AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 376450

1730 questions total · 24pages · All types, answers revealed

Page 5

Page 6 of 24

Page 7
376
MCQmedium

A company runs an Amazon RDS for PostgreSQL DB instance with Multi-AZ enabled. The primary instance is in us-east-1a and the standby is in us-east-1b. During a routine audit, the security team discovers that database connections are being terminated unexpectedly. The database administrator reviews the RDS events and sees an event: 'A Multi-AZ failover has been completed.' What step should be taken to determine the cause of this failover?

A.Examine Amazon CloudWatch metrics for increased CPU or memory usage
B.Check the RDS console for maintenance windows
C.Review RDS events and AWS CloudTrail logs for API calls related to the failover
D.Run the describe-db-instances CLI command to check the status of the standby
AnswerC

CloudTrail logs record actions like ModifyDBInstance that could trigger failover.

Why this answer

Option B is correct because RDS events and CloudTrail logs provide detailed information about failover causes. Option A is wrong because the RDS console shows events but not detailed causes. Option C is wrong because CloudWatch metrics show performance but not failover reasons.

Option D is wrong because the RDS API describes instances, not failover causes.

377
MCQmedium

A company runs a production Amazon RDS for MySQL Multi-AZ DB instance. The database experiences a failover event. After the failover, the application team reports increased latency for write operations. Which action should be taken to investigate the issue?

A.Increase the allocated storage for the DB instance to reduce I/O contention.
B.Enable automated backups and configure a backup window.
C.Verify that the application is using the correct DB endpoint and that DNS has propagated.
D.Modify the DB instance to a larger instance class to improve write performance.
AnswerC

After failover, the DNS record updates to point to the new primary; ensuring the application resolves the correct endpoint is critical.

Why this answer

Option C is correct because after a failover, the DNS record changes to point to the new primary. Checking the DNS resolution confirms the application is connecting to the correct endpoint. Option A is wrong because failover does not change the DB instance class size.

Option B is wrong because automatic backups are not affected by failover latency. Option D is wrong because Multi-AZ already provides synchronous standby replication; resizing storage does not address latency from DNS propagation.

378
MCQhard

A company is using an Amazon DynamoDB table with a global table configuration across two AWS regions. The security team wants to ensure that all data is encrypted in transit between the regions. What should the team do?

A.Configure an Internet gateway in each region and enforce HTTPS for all traffic.
B.Use AWS CloudFront to route traffic between the regions with SSL/TLS termination.
C.Set up a VPC peering connection between the two regions and route DynamoDB traffic through it.
D.No additional action is required; DynamoDB global tables encrypt all replication traffic in transit by default.
AnswerD

Replication traffic between regions is automatically encrypted.

Why this answer

Option B is correct. Global tables for DynamoDB use AWS global infrastructure to replicate data across regions. All replication traffic is automatically encrypted in transit using TLS.

No additional configuration is needed. Option A is incorrect because a VPC peering connection is not required; DynamoDB global tables work over the AWS backbone. Option C is incorrect because an Internet gateway is not used for inter-region replication.

Option D is incorrect because CloudFront does not encrypt DynamoDB replication traffic.

379
MCQmedium

A company is running Amazon RDS for MySQL and notices that the database CPU utilization is consistently above 80% during peak hours. The application performance is degrading. Which action should be taken first to troubleshoot the issue?

A.Increase the instance size of the RDS instance immediately.
B.Create a read replica to offload read traffic.
C.Enable Performance Insights to identify the queries causing high CPU usage.
D.Switch the database engine to Amazon Aurora for better performance.
AnswerC

Performance Insights helps identify performance bottlenecks.

Why this answer

Option B is correct because enabling Performance Insights provides a detailed analysis of database performance, helping to identify the root cause of high CPU utilization. Option A is wrong because increasing instance size without understanding the cause may lead to unnecessary costs. Option C is wrong because creating a read replica does not directly address CPU utilization on the primary instance.

Option D is wrong because switching to a different database engine is a major change and not a troubleshooting step.

380
MCQeasy

A developer needs to grant an IAM user permission to perform automated backups of an Amazon RDS DB instance. Which IAM action should be allowed?

A.rds:BackupDBInstance
B.rds:CreateDBSnapshot
C.rds:RestoreDBInstanceFromDBSnapshot
D.rds:ModifyDBInstance
AnswerB

This action allows creating a manual DB snapshot, which is a common backup method.

