AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 301375

1730 questions total · 24pages · All types, answers revealed

Page 4

Page 5 of 24

Page 6
301
Multi-Selectmedium

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. They need to minimize downtime and ensure data consistency. Which TWO methods can be used together to achieve this?

Select 2 answers
A.Take a file system snapshot and copy to Amazon EBS
B.Use pg_dump and pg_restore
C.Use AWS DMS with full load and CDC
D.Export data to Amazon S3 and import using COPY
E.Set up pglogical replication from on-premises to RDS
AnswersC, E

DMS can replicate data continuously.

Why this answer

AWS DMS with full load and Change Data Capture (CDC) enables a zero-downtime migration by first copying the existing data (full load) and then continuously replicating ongoing changes from the on-premises PostgreSQL source to the Amazon RDS for PostgreSQL target. This ensures data consistency because CDC captures transactions in near real-time using the PostgreSQL logical replication slot mechanism, allowing the target to stay synchronized until the cutover.

Exam trap

The trap here is that candidates often think pg_dump/restore (Option B) is sufficient for minimal downtime, but they overlook that it requires a consistent snapshot and cannot capture ongoing changes, whereas the correct answer combines a full load with CDC to achieve near-zero downtime.

302
Multi-Selectmedium

A company is using Amazon RDS for PostgreSQL and wants to implement encryption in transit for all client connections. The security team has identified that some connections are not using SSL. Which TWO actions should the company take to enforce SSL for all connections?

Select 2 answers
A.Set the 'rds.force_ssl' parameter to '1' in the DB parameter group.
B.Install the RDS CA certificate on all client machines.
C.Create a new SSL certificate and associate it with the RDS instance.
D.Configure the application connection string to use 'sslmode=require'.
E.Modify the pg_hba.conf file to require SSL for all users by setting 'hostssl' entries.
AnswersA, E

This parameter forces the PostgreSQL server to reject non-SSL connections.

Why this answer

Options A and C are correct. Setting 'rds.force_ssl=1' in the parameter group forces the server to accept only SSL connections. Revoking non-SSL privileges (or modifying pg_hba.conf) ensures no non-SSL users can connect.

Option B is unnecessary if the server enforces SSL. Option D is for client-side, not server-side. Option E is for client-side.

303
MCQmedium

A company is migrating an on-premises MongoDB database to Amazon DocumentDB. They need to ensure that the migration is completed with minimal downtime and that data remains consistent. Which tool should they use?

A.Use AWS DMS with MongoDB as source and DocumentDB as target
B.Use mongoexport and mongoimport
C.Export data to Amazon S3 and load into DocumentDB
D.Use MongoDB Atlas Live Migration
AnswerA

DMS supports continuous replication for MongoDB.

Why this answer

AWS DMS supports continuous change data capture (CDC) from MongoDB to Amazon DocumentDB, enabling near-zero downtime migration by replicating ongoing changes after the initial full load. This ensures data consistency without requiring application downtime, unlike batch export/import methods.

Exam trap

The trap here is that candidates may confuse MongoDB Atlas Live Migration (which is specific to Atlas) with a general-purpose migration tool, or assume that offline tools like mongoexport are sufficient for minimal downtime scenarios.

How to eliminate wrong answers

Option B is wrong because mongoexport and mongoimport are offline, batch tools that require stopping writes to the source database, causing significant downtime and lacking CDC for ongoing changes. Option C is wrong because exporting to S3 and loading into DocumentDB is a manual, offline process that does not support continuous replication, leading to data inconsistency if writes continue during migration. Option D is wrong because MongoDB Atlas Live Migration is a tool for migrating to MongoDB Atlas, not to Amazon DocumentDB, and is not compatible with DocumentDB's API or infrastructure.

304
MCQeasy

An Amazon RDS for SQL Server instance is running out of storage space. The instance uses 500 GB of Magnetic storage. The database specialist needs to increase storage to 1 TB with minimal downtime. Which solution meets these requirements?

A.Create a snapshot of the DB instance and restore it with larger storage.
B.Convert the storage type to General Purpose (gp2) and then increase size.
C.Modify the DB instance and increase the allocated storage to 1 TB.
D.Use AWS DMS to migrate the database to a new instance with 1 TB storage.
AnswerC

Modifying storage online is supported with minimal downtime.

Why this answer

Option A is correct because RDS allows modifying storage with minimal downtime, though a brief outage may occur. Option B is incorrect because restoring from snapshot requires downtime. Option C is incorrect because converting storage type is a modification, not a separate process.

Option D is incorrect because DMS is not needed.

305
MCQmedium

A company has an Amazon RDS for Oracle DB instance that is publicly accessible. They want to restrict access to only a specific CIDR block. Which two actions must be taken together?

A.Modify the VPC security group to allow inbound traffic on the database port from the specific CIDR, and ensure the DB instance is publicly accessible with the correct security group.
B.Modify the DB subnet group to include only subnets from the allowed CIDR.
C.Add a rule to the network ACL to allow inbound traffic from the CIDR.
D.Set the rds.force_ssl parameter to force encrypted connections from the allowed CIDR.
AnswerA

The security group acts as a firewall for the DB instance, and the PubliclyAccessible setting allows it to have a public IP.

Why this answer

Option C is correct because the security group must allow inbound from the specific CIDR, and the DB instance must be publicly accessible. Option A is wrong because subnet assignment is not directly for access control. Option B is wrong because NACLs are stateless and not typically used for RDS access control.

Option D is wrong because the DB parameter group does not control network access.

306
Multi-Selectmedium

Which TWO of the following are benefits of using Amazon DynamoDB Accelerator (DAX)? (Choose 2.)

Select 2 answers
A.Improves write throughput by caching write operations
B.Reduces storage costs by compressing data
C.Reduces read latency to microseconds for cached items
D.Automatically scales write capacity based on demand
E.Reduces the read capacity units consumed on the DynamoDB table
AnswersC, E

DAX provides microsecond read latency for cached data.

Why this answer

Option C is correct because Amazon DynamoDB Accelerator (DAX) is an in-memory cache that delivers up to 10x read performance improvement, reducing read latency to microseconds for cached items. It sits between your application and DynamoDB, intercepting read requests and serving them from its cluster's memory, which avoids the millisecond-level latency of reading from DynamoDB's SSD storage.

Exam trap

The trap here is confusing DAX's read caching with write optimization, leading candidates to incorrectly select that DAX improves write throughput or scales write capacity, when in fact DAX only accelerates reads and reduces read capacity consumption.

307
MCQhard

A company has a production Amazon RDS for PostgreSQL Multi-AZ DB instance. The company's security team requires that all database connections use IAM database authentication. The company also needs to ensure that connections from a specific application server are allowed only if the server has a valid IAM role. Which combination of steps should the database administrator take to meet these requirements?

A.Create a database user with a strong password. Enable IAM database authentication. Assign the application server an IAM policy that allows rds-db:connect. Configure the application to use the password.
B.Enable IAM database authentication. Create a database user matching the IAM user ARN. Grant the application server's IAM user the rds_iam role. Configure the application to use an authentication token.
C.Enable IAM database authentication. Create a database user that matches the IAM role ARN. Configure the application to use the database master username and password.
D.Enable IAM database authentication on the RDS instance. Create a database user that matches the IAM role ARN. Grant the application server's IAM role the rds_iam role. Configure the application to generate an authentication token using the IAM role's credentials.
AnswerD

This ensures connections use IAM authentication and the application server's role is required.

Why this answer

IAM database authentication requires mapping IAM users/roles to database users and enforcing SSL. Steps: 1) Enable IAM DB authentication on the RDS instance. 2) Create a database user that matches the IAM role ARN. 3) Grant the application server's IAM role permission to connect. 4) Configure the application to use an authentication token. The correct answer is A because it includes enabling IAM auth, creating the database user, and configuring the application.

Option B is wrong because it uses the IAM user ARN instead of the role ARN. Option C is wrong because it does not enable IAM auth. Option D is wrong because it uses a password.

308
MCQhard

Refer to the exhibit. A database administrator is trying to use AWS DMS to migrate data from an on-premises Oracle database to Amazon RDS for Oracle. The DMS replication instance is in the same VPC as the RDS instance. The administrator receives an access denied error when starting the replication task. The IAM policy attached to the DMS replication instance is shown. What is the MOST likely cause of the error?

A.The IAM policy does not include permissions for the source database endpoint
B.The IAM policy does not allow the dms:CreateReplicationInstance action
C.The RDS instance is not in the same VPC as the DMS replication instance
D.The DMS replication instance is not associated with the IAM role
AnswerA

DMS needs permissions to create and test endpoints, which are missing.

Why this answer

The IAM policy allows dms:CreateReplicationTask and dms:StartReplicationTask on replication tasks, and rds:DescribeDBInstances. However, DMS needs permissions to describe RDS instances (rds:DescribeDBInstances is allowed) and to access the source endpoint (on-premises). But the error is likely due to missing permissions on the source endpoint or network connectivity.

However, the most common issue is that the DMS replication instance needs permissions to access the source database, but the policy only allows actions on replication tasks, not on endpoints. DMS also needs dms:CreateEndpoint and dms:TestConnection. However, the policy shown is too restrictive.

The question asks for the MOST likely cause given the error: the IAM policy does not include permissions for dms:CreateEndpoint or dms:TestConnection. But the error is when starting the task, which may be due to missing permissions on the source endpoint. However, the best answer is that the IAM policy does not include the necessary permissions for the source endpoint.

