SCT)
B.Amazon Inspector
C.AWS Database Migration Service (DMS)
D.AWS Trusted Advisor
AnswerA

SCT checks and converts schemas.

Why this answer

AWS SCT can assess and convert schemas for compatibility. AWS DMS is for data migration. Amazon Inspector is for security.

AWS Trusted Advisor is for best practices.

1710
MCQeasy

A company is deploying a new microservices application on Amazon ECS. Each microservice needs its own database. Which AWS database service should be used to minimize operational overhead?

A.Amazon DynamoDB
B.Amazon Aurora
C.Amazon Redshift
D.Amazon RDS for MySQL
AnswerA

DynamoDB is fully managed, serverless, and suitable for microservices.

Why this answer

Amazon DynamoDB is a fully managed NoSQL database that requires no server management. Option A is incorrect because RDS requires provisioning and managing instances. Option B is incorrect because Aurora is also managed but may be overkill for small datasets.

Option D is incorrect because Redshift is a data warehouse.

1711
Multi-Selecthard

A company uses Amazon Aurora MySQL for an OLTP application. The database has a buffer pool cache hit ratio of 99%. However, the application still experiences high latency for some queries. Which of the following is the most likely cause? (Choose two.)

Select 2 answers
A.The queries are performing full table scans
B.The buffer pool cache hit ratio is actually low
C.The database instance type is too small for the write workload
D.There is row lock contention on frequently updated tables
E.The read replicas are lagging behind the primary
AnswersA, D

Full table scans can cause high latency even with a high cache hit ratio because they process many rows.

Why this answer

Option A: Even with a high cache hit ratio, queries that scan large amounts of data (e.g., full table scans) can cause high latency due to I/O and CPU. Option D: Row lock contention can cause queries to wait, increasing latency. Option B: Insufficient write capacity is not a problem with Aurora.

Option C: A low cache hit ratio would be an issue, but it's high. Option E: Replica lag affects reads from replicas, not primary.

1712
MCQhard

A company is migrating a 5 TB Oracle database to Amazon Aurora MySQL using AWS DMS. The full load completes successfully, but the CDC phase is slow and the target Aurora cluster is consuming high CPU. The DMS instance type is dms.c4.2xlarge. Which change will most likely improve CDC performance?

A.Increase the Aurora cluster's max_connections parameter
B.Increase the number of parallel apply threads in the DMS task
C.Increase the DMS task's target storage allocation
D.Change the Aurora cluster to a larger instance class
AnswerB

More parallel apply threads can increase the rate of applying changes to Aurora, reducing CPU usage per thread.

Why this answer

Option D is correct because increasing the number of parallel apply threads can improve throughput, reducing CPU strain on Aurora. Option A is wrong because increasing max_connections may not help. Option B is wrong because Aurora auto-scales storage.

Option C is wrong because DMS uses its own storage, not target storage.

1713
MCQeasy

A database administrator needs to monitor the number of connections to an Amazon RDS for MySQL DB instance. Which Amazon CloudWatch metric should be used?

A.NetworkThroughput
B.DatabaseConnections
C.ConnectionAttempts
D.ActiveTransactions
AnswerB

DatabaseConnections is the correct metric for monitoring the number of connections.

Why this answer

The DatabaseConnections metric in CloudWatch shows the number of current connections to the DB instance.

1714
MCQhard

Refer to the exhibit. A database administrator has this IAM policy attached to their user. They are trying to authorize ingress to a DB security group named 'my-security-group' in the us-east-1 region. The operation fails. What is the most likely reason?

A.The user is not allowed to create DB security groups, which is a prerequisite.
B.The policy does not grant 'rds:AuthorizeDBSecurityGroupIngress' on the specific security group.
C.The security group ARN in the policy is incorrect; it should include the security group ID instead of the name.
D.The user is missing the 'rds:DescribeDBSecurityGroups' permission, which is required to perform the authorize operation.
AnswerD

IAM requires the corresponding Describe action for many APIs.