Why this answer

Option B is correct because the action to create a DB snapshot is 'rds:CreateDBSnapshot'. Option A is wrong because that action is for manual snapshots? Actually 'CreateDBSnapshot' is the correct action for manual snapshots; automated backups are controlled by 'rds:ModifyDBInstance' to set backup retention. But the question says 'automated backups' which is enabled via the backup retention period.

However, typically creating a manual snapshot is a backup action. To be precise: automated backups are enabled by setting backup retention period, which requires 'rds:ModifyDBInstance'. But the question likely expects 'rds:CreateDBSnapshot' for manual backups.

Let's adjust: Option B is correct as the action for manual snapshots. But the stem says 'automated backups', which might be a misnomer. We'll go with manual snapshot creation as a common backup task.

Option D is wrong because that action is for restoring, not creating backups.

381
MCQeasy

A company needs to store and query a graph of relationships between users for a recommendation engine. The queries involve traversing multiple edges. Which AWS database service is most suitable?

A.Amazon DynamoDB with adjacency list design
B.Amazon Neptune
C.Amazon DocumentDB (with MongoDB compatibility)
D.Amazon RDS for PostgreSQL with recursive CTEs
AnswerB

Neptune is optimized for graph traversals and supports Gremlin and SPARQL.

Why this answer

Option B is correct because Neptune is a fully managed graph database designed for highly connected data. Option A (RDS) requires complex joins. Option C (DynamoDB) can model graphs but requires multiple queries.

Option D (DocumentDB) is for documents.

382
MCQmedium

A team is migrating an on-premises Oracle database to Amazon Aurora PostgreSQL. The database is 2 TB and has a 6-hour maintenance window. Which AWS service should the team use to minimize downtime?

A.AWS Database Migration Service (AWS DMS)
B.Amazon S3 Transfer Acceleration
C.AWS Snowball Edge
D.Amazon EC2 with Oracle installed
AnswerA

DMS supports heterogeneous migrations with minimal downtime.

Why this answer

AWS DMS is the correct choice because it can perform a live migration from Oracle to Aurora PostgreSQL with minimal downtime using ongoing replication (change data capture). It supports heterogeneous migrations, automatically converting the source schema and data types, and can handle a 2 TB database within the 6-hour maintenance window by using multiple parallel tasks and large instance types.

Exam trap

AWS often tests the misconception that offline transfer services like Snowball are suitable for minimal-downtime migrations, but the trap here is that Snowball requires a full data export and import, which cannot achieve the sub-hour cutover needed within a 6-hour maintenance window.

How to eliminate wrong answers

Option B (Amazon S3 Transfer Acceleration) is wrong because it only speeds up uploads to S3 over the internet but does not provide any database migration or replication capabilities, nor does it support ongoing synchronization to minimize downtime. Option C (AWS Snowball Edge) is wrong because it is designed for offline, bulk data transfer of large datasets (e.g., 2 TB) and cannot perform live, ongoing replication; using it would require a full data dump and reload, causing significant downtime beyond the 6-hour window. Option D (Amazon EC2 with Oracle installed) is wrong because it simply rehosts the Oracle database on AWS without addressing the migration to Aurora PostgreSQL, and it does not provide any native mechanism for minimal-downtime heterogeneous migration or schema conversion.

383
MCQhard

A company is deploying a new web application on AWS. The application uses Amazon RDS for MySQL with a Multi-AZ deployment. The application team wants to reduce latency for read-heavy workloads. Which action should be taken?

A.Enable Multi-AZ on the existing RDS instance
B.Increase the instance size of the primary RDS instance
C.Add a read replica in the same Region
D.Switch from RDS to Amazon DynamoDB with DAX
AnswerC

Read replicas can handle read queries, reducing load on the primary and improving latency.

Why this answer

Adding read replicas offloads read traffic from the primary instance, reducing latency. Option A is incorrect because increasing instance size may not significantly reduce read latency. Option B is incorrect because enabling Multi-AZ does not improve read performance.

Option D is incorrect because switching to DynamoDB is a different database paradigm and may require application changes.

384
Multi-Selecthard

Which THREE considerations are important when deploying Amazon Aurora Global Database? (Choose 3.)

Select 2 answers
A.AWS DMS must be used to set up replication
B.Each secondary region can have up to 16 read replicas
C.Cross-region read replicas are created for each secondary region
D.Amazon S3 is used to store transaction logs
E.Replication is typically less than 1 second between regions
AnswersB, E

Each secondary region supports up to 16 read replicas.