Option C is correct because DMS needs permissions to describe endpoints and test connections.

309
Multi-Selecthard

A company is using Amazon ElastiCache for Redis to cache frequently accessed data from an RDS MySQL database. The cache hit ratio is currently 85%. The operations team notices that during traffic spikes, the cache eviction rate increases significantly, and the database CPU utilization spikes. The cache cluster uses a single r6g.large node. Which THREE actions should the team take to improve performance? (Choose three.)

Select 3 answers
A.Add more shards to the cluster to increase total memory.
B.Reduce the time-to-live (TTL) for cached items to free up memory faster.
C.Enable cluster mode to distribute data across multiple shards.
D.Increase the node type to a larger instance class, such as r6g.2xlarge.
E.Configure the cache to use lazy loading only for write-through operations.
AnswersA, C, D

More shards increase aggregate memory and distribute load.

Why this answer

Option A is correct because adding more shards to the cluster increases the total available memory, which reduces the frequency of evictions during traffic spikes. With more memory, the cache can store more data without forcing out existing entries, thereby maintaining a higher cache hit ratio and reducing the load on the RDS MySQL database.

Exam trap

The trap here is that candidates may think reducing TTL (option B) helps free memory faster, but in reality it increases cache misses and database load, making the problem worse during spikes.

310
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user who needs to manage Amazon RDS DB instances. When the user attempts to modify a DB instance, they receive an 'AccessDenied' error. What is the most likely cause?

A.The policy does not include the 'rds:ModifyDBInstance' action for the specific DB instance ARN.
B.The policy is missing the 'rds:ListTagsForResource' permission needed for the console.
C.The user is trying to modify a Multi-AZ DB instance which requires additional permissions.
D.The policy requires a condition to allow modifications during the maintenance window.
AnswerB

The console requires ListTagsForResource to display instance details; without it, modify operations fail.

Why this answer

The policy uses 'ModifyDBInstance' but the correct action is 'ModifyDBInstance' (note: actual action is 'rds:ModifyDBInstance' — but the error could be due to missing 'rds:ModifyDBInstance' for a specific resource if the policy has conditions, but here resource is '*'. However, a common mistake is using 'ModifyDBInstance' instead of 'ModifyDBInstance'? Actually both are correct. The issue might be that the policy does not allow 'rds:ListTagsForResource' which is required for console access.

But the question says they receive AccessDenied when modifying. The most plausible answer is that the user is trying to modify a DB instance that has 'DeletionProtection' enabled and the policy does not explicitly allow that action? No. Actually, the error is likely due to the policy missing the 'rds:ModifyDBInstance' action? But it's there.

Wait, the exhibit shows 'ModifyDBInstance' which is correct. Hmm. Let me think: The policy allows 'ModifyDBInstance' on all resources, but the user might be using the AWS Management Console which requires additional permissions like 'rds:DescribeDBInstances' (which is present) and 'rds:ListTagsForResource' (not present).

So the most likely cause is missing permissions for console-specific actions. Option D mentions 'ListTagsForResource' which is needed for console. So D is correct.

311
MCQmedium

A database administrator needs to audit all SQL statements executed on an Amazon Aurora MySQL DB cluster, including SELECT queries. Which AWS service should be used to capture and store these logs?

A.Amazon RDS Database Activity Streams
B.Amazon RDS Enhanced Monitoring
C.Amazon CloudWatch Logs
D.Amazon RDS Performance Insights
AnswerA

Database Activity Streams captures database activity including SQL statements and sends to CloudWatch and Kinesis.

Why this answer

Option C is correct because RDS Database Activity Streams sends database activity to CloudWatch Logs and Kinesis Data Streams for auditing. Option A is wrong because Enhanced Monitoring provides OS-level metrics, not SQL statements. Option B is wrong because RDS Performance Insights monitors performance, not audit SQL.

Option D is wrong because CloudWatch Logs can store logs but does not capture SQL statements directly; it requires a source like Database Activity Streams.

312
Multi-Selecthard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 24/7 uptime requirement. The migration must have minimal downtime and support ongoing replication. Which THREE services or features should the specialist use to accomplish this?

Select 3 answers
A.Oracle Data Guard to replicate to RDS.
B.Amazon RDS cross-Region automated backups.
C.An AWS DMS replication instance.
D.AWS Schema Conversion Tool (AWS SCT).
E.AWS Database Migration Service (AWS DMS) with change data capture (CDC).
AnswersC, D, E

A replication instance is required to run DMS tasks.

Why this answer

Options A, B, and D are correct. Option A: AWS DMS can perform ongoing replication with change data capture. Option B: AWS SCT helps convert the schema.

Option D: A replication instance is required for DMS. Option C is wrong because RDS Oracle does not support cross-region automated backups as a migration tool. Option E is wrong because RDS Oracle does not support native Oracle Data Guard for cross-region replication.

313
MCQeasy

A database administrator runs the above AWS CLI command. What is the purpose of the command?

A.Retrieve average free storage space for mydb.
B.Retrieve average number of database connections for mydb.
C.Retrieve average CPU utilization for mydb.
D.Retrieve average write latency for mydb.
AnswerB

The metric is DatabaseConnections.

Why this answer

Option A is correct because the command retrieves average DatabaseConnections over 5-minute intervals. Option B is incorrect because it is for CPU, not connections. Option C is incorrect because it is for storage.

Option D is incorrect because it is for write latency.

314
MCQmedium

A company is deploying a MySQL database on Amazon RDS and needs to enforce encryption at rest. Which configuration step is required?

A.Use a custom DB parameter group with SSL enabled.
B.Modify the DB instance to enable encryption after creation.
C.Enable SSL/TLS on the RDS instance.
D.Select encryption option when creating the RDS instance.
AnswerD

Encryption at rest is enabled at launch.

Why this answer

Option D is correct because enabling encryption at rest is done when launching the RDS instance. Option A is wrong because encryption is applied to the instance, not the engine. Option B is wrong because encryption is set at creation time.

Option C is wrong because it's about encryption in transit, not at rest.

315
MCQeasy

A company has an Amazon DynamoDB table with a global secondary index (GSI). The security team wants to ensure that the table and the GSI are encrypted at rest. How can this be achieved?

A.Nothing; DynamoDB encrypts all data at rest by default.
B.Create the table with encryption disabled to avoid performance impact.
C.Enable encryption at rest on the table and the GSI separately.
D.Enable encryption on the GSI using a KMS key.
AnswerA

DynamoDB tables and GSIs are encrypted at rest by default.

Why this answer

Option A is correct because DynamoDB encrypts all tables and GSIs at rest by default. Option B is wrong because encryption is always on. Option C is wrong because encryption cannot be disabled.

Option D is wrong because GSIs are automatically encrypted with the table.

316
MCQmedium

A company uses Amazon DynamoDB for a high-traffic leaderboard application that updates scores in real-time. The table has partition key 'game_id' and sort key 'player_id'. Queries retrieve top 10 players by score for each game. Which secondary index design is most efficient?

A.Create a global secondary index (GSI) with partition key 'game_id' and sort key 'score'
B.Create a global secondary index (GSI) with partition key 'game_id' and sort key 'player_id'
C.Create a local secondary index (LSI) with sort key 'score'
D.Do not create any index; use the base table with a scan
AnswerA

This index allows querying by game and retrieving top scores efficiently.

Why this answer

Option C is correct because a GSI with game_id as partition key and score as sort key allows efficient top-N queries using ScanIndexForward=false. Option A (GSI with player_id) doesn't sort by score. Option B (LSI) cannot use a different partition key.

Option D (no index) would require full table scan.

317
MCQmedium

A company is deploying a new application with a PostgreSQL database on Amazon RDS. The database must be highly available across two Availability Zones. Which deployment option meets this requirement?

A.RDS with a read replica in another AZ.
B.Multi-AZ RDS instance.
C.Single-AZ RDS instance.
D.Amazon Aurora Global Database.
AnswerB

Provides automatic failover to a standby in another AZ.

Why this answer

Option B is correct because Multi-AZ deployment provides synchronous standby in another AZ. Option A is wrong because it's single-AZ. Option C is wrong because read replicas are for read scaling, not failover.

Option D is wrong because it's a different service.

318
MCQmedium

A company is designing a multi-tenant SaaS application on Amazon RDS for PostgreSQL. Each tenant's data must be isolated for security and performance. The application has millions of tenants, with most tenants having small datasets (under 100 MB). Which database design pattern is MOST cost-effective and operationally efficient?

A.Use Amazon DynamoDB with a separate table per tenant.
B.Use a single RDS instance with a shared schema and implement Row-Level Security (RLS) policies based on tenant_id.
C.Use a single RDS instance with a separate schema per tenant.
D.Use a separate Amazon RDS for PostgreSQL instance per tenant.
AnswerB

RLS provides tenant isolation with minimal overhead, suitable for many small tenants.

Why this answer

Option B is correct because using a single RDS for PostgreSQL instance with Row-Level Security (RLS) allows you to isolate tenant data at the row level based on a tenant_id column, without the overhead of managing millions of separate schemas or tables. This design is both cost-effective (single instance, no per-tenant provisioning) and operationally efficient (simple schema management, no connection pooling issues), while still meeting security and performance isolation requirements for small datasets under 100 MB.

