AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 226300

1730 questions total · 24pages · All types, answers revealed

Page 3

Page 4 of 24

Page 5
226
MCQeasy

A company is planning to deploy an Amazon RDS for PostgreSQL instance. Which of the following is a required step to enable automated backups?

A.Set the backup retention period to a value greater than 0.
B.Set a preferred maintenance window.
C.Enable encryption at rest.
D.Configure a Multi-AZ deployment.
AnswerA

Automated backups require a retention period > 0; default is 7 days.

Why this answer

Automated backups are enabled by default with a retention period of 7 days. No additional setup is required. Encryption is optional.

Multi-AZ is optional. Maintenance window is set by default.

227
MCQhard

A company is migrating a 500 GB MySQL database to Amazon Aurora MySQL. The migration must have minimal downtime and the source database is already using binary logging. Which migration approach should be used?

A.Take a snapshot of the source database and restore to Aurora
B.Use AWS DMS with full load only
C.Set up binary log replication from the source to an Aurora MySQL cluster
D.Use mysqldump to export the data and import into Aurora
AnswerC

Binary log replication allows minimal downtime by continuously replicating changes.

Why this answer

Option C is correct because setting up replication from the source MySQL database to an Aurora MySQL cluster using binary log replication allows minimal downtime by continuously syncing changes. Option A is wrong because taking a snapshot and restoring requires downtime during the restore process. Option B is wrong because AWS DMS with full load only does not capture ongoing changes.

Option D is wrong because using mysqldump is a logical export/import that requires downtime.

228
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The migration uses AWS DMS. After the migration, the database has a 30-minute recovery point objective (RPO). Which Amazon RDS feature should be configured to meet a 5-minute RPO?

A.Enable Multi-AZ deployment
B.Take manual snapshots every 5 minutes
C.Enable automated backups with a retention period of 7 days
D.Create a read replica in another region
AnswerC

Automated backups enable point-in-time recovery within seconds.

Why this answer

Option C is correct because automated backups with point-in-time recovery enable recovery to any point within the retention period, meeting 5-minute RPO. Option A is wrong because Multi-AZ is for high availability, not backup. Option B is wrong because read replicas don't provide backup.

Option D is wrong because manual snapshots are taken on-demand, not continuously.

229
MCQhard

A company uses Amazon RDS for SQL Server with a 4 TB database for a financial reporting application. The database performs nightly batch updates that take 6 hours. The company needs to reduce the batch update time to under 2 hours. The current instance is db.r5.8xlarge with 64 vCPUs and 512 GB memory. The batch process is I/O-bound with high write throughput. Which change will MOST effectively reduce the batch update time?

A.Upgrade to db.r5.16xlarge with 128 vCPUs.
B.Switch to Provisioned IOPS (io2) with 80,000 IOPS.
C.Increase the instance memory to 1024 GB.
D.Enable Multi-AZ deployment.
AnswerB

Eliminates I/O bottleneck with consistent performance.

Why this answer

The batch process is I/O-bound with high write throughput, so the bottleneck is disk I/O, not compute or memory. Switching to Provisioned IOPS (io2) with 80,000 IOPS provides a predictable, high-performance storage tier that can sustain the required write throughput, directly reducing the batch update time from 6 hours to under 2 hours. RDS for SQL Server on io2 volumes delivers consistent low-latency I/O, which is critical for write-heavy workloads.

Exam trap

The trap here is that candidates often assume adding more vCPUs or memory will speed up any slow process, but the question explicitly states the workload is I/O-bound, so the correct solution must address storage performance, not compute or memory.

How to eliminate wrong answers

Option A is wrong because upgrading to db.r5.16xlarge adds more vCPUs, but the process is I/O-bound, not CPU-bound; additional compute resources will not address the I/O bottleneck. Option C is wrong because increasing instance memory to 1024 GB does not improve I/O throughput; memory helps with caching reads, but the batch is write-heavy and I/O-bound, so more memory will not reduce write latency. Option D is wrong because enabling Multi-AZ deployment provides high availability and automatic failover, but does not improve I/O performance; it may even add synchronous replication overhead, potentially increasing write latency.

230
Matchingmedium

Match each RDS storage type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SSD storage with baseline IOPS and burst credits

SSD storage with consistent IOPS for I/O-intensive workloads

Previous generation HDD storage, lowest cost

SSD storage with baseline IOPS and throughput independent of size

Block Express SSD with higher durability and IOPS

Why these pairings

RDS storage options for different performance and cost needs.

231
MCQmedium

A security team is investigating a potential data breach in an Amazon RDS for SQL Server database. They need to determine which user executed a specific DELETE statement at a particular time. What should they do?

A.Enable AWS CloudTrail for the RDS instance.
B.Enable audit logs for the RDS instance and send them to CloudWatch Logs.
C.Enable VPC Flow Logs for the database subnet.
D.Enable AWS Trusted Advisor.
AnswerB

Audit logs record SQL statements and can be analyzed.

Why this answer

Enabling RDS Enhanced Monitoring and audit logs captures SQL statements. Option C is correct. Option A is wrong because CloudTrail logs API calls, not SQL commands.

Option B is wrong because VPC Flow Logs capture network traffic. Option D is wrong because AWS Trusted Advisor provides best practice checks, not auditing.

232
MCQmedium

A gaming company uses Amazon DynamoDB as the primary database for their player sessions. The player sessions table has a partition key of 'player_id' and a sort key of 'session_start_time'. The application frequently queries for recent sessions of a specific player, using the query API with 'player_id' and a filter on 'session_start_time' for the last 24 hours. The average item size is 5 KB. The company notices high latency on these queries during peak hours. The table has 10 Read Capacity Units (RCUs) provisioned. There are no indexes. Which design change would MOST improve query performance?

A.Increase the RCUs to 100.
B.Add a random suffix to the partition key values to distribute writes across partitions.
C.Create a Local Secondary Index (LSI) with the same partition key and a sort key of 'session_start_time', and query the index instead of the table.
D.Create a Global Secondary Index (GSI) with partition key 'event_type' and sort key 'session_start_time' and query the GSI.
AnswerC

LSI allows efficient range queries on the sort key without scanning and filtering.

Why this answer

Option C is correct because creating a Local Secondary Index (LSI) with the same partition key (player_id) and sort key (session_start_time) allows DynamoDB to efficiently retrieve items for a specific player sorted by session_start_time without scanning and filtering. The current query uses a filter on session_start_time after retrieving all sessions for the player, which wastes read capacity and increases latency. Querying the LSI directly uses the sort key to limit the data read to only the last 24 hours, reducing the read footprint and improving performance.

Exam trap

AWS often tests the misconception that simply increasing RCUs (Option A) solves high latency, but the real issue is inefficient data access patterns that waste read capacity, not insufficient throughput.

How to eliminate wrong answers

Option A is wrong because increasing RCUs to 100 only addresses throughput capacity but does not fix the root cause of high latency—the query still reads all sessions for the player and applies a filter, wasting read capacity and causing throttling or excessive consumed capacity. Option B is wrong because adding a random suffix to the partition key would distribute writes across partitions but does not improve query performance for reading recent sessions of a specific player; it would actually make queries harder by requiring knowledge of the suffix. Option D is wrong because creating a GSI with partition key 'event_type' is irrelevant to the query pattern (which filters by player_id), and querying such a GSI would not efficiently retrieve sessions for a specific player, leading to full index scans.

233
Multi-Selectmedium

A company is designing a document database on Amazon DocumentDB. The workload requires high write throughput and needs to support complex queries on nested attributes. Which THREE design considerations should the company evaluate to meet these requirements?

Select 3 answers
A.Denormalize data to reduce the number of joins.
B.Enable Multi-AZ deployment for high availability.
C.Use sharding to distribute write load across shards.
D.Use change streams to capture and process data changes.
E.Use appropriate indexes on frequently queried fields.
AnswersA, C, E

Denormalization improves query performance for document databases.

Why this answer

Option A is correct because denormalizing data in Amazon DocumentDB reduces the need for joins, which are expensive and can degrade write throughput. By embedding related data into a single document, the database can perform complex queries on nested attributes more efficiently, as DocumentDB is optimized for document-level operations. This design aligns with the workload's requirement for high write throughput and complex query support.

Exam trap

The trap here is that candidates often confuse high availability features (like Multi-AZ) with performance optimization, or mistake change streams as a mechanism to improve write throughput rather than a tool for capturing data changes.

234
Multi-Selectmedium

A company is designing a database for a global e-commerce platform that requires low-latency reads and writes from multiple AWS regions. The data must be strongly consistent within a region but can be eventually consistent across regions. Which TWO services should the company consider?

Select 2 answers
A.Amazon DynamoDB Global Tables
B.Amazon ElastiCache for Redis Global Datastore
C.Amazon RDS Cross-Region Read Replicas
D.Amazon Redshift
E.Amazon Aurora Global Database
AnswersA, E

Provides multi-region, multi-master replication.

Why this answer

DynamoDB Global Tables provides multi-region replication with eventual consistency across regions and strong consistency within a region. Aurora Global Database also provides low-latency reads across regions and can be configured for cross-region replication. Option C (Redshift) is wrong because it is not designed for multi-region active-active workloads.

Option D (ElastiCache Global Datastore) is wrong because it is for Redis and provides cross-region replication but with eventual consistency and is not a primary database. Option E (RDS Cross-Region Read Replicas) is wrong because they are read-only and do not support writes from multiple regions.

235
MCQhard

A company runs a MySQL-compatible database on Amazon RDS with a 3 TB dataset. They need to run complex analytical queries that involve joins and aggregations on millions of rows. The current RDS instance is a db.r5.8xlarge with 32 vCPUs and 256 GB RAM, but complex queries take over an hour. Which design change would most improve query performance for this workload?

A.Migrate to Amazon Aurora with parallel query
B.Add an Amazon ElastiCache cluster to cache query results
C.Enable DynamoDB Accelerator (DAX) on the RDS instance
D.Use Amazon Redshift for the analytical workload
AnswerD

Redshift is a columnar data warehouse ideal for complex analytics.

Why this answer

Using Amazon Redshift, a columnar data warehouse, would dramatically improve analytical query performance because it is optimized for complex joins and aggregations. Option A (Aurora) is wrong because it is still row-based and not optimized for analytical workloads. Option B (ElastiCache) is wrong because it is an in-memory cache not designed for complex analytical queries.

Option D (DynamoDB Accelerator) is wrong because it is a cache for DynamoDB, not for relational databases.