Why this answer

Aurora Global Database supports up to 5 secondary regions, uses storage-based replication, and allows failover to a secondary region. Option C (cross-region read replicas) is not used; instead Global Database uses dedicated clusters. Option D (DMS) is not required.

Option E (S3) is not used.

385
MCQmedium

A healthcare company runs a critical application on Amazon RDS for PostgreSQL with a Multi-AZ deployment. The database stores patient records and must comply with HIPAA regulations. Recently, a security audit revealed that the database is using the default port 5432 and that SSL connections are not enforced. The security team requires that all connections to the database use SSL and that the default port be changed to 5439 to reduce the risk of automated attacks. The database administrator needs to implement these changes with minimal downtime. What should the administrator do?

A.Create a new RDS instance with the desired settings, migrate the data using pg_dump, and update the application connection string.
B.Update the security group inbound rules to only allow traffic on port 5439 and enforce SSL at the network level.
C.Modify the default DB parameter group to change the port and enable SSL, then apply it to the instance without a reboot.
D.Modify the DB parameter group associated with the instance to set 'ssl' to '1' and 'port' to 5439. Reboot the instance to apply the changes.
AnswerD

Parameter changes require a reboot; this method has minimal downtime.

Why this answer

Option A is correct because modifying the DB parameter group to require SSL and changing the port, then rebooting the instance, applies the changes with minimal downtime (a few minutes). Option B is wrong because creating a new instance and migrating is more complex and longer downtime. Option C is wrong because changing the security group alone does not enforce SSL.

Option D is wrong because using a custom DB parameter group is necessary; you cannot modify the default group.

386
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all data be encrypted at rest using a key stored in AWS CloudHSM. What must be done to meet this requirement?

A.Enable RDS encryption at rest using a KMS key backed by CloudHSM.
B.Create an encrypted file system on the RDS instance using CloudHSM.
C.Configure SSL/TLS for the database connection.
D.Use Oracle Transparent Data Encryption (TDE) with CloudHSM as the key store.
AnswerD

RDS Oracle supports TDE with CloudHSM.

Why this answer

Option C is correct because RDS for Oracle supports TDE (Transparent Data Encryption) which can use CloudHSM as the key store. Option A is wrong because RDS at rest encryption uses KMS, not CloudHSM directly. Option B is wrong because RDS does not support custom encryption directly via CloudHSM.

Option D is wrong because SSL is for in-transit, not at rest.

387
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size. The company wants to minimize downtime during the migration. Which AWS service should be used to perform an online migration with minimal downtime?

A.AWS Direct Connect
B.AWS Database Migration Service (DMS)
C.AWS Snowball
D.Amazon S3
AnswerB

DMS supports continuous replication for minimal downtime migration.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication to minimize downtime. Snowball is for offline data transfer. S3 is not a migration service.

Direct Connect provides a dedicated network connection but is not a migration service itself.

388
Multi-Selectmedium

A company is troubleshooting an Amazon DynamoDB table that is throttling write requests. The table has a partition key ('userId') and a sort key ('timestamp'). The 'WriteCapacityUnits' is set to 1000. CloudWatch shows 'ThrottledWriteRequests' but the 'ConsumedWriteCapacityUnits' is only 500. Which TWO actions could resolve the throttling?

Select 2 answers
A.Add a random suffix to the partition key to distribute writes more evenly
B.Enable DynamoDB Accelerator (DAX) to cache writes
C.Increase the write capacity units to allow more throughput
D.Enable Global Tables to replicate writes across regions
E.Remove the sort key and use only a partition key
AnswersA, C

Randomizing the partition key helps distribute write load across partitions, reducing throttling.

Why this answer

Option A is correct because a hot partition can throttle even if overall capacity is underutilized; adjusting the partition key design can distribute writes. Option D is correct because using DynamoDB Accelerator (DAX) can offload read traffic but does not affect writes; actually DAX is for reads. Option B is correct because increasing write capacity ensures enough capacity for peaks.

Option C is wrong because removing the sort key changes the table structure and may not help with partition hotness. Option E is wrong because Global Tables replicate writes and may increase throttling. So correct answers: B and E? Let's re-evaluate: The issue is write throttling despite consumed capacity below provisioned.