Exam trap

The trap here is that candidates often assume separate schemas per tenant (Option C) are the best balance of isolation and cost, but they overlook PostgreSQL's practical limits on the number of schemas and the severe performance degradation from catalog bloat when dealing with millions of tenants.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB with a separate table per tenant would require creating millions of tables, which exceeds the default DynamoDB table limit (256 per account) and introduces significant operational overhead for table management, throughput provisioning, and cross-tenant queries. Option C is wrong because using a separate schema per tenant on a single RDS instance would require creating millions of schemas, which is not supported by PostgreSQL (the system catalog pg_namespace would become bloated, and performance would degrade due to excessive catalog lookups). Option D is wrong because using a separate RDS for PostgreSQL instance per tenant would be prohibitively expensive and operationally unmanageable for millions of tenants, as each instance incurs minimum billing costs and requires individual maintenance, backups, and monitoring.

319
MCQhard

An application uses Amazon ElastiCache for Redis as a session store. Users report that sessions are being lost intermittently. The ElastiCache cluster has replication enabled with one replica. CloudWatch metrics show 'Evictions' spiking during peak hours. What is the MOST likely cause?

A.Replication lag between primary and replica is causing read failures
B.Encryption in transit is enabled and causes decryption errors
C.The cache's memory is full and the eviction policy is removing keys
D.The cluster is performing automatic snapshots that block writes
AnswerC

Eviction spikes indicate that the cache is out of memory and is removing keys to make space, causing session loss.

Why this answer

Option A is correct because evictions occur when memory is full and the cache evicts keys based on the eviction policy. This would cause session loss. Option B is wrong because replication lag would cause stale data, not loss.

Option C is wrong because snapshotting may cause latency but not evictions. Option D is wrong because encryption in transit does not affect memory.

320
MCQeasy

Refer to the exhibit. A database administrator runs the AWS CLI command shown. The output is: ["available", false]. What does this output indicate about the DB instance?

A.The DB instance is in the process of being modified to enable Multi-AZ.
B.The DB instance is in a Multi-AZ deployment and is available.
C.The DB instance is stopped and is not in a Multi-AZ configuration.
D.The DB instance is available and is not configured for Multi-AZ.
AnswerD

The status is 'available' and MultiAZ is false.

Why this answer

Option B is correct because the output shows the DBInstanceStatus is 'available' and MultiAZ is false. Option A is wrong because MultiAZ is false. Option C is wrong because MultiAZ false means it is not configured for Multi-AZ.

Option D is wrong because the status is 'available', not 'stopped'.

321
MCQeasy

A company is using Amazon DynamoDB with global tables. The application writes to a table in the us-east-1 region. The database administrator notices that updates made in us-east-1 are not appearing in the replica table in eu-west-1. What is the most likely cause?

A.DynamoDB Streams are not enabled on the table.
B.The replication delay is set too high.
C.Point-in-time recovery is not enabled on the replica table.
D.The IAM role for replication does not have sufficient permissions.
AnswerA

Global tables require DynamoDB Streams to be enabled for replication to work.

Why this answer

Option C is correct because global tables rely on DynamoDB Streams to replicate changes. If streams are disabled, replication stops. Option A is incorrect because DynamoDB does not have a replication delay setting.

Option B is incorrect because IAM permissions would cause errors, not silent failure. Option D is incorrect because point-in-time recovery does not affect replication.

322
Multi-Selecteasy

A company is migrating a 2 TB MySQL database to Amazon Aurora MySQL. They want to minimize downtime and ensure data consistency. Which TWO methods should they use? (Choose two.)

Select 2 answers
A.Use AWS DMS with ongoing replication
B.Use AWS Schema Conversion Tool to convert the schema
C.Use AWS Snowball Edge to transfer backup files
D.Enable binary logging on the source database for change data capture
E.Use mysqldump to export data
AnswersA, D

Minimizes downtime with CDC.

Why this answer

Option A (DMS with CDC) and Option C (Enable binlog on source for CDC) are correct. Option B (mysqldump) causes downtime. Option D (Snowball) is for offline transfer.

Option E (SCT) is for schema conversion.

323
MCQeasy

A company uses Amazon DocumentDB (with MongoDB compatibility) for its content management system. The application runs on EC2 instances and connects to a DocumentDB cluster with one instance (db.r5.large). Recently, users reported that retrieving documents takes longer than usual. CloudWatch metrics show that the CPU utilization of the DocumentDB instance is at 90% and the freeable memory is below 100 MB. The team has verified that no query optimization is possible. Which action should the team take FIRST to improve performance?

A.Add a read replica instance to offload read traffic.
B.Create additional indexes on frequently queried fields.
C.Increase the storage volume size to improve I/O performance.
D.Scale up the instance to db.r5.xlarge.
AnswerD

A larger instance provides more CPU and memory, directly addressing the resource exhaustion.

Why this answer

Option B is correct because the high CPU and low memory indicate the instance is overworked. Scaling up to a larger instance provides more CPU and memory resources. Option A is incorrect because adding a reader instance helps with read scaling but does not reduce CPU/memory pressure on the primary writer.

Option C is incorrect because creating an index may improve query performance but the team already ruled out query optimization. Option D is incorrect because increasing storage does not directly affect CPU or memory.

324
MCQmedium

A company is using Amazon Aurora MySQL-Compatible Edition. The database administrator wants to restrict a specific user to only execute SELECT statements on a specific database. Which SQL command should the administrator use?

A.ALTER USER 'user'@'%' WITH GRANT OPTION;
B.CREATE USER 'user'@'%' IDENTIFIED BY 'password';
C.REVOKE ALL PRIVILEGES ON db_name.* FROM 'user'@'%';
D.GRANT SELECT ON db_name.* TO 'user'@'%';
AnswerD

Grants SELECT on all tables in the database.

Why this answer

Option C is correct because GRANT SELECT ON db_name.* TO user grants SELECT on all tables in the database. Option A is wrong because REVOKE removes privileges. Option B is wrong because CREATE USER creates a user but does not grant privileges.

Option D is wrong because ALTER USER modifies user attributes.

325
Multi-Selecthard

An Amazon DynamoDB table is experiencing throttled write requests. The table uses provisioned capacity with auto-scaling enabled. Which THREE factors could contribute to throttling despite auto-scaling?

Select 3 answers
A.Global secondary index is defined with same partition key
B.Auto-scaling maximum capacity is set too low
C.Sudden traffic spike that exceeds the max capacity
D.Use of eventually consistent reads
E.Uneven key distribution causing hot partitions
AnswersB, C, E

If max is reached, throttling occurs.

Why this answer

Options A, B, and D are correct. Auto-scaling cannot handle sudden bursts (A), hot partitions (B), or exceeded max capacity (D). Option C is wrong because eventual consistency doesn't cause throttling.

Option E is wrong because GSI consumes write capacity from the table.

326
MCQeasy

A company needs a fully managed graph database for a social networking application that requires real-time recommendations based on friend connections. Which AWS service should they use?

A.Amazon Neptune
B.Amazon DocumentDB
C.Amazon ElastiCache
D.Amazon DynamoDB
AnswerA

Neptune is a managed graph database suitable for social networking.

Why this answer

Amazon Neptune is the correct choice because it is a fully managed graph database service optimized for storing and querying highly connected data. It supports both property graph (Apache TinkerPop Gremlin) and RDF (SPARQL) models, making it ideal for social networking applications that require real-time friend-of-friend recommendations and traversal queries across complex relationships.

Exam trap

The trap here is that candidates often confuse Amazon DocumentDB or DynamoDB as suitable for graph workloads because they can store JSON with references, but they lack native graph traversal engines and query languages (Gremlin/SPARQL) required for efficient relationship queries.

How to eliminate wrong answers

Option B (Amazon DocumentDB) is wrong because it is a document database (MongoDB-compatible) designed for JSON document storage and indexing, not for graph traversal or relationship-heavy queries like friend connections. Option C (Amazon ElastiCache) is wrong because it is an in-memory caching service (Redis/Memcached) that does not natively support graph data models or traversal algorithms; it can accelerate queries but cannot replace a graph database. Option D (Amazon DynamoDB) is wrong because it is a key-value and document NoSQL database optimized for single-item access patterns and simple queries, lacking native graph traversal capabilities such as shortest-path or multi-hop relationship queries.

327
MCQhard

A company is migrating a self-managed PostgreSQL database with extensions (PostGIS, pg_stat_statements) to Amazon RDS for PostgreSQL. After migration, they find that the extensions are not available. What is the most likely cause?

A.The required extensions are not included in the default parameter group and must be manually added to shared_preload_libraries.
B.The extensions are incompatible with the RDS engine version.
C.The RDS instance is not configured to allow extensions.
D.RDS does not support any PostgreSQL extensions.
AnswerA

Extensions need to be enabled via parameter group.

Why this answer

Option B is correct because RDS for PostgreSQL supports many extensions but not all; PostGIS is supported but may require enabling. Option A is wrong because extensions are supported. Option C is wrong because extensions are allowed.

Option D is wrong because the question is about extensions not available.

328
Multi-Selecteasy

A company is designing a disaster recovery strategy for an Amazon RDS for PostgreSQL database. The database is 2 TB in size. The company wants to recover to a different AWS Region with minimal data loss. Which TWO options meet these requirements?