236
MCQmedium

A company is migrating a 10 TB Oracle database to Amazon RDS for Oracle. The migration window is limited to 24 hours. The source database is running on-premises with a 500 Mbps network connection. Which migration approach should be used?

A.Use AWS DMS with full load and ongoing replication
B.Create an RDS read replica from the on-premises database
C.Take a physical backup of the source database and restore to RDS
D.Use Oracle Data Pump to export and import the database
AnswerA

DMS supports large data volumes and ongoing replication to minimize downtime.

Why this answer

Option A is correct because AWS DMS with ongoing replication can handle large data volumes and minimize downtime by continuously replicating changes. Option B is wrong because Oracle Data Pump is a manual export/import process that requires downtime and may not complete within 24 hours if the network is slow. Option C is wrong because the source is on-premises, not an EC2 instance, so a read replica cannot be created.

Option D is wrong because taking a backup and restoring to RDS requires the backup to be transferred to S3 first, which may be time-consuming.

237
Multi-Selectmedium

A company is migrating a MySQL database to Amazon Aurora MySQL. The migration must be completed with minimal downtime. Which TWO methods can achieve this? (Choose two.)

Select 2 answers
A.Create an Aurora MySQL read replica from the external MySQL instance using binlog replication
B.Take a physical backup of the source database and restore to Aurora
C.Create an Aurora clone from the source database
D.Use AWS Database Migration Service (AWS DMS) with ongoing replication
E.Enable binlog replication on the source MySQL instance
AnswersA, D

This allows near-zero downtime replication.

Why this answer

Using an Aurora read replica from an external MySQL instance is possible via the MySQL binlog replication, but it requires setting up replication from on-premises to Aurora. This is a valid method for minimal downtime. Creating an Aurora clone is for cloning existing Aurora clusters, not migration.

Using DMS with ongoing replication is the standard approach. Taking a snapshot and restoring requires downtime. Enabling binlog replication is part of setting up a read replica.

So correct are B and D. Option A: clone is not for migration. Option C: snapshot restore requires downtime.

Option E: binlog replication alone is not a migration method; it's a configuration step.

238
Drag & Dropmedium

Arrange the steps to migrate an on-premises Oracle database to Amazon RDS for Oracle using AWS DMS (Database Migration Service) in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

DMS migration requires setting up the replication instance, configuring endpoints with proper source database settings for CDC, creating a migration task, and monitoring for completion.

239
MCQmedium

An administrator is deploying an Amazon RDS for MySQL DB instance and needs to ensure that all connections use SSL. Which parameter should be set on the RDS DB instance?

A.Set ssl_cipher in the DB parameter group
B.Set require_secure_transport=ON in the DB parameter group
C.Set tls_version in the DB parameter group
D.Set rds.force_ssl=1 in the DB parameter group
AnswerB

This parameter forces all connections to use SSL/TLS.

Why this answer

Option A is correct because setting require_secure_transport to ON in the DB parameter group forces SSL connections. Option B is wrong because rds.force_ssl is not a valid parameter; the correct MySQL parameter is require_secure_transport. Option C is wrong because ssl_cipher is for specifying ciphers, not enforcing SSL.

Option D is wrong because tls_version sets the minimum TLS version, but does not enforce SSL.

240
MCQhard

A company runs an e-commerce platform using Amazon Aurora MySQL with Multi-AZ deployment. The application has a read-heavy workload and uses a mix of SELECT and UPDATE queries. Recently, the company migrated from a db.r5.large to a db.r5.2xlarge instance class to handle increased traffic. However, after the migration, the CPU utilization remains high during peak hours, and the application's page load times have increased. The DBA notices that the 'Read IOPS' metric is high, but the 'Read Latency' metric is low. There is also a high number of 'Select' queries in the database. The application uses a single database endpoint. What should the DBA do to reduce CPU utilization and improve read performance?

A.Enable Multi-AZ with one standby replica.
B.Enable Performance Insights and analyze the top SQL.
C.Upgrade the instance class to db.r5.4xlarge.
D.Create one or more Aurora Replicas and modify the application to use read-only endpoints for SELECT queries.
AnswerD

Read replicas offload read traffic, reducing CPU on primary.

Why this answer

Option C is correct because creating read replicas offloads SELECT queries from the primary, reducing CPU. Option A is wrong because increasing instance size again may not be cost-effective and the issue is read-heavy. Option B is wrong because enabling Performance Insights only helps monitoring, not performance.

Option D is wrong because Multi-AZ is for failover, not read scaling.

241
MCQmedium

A company is migrating an on-premises MongoDB database to AWS. They need a managed database service that is compatible with MongoDB and supports automated backups, scaling, and high availability. Which service should they use?

A.Amazon DynamoDB
B.Amazon RDS for MySQL
C.Amazon Neptune
D.Amazon DocumentDB
AnswerD

DocumentDB is MongoDB-compatible and offers the required managed features.

Why this answer

Amazon DocumentDB is a fully managed, MongoDB-compatible document database service designed for workloads that require MongoDB's document model, query patterns, and APIs. It supports automated backups (continuous backups to S3 with point-in-time recovery), automatic scaling of storage and compute, and multi-AZ high availability with synchronous replication across three Availability Zones, making it the correct choice for migrating an on-premises MongoDB database to a managed AWS service.

Exam trap

The trap here is that candidates often confuse Amazon DynamoDB's document support (JSON-like items) with MongoDB compatibility, but DynamoDB does not support MongoDB's wire protocol, query operators, or aggregation pipeline, making it a non-trivial migration requiring significant application rewrites.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a key-value and document database that uses a proprietary API and is not compatible with MongoDB's wire protocol or query language; it requires application code changes to use its own SDK and data model. Option B is wrong because Amazon RDS for MySQL is a relational database service using SQL and does not support MongoDB's document model, BSON data format, or MongoDB-specific operations like aggregation pipelines or geospatial queries. Option C is wrong because Amazon Neptune is a graph database service optimized for highly connected data (e.g., social networks, fraud detection) and does not support MongoDB's document storage or query interface.

242
MCQmedium

A company has an Amazon RDS for MySQL DB instance that is publicly accessible. The security team wants to restrict access to only specific IP addresses. Which configuration should be used?

A.Create a VPC endpoint for RDS and attach a policy that allows only the specific IP addresses.
B.Use an IAM policy with a condition that restricts the source IP address.
C.Configure a security group associated with the RDS instance to allow inbound traffic only from the specific IP addresses.
D.Configure a network ACL to allow inbound traffic from the specific IP addresses.
AnswerC

Security groups can restrict inbound traffic by IP address.

Why this answer

Option B is correct because DB security groups (or VPC security groups) can be configured to allow inbound traffic only from specific IP addresses. Option A is wrong because network ACLs are stateless and less granular. Option C is wrong because the RDS instance is publicly accessible, so it has a public endpoint; a VPC endpoint is not needed.

Option D is wrong because IAM policies do not restrict network access.

243
MCQhard

A company runs an e-commerce platform on AWS using a multi-tier architecture. The application tier consists of Auto Scaling groups of EC2 instances behind an Application Load Balancer. The database tier uses Amazon RDS for MySQL with Multi-AZ deployment. Recently, the operations team noticed that during flash sales, the application becomes unresponsive and users receive 503 errors. The team checks CloudWatch metrics and sees that the RDS instance's CPU utilization spikes to 100%, and the `DatabaseConnections` metric also spikes to the maximum allowed value of 500. The application uses connection pooling with a maximum of 200 connections, but the metric shows 500 connections. The team suspects that the connection pooling configuration is not being honored. The application code is written in Python and uses SQLAlchemy with a connection pool size of 10 per application instance. There are 20 application instances in the Auto Scaling group during peak times. The team wants to resolve the issue without increasing the database instance size. What should the team do?

A.Reduce the Auto Scaling group's desired capacity to 10 instances during flash sales
B.Set the `max_connections` parameter in the RDS parameter group to 200 and configure the application to handle connection errors with retry logic
C.Migrate the database to Amazon Aurora MySQL with Auto Scaling enabled
D.Increase the SQLAlchemy pool size to 25 per instance to reduce connection contention
AnswerB

Limiting max_connections to 200 ensures the database does not accept more connections than the application intends, and retry logic handles connection failures.

Why this answer

Option B is correct because setting a maximum number of connections in the RDS parameter group enforces a hard limit, preventing the database from accepting more connections than the application can handle, which will cause connection errors that the application can handle gracefully. Option A is wrong because increasing the connection pool size per instance would increase the total connections, worsening the problem. Option C is wrong because reducing the number of application instances may reduce load but is not a scalable solution and doesn't address the root cause of connection limit.

Option D is wrong because switching to Aurora may help but is a larger change and does not fix the connection management issue directly.

244
MCQmedium

A company is migrating a 2 TB MySQL database to Amazon Aurora MySQL. They need to minimize downtime and ensure data consistency. Which approach should be used?

A.Use AWS DMS with ongoing replication (CDC).
B.Use mysqldump to export and import into Aurora.
C.Establish AWS Direct Connect and use MySQL replication.
D.Use AWS SCT to convert schema and data.
AnswerA

DMS with CDC minimizes downtime by replicating changes.

Why this answer

Using AWS DMS with change data capture (CDC) from an on-premises source allows continuous replication, minimizing downtime. A full dump and restore requires downtime. SCT is for schema conversion.

Direct connect alone doesn't handle migration.

245
MCQeasy

A security engineer reviews the IAM policy attached to a user. The user is unable to modify any RDS DB instance, even when MFA is enabled. What is the most likely cause?

A.The policy is missing the ec2:ModifyInstance permission.
B.The policy does not include a Deny statement for RDS actions.
C.The user does not have MFA enabled, or the instance name does not match the allowed prefixes.
D.The user is trying to use the RDS console, but the policy only allows API calls.
AnswerC

The policy requires MFA for dev-* instances and only allows prod-* instances. If the user tries to modify an instance not matching these patterns, it fails. Also, if MFA is not enabled, dev-* instances cannot be modified.

Why this answer

Option A is correct because the policy does not grant the rds:ModifyDBInstance action for all instances; it only allows for prod-* without condition and dev-* with MFA, but the user might be trying to modify an instance that doesn't match either pattern, or the user does not have MFA enabled. However, the question states the user cannot modify ANY instance, so the most likely cause is that the user does not have MFA enabled or the instance is not in the allowed patterns. Option B is wrong because the policy is for RDS, not EC2.

Option C is wrong because the policy allows ModifyDBInstance, not just read. Option D is wrong because the policy does have conditions.

246
MCQmedium

A media company uses Amazon ElastiCache for Redis to cache database query results and reduce load on the primary database. The cache hit ratio is low because the cache is purged frequently. The team wants to improve the hit ratio without increasing the cache size. Which strategy should they implement?