This indicates a hot partition. Option A: Adding a random suffix to partition key helps distribute writes across partitions. Option B: Increasing write capacity may help if the hot partition is still within limits, but if a single partition is throttled due to its own limit, increasing total capacity may increase the partition limit.

Actually, DynamoDB's partition capacity is 1000 WCU per partition; if a single partition receives more than 1000 WCU, it throttles. Increasing total WCU may increase the partition count, distributing the load. Option C: Removing the sort key does not affect partition distribution.

Option D: DAX is a read cache, not for writes. Option E: Global Tables add more write replication and could increase throttling. So likely correct: A and B.

Option A is a design change to avoid hot partition. Option B increases total capacity, which may increase partitions. So answer: A, B.

389
MCQhard

A company wants to audit all SQL queries made to their Amazon RDS for MySQL database. Which AWS service should they use?

A.VPC Flow Logs
B.AWS Config
C.AWS CloudTrail
D.Database Activity Streams
AnswerD

Database Activity Streams provide a near-real-time stream of database activities.

Why this answer

Database Activity Streams (D) is the correct choice because it provides a near-real-time stream of database activity, including all SQL queries, directly from the RDS for MySQL engine. This service integrates with AWS services like Amazon Kinesis and third-party monitoring tools to capture and audit every SQL statement, user login, and schema change at the database engine level, which is essential for comprehensive auditing.

Exam trap

The trap here is that candidates often confuse CloudTrail (which logs AWS API calls) with database-level auditing, failing to recognize that CloudTrail does not capture SQL queries executed inside the database engine.

How to eliminate wrong answers

Option A is wrong because VPC Flow Logs capture IP traffic metadata (source/destination IP, ports, protocol) at the network interface level, not SQL query content or database operations. Option B is wrong because AWS Config records resource configuration changes (e.g., DB instance settings, security group rules) and evaluates compliance, but it does not capture SQL query execution or database-level activity. Option C is wrong because AWS CloudTrail logs API calls made to the RDS service (e.g., CreateDBInstance, ModifyDBInstance) but does not capture SQL queries executed within the database session itself.

390
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database contains personally identifiable information (PII). The security team requires that all PII columns be transparently encrypted and that the encryption keys be stored in AWS CloudHSM. Which solution meets these requirements?

A.Enable Amazon RDS encryption at rest using a KMS key and rely on that encryption.
B.Modify the Oracle database to use AWS KMS for column-level encryption.
C.Use Oracle Data Pump to export data with encryption and store the encryption key in AWS Secrets Manager.
D.Use Oracle Transparent Data Encryption (TDE) with AWS CloudHSM as the key store.
AnswerD

Oracle TDE provides transparent column encryption, and CloudHSM can serve as the hardware security module for key storage.

Why this answer

Option D is correct because Oracle TDE with CloudHSM integration allows transparent encryption and stores keys in CloudHSM. Option A is wrong because RDS Encryption uses KMS, not CloudHSM. Option B is wrong because Oracle Data Pump does not encrypt columns.

Option C is wrong because RDS does not support custom encryption at the column level natively.

391
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user. The user tries to delete a database instance named 'prod-mydb' in us-east-1. What will happen?

A.The delete will be allowed because the Allow statement is broader.
B.The delete will fail with an error because the policy is invalid.
C.The delete will succeed only if the instance is tagged with 'Environment: prod'.
D.The delete will be denied because the Deny statement explicitly matches the resource.
AnswerD

Explicit Deny overrides Allow.

Why this answer

The Deny statement applies to all resources matching 'prod-*', so the delete action is denied for 'prod-mydb'. Even though the Allow statement permits delete, an explicit Deny overrides any Allow. Option B is correct.

Option A (Allowed) ignores the Deny. Option C (Error) is not correct because the policy is valid. Option D (Only if tagged) is not in the policy.

392
MCQmedium

A gaming company uses Amazon DynamoDB to store player profiles and game state. The access patterns include: (1) lookup by player ID, (2) query by game ID for recent games, and (3) leaderboard queries sorted by score. The current single-table design is causing hot partitions on the leaderboard queries. What design change should the company implement to resolve hot partitions?

A.Increase the read capacity units (RCUs) on the base table to handle the load.
B.Enable DynamoDB Accelerator (DAX) to cache frequent leaderboard queries.
C.Create a GSI with the game ID as the partition key and a composite sort key of score and timestamp.
D.Shard the table by player ID and use application-level aggregation for leaderboards.
AnswerC

GSI distributes write activity and allows efficient sorted queries per game.