Select 2 answers
A.Create a read replica in the other Region.
B.Use AWS Database Migration Service (DMS) with ongoing replication to a target in the other Region.
C.Take a manual snapshot and copy it to the other Region. Restore from the snapshot.
D.Enable automatic backups and copy automated snapshots to the other Region.
E.Use AWS Backup to schedule cross-Region backups.
AnswersA, D

Cross-Region read replicas provide low RPO and can be promoted to a standalone instance.

Why this answer

Option A is correct because Amazon RDS for PostgreSQL supports creating a cross-Region read replica, which uses PostgreSQL's native streaming replication to keep the replica nearly synchronized with the source database. This provides a Recovery Point Objective (RPO) of seconds to minutes, minimizing data loss in a disaster scenario. The replica can be promoted to a standalone primary in the other Region for failover.

Exam trap

The trap here is that candidates may think cross-Region automatic backup copies (Option D) provide minimal data loss, but they actually have an RPO of up to 24 hours, whereas cross-Region read replicas (Option A) provide near-real-time replication.

329
MCQhard

A financial services company runs a critical application on Amazon RDS for PostgreSQL. The database stores sensitive customer financial data. The security team has mandated that all access to the database must be through IAM database authentication to eliminate the need for passwords. The application currently uses a master user password stored in AWS Secrets Manager. The DBA needs to implement IAM authentication without downtime. The application is deployed on Amazon ECS and connects to the database using a connection string. The DBA has already created an IAM role for the ECS task with a policy that allows rds-db:connect. The DBA has also modified the DB instance to require SSL. However, after making these changes, the application cannot connect. The error message indicates 'IAM authentication is not enabled for this user'. What step did the DBA miss?

A.The DBA did not create a database user that is set to use IAM authentication.
B.The DBA did not attach the IAM policy to the ECS task role.
C.The DBA did not enable the 'password' authentication method.
D.The DBA did not update the security group to allow traffic on port 5432.
AnswerA

A database user must be created with the rds_iam role.

Why this answer

Option B is correct because IAM database authentication requires that the database user be created with the IAM authentication method (using the CREATEROLE option and granting rds_iam role). Without creating a user that is mapped to the IAM role, authentication fails. Option A is wrong because the IAM role is already created.

Option C is wrong because IAM authentication does not require a password; it uses authentication tokens. Option D is wrong because the port does not need to be changed.

330
MCQhard

A company needs to migrate a 3 TB Amazon RDS for SQL Server database to Amazon RDS for PostgreSQL. The migration must be automated and repeatable with minimal manual intervention. Which combination of services should be used?

A.Use AWS SCT to convert the schema and export data to PostgreSQL-compatible format, then import.
B.Use AWS Schema Conversion Tool (SCT) to convert the schema, then use AWS DMS to migrate the data.
C.Use AWS DMS with native SQL Server CDC to migrate directly to PostgreSQL.
D.Use Microsoft Data Migration Assistant to assess and migrate to PostgreSQL.
AnswerB

SCT handles schema conversion, DMS handles data migration.

Why this answer

AWS SCT converts the schema, AWS DMS migrates the data with continuous sync. Option B: DMS only does not convert schema. Option C: SCT only does not migrate data.

Option D: Data Migration Assistant is for SQL Server to SQL Server.

331
MCQmedium

A company is migrating a 2 TB Oracle database to Amazon Aurora PostgreSQL using AWS SCT and DMS. After migration, the application reports that some queries are significantly slower than before. The database schema was converted automatically. What is the most likely cause?

A.The schema conversion did not create appropriate indexes
B.Aurora storage is slower than Oracle's storage
C.DMS introduced data type conversions that slow down queries
D.Aurora PostgreSQL does not support partitioning, causing full table scans
AnswerA

Indexes may not be migrated optimally, requiring manual tuning.

Why this answer

Option C is correct because SCT may not always generate optimal indexes for Aurora PostgreSQL, leading to performance issues. Option A is wrong because Aurora PostgreSQL supports partitioning. Option B is wrong because DMS does not affect query execution plans.

Option D is wrong because storage performance should not cause query slowness.

332
Multi-Selecthard

A company uses Amazon RDS for SQL Server with Multi-AZ deployment. The security team wants to ensure that all data at rest is encrypted using a customer-managed KMS key in both the primary and standby instances. Which THREE actions are required?

Select 3 answers
A.Create a separate KMS key for the standby instance.
B.Specify a customer-managed KMS key during creation.
C.Enable Transparent Data Encryption (TDE) on the instance.
D.Enable Multi-AZ with encryption enabled.
E.Enable encryption at rest when creating the DB instance.
AnswersB, D, E

Customer-managed key is required.

Why this answer

Options A, B, and D are correct. Option C is wrong because the standby instance will automatically be encrypted with the same KMS key; no separate key is needed. Option E is wrong because TDE is not used with KMS; RDS encrypts the entire storage.

333
Multi-Selecthard

A company is using Amazon DynamoDB with auto scaling enabled. The table has a provisioned read capacity of 10,000 RCU and write capacity of 5,000 WCU. Auto scaling target utilization is 70%. The table experiences a sudden spike in read traffic, reaching 12,000 RCU. The table throttles some requests. Which THREE actions should the company take to prevent future throttling?

Select 3 answers
A.Implement exponential backoff in the application to retry throttled requests.
B.Increase the maximum read capacity in the auto scaling configuration.
C.Decrease the auto scaling target utilization to 50% to scale out earlier.
D.Increase the write capacity to 10,000 WCU.
E.Enable DAX to cache read requests and reduce the load on the table.
AnswersA, B, E

Exponential backoff helps handle throttled requests without data loss.

Why this answer

Option A is correct because increasing the maximum read capacity prevents throttling. Option B is correct because enabling DynamoDB Accelerator (DAX) reduces read load. Option E is correct because implementing exponential backoff helps handle throttling gracefully.

Option C is wrong because decreasing target utilization would cause auto scaling to scale out earlier, but it would not prevent throttling during spikes because auto scaling reacts after the spike. Option D is wrong because write capacity is not the issue.

334
Multi-Selectmedium

Which TWO CloudWatch metrics should be monitored to detect storage performance issues for an Amazon RDS for MySQL instance? (Choose two.)

Select 2 answers
A.NetworkReceiveThroughput
B.DatabaseConnections
C.WriteIOPS
D.CPUUtilization
E.ReadIOPS
AnswersC, E

WriteIOPS indicates storage write performance.

Why this answer

Option A and Option C are correct. ReadIOPS and WriteIOPS measure the input/output operations per second, which can indicate storage performance issues. Option B (DatabaseConnections) is about connections, not storage performance.

Option D (CPUUtilization) is about CPU usage. Option E (NetworkReceiveThroughput) is about network throughput.

335
Multi-Selectmedium

Which TWO actions can be taken to monitor the health of an Amazon DynamoDB table? (Choose 2.)

Select 2 answers
A.Use AWS Trusted Advisor to check table limits
B.Enable Amazon CloudWatch metrics for the table
C.Enable DynamoDB Streams and process events with AWS Lambda
D.Use DynamoDB Accelerator (DAX) to improve response times
E.Set up CloudWatch alarms for ThrottledRequests
AnswersB, E

CloudWatch metrics like ConsumedWriteCapacityUnits, ThrottledRequests indicate health.

Why this answer

Options A and C are correct. CloudWatch metrics provide health indicators (throttling, latency). DynamoDB Streams can be used to track changes but not health directly.

Options B and D are incorrect: B is for data plane, D is for monitoring, but not health.

336
MCQeasy

A DevOps engineer notices that an Amazon DynamoDB table's read capacity is frequently throttled during peak hours. The table has read-once, read-many workload. Which action is MOST cost-effective to reduce throttling?

A.Enable auto-scaling for read capacity
B.Enable DynamoDB Accelerator (DAX)
C.Switch to On-Demand capacity mode
D.Increase the provisioned read capacity units
AnswerB

DAX caches reads, reducing read load on the table.

Why this answer

Option B is correct because DynamoDB Accelerator (DAX) caches reads, reducing read capacity consumption. Option A is wrong because increasing read capacity costs more. Option C is wrong because auto-scaling still incurs cost.

Option D is wrong because changing to On-Demand may be more expensive for predictable workloads.

337
MCQeasy

A developer is writing an AWS Lambda function that needs to access a Secrets Manager secret to retrieve database credentials. The Lambda function has an IAM role. Which action must be allowed in the IAM policy?

A.kms:Decrypt
B.secretsmanager:PutSecretValue
C.secretsmanager:ListSecrets
D.secretsmanager:GetSecretValue
AnswerD

This is required to retrieve the secret.

Why this answer

Option B is correct because 'secretsmanager:GetSecretValue' retrieves the secret. Option A is wrong because 'kms:Decrypt' may be needed if the secret is encrypted with a KMS key, but the primary action is GetSecretValue. Option C is wrong because 'secretsmanager:ListSecrets' only lists secrets, not retrieve values.

Option D is wrong because 'secretsmanager:PutSecretValue' is for updating secrets.

338
Multi-Selecthard

A company is migrating a 5 TB Oracle database to Amazon Aurora PostgreSQL. They have a 4-hour maintenance window weekly. Which THREE steps should be taken to minimize downtime? (Choose 3)

Select 3 answers
A.Create an Aurora read replica for testing.
B.Use AWS Snowball to transfer the initial data load.
C.Use AWS Direct Connect for network connectivity.
D.Use AWS DMS with change data capture (CDC).
E.Use AWS Schema Conversion Tool (SCT) to convert schema.
AnswersB, D, E

Speeds up initial load.