A.Increase the TTL for cached entries to reduce early evictions.
B.Implement lazy loading to populate cache only on demand.
C.Use write-through caching to update cache on every database write.
D.Set eviction policy to allkeys-random to spread evictions evenly.
AnswerA

Longer TTL keeps data in cache longer, improving hit ratio.

Why this answer

Option A is correct because increasing the TTL (Time-To-Live) for cached entries allows them to remain in the cache longer, reducing the frequency of evictions due to expiration. Since the cache is purged frequently, a low TTL is likely causing entries to expire before they can be reused, which directly lowers the hit ratio. By extending the TTL, the team can retain popular entries longer without needing to increase the cache size, as the existing memory is used more efficiently.

Exam trap

The trap here is that candidates confuse cache eviction (due to memory pressure) with cache expiration (due to TTL), and assume that changing the eviction policy or caching strategy will fix a problem caused by entries being removed too quickly by expiration.

How to eliminate wrong answers

Option B is wrong because lazy loading (populating cache on cache miss) is already the default behavior in many Redis caching patterns and does not address the root cause of frequent purging; it may even increase write traffic to the database on misses. Option C is wrong because write-through caching updates the cache on every database write, which can increase write latency and memory usage without solving the issue of entries being evicted too early due to low TTL or memory pressure. Option D is wrong because setting the eviction policy to allkeys-random spreads evictions evenly across all keys, but this does not prevent frequent purging; it only changes which keys are evicted when memory is full, and if the cache is already being purged frequently due to expiration (not memory pressure), this policy has no effect.

247
MCQhard

A company is designing a global e-commerce application that requires a relational database with sub-10ms read latency across multiple AWS Regions. The database will store inventory and product catalog data. Which database design should they choose?

A.Use Amazon DynamoDB Global Tables with eventual consistency.
B.Deploy Multi-AZ for Amazon RDS and use Route 53 latency-based routing.
C.Set up Cross-Region Read Replicas for Amazon RDS MySQL.
D.Use Amazon Aurora Global Database with a primary cluster in one Region and secondary clusters in other Regions.
AnswerD

Aurora Global Database offers low-latency global reads.

Why this answer

Amazon Aurora Global Database is designed for low-latency global reads, with typical replication lag of under 1 second and read latency in the single-digit milliseconds from secondary clusters. It uses a dedicated storage-based replication mechanism that does not impact the performance of the primary cluster, making it ideal for a global e-commerce application requiring sub-10ms reads across multiple AWS Regions.

Exam trap

The trap here is that candidates confuse Multi-AZ or Cross-Region Read Replicas with true global low-latency read scaling, not realizing that Aurora Global Database is the only option that provides dedicated secondary clusters with storage-based replication for sub-10ms reads across Regions.

How to eliminate wrong answers

Option A is wrong because DynamoDB Global Tables is a NoSQL key-value and document database, not a relational database, and the question explicitly requires a relational database. Option B is wrong because Multi-AZ for Amazon RDS provides high availability within a single Region, not global read scaling; Route 53 latency-based routing cannot reduce cross-Region read latency when the database itself is in one Region. Option C is wrong because Cross-Region Read Replicas for Amazon RDS MySQL use asynchronous replication with typical lag of seconds or more, and read requests from secondary Regions still incur cross-Region network latency that often exceeds 10ms.

248
MCQeasy

A gaming company needs a database to store player session data that is ephemeral and requires sub-millisecond latency. The data can be lost on failure without impact. Which service is best?

A.Amazon DynamoDB
B.Amazon RDS for PostgreSQL
C.Amazon S3
D.Amazon ElastiCache for Redis
AnswerD

ElastiCache Redis provides sub-millisecond latency and can be configured with no persistence.

Why this answer

Amazon ElastiCache for Redis is the best choice because it provides an in-memory data store with sub-millisecond latency, ideal for ephemeral player session data that can be lost on failure. Redis supports data structures like strings and hashes with TTL (time-to-live) expiration, perfectly matching the transient, low-latency requirement without needing durability.

Exam trap

The trap here is that candidates may choose DynamoDB (Option A) because it is a common choice for session data, but the question's explicit requirement for sub-millisecond latency and tolerance for data loss points to an in-memory cache like Redis, not a durable database.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB, while fast, is a fully managed NoSQL database that persists data to disk and typically offers single-digit millisecond latency, not the sub-millisecond latency required for ephemeral session data; it also incurs higher cost and overhead for data that can be lost. Option B is wrong because Amazon RDS for PostgreSQL is a relational database with disk-based storage, offering higher latency (often 5-10+ ms) and ACID compliance, which is unnecessary and over-engineered for transient session data that can be lost. Option C is wrong because Amazon S3 is an object storage service with high latency (typically 100+ ms for first byte) and is designed for durable, persistent storage, not ephemeral, sub-millisecond access patterns.

249
MCQhard

A company is running a production Amazon RDS for MySQL database that is experiencing performance degradation. Amazon CloudWatch metrics show high CPU utilization and high number of connections. The company has already optimized queries and implemented connection pooling. What is the MOST cost-effective solution to address the high CPU utilization?

A.Add Read Replicas to offload read traffic
B.Change the storage type to Provisioned IOPS (io1)
C.Enable RDS Proxy to reduce database connections
D.Scale up to a larger DB instance class
AnswerD

More CPU capacity directly addresses high CPU utilization.

Why this answer

Option D is correct because scaling up to a larger DB instance class directly increases the compute capacity (vCPUs and memory) available to the database, which addresses the root cause of high CPU utilization. Since queries are already optimized and connection pooling is in place, the remaining bottleneck is the instance's processing power, making a vertical scale-up the most cost-effective solution to handle the sustained CPU load without introducing additional architectural complexity.

Exam trap

The trap here is that candidates often choose RDS Proxy (Option C) assuming it reduces CPU utilization by lowering connection overhead, but the question explicitly states connection pooling is already implemented, so the CPU issue is from compute-bound operations, not connection management.

How to eliminate wrong answers

Option A is wrong because adding Read Replicas offloads read traffic but does not reduce CPU utilization on the primary instance; the primary still handles all write operations and the high connection count, so CPU pressure remains. Option B is wrong because changing the storage type to Provisioned IOPS (io1) improves I/O latency and throughput, but does not address high CPU utilization caused by compute-bound workloads or connection overhead. Option C is wrong because enabling RDS Proxy reduces the number of database connections by pooling them, but the company has already implemented connection pooling, and the high CPU utilization persists due to compute-intensive operations, not connection churn.

250
MCQhard

A company runs an Amazon Aurora MySQL-compatible database cluster. The security team requires that all database credentials be rotated automatically every 30 days. Which combination of AWS services can meet this requirement with minimal operational overhead?

A.Use IAM database authentication and rotate the IAM user keys every 30 days.
B.Store the password in AWS Secrets Manager and enable automatic rotation with a 30-day interval.
C.Use AWS CloudHSM to generate a new password and a Lambda function to update the database.
D.Store the password in AWS Systems Manager Parameter Store and use a scheduled Lambda function to update the password.
AnswerB

Secrets Manager can automatically rotate RDS credentials.

Why this answer

AWS Secrets Manager can automatically rotate secrets for Amazon RDS databases. Option A is wrong because IAM database authentication does not handle password rotation. Option B is wrong because Systems Manager Parameter Store can store secrets but does not have built-in rotation for RDS.

Option D is wrong because CloudHSM does not manage database password rotation.

251
MCQeasy

A developer needs to connect to an Amazon RDS for PostgreSQL DB instance from an EC2 instance in the same VPC. What is the most secure way to authenticate the connection without storing database credentials in the application code?

A.Use a hardcoded password in the application configuration file.
B.Store the database password in AWS Secrets Manager and retrieve it at runtime.
C.Enable IAM database authentication and generate an authentication token.
D.Store the password in AWS Systems Manager Parameter Store as a SecureString.
AnswerC

IAM database authentication eliminates the need for a stored password.

Why this answer

Option D is correct. Using IAM database authentication for RDS PostgreSQL allows the application to connect using an IAM user or role without storing credentials. The authentication token is generated by the AWS SDK and has a 15-minute validity.

Option A is incorrect because storing credentials in Secrets Manager is secure but still requires the application to retrieve them. Option B is incorrect because a hardcoded password is not secure. Option C is incorrect because a password in the parameter store is similar to Secrets Manager but still requires retrieval.

252
MCQhard

A company is using Amazon DynamoDB as the primary database for a global e-commerce application. During the holiday season, the application experiences throttling on write requests even though the read and write capacity units are well below the provisioned limits. The table uses on-demand capacity mode. What is the most likely cause of this throttling?

A.There is a hot partition due to an uneven write distribution across partition keys.
B.The table's provisioned write capacity is set too low.
C.The table has exceeded the maximum write capacity units per partition.
D.The AWS account has reached the DynamoDB write throughput limit per region.
AnswerA

Hot partitions cause throttling even in on-demand mode because DynamoDB limits throughput per partition.

Why this answer

Option D is correct because on-demand capacity mode automatically scales but can throttle if traffic is unevenly distributed across partitions, leading to hot partitions. Option A is incorrect because on-demand mode does not have a per-table limit in the same way provisioned capacity does. Option B is incorrect because DynamoDB does not have a global write limit per account that would cause throttling on a single table.

Option C is incorrect because the table uses on-demand capacity mode, not provisioned.

253
MCQeasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. The company wants to minimize application changes. Which endpoint type should the application use after migration?

A.RDS reader endpoint
B.RDS cluster endpoint
C.RDS instance endpoint (DNS name)
D.RDS console endpoint
AnswerC

Application connects to the RDS instance endpoint.

Why this answer

Option C is correct because the RDS instance endpoint (DNS name) is the standard connection endpoint for a single RDS DB instance, which is the target of a direct migration from on-premises MySQL to Amazon RDS for MySQL. This endpoint requires no application changes, as the application simply replaces the old on-premises hostname with the RDS instance DNS name, maintaining the same MySQL protocol and connection logic.

Exam trap

The trap here is that candidates confuse RDS instance endpoints with Aurora cluster endpoints, mistakenly selecting the cluster endpoint (Option B) for a standard RDS MySQL migration, even though cluster endpoints are exclusive to Aurora and not applicable to single-instance RDS deployments.