Why this answer

Option C is correct because creating a Global Secondary Index (GSI) with game ID as the partition key and a composite sort key of score and timestamp allows efficient leaderboard queries without hot partitions. This design distributes write activity across multiple partitions by game ID, while the composite sort key enables sorted queries by score and timestamp within each game, avoiding the hot partition issue caused by the original single-table design.

Exam trap

The trap here is that candidates often confuse caching solutions (like DAX) with architectural fixes for hot partitions, failing to recognize that caching does not eliminate the underlying partition-level contention caused by a skewed access pattern.

How to eliminate wrong answers

Option A is wrong because increasing RCUs on the base table does not resolve hot partitions; it only increases throughput capacity, but the underlying partition key (likely player ID) still causes all leaderboard queries to hit the same partition, leading to throttling. Option B is wrong because DynamoDB Accelerator (DAX) caches query results but does not address the root cause of hot partitions; if the leaderboard queries are write-heavy or the cache misses, the hot partition still causes performance degradation. Option D is wrong because sharding by player ID and using application-level aggregation for leaderboards introduces complexity and latency, and does not leverage DynamoDB's native indexing capabilities; it also requires custom logic to maintain sorted leaderboards, which is inefficient compared to a GSI.

393
MCQeasy

A company is deploying a new web application and needs a fully managed relational database with automatic failover and read replicas. Which AWS service should they choose?

A.Amazon DynamoDB
B.Amazon RDS for MySQL with Multi-AZ deployment
C.Amazon EC2 with self-managed MySQL
D.Amazon Redshift
AnswerB

RDS is fully managed, Multi-AZ provides automatic failover, and read replicas are supported.

Why this answer

Amazon RDS for MySQL with Multi-AZ deployment provides a fully managed relational database service that automatically provisions and maintains a synchronous standby replica in a different Availability Zone. In the event of a failure, Amazon RDS automatically fails over to the standby, ensuring high availability. Additionally, RDS for MySQL supports read replicas for offloading read traffic, which meets the requirement for both automatic failover and read replicas.

Exam trap

The trap here is that candidates often confuse DynamoDB's high availability and read replicas (DAX, global tables) with relational database requirements, or they assume that a self-managed database on EC2 can be 'fully managed' by using automation scripts, but the question explicitly requires a fully managed service.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB is a NoSQL key-value and document database, not a relational database, and it does not support SQL joins or traditional relational schemas. Option C is wrong because Amazon EC2 with self-managed MySQL requires the company to manually configure and manage the database, including failover and read replicas, which contradicts the requirement for a 'fully managed' service. Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a relational database for transactional web applications, and it does not provide automatic failover or read replicas in the same manner as RDS.

394
Multi-Selectmedium

A company wants to migrate a 1 TB MySQL database to Amazon Aurora MySQL with minimal downtime. The database has a high write load. Which TWO options are valid approaches? (Choose two.)

Select 2 answers
A.Use AWS DMS with full load and ongoing replication.
B.Export to flat files, transfer via AWS Snowball, and import.
C.Perform a mysqldump and restore to Aurora.
D.Use MySQL native replication to replicate to Aurora MySQL.
E.Use AWS SCT to convert the schema and then use DMS.
AnswersA, D

DMS supports CDC for minimal downtime.

Why this answer

Options B and D are correct. Option A is not minimal downtime. Option C is incorrect because SCT is for schema conversion, not data migration.

Option E is incorrect because Snowball is not minimal downtime (requires downtime for transport).

395
MCQmedium

A company runs an e-commerce platform on AWS using an Amazon Aurora MySQL database. The database is accessed by multiple microservices, each using a separate database user. The security team recently discovered that a developer accidentally committed database credentials to a public GitHub repository. The credentials were for a user that had write access to the database. The team immediately revoked the credentials and rotated them. However, they want to prevent such incidents from happening again. They need a solution that ensures credentials are not hardcoded in application code, are rotated automatically, and are accessible only to authorized microservices. What should they do?

A.Use IAM database authentication for Aurora and eliminate the use of database passwords.
B.Use AWS Systems Manager Parameter Store to store the credentials and grant access via IAM roles.
C.Use AWS Secrets Manager to store the credentials, configure automatic rotation, and attach a resource-based policy to allow access only from the microservices' IAM roles.
D.Store the credentials in an encrypted S3 bucket and grant access to the microservices via bucket policies.
AnswerC

Secrets Manager provides automatic rotation and fine-grained access control.