Why this answer

The policy allows 'AuthorizeDBSecurityGroupIngress' on the specific security group ARN. However, the ARN format is incorrect. The correct ARN for a DB security group is 'arn:aws:rds:us-east-1:123456789012:secgrp:my-security-group'? Actually, the resource type is 'secgrp'? No, the correct resource type is 'security-group'? In AWS RDS, the resource type for DB security groups is 'secgrp'? Wait, let's check: For RDS DB security groups, the resource type in IAM is 'secgrp'? Actually, the ARN format is 'arn:aws:rds:region:account:secgrp:security-group-name'.

So the ARN in the policy is correct? The issue might be that the security group does not exist or is in a different region. However, the most common mistake is that the user also needs permission to 'rds:DescribeDBSecurityGroups' to view the security group. Option A is a valid explanation.

Option B is wrong because the policy does allow the action on that resource. Option C is wrong because the policy allows the action. Option D is wrong because the user can create security groups.

1715
MCQmedium

The exhibit shows the output of an AWS CLI command for an Amazon RDS DB instance. Based on the output, what is the current configuration of the DB instance?

A.It is an Amazon Aurora MySQL-Compatible DB cluster.
B.It is a MySQL DB instance that is currently in a failed state.
C.It is a Multi-AZ DB instance with a standby in a different AZ.
D.It is a Single-AZ MySQL DB instance.
AnswerD

MultiAZ is false and SecondaryAvailabilityZone is null, confirming Single-AZ.

Why this answer

Option B is correct because MultiAZ is false and SecondaryAvailabilityZone is null, indicating it is not a Multi-AZ deployment. Option A is wrong because the Engine is mysql, not aurora. Option C is wrong because it is not Multi-AZ.

Option D is wrong because the instance is available, not in a failed state.

1716
MCQmedium

A company uses Amazon DynamoDB for a real-time analytics application. The table is provisioned with 1000 RCU and 500 WCU. Recently, the application experienced throttling on reads during a marketing campaign. The 'ConsumedReadCapacityUnits' metric shows spikes up to 2000 RCU. The 'ReadThrottleEvents' metric is high. The table has a global secondary index (GSI) that is also throttled. The application uses eventually consistent reads. The team wants to minimize costs while preventing throttling. The campaign traffic is predictable and occurs for 2 hours each day. What should the team do?

A.Increase the provisioned RCU to 2000 permanently.
B.Implement DynamoDB Accelerator (DAX) to cache reads.
C.Enable auto scaling with a scheduled scaling action to increase RCU during the campaign.
D.Switch the table to on-demand capacity mode.
AnswerC

Auto scaling adjusts capacity automatically, and scheduled scaling ensures capacity is ready for the campaign, minimizing cost.

Why this answer

Option C is correct because DynamoDB auto scaling can adjust capacity based on load, and because the traffic is predictable, scheduled scaling can be used to increase capacity during the campaign and reduce costs otherwise. Option A is wrong because on-demand is more expensive for predictable workloads. Option B is wrong because increasing RCU manually may lead to overprovisioning.

Option D is wrong because DAX does not reduce read capacity consumption; it caches reads but still counts against RCU if not cached.

1717
MCQeasy

A company needs to store and analyze log data from thousands of servers. The logs are timestamped and rarely updated. Queries are mostly time-range aggregations. Which database service is best suited for this workload?

A.Amazon CloudWatch Logs
B.Amazon ElastiCache for Redis
C.Amazon DynamoDB
D.Amazon RDS for PostgreSQL
AnswerA

CloudWatch Logs is purpose-built for log ingestion, storage, and analysis.

Why this answer

Option B is correct because Amazon CloudWatch Logs is a managed service for log storage and analysis. Option A (RDS) is not optimized for log data. Option C (DynamoDB) is not designed for log aggregation queries.

Option D (ElastiCache) is an in-memory cache, not persistent log storage.