How to eliminate wrong answers

Option A is wrong because the RDS reader endpoint is used only with Aurora clusters to distribute read traffic across read replicas; it is not available for standard RDS for MySQL instances and would cause connection failures if used. Option B is wrong because the RDS cluster endpoint is specific to Aurora DB clusters (for write operations) and does not exist for standard RDS for MySQL instances; using it would result in a DNS resolution error. Option D is wrong because the RDS console endpoint is not a valid database connection endpoint; it refers to the AWS Management Console URL for managing RDS resources, not a MySQL protocol endpoint.

254
MCQhard

A data warehouse team is migrating from Amazon Redshift to Amazon Redshift RA3 nodes. The current cluster uses 10 DC2.large nodes. The new cluster will use 4 RA3.xlarge nodes. After the migration, the team notices that query performance is significantly slower. Which factor is the MOST likely cause of the performance degradation?

A.The data distribution style is set to EVEN instead of KEY.
B.The cluster does not have enough disk space for the workload.
C.The cluster has fewer nodes, reducing parallelism.
D.RA3 nodes are not optimized for large datasets.
AnswerC

RA3 nodes separate compute and storage; fewer compute nodes reduce parallelism.

Why this answer

Option A is correct because RA3 nodes use managed storage and compute is separate; fewer nodes reduce parallel processing capability. Option B is incorrect because RA3 nodes are designed for large data. Option C is incorrect because RA3 nodes have managed storage; disk space is not the issue.

Option D is incorrect because the number of slices per node is lower in RA3, but the primary factor is fewer nodes.

255
MCQmedium

A security team is auditing an Amazon RDS for SQL Server DB instance. They notice that SSL connections are not enforced. Which configuration change will enforce SSL for all connections?

A.Modify the security group to only allow inbound traffic on port 443.
B.Add the SQL Server SSL option to the option group.
C.Set the 'rds.force_ssl' parameter to 1 in the DB parameter group.
D.Change the DB subnet group to a public subnet.
AnswerC

This parameter forces SSL connections to the SQL Server DB instance.

Why this answer

Option D is correct because for RDS SQL Server, you can enforce SSL by setting the 'rds.force_ssl' parameter to 1 in the DB parameter group. Option A is wrong because security groups allow traffic but do not enforce SSL. Option B is wrong because the option group manages features like TDE, not SSL enforcement.

Option C is wrong because the DB subnet group defines network subnets, not SSL.

256
MCQhard

A company is planning to migrate a 5 TB Oracle data warehouse to Amazon Redshift. The migration must be completed within a 2-day maintenance window. The source database is heavily normalized and uses complex joins. Which strategy is most appropriate?

A.Use AWS DMS to directly migrate data to Redshift with full load and ongoing replication.
B.Export data to flat files, use S3 Transfer Acceleration to upload to S3, then COPY into Redshift.
C.Use AWS SCT to convert the Oracle schema to Redshift-compatible format, then use AWS DMS to load the data.
D.Use AWS Glue to crawl the Oracle schema and create Redshift tables, then run a Glue ETL job to load data.
AnswerC

SCT handles schema conversion, DMS handles data migration efficiently.

Why this answer

Option B is correct because Redshift is columnar and optimized for denormalized schemas; using SCT to convert the schema and DMS for data loading is the standard approach. Option A is wrong because direct copy does not account for schema conversion. Option C is wrong because S3 Transfer Acceleration only speeds up uploads, not schema conversion.

Option D is wrong because Glue is for ETL but not purpose-built for large-scale data warehouse migration with schema conversion.

257
MCQmedium

A logistics company uses Amazon RDS for MySQL to track package shipments. The 'shipments' table contains 200 million rows and has a primary key on 'shipment_id' (UUID). The application frequently queries for shipments by 'tracking_number', which is a unique string of 20 characters. The DBA created a B-tree index on tracking_number. The queries by tracking_number are fast, but inserts are becoming slower over time. The table has 50 GB of data. The company plans to double the insert rate next month. The database is a db.r5.large instance with 500 GB of Provisioned IOPS SSD storage. The instance's CPU utilization is below 30%, and there is no lock contention. What should the database specialist do to improve insert performance?

A.Add a read replica and route insert queries to the replica.
B.Drop the index on tracking_number to reduce write overhead.
C.Change the primary key from UUID to an auto-increment integer, and keep the tracking_number index.
D.Increase the provisioned IOPS to 20,000.
AnswerC

An auto-increment primary key allows sequential inserts, reducing page splits and improving insert speed.

Why this answer

Option C is correct because UUID primary keys cause random writes and index fragmentation, degrading insert performance as the table grows. Switching to an auto-increment integer primary key allows sequential writes to the clustered index, reducing page splits and improving insert throughput. The B-tree index on tracking_number remains to support fast queries, while the new primary key eliminates the UUID write overhead.

Exam trap

The trap here is that candidates often focus on index overhead or IOPS as the cause of slow inserts, overlooking the fundamental impact of UUID fragmentation on clustered index write performance.

How to eliminate wrong answers

Option A is wrong because read replicas cannot accept write traffic; they are read-only and do not improve insert performance. Option B is wrong because dropping the index on tracking_number would severely degrade query performance for the frequent tracking_number lookups, and the index overhead is not the primary cause of slow inserts (UUID fragmentation is). Option D is wrong because increasing IOPS does not address the root cause of random write amplification from UUID primary keys; CPU and IOPS are not the bottleneck (CPU is below 30%, storage is Provisioned IOPS SSD).

258
MCQeasy

A company is migrating a 100 GB Microsoft SQL Server database from an on-premises data center to Amazon RDS for SQL Server. The migration uses AWS DMS with full load only (no ongoing replication). The full load completes successfully, but the company's application team reports that some data in the target database is missing. The source database was not modified during the migration. The DMS task logs show no errors. What is the MOST likely cause of the missing data?

A.The DMS task used the 'Change Data Capture' mode instead of full load.
B.The target RDS instance was not large enough to store all data.
C.The DMS task did not use transactional consistency.
D.The source database had foreign key constraints that were not migrated.
AnswerC

Without transactional consistency, DMS may not capture all changes in a consistent state.

Why this answer

DMS full load captures a snapshot of the source database. If the source database has active transactions during the snapshot, some changes may not be included. Using transactional consistency ensures a consistent snapshot.

Disabling foreign keys is not recommended. Using a larger instance does not affect consistency.

259
MCQmedium

A social media application uses Amazon DynamoDB as its primary data store. The application stores user posts and allows users to retrieve the most recent 10 posts of users they follow. The access pattern is a followee-based query that needs to be highly scalable and low-latency. Which DynamoDB table design should the database specialist recommend?

A.Use a partition key of post ID and a local secondary index on the followee ID
B.Use a single table with a scan operation and filter on the followee attribute
C.Use a composite primary key with a partition key of follower ID and a sort key of timestamp, and store the followee ID as an attribute
D.Design the table with a partition key of user ID and a sort key of timestamp, and create a global secondary index (GSI) on followee ID
AnswerC

This design allows efficient Query on the follower ID to retrieve recent posts in reverse order by timestamp.

Why this answer

Option C is correct because it models the access pattern directly: the follower ID as the partition key ensures all posts from followed users are co-located, and the sort key of timestamp allows efficient retrieval of the most recent 10 posts via a Query with a limit of 10 and descending order. This design avoids expensive scans or secondary index lookups, meeting the low-latency and scalability requirements.

Exam trap

The trap here is that candidates often choose Option D because they think a GSI on followee ID solves the query pattern, but they overlook that the base table's partition key (user ID) does not match the follower-based access pattern, requiring multiple queries or a Scan, and the GSI still incurs additional latency and cost for index maintenance.

How to eliminate wrong answers

Option A is wrong because using post ID as the partition key scatters posts randomly across partitions, and a local secondary index on followee ID would require a full table scan to find all posts for a given followee, as LSIs cannot be queried independently of the base table's partition key. Option B is wrong because a Scan operation reads every item in the table and then filters on the followee attribute, which is not scalable and violates the low-latency requirement for a social media application. Option D is wrong because while a GSI on followee ID allows querying by followee, the base table's partition key of user ID does not align with the follower-based access pattern, and the GSI would still require a separate query for each followee, leading to multiple round trips and higher latency compared to a single query in Option C.

260
MCQeasy

A company is using Amazon RDS for MySQL and wants to restrict access to the database based on the source IP address. Which AWS feature should be used to achieve this?

A.DB Parameter Groups
B.VPC Security Groups
C.IAM Database Authentication
D.Network ACLs
AnswerB

Security groups act as a firewall for the DB instance, controlling inbound traffic based on IP or other security groups.

Why this answer

Security groups act as a virtual firewall for RDS instances. You can specify inbound rules that allow traffic only from certain IP addresses or other security groups. Network ACLs are for subnets, not individual instances.

IAM policies control API access, not network traffic. DB parameter groups configure database engine parameters.

261
Multi-Selecthard

A company is deploying a new application on AWS that requires a highly available relational database with automatic failover and read scaling. The database size is 100 GB and the workload is balanced between reads and writes. Which THREE AWS services or features should be used?

Select 3 answers
A.Multi-AZ deployment
B.DynamoDB Accelerator (DAX)
C.Amazon Aurora Replicas
D.Amazon Aurora
E.Amazon RDS Proxy
AnswersA, C, D

Aurora automatically replicates data across AZs, providing failover.

Why this answer

Amazon Aurora provides high availability and read scaling with its cluster architecture. Read replicas can be added for read scaling. Multi-AZ deployment ensures automatic failover.

Option A and C are correct; Option D is correct because Aurora itself provides Multi-AZ storage. Option B (RDS Proxy) is for connection pooling, not failover. Option E (DAX) is for DynamoDB caching.

262
MCQeasy

A database administrator is reviewing the configuration of an RDS MySQL instance. Based on the exhibit, which change would MOST improve the database's performance under heavy write workloads without increasing costs significantly?

A.Change the DB parameter group to a custom one with optimized MySQL parameters.
B.Increase the backup retention period to 35 days to improve performance.
C.Enable Multi-AZ to improve write performance.
D.Change the storage type from gp2 to gp3 to get higher baseline IOPS and throughput.
AnswerD

gp3 offers better performance per dollar than gp2.

Why this answer

Option B is correct because gp2 volumes have performance limits based on size; upgrading to gp3 provides better baseline performance and IOPS scaling. Option A is wrong because Multi-AZ is already enabled. Option C is wrong because default parameter groups are not optimized; custom groups can improve performance.

Option D is wrong because increasing backup retention period does not improve performance.

263
MCQeasy

A developer reports that an application's write requests to a DynamoDB table are failing with ProvisionedThroughputExceededException. The table uses provisioned capacity. Which immediate action will resolve the issue?