Why this answer

Option B is correct. AWS Secrets Manager allows storing credentials, automatic rotation, and fine-grained access control via IAM policies. Each microservice can assume an IAM role that grants access to Secrets Manager.

Option A is wrong because Systems Manager Parameter Store does not support automatic rotation for RDS credentials. Option C is wrong because IAM database authentication does not eliminate the need for secrets; it uses IAM roles for authentication, but the microservices still need to obtain temporary credentials. Option D is wrong because storing secrets in S3 with encryption does not provide automatic rotation or easy access control.

396
Multi-Selectmedium

Which TWO factors should be considered when designing a database for an IoT workload that ingests millions of sensor readings per second? (Choose 2.)

Select 2 answers
A.Ensure strong consistency for all reads
B.Enforce ACID transactions for all writes
C.Implement data retention and aggregation to reduce storage costs
D.Use a time-series database for efficient storage and querying
E.Use a graph database to model relationships between sensors
AnswersC, D

Storing raw data indefinitely is expensive; aggregation reduces volume.

Why this answer

Options A and C are correct: Time-series data is best stored in a time-series database like Timestream, and data retention policies are crucial to manage storage costs. Option B is wrong because strong consistency is not typically required for IoT. Option D is wrong because graph databases are for relationships.

Option E is wrong because ACID compliance is usually unnecessary for sensor data.

397
Multi-Selectmedium

A company is building a content management system that stores articles, images, and user comments. Articles are text-heavy and need full-text search. Images are binary files. Comments are relational with user IDs. Which TWO AWS services should be combined to best support this workload?

Select 2 answers
A.Amazon ElastiCache for Redis for caching
B.Amazon DynamoDB for articles and comments
C.Amazon OpenSearch Service for full-text search
D.Amazon RDS for MySQL for articles and comments
E.Amazon S3 for images
AnswersC, E

Provides powerful search capabilities.

Why this answer

Amazon S3 is ideal for storing images (binary objects). Amazon OpenSearch Service provides full-text search capabilities for articles. Option C (RDS) is wrong because while it can store text and images, it is not optimal for search or binary storage.

Option D (DynamoDB) is wrong because it does not support full-text search natively. Option E (ElastiCache) is wrong because it is a cache, not a primary store.

398
MCQeasy

A company has an Amazon Aurora MySQL DB cluster with a single writer and two readers. The writer instance fails, and the failover mechanism promotes one of the readers to writer. The application, which uses a custom connection pool, continues to experience errors for several minutes. What should the database administrator do to minimize downtime during future failovers?

A.Increase the connection pool size to handle more connections.
B.Modify the application to use the cluster endpoint instead of the instance endpoint.
C.Configure the application to use the reader endpoint for all traffic.
D.Enable Multi-AZ on the Aurora cluster.
AnswerB

Cluster endpoint points to current writer automatically.

Why this answer

Option B is correct because using the cluster endpoint ensures automatic routing to the current writer. Option A is wrong because DNS caching is fixed by using cluster endpoint. Option C is wrong because increasing pool reduces latency but not failover detection.

Option D is wrong because Multi-AZ is already used.

399
MCQhard

Refer to the exhibit. An IAM policy is attached to a user who is attempting to run a Scan operation on the Orders table using the AWS CLI. The Scan operation fails with an AccessDeniedException. What is the most likely reason?

A.The resource ARN does not include the table name.
B.The Scan action is not allowed in the policy.
C.The condition requires the partition key to be 'CustomerID', but the Scan operation does not specify a partition key.
D.The 'ForAllValues:StringEquals' condition set operator prevents the Scan operation because it requires all leading keys to match a single value, which is impossible for a Scan.
AnswerD

'ForAllValues' evaluates to false if the request has no leading keys (as in Scan) or multiple keys.

Why this answer

Option D is correct. The condition 'dynamodb:LeadingKeys' applies only to Query and Scan operations when the condition key is used to restrict partition key values. However, the condition 'ForAllValues:StringEquals' requires that all leading keys in the request match the specified value.

For a Scan operation without a specific partition key, the condition cannot be satisfied, leading to denial. Option A is incorrect because the resource ARN includes the table name, so it is valid. Option B is incorrect because the policy allows Scan action.