Why this answer

Options A, C, and D are correct because DMS with CDC provides near-zero downtime; SCT helps with schema conversion; Snowball can transfer initial load fast. Option B is wrong because it doesn't help with migration. Option E is wrong because it's not needed since DMS handles replication.

339
MCQeasy

A company needs to store JSON documents that require complex querying on nested attributes. The database must support ACID transactions and be fully managed. Which service should they use?

A.Amazon Aurora MySQL
B.Amazon DocumentDB (with MongoDB compatibility)
C.Amazon DynamoDB
D.Amazon Neptune
AnswerA

Supports JSON and ACID transactions.

Why this answer

Amazon Aurora MySQL-Compatible Edition supports JSON data type and ACID transactions. Option B (DynamoDB) is NoSQL but does not support complex nested queries natively. Option C (DocumentDB) is MongoDB-compatible but not ACID.

Option D (Neptune) is graph database.

340
Multi-Selectmedium

A company uses Amazon RDS for PostgreSQL to store customer data. The security team wants to audit all SQL queries executed against the database, including SELECT statements. Which TWO actions should be taken to achieve this?

Select 2 answers
A.Install the pgaudit extension in the DB instance.
B.Enable the 'log_connections' and 'log_disconnections' parameters.
C.Set the 'pgaudit.log' parameter to include 'read' and 'write' statements.
D.Set the 'audit_log_enabled' parameter to 1 in the DB parameter group.
E.Enable Database Activity Streams on the DB instance.
AnswersA, C

pgaudit is the standard extension for PostgreSQL audit logging.

Why this answer

To audit SQL queries in RDS PostgreSQL, you can enable the pgaudit extension (Option A) and set the appropriate parameters (Option B). Database Activity Streams (Option C) send events to CloudWatch and Kinesis, but they capture a subset of activities and require additional configuration; they are not the primary method for SQL auditing. Option D is about logging connections, not queries.

Option E is for MySQL, not PostgreSQL.

341
MCQeasy

A company wants to audit all SQL statements executed on their RDS for PostgreSQL database. Which AWS service should they use?

A.AWS Database Migration Service (DMS)
B.VPC Flow Logs
C.Amazon RDS Performance Insights
D.CloudWatch Logs with PostgreSQL audit logs
AnswerD

Enable pgaudit extension and publish logs to CloudWatch Logs.

Why this answer

Option B is correct. Amazon RDS for PostgreSQL integrates with AWS CloudTrail for API calls, but for SQL-level auditing, you must use the database's native audit logging (e.g., pgaudit extension) and log files to CloudWatch Logs. Option A is for VPC flow logs.

Option C is for database activity streams, but that's for Aurora, not RDS PostgreSQL. Option D is for monitoring performance.

342
MCQmedium

A company is deploying a new Amazon Aurora MySQL database. The development team requires a separate database instance for testing that is a clone of the production database but does not require the same level of performance. What is the MOST cost-effective way to create this test database?

A.Use the Aurora cloning feature to create a clone of the production cluster
B.Create a new Aurora cluster from the latest snapshot of the production cluster
C.Create a read replica of the production cluster and promote it to a standalone cluster
D.Create a new Aurora cluster and use a smaller DB instance class
AnswerA

Aurora cloning is fast and space-efficient, ideal for test environments.

Why this answer

Aurora cloning creates a logical copy of the cluster volume that is space-efficient and fast, using copy-on-write semantics. Creating a new instance from a snapshot incurs storage costs and takes longer. Read replicas are for read scaling, not cloning.

Using a different DB instance class does not reduce storage.

343
MCQhard

A database specialist is analyzing an Aurora MySQL error log and finds the above deadlock error. The application performs an update on the orders table and then updates the inventory table within the same transaction. The deadlock occurs when two concurrent transactions try to update orders and inventory in different orders. Which design change should the database specialist recommend to reduce deadlocks?

A.Combine the orders and inventory tables into a single table to avoid multiple table locks
B.Ensure all transactions update tables in the same order (e.g., always update inventory first, then orders)
C.Use SELECT ... FOR UPDATE on both tables before updating
D.Change the transaction isolation level to READ UNCOMMITTED
AnswerB

Consistent lock ordering prevents circular wait conditions, reducing deadlocks.

Why this answer

Option B is correct because deadlocks in Aurora MySQL often occur when concurrent transactions acquire row-level locks on tables in different orders. By enforcing a consistent lock order (e.g., always updating inventory first, then orders), the database can avoid circular wait conditions, which are a necessary condition for deadlocks. This is a standard best practice for reducing deadlocks in InnoDB, which uses row-level locking and two-phase locking.

Exam trap

The trap here is that candidates may think combining tables or using SELECT ... FOR UPDATE will prevent deadlocks, but the root cause is inconsistent lock ordering, not the number of tables or the use of explicit locking.

How to eliminate wrong answers

Option A is wrong because combining tables into a single table does not eliminate the need for multiple row locks and can introduce data redundancy, normalization issues, and still allow deadlocks if rows are locked in different orders. Option C is wrong because using SELECT ... FOR UPDATE on both tables before updating does not guarantee a consistent lock order; if the SELECT ...

FOR UPDATE statements acquire locks in different orders across transactions, deadlocks can still occur. Option D is wrong because changing the isolation level to READ UNCOMMITTED can lead to dirty reads, non-repeatable reads, and phantom reads, and it does not prevent deadlocks; deadlocks are caused by lock contention, not isolation level.

344
MCQmedium

A company is using Amazon DocumentDB (with MongoDB compatibility) for a content management system. The application team notices that write operations are taking longer than usual. CloudWatch metrics show high WriteLatency and a growing number of documents in the oplog. Which step should the database specialist take to troubleshoot the issue?

A.Enable Multi-AZ on the cluster to offload reads to the standby.
B.Increase the instance size of the primary instance to handle more writes.
C.Increase the allocated storage to improve I/O throughput.
D.Check the CPU and memory utilization of the secondary instance and consider scaling it up.
AnswerD

Secondary might be bottlenecked; scaling it up can reduce replication lag and write latency.

Why this answer

Option D is correct because high WriteLatency and growing oplog suggest that the secondary instance is too slow to apply operations, causing replication lag. Checking the secondary's metrics helps diagnose. Option A is wrong because enabling Multi-AZ does not directly address write latency.

Option B is wrong because increasing the instance class may help but should be done after diagnosis. Option C is wrong because increasing storage does not improve write performance.

345
Multi-Selecthard

Which THREE of the following are key considerations when designing a time-series database using Amazon DynamoDB? (Select THREE.)

Select 3 answers
A.Always use strongly consistent reads for accurate time-series data
B.Enable Time to Live (TTL) to automatically expire old data
C.Use a composite primary key with a high-cardinality partition key and a sort key that includes a truncated timestamp
D.Use local secondary indexes for aggregating data across partitions
E.Design for adaptive capacity to handle uneven access patterns
AnswersB, C, E

Automatically deletes data after a specified time.

Why this answer

Option B is correct because Amazon DynamoDB's Time to Live (TTL) feature automatically deletes expired items without consuming write throughput, making it ideal for managing data retention in time-series workloads. This eliminates the need for custom cleanup scripts and reduces storage costs over time.

Exam trap

AWS often tests the misconception that strongly consistent reads are mandatory for time-series accuracy, when in fact eventually consistent reads are acceptable for most time-series patterns and provide better performance and cost efficiency.

346
MCQeasy

A SysOps administrator is tasked with monitoring the free storage space on all Amazon RDS DB instances. Which AWS service should be used to set up an alarm that sends an email notification when free storage space falls below a threshold?

A.AWS CloudTrail to monitor storage events.
B.AWS Config to track storage configuration changes.
C.Amazon CloudWatch with an alarm on the FreeStorageSpace metric and an SNS topic.
D.Amazon Inspector to check for storage vulnerabilities.
AnswerC

CloudWatch monitors metrics and can trigger actions via SNS.

Why this answer

Option A is correct because Amazon CloudWatch can monitor RDS metrics such as 'FreeStorageSpace' and trigger an alarm that sends a notification via Amazon SNS. Option B is incorrect because AWS CloudTrail is for auditing API calls. Option C is incorrect because AWS Config tracks resource configuration changes.

Option D is incorrect because Amazon Inspector is for security assessments.

347
Multi-Selecthard

Which TWO actions can be used to encrypt an existing unencrypted Amazon RDS for MySQL DB instance? (Choose 2.)

Select 2 answers
A.Create a read replica with encryption enabled.
B.Enable SSL on the DB instance.
C.Create a new encrypted DB instance and migrate data using database dump and restore.
D.Take a snapshot of the DB instance, copy it with encryption enabled, and restore from the encrypted snapshot.
E.Modify the DB instance and enable encryption.
AnswersC, D

Migrating to a new encrypted instance is another valid method.

Why this answer

The only way to encrypt an existing unencrypted RDS instance is to take a snapshot, copy it with encryption, and restore. Options D and E are correct. Option A is wrong because you cannot modify an unencrypted instance to add encryption.

Option B is wrong because enabling encryption at launch only applies to new instances. Option C is wrong because SSL does not encrypt at rest.

348
MCQmedium

A company has an Amazon RDS for MySQL DB instance that is running low on storage. The current allocated storage is 500 GB, and the free space is down to 10 GB. The database administrator wants to increase storage with minimal downtime. Which action should be taken?