A.Switch the table to on-demand capacity
B.Implement exponential backoff in the application
C.Enable DynamoDB Accelerator (DAX)
D.Delete all global secondary indexes
AnswerB

Exponential backoff retries requests with increasing delays, reducing throttling.

Why this answer

Option C is correct because implementing exponential backoff reduces request rate temporarily. Option A is wrong because switching to on-demand takes 30 minutes. Option B is wrong because deleting GSI does not help writes to main table.

Option D is wrong because DAX caches reads, not writes.

264
MCQmedium

A company is migrating a 2 TB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. The database has a 4-hour downtime window. The company requires minimal data loss and wants to use AWS DMS. The on-premises network has a 100 Mbps internet connection. Which migration method should the company use?

A.Use AWS Schema Conversion Tool (SCT) to migrate the data to Amazon RDS.
B.Use AWS DMS with a full load only, then stop the source database and resume applications.
C.Use pg_dump and pg_restore to export and import the database during the downtime window.
D.Use AWS DMS with a full load and ongoing change data capture (CDC) replication.
AnswerD

Full load plus CDC minimizes downtime by replicating changes continuously.

Why this answer

Option B is correct because AWS DMS with a full load and ongoing CDC allows minimal downtime by continuously replicating changes. Option A is wrong because AWS DMS full load only does not capture ongoing changes, leading to data loss. Option C is wrong because pg_dump/pg_restore does not support CDC.

Option D is wrong because AWS SCT is a schema conversion tool, not a data migration tool.

265
MCQhard

A company has an Amazon RDS for MySQL database with Multi-AZ deployment. The database is experiencing high CPU utilization due to a reporting workload. The company wants to migrate to Amazon Aurora MySQL to improve performance and scalability. The migration must have minimal downtime. Which migration strategy meets these requirements?

A.Create an Aurora MySQL replica from the RDS MySQL instance and promote it
B.Take a snapshot of the RDS instance and restore it to an Aurora cluster
C.Migrate to a larger RDS MySQL instance to handle the workload
D.Use AWS DMS with full load and ongoing replication
AnswerA

This allows minimal downtime and uses native replication.

Why this answer

Option C is correct because creating an Aurora read replica from an RDS MySQL instance and then promoting it to a standalone Aurora cluster provides minimal downtime and leverages the built-in replication. Option A is wrong because taking a snapshot and restoring to Aurora requires downtime during the restore process. Option B is wrong because AWS DMS with full load plus CDC can achieve minimal downtime but is more complex and slower than using native replication.

Option D is wrong because migrating to a larger RDS instance does not address the need to move to Aurora.

266
MCQeasy

A startup is building a social media analytics platform that requires storing time-series data with frequent writes and queries for the last hour. Which AWS database service is BEST suited for this workload?

A.Amazon Timestream
B.Amazon RDS with MySQL
C.Amazon Neptune
D.Amazon DynamoDB
AnswerA

Timestream is a fast, scalable, serverless time-series database.

Why this answer

Option C is correct because Timestream is purpose-built for time-series data and supports high-frequency writes and recent data queries. Option A is wrong because RDS is not optimized for time-series. Option B is wrong because DynamoDB can store timestamps but lacks time-series optimizations.

Option D is wrong because Neptune is a graph database.

267
MCQeasy

A startup is using Amazon DynamoDB for a gaming leaderboard. The table has a partition key of 'game_id' and a sort key of 'score'. The application frequently queries the top 10 scores for a given game. Recently, users have reported that the leaderboard is showing stale data. The DBA checks the CloudWatch metrics and sees no throttling. The table has auto scaling enabled. The application uses eventual consistent reads. The DBA suspects that the issue is related to write conflicts. What should the DBA do to ensure the leaderboard shows the most recent data?

A.Modify the application to use strongly consistent reads for leaderboard queries.
B.Enable DynamoDB Streams and process updates in near-real-time.
C.Enable DynamoDB Accelerator (DAX) for caching.
D.Increase the write capacity units to reduce write throttling.
AnswerA

Strongly consistent reads return the most up-to-date data.

Why this answer

Option B is correct because using strongly consistent reads ensures the latest data is read. Option A is wrong because increasing WCU does not affect consistency. Option C is wrong because DAX caches data and may serve stale data.

Option D is wrong because DynamoDB Streams are for change data capture, not consistency.

268
MCQmedium

A company is designing a database for a global e-commerce platform that requires low-latency reads and writes across multiple AWS Regions. The database must support strongly consistent reads and provide automatic failover. Which AWS service should the company use?

A.Amazon ElastiCache for Redis global datastore
B.Amazon S3 with cross-region replication
C.Amazon Aurora Global Database
D.Amazon DynamoDB global tables
AnswerD

DynamoDB global tables provide multi-Region, multi-master replication with strong consistency and automatic failover.

Why this answer

Amazon DynamoDB global tables provide a fully managed, multi-Region, multi-active database solution that delivers low-latency reads and writes across AWS Regions. It supports strongly consistent reads when using the same-Region endpoint and offers automatic failover by allowing any Region to handle writes independently, ensuring high availability without manual intervention.

Exam trap

The trap here is that candidates often confuse Amazon Aurora Global Database (which is active-passive) with a multi-active solution, assuming it supports automatic failover for writes across Regions, but DynamoDB global tables are the only option that provides true multi-Region write capability with automatic failover.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis global datastore is an in-memory cache, not a durable database, and it does not support strongly consistent reads across Regions (it offers eventual consistency for cross-Region replication). Option B is wrong because Amazon S3 with cross-region replication is an object storage service that does not support strongly consistent writes across Regions (replication is eventually consistent) and lacks automatic failover for database workloads. Option C is wrong because Amazon Aurora Global Database supports only one primary Region for writes (active-passive), so it does not provide multi-Region write capability or automatic failover for writes across Regions; failover requires promoting a secondary Region, which is not automatic.

269
MCQeasy

A database administrator is monitoring Amazon RDS for PostgreSQL using CloudWatch. The DB instance shows high CPU utilization, but the number of connections is normal. What is the most likely cause of the high CPU utilization?

A.The DB instance has a low burst balance for gp2 storage.
B.The instance is low on memory and is swapping.
C.There are long-running queries or missing indexes causing high CPU usage.
D.The DB instance has a large number of Read Replicas.
AnswerC

Inefficient queries can consume CPU cycles even with normal connection counts.

Why this answer

Option B is correct because high CPU utilization with normal connections often indicates inefficient queries or missing indexes causing full table scans. Option A is incorrect because burst balance is for gp2 storage, not CPU. Option C is incorrect because insufficient memory usually causes swapping, not high CPU.

Option D is incorrect because ReadReplicas do not affect CPU on the primary instance.

270
MCQmedium

Refer to the exhibit. A database engineer runs the query above to troubleshoot an application error. The query returns no results even though the database is generating errors. What is the most likely reason?

A.The log stream format uses a different field name for the error message
B.The regex pattern does not match because it is case-sensitive
C.The query does not specify a time range, so no results are returned
D.The log group has not been configured to export to CloudWatch Logs
AnswerA

The error message may be in a field like 'log' or 'msg' instead of 'message'.

Why this answer

Option D is correct because the query filters on the 'message' field, but the log stream format may have the error message in a different field. Option A is wrong because the query already uses case-insensitive matching. Option B is wrong because the log group configuration does not affect the query field names.

Option C is wrong because the query does not specify a time range, but that would return results from the last 15 minutes by default.

271
MCQeasy

A company wants to test an application against an Amazon RDS for MySQL database with a recent set of production data without impacting the production database. The test database must be available quickly and be refreshed regularly. Which solution should be used?

A.Export production data to S3 and import into a test instance using Lambda.
B.Create a read replica of the production database, then promote it to a standalone instance for testing.
C.Use AWS DMS to continuously replicate data from production to a test RDS instance.
D.Create a snapshot of the production database and restore it as a new RDS instance.
AnswerB

A read replica can be promoted quickly and refreshed by creating a new replica.

Why this answer

Option B is correct because a read replica can be created from the production instance and then promoted to a standalone instance for testing. Option A is wrong because it would impact production performance. Option C is wrong because DMS is for migration, not for creating test copies.

Option D is wrong because S3 is not a database.

272
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle using AWS DMS. The source database is 2 TB and has high transaction volume. The migration needs minimal downtime. Currently, full load completes but CDC task fails with 'ORA-1555: snapshot too old' errors. What should the DBA do to resolve this?

A.Restart the migration with a new full load and use a smaller task.
B.Increase the undo retention period and undo tablespace size on the source Oracle database.
C.Enable supplemental logging on the source and use a larger DMS instance.
D.Reduce the transaction volume by pausing non-essential transactions during CDC.
AnswerB

Larger undo retention prevents snapshot too old errors.

Why this answer

Snapshot too old error occurs when undo data is overwritten. Increasing undo retention and tablespace size allows DMS to read consistent data. Option A is correct.

Option B reduces performance. Option C increases log volume. Option D may cause data loss.

273
MCQhard

A financial company uses Amazon RDS for PostgreSQL with a custom parameter group. The security team wants to ensure that all connections to the database are encrypted in transit. Which combination of actions should the database administrator take? (Select TWO.)

A.Attach an IAM role to the RDS instance to authenticate users.
B.Change the database port to 8432 to use a non-standard port.
C.Set 'ssl' to 'off' in the parameter group.
D.Set the parameter 'rds.force_ssl' to 1 in the custom parameter group.
E.Modify the security group to allow inbound traffic only on port 5432 with the '--ssl' option.
AnswerD, E

This forces all connections to use SSL.

Why this answer

Options A and B are correct because setting rds.force_ssl to 1 forces SSL connections, and requiring SSL in the security group allows only encrypted traffic. Option C is wrong because the default PostgreSQL port is 5432, and changing it does not enforce encryption. Option D is wrong because disabling SSL in the parameter group would prevent encrypted connections.

Option E is wrong because IAM roles are for authentication, not transport encryption.

274
MCQhard

A company runs a critical application on Amazon RDS for MySQL with Multi-AZ deployment. The application performs frequent writes. The DB instance's CPU utilization is consistently above 80%, and the write latency is high. The company wants to improve write performance without changing the application code. Which solution is MOST effective?

A.Enable Multi-AZ with synchronous replication to a standby instance.
B.Add a read replica to offload read traffic.
C.Increase the DB instance class to a larger size with more vCPUs.
D.Migrate the database to Amazon Aurora MySQL.
AnswerD

Aurora provides higher write throughput and lower latency.