1718
MCQhard

A company runs an Amazon Aurora MySQL DB cluster with one writer and two readers. They notice that one reader instance is consistently showing higher than expected lag. The other reader is fine. What is the most likely cause?

A.The writer instance is experiencing high write activity
B.There is a network connectivity issue between the writer and that reader
C.The reader instance is being used for heavy analytical queries
D.The reader instance has a different DB parameter group
AnswerC

Heavy read workload on a reader can cause replication lag.

Why this answer

Option C is correct because an imbalanced workload on that reader can cause it to lag. Option A is wrong because writer load affects all replicas. Option B is wrong because network issues would affect both readers.

Option D is wrong because parameter group change would affect both readers if applied to cluster.

1719
MCQmedium

A company uses Amazon DynamoDB to store IoT sensor data. Each sensor writes a record every second, and the application needs to query the last 24 hours of data for a specific sensor. The query must be very fast. Which table design and query pattern will minimize cost and latency?

A.Use a simple primary key (sensor ID) and scan the table filtering by timestamp
B.Use a composite primary key: partition key = sensor ID, sort key = timestamp
C.Use a composite primary key: partition key = timestamp, sort key = sensor ID
D.Use a simple primary key (sensor ID) and a global secondary index on timestamp
AnswerB

This allows efficient range queries on timestamp for a sensor.

Why this answer

Using a composite primary key with sensor ID as partition key and timestamp as sort key allows efficient querying of latest data with a Query operation on the partition key and a sort key condition. Option B (GSI on timestamp) is wrong because it would be less efficient for querying a specific sensor. Option C (scan) is wrong because it is expensive and slow.

Option D (LSI on timestamp) is wrong because the sort key can be used directly without an LSI.

1720
Multi-Selecteasy

Which TWO actions should be taken to troubleshoot high memory usage on an Amazon ElastiCache for Redis node? (Choose two.)

Select 2 answers
A.Monitor the Evictions CloudWatch metric.
B.Increase the maxmemory parameter to allow more memory usage.
C.Monitor CPUUtilization CloudWatch metric.
D.Enable cluster mode to distribute memory across shards.
E.Enable Reserved Memory parameter group setting.
AnswersA, B

Evictions indicate memory pressure.

Why this answer

Options A and D are correct. Checking the evictions metric (Evictions) shows if memory is being freed due to maxmemory policy. Increasing the maxmemory parameter can alleviate memory pressure.

Option B (enabling Reserved Memory) reserves memory for overhead, not a troubleshooting step. Option C (monitoring CPUUtilization) is for CPU, not memory. Option E (enabling cluster mode) is a configuration change, not a troubleshooting step.

1721
MCQeasy

A company is using Amazon Aurora MySQL and needs to audit all database logins and query activity. Which feature should be enabled to meet this requirement?

A.Enable database audit logs by setting the audit_log_enabled parameter to 1.
B.Enable RDS Enhanced Monitoring.
C.Enable AWS CloudTrail to log database queries.
D.Enable Advanced Auditing through the DB cluster parameter group by setting the server_audit_logging parameter and related parameters.
AnswerD

This is the correct feature for auditing queries and logins in Aurora MySQL.

Why this answer

Option B is correct because Aurora MySQL provides an Advanced Auditing feature that captures logins and query activity. Option A (database audit logs) is a generic term but not a specific feature; Advanced Auditing is the correct feature. Option C (CloudTrail) is for AWS API calls, not database queries.

Option D (RDS Enhanced Monitoring) monitors OS metrics, not database activity.

1722
MCQeasy

Refer to the exhibit. A DBA is troubleshooting a performance issue on an RDS for MySQL DB instance. The DBA runs the AWS CLI command shown. Based on the output, which of the following is a potential performance bottleneck?