A.Use the AWS Management Console to modify the DB instance and increase the allocated storage.
B.Stop the DB instance, modify the allocated storage, and start the instance.
C.Create a snapshot of the current DB instance, restore it to a new larger instance, and point the application to the new endpoint.
D.Enable storage autoscaling and wait for the automatic increase.
AnswerA

Modifying storage is an online operation with minimal impact.

Why this answer

RDS supports modifying storage online with minimal downtime. Increasing allocated storage from 500 GB to, for example, 600 GB can be done via a modification to the DB instance. The instance remains available during the modification, though a brief performance impact may occur.

Stopping the instance is unnecessary. Creating a snapshot and restoring would cause longer downtime. Waiting for autoscaling might not be quick enough if space is critically low.

349
MCQmedium

A company uses Amazon DynamoDB for a gaming application. During a new game launch, the table experiences throttling on write requests. The table has a provisioned capacity of 10,000 WCU and 5,000 RCU. The write traffic pattern shows spikes up to 15,000 WCU for 5 minutes. Which action would resolve the throttling with minimal cost impact?

A.Use Amazon SQS to buffer the write requests
B.Increase the provisioned WCU to 20,000 permanently
C.Enable Auto Scaling for DynamoDB with a target utilization of 70%
D.Enable DynamoDB Accelerator (DAX) for the table
AnswerC

Auto Scaling adjusts capacity automatically based on traffic.

Why this answer

Option D is correct because DynamoDB Auto Scaling can handle the spikes by scaling up and down, reducing costs. Option A is wrong because doubling WCU would be costly and unnecessary. Option B is wrong because DynamoDB Accelerator (DAX) is for read performance, not writes.

Option C is wrong because SQS would add latency and complexity.

350
Multi-Selecthard

A database administrator is monitoring an Amazon RDS for MySQL instance and sees the following CloudWatch metrics: 'DiskQueueDepth' is consistently at 10, 'WriteLatency' is 20 ms, 'FreeStorageSpace' is less than 10% of total. The instance uses gp2 storage. Which THREE actions should be taken to improve performance?

Select 3 answers
A.Switch to Provisioned IOPS (io1 or io2) for consistent performance
B.Increase allocated storage to improve baseline IOPS
C.Delete unnecessary data to free up storage space
D.Enable Multi-AZ to increase I/O capacity
E.Enable Performance Insights to identify slow queries
AnswersA, B, C

Provisioned IOPS ensures consistent I/O performance regardless of storage size.

Why this answer

Option A is correct because low free space can cause performance degradation on gp2; increasing storage increases baseline IOPS. Option B is correct because high 'DiskQueueDepth' indicates I/O bottleneck; switching to Provisioned IOPS provides consistent I/O. Option C is correct because enabling Multi-AZ does not improve I/O performance, it adds overhead.

Option D is wrong because Performance Insights is a monitoring tool, not a fix. Option E is correct because deleting old data frees up space and can improve performance. So correct: A, B, E.

351
MCQmedium

A company uses Amazon DynamoDB to store user profiles. The access pattern is mostly GetItem by user_id. They want to reduce costs. Which design change is most effective?

A.Use DynamoDB Standard-IA table class for the user profiles table.
B.Increase the read capacity units to reduce throttling.
C.Add a Global Secondary Index on an additional attribute.
D.Add DynamoDB Accelerator (DAX) for caching.
AnswerA

Standard-IA lowers storage cost for infrequently accessed data.

Why this answer

Option D is correct because DynamoDB Standard-IA is cheaper for data that is accessed less frequently. Option A is wrong because DAX adds cost. Option B is wrong because increasing read capacity increases cost.

Option C is wrong because adding a GSI adds cost.

352
MCQeasy

A company is using Amazon DynamoDB for a gaming leaderboard application. Recently, users have experienced increased latency when updating scores. The DynamoDB table has on-demand capacity mode. The application performs UpdateItem calls with a condition expression. Which action is most likely to reduce the latency?

A.Add a global secondary index (GSI) with the score as the sort key to improve update performance.
B.Switch the table to provisioned capacity and increase the read capacity units to handle peak load.
C.Disable conditional writes to reduce the overhead of condition expression evaluation.
D.Ensure that there are no throttled requests in the CloudWatch metrics and verify that the table is not experiencing hot partitions.
AnswerD

On-demand mode automatically scales, but hot partitions can cause latency; checking metrics helps identify partition issues.

Why this answer

Option A is correct because with on-demand capacity, DynamoDB can handle sudden traffic spikes without throttling. Increasing read capacity is not applicable because on-demand mode automatically adjusts. Optimistic locking is already used implicitly with condition expressions.

Adding a global secondary index does not directly reduce UpdateItem latency.

353
MCQeasy

A company is migrating an on-premises MongoDB database to AWS. The application uses MongoDB's aggregation pipeline for real-time analytics. Which AWS database service is most compatible and provides the least application changes?

A.Amazon ElastiCache for Redis with RedisJSON module.
B.Amazon DocumentDB (with MongoDB compatibility).
C.Amazon DynamoDB with DynamoDB Streams and Lambda for aggregation.
D.Amazon Aurora with JSON data type.
AnswerB

DocumentDB is MongoDB-compatible and supports aggregation pipeline.

Why this answer

Amazon DocumentDB is designed to be MongoDB-compatible, supporting the MongoDB aggregation pipeline with minimal changes. This allows the company to migrate the existing MongoDB database and continue using the same aggregation pipeline for real-time analytics without rewriting application code, making it the most compatible option.

Exam trap

The trap here is that candidates may assume DynamoDB's flexibility or Aurora's JSON support can easily replace MongoDB's aggregation pipeline, overlooking the fundamental differences in query language and data model that necessitate significant application rewrites.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis with RedisJSON module is an in-memory cache, not a document database, and does not support MongoDB's aggregation pipeline or provide persistent storage for the full dataset. Option C is wrong because Amazon DynamoDB is a key-value and document database that does not natively support MongoDB's aggregation pipeline; using DynamoDB Streams and Lambda would require significant application changes to reimplement aggregation logic. Option D is wrong because Amazon Aurora with JSON data type is a relational database that does not support MongoDB's aggregation pipeline or its query language, requiring a complete rewrite of application queries and logic.

354
MCQeasy

A database administrator is troubleshooting a sudden increase in read latency on an Amazon RDS for PostgreSQL instance. The instance has 200 GB of General Purpose SSD (gp2) storage with 600 provisioned IOPS. The administrator notices that the average queue depth is consistently above 4. Which action is the MOST effective way to reduce read latency?

A.Enable Multi-AZ deployment to offload reads to the standby.
B.Change the instance type to a larger size with more vCPUs.
C.Migrate to an io1 volume with 3000 provisioned IOPS.
D.Increase the allocated storage to 500 GB without changing IOPS.
AnswerC

Increasing IOPS addresses the queue depth and reduces latency.

Why this answer

Option A increases IOPS by scaling up to an io1 volume, which directly addresses the queue depth issue and improves latency. Option B is incorrect because increasing instance size may not resolve IOPS bottleneck. Option C is incorrect because Multi-AZ does not improve read performance for a single instance.

Option D is incorrect because increasing storage alone does not guarantee more IOPS for gp2.

355
MCQmedium

A company uses Amazon Redshift for data warehousing. The security team requires that all data be encrypted at rest with a customer-managed key, and that the key be rotated every year. Which configuration meets these requirements?

A.Launch the Redshift cluster without encryption and enable encryption later using AWS CloudHSM.
B.Launch the Redshift cluster with encryption enabled using an S3-managed key.
C.Launch the Redshift cluster with encryption enabled using a customer-managed KMS key with automatic annual rotation.
D.Launch the Redshift cluster with encryption enabled using a KMS key and configure the cluster to use an HSM for key storage.
AnswerC

This meets both requirements.

Why this answer

Amazon Redshift supports encryption at rest using a KMS key. You can enable automatic key rotation on a customer-managed KMS key. Option A is wrong because Redshift does not use S3-managed keys for encryption.

Option B is wrong because HSM is not required for encryption at rest in Redshift. Option D is wrong because CloudHSM is an alternative but requires manual rotation.

356
Multi-Selectmedium

A company is building a real-time leaderboard for an online game using Amazon DynamoDB. The leaderboard must update scores within seconds and support queries for top 100 players. Which TWO design patterns should be used? (Choose TWO.)

Select 2 answers
A.Create a global secondary index on the score attribute for efficient range queries.
B.Use DynamoDB Streams to trigger a Lambda function that updates a separate leaderboard table.
C.Store the leaderboard in Amazon ElastiCache for Redis for low-latency reads.
D.Enable DynamoDB Accelerator (DAX) for faster reads of the leaderboard.
E.Set the sort key to the score attribute for natural ordering.
AnswersB, D

Streams and Lambda provide real-time processing.

Why this answer

Option A (DynamoDB Streams + Lambda) enables real-time updates. Option D (DAX) provides low-latency read caching for the leaderboard. Option B (GSI) could help but not for real-time top-N.

Option C (ElastiCache) is an alternative but not DynamoDB-native. Option E (Sort key on score) is a good design but not a separate pattern; it's part of table design.

357
MCQeasy

A company needs to store JSON documents that are frequently accessed by a web application. The documents have varying attributes and the query pattern includes filtering on multiple fields. Which AWS database service is most suitable?