Why this answer

Migrating to Amazon Aurora MySQL provides better write performance due to its distributed storage and optimized write path. Option A (increasing instance size) can help but may not be as effective as Aurora; Option C (adding read replicas) does not help write performance; Option D (using Multi-AZ with synchronous replication) already has Multi-AZ, and the latency is due to CPU, not replication.

275
Multi-Selectmedium

A company is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several large tables with frequent INSERT and UPDATE operations. Which TWO actions should be taken to optimize performance after migration?

Select 2 answers
A.Enable autovacuum and configure it to run more frequently on the large tables.
B.Use the Aurora PostgreSQL integration with Amazon S3 for bulk data loading.
C.Set synchronous_commit to ON to ensure data durability.
D.Deploy an RDS Proxy in front of the Aurora cluster to reduce connection overhead.
E.Partition the large tables by date to improve query performance.
AnswersA, B

Autovacuum prevents bloat from frequent updates, maintaining query performance.

Why this answer

Options A and D are correct: Autovacuum is essential for managing dead tuples and maintaining performance in PostgreSQL. S3 integration provides fast bulk load/unload. Option B is wrong because synchronous commit reduces performance for transactional workloads.

Option C is wrong because Aurora PostgreSQL manages storage automatically; manual partitioning may not be needed. Option E is wrong because RDS Proxy adds overhead for connection pooling but does not directly optimize DML performance.

276
MCQeasy

A company is designing a database for an IoT application that ingests millions of time-series data points per second. The database must support high-throughput writes and efficient querying of recent data. Which AWS database service is MOST suitable?

A.Amazon RDS for PostgreSQL
B.Amazon Timestream
C.Amazon DynamoDB with TTL
D.Amazon Redshift
AnswerB

Timestream is purpose-built for time-series.

Why this answer

Amazon Timestream is purpose-built for time-series data, offering a serverless architecture that ingests millions of data points per second with automatic scaling. It provides efficient storage and querying of recent data through its memory store, while tiering older data to a cost-optimized magnetic store, making it the most suitable choice for high-throughput IoT time-series workloads.

Exam trap

AWS often tests the misconception that any high-throughput NoSQL database (like DynamoDB) is suitable for time-series workloads, but the key differentiator is the need for native time-series query capabilities and automatic data lifecycle management, which Timestream provides and DynamoDB lacks.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for PostgreSQL is a relational database optimized for OLTP workloads with row-based storage, not designed for the high-ingest rates and time-series-specific query patterns (e.g., downsampling, interpolation) required by IoT data. Option C is wrong because Amazon DynamoDB with TTL supports high-throughput writes but lacks native time-series query optimizations such as time-based aggregation, window functions, or automatic data tiering; TTL only handles data expiration, not efficient querying of recent data across millions of points per second. Option D is wrong because Amazon Redshift is a columnar data warehouse optimized for complex analytical queries on large datasets, not for real-time, high-frequency writes of individual time-series data points; its ingestion latency and cost model are unsuitable for per-second write rates.

277
MCQmedium

A company is migrating a database using AWS DMS. The IAM policy shown is attached to the DMS replication instance role. When the DMS replication task is created in the us-west-2 region, it fails. What is the most likely cause?

A.The IAM policy does not allow the 'dms:CreateReplicationTask' action.
B.The IAM policy does not specify the VPC where the replication instance is deployed.
C.The IAM policy does not specify the resource ARN for the replication instance.
D.The IAM policy restricts the region to us-east-1, but the task is created in us-west-2.
AnswerD

The condition 'aws:RequestedRegion' restricts to us-east-1 only.

Why this answer

Option D is correct because the policy restricts DMS actions to only the us-east-1 region. Option A is wrong because the policy allows 'dms:CreateReplicationTask' and 'dms:StartReplicationTask'. Option B is wrong because the policy does not specify VPC conditions.

Option C is wrong because the policy allows all resources.

278
MCQmedium

A company uses Amazon DynamoDB to store user session data for a web application. The table has a partition key of 'user_id' and no sort key. Each item is about 5 KB. The application performs frequent GetItem and UpdateItem operations. Recently, the application has been experiencing higher than expected latency and some throttling. The table's read and write capacity are set to on-demand mode. The CloudWatch metrics show that the ConsumedWriteCapacityUnits are well below the provisioned limits (if they were provisioned), but there are occasional ThrottledWriteEvents. The application team also notices that the throttling occurs for specific users. What is the most likely cause and solution?

A.Create a global secondary index with a different partition key for the hot users.
B.Add a sort key to the table to improve data distribution.
C.Implement write sharding by appending a random suffix to the partition key for high-traffic users.
D.Switch to provisioned capacity mode and increase the write capacity units significantly.
AnswerC

Write sharding distributes writes across multiple partitions, avoiding hot partitions.

Why this answer

Option B is correct because throttling for specific users indicates a hot partition, even with on-demand capacity, because DynamoDB distributes throughput evenly across partitions. A single partition can be throttled if its activity exceeds 3000 RCU or 1000 WCU. Option A (increasing capacity) is irrelevant for on-demand.

Option C (adding a sort key) doesn't help because the partition key is already the main access pattern. Option D (adding a GSI) may not solve the hot partition issue for the base table writes.

279
Multi-Selectmedium

A company is migrating an on-premises Oracle database with complex stored procedures and triggers to AWS. They want to minimize code changes. Which two AWS database services should they consider? (Choose two.)

Select 2 answers
A.Amazon DynamoDB
B.Amazon RDS for Oracle
C.Amazon S3
D.Amazon Redshift
E.Amazon Aurora PostgreSQL with Babelfish
AnswersB, E

Directly supports Oracle PL/SQL with minimal changes.

Why this answer

Amazon RDS for Oracle is a direct migration target for on-premises Oracle databases, supporting the same Oracle Database engine. This minimizes code changes because existing stored procedures, triggers, and PL/SQL code can run with minimal or no modification, leveraging Oracle's native compatibility.

Exam trap

The trap here is that candidates may confuse Babelfish's T-SQL compatibility with Oracle PL/SQL support, or incorrectly assume that any 'Aurora' or 'PostgreSQL' service can handle Oracle stored procedures without modification.

280
MCQmedium

A company is using Amazon DynamoDB for a gaming leaderboard. The table has a partition key of 'game_id' and a sort key of 'score'. The table is configured with on-demand capacity. During a major tournament, the application experiences high latency and some requests return 'ProvisionedThroughputExceededException' errors. The CloudWatch metric 'ThrottledRequests' spikes. The application uses a single partition key for all writes during the tournament (game_id = 'tournament_final'). What is the most likely cause of the throttling, and what is the best solution?

A.The application is using a single partition key, causing all writes to go to one partition. The team should redesign the partition key to distribute writes across multiple partitions
B.The application is using a single partition key, causing all writes to go to one partition. The team should implement DAX to cache writes
C.The table has a global secondary index that is throttling writes; the team should remove the GSI
D.The table is using on-demand capacity, which has a maximum throughput limit per partition; the team should switch to provisioned capacity with auto scaling
AnswerA

Distributing the write load across partitions avoids throttling.

Why this answer

Option C is correct because using a single partition key creates a hot partition, leading to throttling even with on-demand capacity (which has per-partition limits). The best solution is to redesign the partition key to distribute writes. Option A is incorrect because auto scaling is not needed for on-demand.

Option B is incorrect because DAX caches reads, not writes. Option D is incorrect because creating a GSI does not affect write throttling on the base table.

281
MCQmedium

A company has an Amazon RDS for Oracle DB instance that stores Personally Identifiable Information (PII). The security team requires that the data be transparently encrypted at rest using a key stored in AWS CloudHSM. What should the database administrator do to meet this requirement?

A.Use Oracle Data Pump to export the data, encrypt it using CloudHSM, and import it back into RDS.
B.Enable TDE and configure the Oracle wallet to point to the CloudHSM key.
C.Enable TDE and use AWS KMS as the key manager by integrating with the Oracle TDE keystore.
D.Create a custom DB engine using a custom AMI that includes CloudHSM integration.
AnswerC

RDS Oracle TDE supports AWS KMS integrated key management.

Why this answer

Oracle Transparent Data Encryption (TDE) can use an external hardware security module (HSM) via the Oracle Key Vault or direct integration. However, AWS CloudHSM is not directly supported by RDS for Oracle TDE. RDS Oracle supports TDE using the Oracle wallet or AWS KMS (for integrated TDE).

To use CloudHSM, you would need to run Oracle on EC2, not RDS. Option A is not supported; Option B is for KMS; Option D is incorrect because RDS does not allow custom init scripts. The correct approach is to use AWS KMS, which is the only supported method for TDE key management in RDS Oracle.

282
MCQhard

A financial services company stores sensitive data in an Amazon DynamoDB table. The security team requires that all data at rest be encrypted with a customer-managed key that is rotated automatically every 12 months. The company also needs to audit key usage. Which solution meets these requirements?

A.Use server-side encryption with S3-managed keys (SSE-S3) for the DynamoDB table.
B.Use AWS CloudHSM to generate and store the encryption key. Configure the application to encrypt data before writing to DynamoDB.
C.Enable encryption at rest using the default DynamoDB encryption option (AWS owned key). Use AWS CloudTrail to audit key usage.
D.Enable encryption at rest using an AWS KMS customer-managed CMK. Configure automatic key rotation with a 12-month period. Use AWS CloudTrail to audit key usage.
AnswerD

KMS customer-managed CMKs support automatic rotation every 12 months and CloudTrail auditing.

Why this answer

DynamoDB supports encryption at rest with AWS KMS customer-managed CMKs. Automatic key rotation every 12 months is a feature of KMS for CMKs. CloudTrail logs KMS API calls for auditing.

Option B uses the default AWS-managed key, which cannot be rotated manually but rotates automatically every 3 years, not 12 months; also, auditing is possible but the key is not customer-managed. Option C uses SSE-S3, which is for S3, not DynamoDB. Option D uses CloudHSM, which provides HSMs but does not automatically rotate keys every 12 months.

283
Multi-Selectmedium

A company is migrating a MySQL database to Amazon RDS for MySQL. They want to use AWS DMS for continuous replication. Which TWO prerequisites must be met before starting the migration?

Select 2 answers
A.Enable binary logging (binlog) on the source MySQL database.
B.Ensure the DMS replication instance has network connectivity to the source and target databases.
C.Set the source database to read-only mode during migration.
D.Place the source database in a VPC.
E.Create an S3 bucket to store the migration logs.
AnswersA, B

Binary logging is necessary for DMS to capture ongoing changes.

Why this answer

Options A and B are correct. DMS requires binary logging to be enabled on the source for CDC, and the replication instance must be in a VPC with network access. Option C is wrong because the source database does not need to be in a VPC.