A.The storage type is gp2, which may have limited IOPS performance.
B.The DB instance is not Multi-AZ, causing failover delay.
C.The DB instance status is 'available', meaning it is not accepting connections.
D.The engine version 8.0.27 has a known performance bug.
AnswerA

gp2 is burstable; under sustained load, performance may degrade.

Why this answer

The instance uses gp2 storage, which has burstable IOPS. If the burst balance is depleted, performance can degrade. The engine version is recent, Multi-AZ is not enabled, but that affects availability, not necessarily performance.

DB instance status is available so no issue there.

1723
MCQhard

A company runs a critical MySQL database on Amazon RDS Single-AZ (db.m5.large) with 200 GB of Provisioned IOPS (io1) storage set to 3000 IOPS. The application team reports that write operations are occasionally slow. CloudWatch metrics show that the Write IOPS metric peaks at 3500 IOPS during the slowdowns, but the average is 2000 IOPS. The Read IOPS average is 500 IOPS. The queue depth metric occasionally spikes to 20. The storage configuration includes a 50 GB General Purpose SSD (gp2) log volume attached to the same RDS instance. Which change will MOST effectively resolve the write latency?

A.Change the storage type to gp3 with 3000 baseline IOPS.
B.Move the log volume to the same io1 volume to reduce I/O overhead.
C.Increase the provisioned IOPS on the io1 volume to 4000.
D.Enable Multi-AZ for failover protection.
AnswerC

Increasing provisioned IOPS to match peak demand (3500) gives headroom and reduces queue depth.

Why this answer

Option C is correct because the io1 volume is provisioned at 3000 IOPS, but the workload bursts to 3500 IOPS, causing queue depth to spike. Increasing the provisioned IOPS to 4000 ensures that the volume can handle the peak without queuing. Option A is incorrect because enabling Multi-AZ provides high availability but does not increase IOPS capacity.

Option B is incorrect because moving to gp3 does not guarantee better performance; gp3 baseline is 3000 IOPS (same as current provisioned) but can burst to higher, but the issue is consistent peaks. However, the most direct fix is to increase io1 provisioned IOPS. Option D is incorrect because the log volume is separate and not the source of write IOPS contention.

1724
MCQmedium

A team is migrating an on-premises Microsoft SQL Server database to AWS. The database is used for reporting and analytics, with complex queries that join multiple tables. The team wants to minimize application changes and ensure compatibility. Which AWS service should they use?

A.Amazon RDS for SQL Server
B.Amazon RDS for MySQL
C.Amazon Redshift
D.Amazon DynamoDB
AnswerA

RDS for SQL Server offers native compatibility, minimizing migration effort.

Why this answer

Amazon RDS for SQL Server provides native SQL Server compatibility, minimizing application changes. Option B (Amazon RDS for MySQL) is a different database engine requiring SQL dialect changes. Option C (Amazon DynamoDB) is NoSQL and not suited for complex joins.

Option D (Amazon Redshift) is a data warehouse optimized for analytics but requires re-engineering of queries and schema.

1725
MCQmedium

A developer needs to allow an application running on EC2 to access an Amazon RDS database without storing database credentials in the application code. Which solution is the MOST secure?

A.Use IAM database authentication for the RDS instance and assign an IAM role to the EC2 instance.
B.Store the database password in AWS Systems Manager Parameter Store as a SecureString.
C.Store the database password in the application configuration file.
D.Store the database password in AWS Secrets Manager and enable automatic rotation.
AnswerA

IAM database authentication enables passwordless access using IAM roles, eliminating the need to store credentials.

Why this answer

Option D is correct because AWS Secrets Manager can rotate secrets automatically, and the application retrieves them via API, avoiding hardcoded credentials. Option A is wrong because storing credentials in the code is insecure. Option B is wrong because IAM database authentication for RDS MySQL/Aurora allows passwordless access using IAM roles, which is more secure than storing passwords.

Option C is wrong because Parameter Store can store secrets but does not automatically rotate RDS credentials.

Page 22

Page 23 of 24

Page 24