A.Amazon Neptune
B.Amazon ElastiCache for Redis
C.Amazon DynamoDB
D.Amazon RDS for MySQL
AnswerC

NoSQL, supports JSON and flexible queries with GSIs.

Why this answer

Amazon DynamoDB is the most suitable choice because it is a fully managed NoSQL key-value and document database that natively supports JSON documents with varying attributes. Its flexible schema allows each item to have different attributes, and its support for secondary indexes (Local Secondary Indexes and Global Secondary Indexes) enables efficient filtering and querying on multiple fields without requiring predefined schemas or complex joins.

Exam trap

The trap here is that candidates often choose Amazon RDS for MySQL because they assume JSON support in relational databases is sufficient, but they overlook the performance and schema flexibility limitations when dealing with varying attributes and multi-field filtering at scale.

How to eliminate wrong answers

Option A is wrong because Amazon Neptune is a graph database designed for highly connected data (e.g., social networks, recommendation engines) and is not optimized for storing or querying JSON documents with varying attributes or multi-field filtering; it uses SPARQL or Gremlin, not simple key-value or document queries. Option B is wrong because Amazon ElastiCache for Redis is an in-memory cache, not a durable primary database; while it can store JSON via the RedisJSON module, it lacks persistent storage guarantees and is not designed for complex multi-field filtering or secondary indexes. Option D is wrong because Amazon RDS for MySQL is a relational database that requires a fixed schema, making it unsuitable for storing JSON documents with varying attributes; although MySQL supports JSON columns, querying multiple fields within JSON requires complex expressions and cannot leverage secondary indexes efficiently, leading to performance issues.

358
MCQhard

Refer to the exhibit. A developer reports that the RDS MySQL instance 'mydb' is experiencing high write latency. The storage is gp2 with 100 GB. What is the MOST likely cause of the write latency?

A.There is a read replica causing replication lag
B.The gp2 volume size is too small, resulting in insufficient baseline IOPS
C.The instance class db.r5.large does not provide enough memory
D.Multi-AZ is not enabled, causing synchronous replication overhead
AnswerB

gp2 baseline IOPS is 3 per GB, so 100 GB gives only 300 IOPS.

Why this answer

The gp2 volume's baseline IOPS are determined by the volume size at a ratio of 3 IOPS per GB, up to 16,000 IOPS. With a 100 GB gp2 volume, the baseline IOPS is only 300 (100 × 3). This is insufficient for write-heavy workloads, causing write latency as the volume exhausts its IOPS credit balance and enters a throttled state.

Burst credits can temporarily boost performance, but sustained high write throughput will deplete credits and lead to latency.

Exam trap

The trap here is that candidates may overlook the gp2 IOPS-to-size ratio and assume any gp2 volume can burst indefinitely, or they may confuse storage performance issues with instance class or replication factors.

How to eliminate wrong answers

Option A is wrong because read replicas do not cause write latency on the source instance; replication lag affects read replicas, not the primary's write performance. Option C is wrong because db.r5.large provides ample memory (16 GiB) for typical workloads, and insufficient memory would manifest as swap usage or out-of-memory errors, not directly as write latency. Option D is wrong because Multi-AZ does not introduce synchronous replication overhead for writes; it uses synchronous replication to a standby in a different AZ, but this adds minimal latency (typically <10 ms) and is not the primary cause of high write latency.

359
MCQhard

A financial services company is migrating a 2 TB Oracle database to Amazon Aurora PostgreSQL. The database uses Oracle-specific features like hierarchical queries and stored procedures. The company wants to minimize manual code changes. Which service should be used to automate schema conversion?

A.AWS Database Migration Service (DMS) with full load and ongoing replication.
B.AWS Schema Conversion Tool (SCT).
C.AWS Storage Gateway to cache data on-premises and then sync to S3.
D.AWS Lambda to execute custom scripts for schema transformation.
AnswerB

SCT automates the conversion of Oracle schema objects to PostgreSQL-compatible format.

Why this answer

Option B is correct because AWS Schema Conversion Tool (SCT) is designed to convert database schemas from commercial engines like Oracle to open-source engines like PostgreSQL. Option A is wrong because DMS handles data migration but not schema conversion. Option C is wrong because S3 is storage, not conversion.

Option D is wrong because Lambda is for serverless compute, not schema conversion.

360
MCQmedium

A user has the IAM policy shown in the exhibit. When attempting to create a DMS replication task, they receive an authorization error. What is the most likely missing permission?

A.ec2:DescribeSecurityGroups to allow network configuration
B.dms:CreateEndpoint permission
C.s3:PutObject for the S3 bucket
D.logs:CreateLogGroup to enable logging
AnswerB

The policy lacks permission to create endpoints, which are required for the replication task.

Why this answer

Option C is correct because creating a DMS replication task requires permissions to create the DMS endpoint resources, which are not included in the policy. Option A is wrong because S3 permissions are not needed for a basic task. Option B is wrong because EC2 permissions are not required.

Option D is wrong because CloudWatch Logs permissions are not required at creation time.

361
Multi-Selecthard

A company is planning to migrate a 1 TB MySQL database from on-premises to Amazon RDS for MySQL. The migration must have minimal downtime and support ongoing replication. Which THREE steps should the company include in the migration plan? (Choose THREE.)

Select 3 answers
A.Set up an AWS Direct Connect or VPN connection between on-premises and AWS.
B.Deploy an Amazon EC2 instance to act as a proxy for the DMS replication.
C.Create the target Amazon RDS for MySQL instance.
D.Use AWS DMS with ongoing replication from the on-premises MySQL database.
E.Install the AWS Schema Conversion Tool on the source server to convert the schema.
AnswersA, C, D

Network connectivity is required for DMS to access the source.

Why this answer

Option A is correct because a stable, low-latency network connection (Direct Connect or VPN) is essential for AWS DMS to perform ongoing replication with minimal downtime. Without this, the replication can be interrupted by network issues, causing data loss or extended cutover windows.

Exam trap

The trap here is that candidates often assume an EC2 proxy is needed for DMS replication, but DMS replication instances handle connectivity directly, and the proxy is only used in specific scenarios like VPC peering across regions or complex network topologies.

362
MCQeasy

A company wants to encrypt an existing unencrypted Amazon RDS for SQL Server instance. What is the MOST efficient way to achieve this?

A.Create a read replica with encryption enabled.
B.Modify the DB instance to enable encryption.
C.Create a snapshot of the DB instance and copy it with encryption enabled. Restore the snapshot to a new encrypted instance.
D.Use AWS DMS to migrate data to a new encrypted instance.
AnswerC

This is the recommended approach.

Why this answer

Option A is correct because creating a snapshot and copying with encryption is the standard method. Option B is incorrect because you cannot enable encryption on existing instance. Option C is incorrect because it is not supported.

Option D is incorrect because restoring snapshot to encrypted instance works but the process is snapshot copy.

363
MCQhard

A company is designing a database for a global IoT application that ingests millions of events per second. Each event includes a device ID, timestamp, and sensor readings. The requirement is to store data for historical analysis and to support queries that aggregate data by device ID over time ranges. The team needs a cost-effective solution that can scale write throughput. Which database design is most appropriate?

A.Use Amazon DynamoDB with a table keyed by device ID (partition) and timestamp (sort).
B.Use Amazon RDS for MySQL with Multi-AZ and auto-scaling storage.
C.Use Amazon Redshift with a schema optimized for time-series data.
D.Use Amazon ElastiCache for Redis with persistence enabled.
AnswerA

DynamoDB supports massive write throughput and efficient querying by device and time range.

Why this answer

Option D is correct because DynamoDB with a partition key of device ID and sort key of timestamp allows high write throughput and efficient time-range queries. Option A is wrong because RDS with auto-scaling cannot handle millions of events per second. Option B is wrong because Redshift is optimized for analytics but not for high-velocity writes.

Option C is wrong because ElastiCache is in-memory and too expensive for historical storage.

364
MCQeasy

A company's RDS for MySQL instance is experiencing high CPU utilization. Which AWS service should be used to set up automated actions to scale the instance vertically?

A.AWS Systems Manager Automation with a custom runbook
B.AWS Auto Scaling with a target tracking scaling policy
C.AWS Lambda function to modify the DB instance class
D.Amazon CloudWatch Alarms to send an SNS notification to the DBA
AnswerB

AWS Auto Scaling can adjust RDS instance class based on CloudWatch metrics.

Why this answer

AWS Auto Scaling with a target tracking scaling policy is the correct choice because it can automatically adjust the DB instance class (vertical scaling) for RDS instances based on a defined metric like CPU utilization. This service integrates directly with RDS to modify the instance size without manual intervention, making it ideal for handling high CPU utilization through automated vertical scaling.

Exam trap

The trap here is that candidates often confuse AWS Auto Scaling (which handles both horizontal and vertical scaling for RDS) with EC2 Auto Scaling, or they mistakenly think that a Lambda function or Systems Manager Automation is the only way to automate RDS modifications, overlooking the native scaling capabilities of AWS Auto Scaling.

How to eliminate wrong answers

Option A is wrong because AWS Systems Manager Automation runbooks are designed for operational tasks like patching or configuration changes, not for automatically scaling RDS instances based on real-time metrics. Option C is wrong because while a Lambda function could modify the DB instance class via API calls, it is not a managed service purpose-built for automated scaling; it requires custom code, monitoring, and error handling, making it less reliable and more complex than AWS Auto Scaling. Option D is wrong because CloudWatch Alarms sending SNS notifications only alert the DBA to the issue; they do not perform any automated scaling action, which is explicitly required by the question.