Option D is wrong because DMS supports continuous replication without requiring read-only mode. Option E is wrong because S3 is not required for DMS.

284
MCQmedium

A company is migrating a 2 TB Oracle database from on-premises to Amazon RDS for Oracle. The network bandwidth is 100 Mbps. The migration must be completed within 3 days. Which approach is MOST efficient?

A.Use AWS DMS with parallel load and ongoing replication.
B.Use Oracle RMAN to create a backup and restore to RDS.
C.Use Oracle Data Pump with a single export and import.
D.Use Oracle GoldenGate for real-time replication.
AnswerA

DMS parallel load reduces migration time.

Why this answer

Option C is correct because AWS DMS with parallel load can significantly speed up the migration by loading multiple tables simultaneously. Option A is wrong because a single-threaded export/import may not complete within 3 days on 100 Mbps. Option B is wrong because Oracle GoldenGate requires additional licensing and setup.

Option D is wrong because RMAN backup and restore requires transferring the full backup over the network.

285
MCQmedium

A company uses Amazon RDS for MySQL to store e-commerce order data. The orders table has millions of rows and is frequently queried by order_id. The company also runs periodic reports that aggregate data by order_date. The reports are slow. The database has a primary key on order_id. The company needs to improve report performance without affecting OLTP queries. Which design change should be made?

A.Create a secondary index on order_date.
B.Upgrade to a larger instance type.
C.Create a read replica and run reports on the replica.
D.Partition the table by order_date.
AnswerA

A secondary index on order_date speeds up date-based aggregations without impacting OLTP queries.

Why this answer

Creating a secondary index on order_date allows MySQL to quickly locate rows matching the report's date range without scanning the entire table, significantly improving aggregation performance. This index is separate from the primary key on order_id, so OLTP queries that filter by order_id remain unaffected. The index provides a balanced approach: it accelerates read-heavy reporting while adding minimal overhead to write operations.

Exam trap

The trap here is that candidates often assume a read replica (Option C) solves all performance issues, but without an appropriate index, the replica still performs full table scans, making the reports slow regardless of where they run.

How to eliminate wrong answers

Option B is wrong because upgrading to a larger instance type increases CPU, memory, and I/O capacity but does not address the root cause of slow reports—the lack of an efficient access path for date-based queries; it merely masks the performance issue with more resources. Option C is wrong because creating a read replica offloads reporting traffic from the primary instance, but the replica still lacks an index on order_date, so the reports will remain slow on the replica. Option D is wrong because partitioning the table by order_date can improve partition pruning for date-range queries, but it introduces complexity and may negatively impact OLTP queries that filter by order_id, as MySQL must search across multiple partitions; additionally, partitioning does not replace the need for an index on the partitioning key.

286
MCQhard

A company needs to migrate an on-premises Oracle database to AWS with minimal changes to the application code. The application uses complex stored procedures and has high availability requirements. Which database service should be used?

A.Amazon RDS for Oracle
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon Aurora PostgreSQL
AnswerA

RDS for Oracle provides full Oracle compatibility with Multi-AZ for high availability.

Why this answer

Amazon RDS for Oracle is the correct choice because it provides native Oracle compatibility, supporting complex stored procedures, PL/SQL, and existing application code with minimal changes. It also offers Multi-AZ deployments for high availability, meeting the requirement without requiring a complete rewrite.

Exam trap

The trap here is that candidates may choose Amazon Aurora PostgreSQL due to its high availability and performance, overlooking the fact that it does not support Oracle-specific stored procedures and PL/SQL, which would require costly application rewrites.

How to eliminate wrong answers

Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support complex stored procedures or Oracle PL/SQL, requiring significant application code changes. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not for transactional workloads with complex stored procedures. Option D is wrong because Amazon Aurora PostgreSQL, while highly available, uses PostgreSQL syntax and does not natively support Oracle-specific stored procedures or PL/SQL, necessitating code modifications.

287
MCQhard

Refer to the exhibit. An engineer runs the CLI command to check security groups attached to the RDS instance 'mydb'. The output shows only one security group. The engineer wants to ensure that only traffic from an application server with IP 10.0.1.5 is allowed to the database port 3306. Which security group rule should be added?

A.Add an inbound rule to allow traffic from 10.0.1.5/32 on port 80.
B.Add an inbound rule to allow traffic from 10.0.1.5/32 on port 3306.
C.Add an outbound rule to allow traffic to 10.0.1.5 on port 3306.
D.Add an inbound rule to allow traffic from 0.0.0.0/0 on port 3306.
AnswerB

Correctly restricts access to the specific IP.

Why this answer

To allow only specific IP, an inbound rule for MySQL port 3306 from source 10.0.1.5/32 is needed. Option C is correct. Option A is wrong because outbound rules control egress.

Option B is wrong because a rule allowing all traffic (0.0.0.0/0) would be insecure. Option D is wrong because HTTP port is not relevant.

288
MCQhard

A company runs a multi-tenant SaaS platform on AWS. Each tenant has their own database schema within a shared PostgreSQL database on Amazon RDS. The platform has grown to thousands of tenants, and the single RDS instance is experiencing performance degradation due to resource contention. Queries from one tenant can impact others. The company needs a solution that isolates tenants, provides predictable performance, and allows easy scaling. They also want to minimize application changes. The application uses an ORM that dynamically constructs SQL queries based on the tenant ID. Which solution is BEST?

A.Migrate to Amazon Aurora PostgreSQL and use Aurora Auto Scaling to add reader nodes as needed.
B.Create separate RDS instances for each tenant and use RDS Proxy to pool connections per tenant. Modify the application to select the appropriate database instance based on tenant ID.
C.Implement Amazon RDS Proxy in front of the existing RDS instance to manage connections and reduce contention.
D.Migrate the application to use Amazon DynamoDB with tenant ID as the partition key, using global tables for scalability.
AnswerB

This provides full isolation and predictable performance. RDS Proxy reduces connection overhead. Application changes are limited to connection routing logic.

Why this answer

The best solution is to use Amazon RDS Proxy with a connection pool per tenant, but that does not provide isolation. The most effective approach is to migrate to Amazon Aurora, which can handle many connections and provides better performance. However, the key is to use a separate database per tenant (database-per-tenant model) with a pool of RDS instances.

The most AWS-native approach is to use Amazon RDS for PostgreSQL with pg_partman or use a separate RDS instance per tenant, but that is costly. The best solution is to use Aurora Serverless v2, which can scale to zero and provides isolation through separate Aurora clusters? But that may require many clusters. The optimal solution is to use Amazon RDS with a separate database per tenant and use a connection pooling service like RDS Proxy to manage connections.

The application changes are minimal because the ORM can be configured to use a different connection string per tenant. However, the question asks for the BEST solution. Option A: Use RDS Proxy with a single database but with connection pooling; does not isolate.

Option B: Migrate to Aurora and use Aurora Auto Scaling; still shared. Option C: Implement a database-per-tenant model with separate RDS instances and use RDS Proxy for each; provides isolation but complex. Option D: Use Amazon DynamoDB with tenant ID as partition key; provides isolation and scaling but requires application changes to use DynamoDB instead of PostgreSQL.

The stem says 'minimize application changes', so moving from PostgreSQL to DynamoDB would require significant changes. Therefore, the best is to use a database-per-tenant approach with RDS and RDS Proxy. But among the options, likely one suggests using Aurora with separate databases per tenant.

I'll craft the options accordingly.

289
Multi-Selecteasy

A company is migrating its on-premises PostgreSQL database to Amazon Aurora PostgreSQL. The migration must have minimal downtime. Which THREE steps should be taken as part of the migration plan? (Select THREE.)

Select 3 answers
A.Perform a test migration to validate the process.
B.Enable Multi-AZ on the Aurora cluster before migration.
C.Update the application connection string to point to the Aurora cluster after cutover.
D.Use AWS DMS to perform a full load and then ongoing replication.
E.Disable automated backups on the Aurora cluster to improve performance.
AnswersA, C, D

Testing ensures the migration works correctly before the actual cutover.

Why this answer

Options A, B, and C are correct. Setting up replication from the on-premises database to Aurora using AWS DMS with ongoing replication allows the target to stay up-to-date with minimal downtime. Performing a test migration ensures the process works.

After the cutover, the application connection string must be updated. Option D is incorrect because disabling automated backups is not recommended; backups are essential. Option E is incorrect because enabling Multi-AZ is for high availability, not a migration step.

290
MCQeasy

A company needs to securely store and manage the master password for their Amazon RDS for PostgreSQL instance. Which AWS service is purpose-built for managing secrets with automatic rotation?

A.AWS Key Management Service (KMS)
B.AWS Secrets Manager
C.AWS Identity and Access Management (IAM)
D.AWS CloudHSM
AnswerB

Secrets Manager is designed for storing and rotating database credentials.

Why this answer

Option B is correct because AWS Secrets Manager is designed for secret management with built-in rotation. Option A is wrong because KMS is for encryption keys, not secret management. Option C is wrong because CloudHSM provides hardware security modules but not secret rotation.

Option D is wrong because IAM is for identity and access management, not secret storage.

291
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 1 TB and has a large number of stored procedures and triggers. The migration must minimize application changes. Which migration approach should be used?

A.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema and AWS DMS for data migration
B.Use AWS Database Migration Service (AWS DMS) with full load and ongoing replication
C.Use Oracle Data Pump (expdp/impdp) to export and import the database
D.Use AWS S3 to store the data and AWS Glue to transform and load into RDS
AnswerB

AWS DMS supports ongoing replication to minimize downtime.

Why this answer

AWS DMS with ongoing replication allows for minimal downtime and can migrate data while keeping the source database running. Option A is incorrect because expdp/impdp does not support ongoing replication. Option C is incorrect because using S3 as an intermediate step adds complexity.

Option D is incorrect because AWS SCT is for schema conversion, not data migration.

292
Multi-Selectmedium

A company is designing a disaster recovery strategy for Amazon DynamoDB. The strategy must have an RPO of 5 minutes and RTO of 1 hour. Which TWO options meet these requirements? (Choose 2.)

Select 2 answers
A.On-demand backups
B.Point-in-time recovery (PITR)
C.Cross-Region Replication (CRR) to S3
D.Global tables
E.Scheduled backups using AWS Backup
AnswersB, D

PITR allows restore to any point within seconds, meeting RPO.

Why this answer

Option A is correct because point-in-time recovery can restore to any point in last 35 days with 1-second granularity. Option C is correct because global tables provide multi-region replication with sub-second latency. Option B is incorrect because on-demand backup does not meet RPO.