365
Multi-Selecthard

Which TWO strategies can improve query performance in Amazon Aurora MySQL for a read-heavy workload? (Select TWO.)

Select 2 answers
A.Enable Aurora Auto Scaling for read replicas
B.Use Provisioned IOPS EBS volumes for the primary instance
C.Enable Multi-AZ to create a standby for read traffic
D.Create Aurora Replicas and distribute read traffic to them
E.Migrate the read-heavy queries to Amazon DynamoDB
AnswersA, D

Auto Scaling automatically adjusts the number of replicas based on load.

Why this answer

Aurora Replicas offload read traffic, and Auto Scaling adjusts the number of replicas based on load. Option C (Multi-AZ) is for failover, not read scaling. Option D (EBS optimization) is not applicable to Aurora (uses cluster volume).

Option E (DynamoDB) is a different service.

366
MCQeasy

A company wants to migrate an on-premises SQL Server database to Amazon RDS for SQL Server. They need to convert stored procedures and functions. Which AWS service should they use?

A.AWS CloudEndure Migration
B.AWS DMS
C.AWS SCT
D.AWS Snowball
AnswerC

SCT converts schema and code objects.

Why this answer

AWS SCT helps convert database schema and code objects like stored procedures from one engine to another (including SQL Server to RDS for SQL Server for compatibility checks). DMS handles data migration, not schema conversion. CloudEndure is for server migration.

Snowball is for offline data transfer.

367
MCQhard

A company is using Amazon ElastiCache for Redis as a caching layer in front of an Amazon Aurora MySQL database. The application is experiencing higher latency than expected. Which database design pattern should the specialist recommend to improve read performance?

A.Increase the ElastiCache cluster size to accommodate more data.
B.Enable Multi-AZ on the ElastiCache cluster and use read replicas.
C.Use Aurora Replicas to offload read traffic from the primary instance.
D.Implement Amazon DynamoDB Accelerator (DAX) in front of Aurora.
AnswerC

Aurora Replicas can handle read queries and reduce latency.

Why this answer

Option B is correct. Adding Aurora Replicas to distribute read traffic improves read performance and reduces load on the primary. Option A is wrong because DAX is for DynamoDB, not Aurora.

Option C is wrong because increasing cache size may not help if cache misses are not the issue. Option D is wrong because read replicas in ElastiCache are already used; the issue is the database.

368
MCQmedium

A company uses Amazon Aurora MySQL. They notice that the DB cluster's failover took longer than expected during a recent primary instance failure. CloudWatch shows Failover latency of 120 seconds. Which configuration change would most likely reduce the failover time?

A.Increase the instance class of the primary and replica instances.
B.Increase the backup retention period to 35 days.
C.Enable Multi-AZ on the DB cluster.
D.Configure the application to use the cluster endpoint with Aurora JDBC driver's fast failover feature.
AnswerD

Fast failover reduces failover detection and recovery time.

Why this answer

Option A is correct because Aurora's fast failover requires the JDBC driver to use the cluster endpoint with the Aurora hostlist provider. Option B is wrong because increasing instance size does not reduce failover time. Option C is wrong because Multi-AZ is already inherent in Aurora.

Option D is wrong because increasing backup retention does not affect failover.

369
MCQmedium

A company uses Amazon ElastiCache for Redis as a caching layer for a web application. They notice increased latency and cache miss rates. The cache cluster has 5 nodes with replication. Which metric should be monitored to identify if the cache is under-provisioned?

A.ReplicationLag
B.CacheHits
C.CPUUtilization
D.Evictions
AnswerC

High CPU suggests nodes are processing too many requests.

Why this answer

Option A is correct because high CPUUtilization indicates the cache nodes are overloaded. Option B is wrong because CacheHits are a measure of effectiveness, not provisioning. Option C is wrong because Evictions occur when memory is full but CPU is more direct for throughput.

Option D is wrong because ReplicationLag indicates replication issues, not capacity.

370
MCQeasy

A developer is troubleshooting slow queries in Amazon RDS for MySQL. The 'Threads_running' status variable is consistently above 200. The application uses connection pooling. Which metric should be monitored to identify the root cause?

A.Innodb_row_lock_current_waits
B.Queries_per_second
C.Slow_queries
D.Threads_connected
AnswerA

High thread count with many lock waits indicates contention.

Why this answer

Option A is correct because high 'Threads_running' often indicates queries waiting on locks or I/O. Option B is wrong because 'Connections' shows total connections, not concurrent active queries. Option C is wrong because 'Queries' shows total queries over time, not concurrency.

Option D is wrong because 'Slow_queries' shows only long-running queries.

371
MCQmedium

An IAM policy is attached to a role used by an application to access an Amazon RDS for MySQL DB instance. The DB instance is encrypted with a customer-managed KMS key. The application is unable to create a snapshot of the encrypted DB instance. Which missing permission is the most likely cause?

A.kms:ReEncrypt
B.kms:DescribeKey
C.kms:CreateGrant
D.kms:Encrypt
AnswerC

RDS needs kms:CreateGrant to authorize RDS to use the KMS key for snapshot operations.

Why this answer

Option D is correct. To create a snapshot of an encrypted RDS instance, the IAM role needs permission to the KMS key for the kms:CreateGrant action. The policy allows kms:Decrypt and kms:GenerateDataKey but not kms:CreateGrant, which is required for RDS to use the KMS key on behalf of the user when creating a snapshot.

Options A, B, and C are not required for snapshot creation.

372
MCQhard

A database administrator runs the above CLI command. The output shows that 'mydb' is a read replica of 'mydb-source'. The administrator wants to promote 'mydb' to a standalone instance with no downtime. Which action should be taken?

A.Use the promote-read-replica CLI command.
B.Modify the DB instance to enable Multi-AZ, which automatically promotes it.
C.Create a snapshot of the read replica and restore it as a new DB instance.
D.Modify the DB instance class to a larger size to force promotion.
AnswerA

Promoting a read replica makes it a standalone instance without downtime.

Why this answer

Option C is correct because promoting a read replica makes it a standalone instance; it can be done without downtime. Option A is wrong because modifying MultiAZ requires a reboot, causing downtime. Option B is wrong because creating a snapshot and restoring is not a promotion.

Option D is wrong because modifying the DB instance class requires a reboot.

373
MCQmedium

A company is running an Amazon RDS for MySQL DB instance with Multi-AZ deployment. The database experiences a failover due to a hardware failure. After the failover, the application team reports that a critical stored procedure is missing. What should the database administrator do to prevent this issue in the future?

A.Create the stored procedure as a function instead.
B.Modify the DB parameter group to enable binary logging.
C.Ensure that the stored procedure is created on both the primary and standby instances by using a script or manually recreating it after failover.
D.Increase the binlog retention period to ensure the stored procedure is captured.
AnswerC

Stored procedures are not automatically replicated across Multi-AZ instances; they must be created on each instance separately or recreated after failover.

Why this answer

Option D is correct because the default_db_character_set and default_collation_for_utf8 are not the cause; the stored procedure is missing because it was created on the primary and not replicated. Using a custom DB parameter group does not replicate stored procedures; they are stored in the database and should be replicated via binlog. Stored procedures are not automatically replicated in RDS MySQL; the best practice is to ensure they are created on both instances or use a script to recreate them after failover.

Option A is incorrect because modifying the DB parameter group does not replicate stored procedures. Option B is incorrect because binlog retention does not affect stored procedure replication. Option C is incorrect because creating the stored procedure as a function does not change replication behavior.

374
MCQmedium

Refer to the exhibit. A developer runs the command against an RDS MySQL instance. The application team reports that the database is experiencing high read latency during peak hours. The database is not currently in Multi-AZ. What is the MOST cost-effective way to reduce read latency?

A.Enable Multi-AZ to distribute reads to the standby.
B.Upgrade the instance to db.r5.2xlarge.
C.Migrate to Aurora MySQL with a read replica.
D.Create a read replica in the same region.
AnswerD

Offloads read traffic; cost-effective.

Why this answer

Option C is correct because creating a read replica offloads read traffic from the primary instance, reducing read latency without changing the instance class. Option A is wrong because enabling Multi-AZ is for high availability, not read performance. Option B is wrong because upgrading to a larger instance class is more expensive than adding a read replica.

Option D is wrong because converting to Aurora is a significant migration effort and may not be cost-effective for this issue.

375
MCQeasy

A company has an Amazon S3 bucket that stores database backup files. The backups are encrypted using server-side encryption with AWS KMS (SSE-KMS). The security team wants to ensure that only a specific IAM role can decrypt the backups when restoring the database. Which policy should be attached to the KMS key to achieve this?

A.An S3 bucket policy that grants kms:Decrypt to the IAM role.
B.An S3 bucket policy that grants s3:GetObject to the IAM role.
C.An IAM policy attached to the role that grants kms:Decrypt.
D.A KMS key policy that grants kms:Decrypt to the IAM role.
AnswerD

The KMS key policy controls who can use the key for decryption.

Why this answer

Option D is correct because a KMS key policy can grant the kms:Decrypt permission to a specific IAM role. Option A does not restrict decryption. Option B is for S3 bucket policy, not KMS.

Option C is for S3, not KMS.

Page 4

Page 5 of 24

Page 6