Option D is incorrect because scheduled backups have fixed intervals. Option E is incorrect because it is not a DynamoDB feature.

293
MCQmedium

A company is using an Amazon RDS for MySQL DB instance to store sensitive customer data. A security audit reveals that all database traffic between the application and the database is transmitted in plaintext. Which configuration change would encrypt data in transit for new connections?

A.Modify the DB instance to require SSL/TLS connections and update the application connection string to use SSL.
B.Configure the DB instance to be in a VPC with a VPC peering connection to the application's VPC.
C.Enable encryption at rest for the RDS DB instance using AWS KMS.
D.Enable IAM database authentication for the DB instance.
AnswerA

This encrypts data in transit for new connections.

Why this answer

Enabling SSL/TLS for the RDS DB instance encrypts data in transit. Once enabled, clients can connect using SSL/TLS. Option A is incorrect because RDS encryption at rest does not affect data in transit.

Option B is incorrect because VPC peering does not encrypt traffic. Option D is incorrect because enabling IAM database authentication does not encrypt the connection.

294
MCQmedium

A gaming company runs a global leaderboard on Amazon DynamoDB. The leaderboard is updated frequently and must return the top 100 scores in milliseconds. The current design uses a single table with a Global Secondary Index (GSI) on score. However, the query to retrieve top scores often throttles under load. Which design change would best improve performance?

A.Use a scan operation with a filter to retrieve top scores.
B.Implement a write shard pattern using a random suffix on the partition key and a GSI on score.
C.Add DynamoDB Accelerator (DAX) in front of the table.
D.Switch to strongly consistent reads for the leaderboard query.
AnswerB

Sharding distributes write load, and the GSI on score enables efficient range queries for top scores.

Why this answer

Option B is correct because the write shard pattern distributes high-frequency writes across multiple partition keys by appending a random suffix, preventing hot partitions. The GSI on score still allows efficient top-N queries by scanning the index in descending order. This avoids throttling by spreading write capacity evenly, while the GSI remains a sparse index that can be queried without impacting the base table's write throughput.

Exam trap

The trap here is that candidates often assume caching (DAX) or consistency changes will fix throttling, but the real issue is write-side hot partitions, which the write shard pattern directly addresses by distributing the write load.

How to eliminate wrong answers

Option A is wrong because a scan operation reads every item in the table, which is inefficient and costly, and filtering after a scan does not reduce the read capacity consumed, leading to even more throttling under load. Option C is wrong because DAX is an in-memory cache that accelerates reads but does not solve write-side throttling caused by hot partitions; it also adds latency for writes and does not help with the write-heavy leaderboard updates. Option D is wrong because strongly consistent reads consume twice the read capacity units of eventually consistent reads and do not address the root cause of write throttling; the leaderboard query is a read operation, but the bottleneck is write contention on hot partitions.

295
MCQmedium

A company runs an Amazon Aurora MySQL database with read replicas to handle read traffic. During a recent load test, the primary instance CPU utilization reached 90%, but read replicas remained below 50%. The application uses a custom ORM that connects to a single endpoint. Which change will best distribute read traffic?

A.Configure the application to use the Aurora reader endpoint for read queries.
B.Use Amazon RDS Proxy with read/write splitting.
C.Place the read replicas behind an Application Load Balancer.
D.Enable Aurora Auto Scaling for replicas and use the cluster endpoint for both read and write.
AnswerA

Reader endpoint load balances across read replicas.

Why this answer

Aurora read replicas are accessed through the reader endpoint, not the cluster endpoint. Option A is correct. Option B is wrong because read replicas use reader endpoint.

Option C is not a feature of Aurora. Option D is incorrect because ProxySQL is not needed.

296
MCQmedium

A company is migrating a 2 TB Oracle database to Amazon Aurora PostgreSQL. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used?

A.AWS DataSync
B.Amazon S3 Glacier
C.AWS Database Migration Service (AWS DMS)
D.AWS Schema Conversion Tool (AWS SCT)
AnswerC

DMS supports heterogeneous migrations and ongoing replication from Oracle to Aurora.

Why this answer

AWS Database Migration Service (AWS DMS) is the correct choice because it supports ongoing replication (change data capture, CDC) from an Oracle source to an Amazon Aurora PostgreSQL target, enabling a migration with minimal downtime. DMS can handle a 2 TB database by using a large replication instance and tuning task settings, and it continuously replicates changes until the cutover is complete.

Exam trap

The trap here is that candidates often confuse AWS SCT (schema conversion) with the actual data migration, or they assume DataSync can handle database replication, but DMS is the only service that provides both schema conversion (via SCT integration) and ongoing data replication for heterogeneous migrations.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is designed for transferring large datasets over the network or between on-premises storage and AWS storage services (e.g., S3, EFS, FSx), but it does not support ongoing replication or heterogeneous database migrations like Oracle to Aurora PostgreSQL. Option B is wrong because Amazon S3 Glacier is a cold storage service for archival data, not a migration tool; it cannot perform live database replication or schema conversion. Option D is wrong because AWS Schema Conversion Tool (AWS SCT) is used to convert the source database schema and code to a target-compatible format, but it does not perform the actual data migration or ongoing replication; SCT is typically used in conjunction with DMS, not as a standalone migration service.

297
MCQeasy

A developer needs to restore an Amazon RDS for PostgreSQL DB instance to a specific point in time within the retention period. What must be enabled for this operation to be possible?

A.Deletion protection enabled.
B.A read replica in the same region.
C.Automated backups with a retention period greater than 0.
D.Multi-AZ deployment.
AnswerC

PITR relies on automated backups and transaction logs.

Why this answer

Option A is correct because automated backups (enabled by default with a retention period) are required for point-in-time recovery (PITR). Option B is incorrect because Multi-AZ is not required for PITR. Option C is incorrect because read replicas are not needed.

Option D is incorrect because deletion protection prevents accidental deletion but does not affect PITR.

298
MCQmedium

Refer to the exhibit. A CloudFormation template creates a DynamoDB table. The application team needs to query orders by customer ID (which is not a key attribute). Which change to the template would enable efficient querying by customer ID?

A.Change the KeySchema to use CustomerID as the hash key
B.Add a LocalSecondaryIndex on CustomerID
C.Add a GlobalSecondaryIndex with CustomerID as the hash key and OrderDate as the range key
D.Enable DynamoDB Streams and use Lambda to populate a separate table
AnswerC

GSI allows efficient querying by CustomerID.

Why this answer

Option C is correct because a GlobalSecondaryIndex (GSI) allows querying on a non-key attribute (CustomerID) with a different key schema than the base table. By specifying CustomerID as the hash key and OrderDate as the range key, the application can efficiently query orders by CustomerID and optionally sort by OrderDate, without affecting the base table's primary key structure.

Exam trap

The trap here is that candidates often confuse LocalSecondaryIndexes (LSIs) with GlobalSecondaryIndexes (GSIs), incorrectly assuming an LSI can be created on any attribute, when in fact an LSI must share the same hash key as the base table and can only be added during table creation.

How to eliminate wrong answers

Option A is wrong because changing the KeySchema to use CustomerID as the hash key would break existing access patterns that rely on the original primary key (e.g., OrderID), and CustomerID is not guaranteed to be unique, leading to data overwrites. Option B is wrong because a LocalSecondaryIndex (LSI) can only be created on tables with a composite primary key (hash and range key) and must use the same hash key as the base table; since CustomerID is not the base table's hash key, an LSI cannot be defined on it. Option D is wrong because using DynamoDB Streams and Lambda to populate a separate table adds operational complexity, latency, and cost, and is not the simplest or most efficient solution for enabling querying by a non-key attribute when a GSI directly solves the requirement.

299
MCQhard

A company is using Amazon RDS for Oracle with a very large database (10 TB). They need to migrate to Amazon Aurora PostgreSQL with minimal downtime. The source database is heavily used with constant writes. Which migration strategy is most appropriate?

A.Export the Oracle database using expdp and import into Aurora PostgreSQL using pg_restore.
B.Use AWS Database Migration Service (DMS) with ongoing replication to migrate from Oracle to Aurora PostgreSQL.
C.Create a read replica of the RDS Oracle instance and promote it to an Aurora PostgreSQL instance.
D.Use Oracle GoldenGate to replicate data to an Aurora PostgreSQL instance.
AnswerB

DMS supports full load and CDC, minimizing downtime.

Why this answer

AWS DMS with ongoing replication (change data capture) is the most appropriate strategy for migrating a heavily written 10 TB Oracle database to Aurora PostgreSQL with minimal downtime. DMS can perform a full load of the existing data and then continuously replicate changes from Oracle's redo logs to Aurora PostgreSQL, allowing the source to remain fully operational until a brief cutover window. This approach minimizes downtime compared to offline export/import methods and is natively supported by AWS.

Exam trap

The trap here is that candidates may confuse read replicas (which are engine-specific and cannot change database engines) with DMS replication, or assume that Oracle GoldenGate is always the best choice for heterogeneous migrations without considering AWS-native alternatives like DMS.

How to eliminate wrong answers

Option A is wrong because expdp and pg_restore are incompatible tools (Oracle export/import vs. PostgreSQL restore), and this offline method would require significant downtime for a 10 TB database with constant writes, making minimal downtime impossible. Option C is wrong because RDS for Oracle does not support creating a read replica that can be promoted to a different database engine (Aurora PostgreSQL); read replicas are only for the same engine type.

Option D is wrong because Oracle GoldenGate is a third-party tool that adds complexity and cost, and while it could technically work, AWS DMS is the recommended, fully managed service for heterogeneous migrations with ongoing replication, making it a more appropriate choice in the AWS ecosystem.

300
MCQmedium

A company's Amazon Redshift cluster is experiencing slow query performance. The cluster has three nodes. The administrator wants to identify if the issue is due to data distribution skew. Which approach should be used?

A.Examine the STL_QUERY table to analyze query execution times.
B.Check the STV_WLM_SERVICE_STATE table to see current queue state.
C.Query the STV_SLICES table to compare disk usage across slices.
D.Review CloudWatch metrics for CPUUtilization per node.
AnswerC

STV_SLICES shows disk usage per slice, indicating skew.

Why this answer

Option A is correct because checking the STV_SLICES table shows disk usage per slice, revealing data distribution skew. Option B is wrong because the STL_QUERY table logs query text, not distribution. Option C is wrong because the STV_WLM_SERVICE_STATE table shows queue state, not distribution.

Option D is wrong because CloudWatch metrics like CPUUtilization do not indicate distribution skew.

Page 3

Page 4 of 24

Page 5