Option C is incorrect because the condition is on LeadingKeys, not on the table.

400
MCQeasy

A company wants to deploy a highly available Amazon RDS for MySQL database across two Availability Zones. Which feature should be enabled?

A.Read replicas in a different AZ
B.Automated backups with retention
C.Enhanced Monitoring
D.Multi-AZ deployment
AnswerD

Multi-AZ provides synchronous standby for automatic failover.

Why this answer

Option A is correct because Multi-AZ deployment provides automatic failover to a standby in a different AZ. Option B is wrong because read replicas are for read scaling, not high availability. Option C is wrong because automatic backups are for point-in-time recovery.

Option D is wrong because Enhanced Monitoring provides metrics, not HA.

401
MCQhard

Refer to the exhibit. An IAM policy statement allows creating manual snapshots for an RDS instance. A database administrator is unable to create a snapshot from the AWS Management Console. The error message indicates insufficient permissions. What is the likely cause?

A.The condition key 'aws:RequestedRegion' is misspelled.
B.The policy does not include necessary read actions (e.g., 'DescribeDBInstances', 'DescribeDBSnapshots') that the console uses.
C.The resource ARN is incorrect; it should include the snapshot ARN.
D.The condition uses 'StringEquals' but should use 'StringLike' for region matching.
AnswerB

The console requires read permissions to list instances and snapshots before creating a snapshot.

Why this answer

Option D is correct because the console may try to list snapshots or describe instances, which require additional actions like 'DescribeDBSnapshots' and 'DescribeDBInstances'. The condition restricts the region, but the missing actions cause the failure. Option A is wrong because the region condition is correctly written.

Option B is wrong because the resource ARN is correct. Option C is wrong because the condition uses 'StringEquals' correctly.

402
MCQeasy

A developer is configuring an RDS for PostgreSQL instance for a new application. The application requires automatic failover to a standby instance in a different Availability Zone. Which deployment option should be selected?

A.Deploy a Single-AZ instance with a read replica.
B.Deploy a Multi-AZ instance.
C.Deploy a Single-AZ instance and take frequent snapshots.
D.Deploy a Single-AZ instance with a cross-region read replica.
AnswerB

Multi-AZ provides automatic failover.

Why this answer

Option B is correct because Multi-AZ deployment provides automatic failover to a standby in a different AZ. Option A is wrong because read replicas are for read scaling, not automatic failover. Option C is wrong because a single-AZ deployment lacks failover.

Option D is wrong because RDS does not have a 'Cross-Region Standby' deployment option; Cross-Region Read Replicas are for disaster recovery but don't provide automatic failover.

403
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a high transaction rate. The migration must have minimal downtime and support ongoing replication. Which AWS service should be used for the migration?

A.AWS Schema Conversion Tool (AWS SCT)
B.AWS Database Migration Service (AWS DMS)
C.AWS Direct Connect
D.Amazon RDS Read Replica
AnswerB

AWS DMS supports ongoing replication from on-premises to RDS, enabling minimal downtime migrations.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication from Oracle to RDS Oracle with minimal downtime. AWS SCT helps convert the schema but does not perform replication. RDS Read Replicas are for RDS to RDS, not on-premises to RDS.

Direct Connect provides a network connection but does not handle data migration. Snowball is for offline data transfer, not minimal downtime.

404
MCQmedium

A company is building a document management system where each document can have multiple attributes (tags) that need to be queried efficiently. The workload is write-heavy with occasional reads. Which database is best suited?

A.Amazon QLDB
B.Amazon DynamoDB
C.Amazon ElastiCache for Redis
D.Amazon RDS for MySQL
AnswerB

DynamoDB allows flexible attributes and global secondary indexes for efficient queries.

Why this answer

Amazon DynamoDB is the best choice for a write-heavy, document management system with tag-based queries because it is a fully managed NoSQL key-value and document database that delivers single-digit millisecond performance at any scale. Its flexible schema allows each document to have multiple attributes (tags) without predefined schemas, and its secondary indexes (LSI/GSI) enable efficient querying on those tags. DynamoDB's auto-scaling and provisioned throughput are designed to handle high write volumes, while occasional reads benefit from its consistent low-latency access.

Exam trap

AWS often tests the misconception that a ledger database (QLDB) is suitable for general-purpose document storage because of its 'immutable' and 'verifiable' features, but candidates overlook that QLDB is not designed for high write throughput or flexible attribute queries, which DynamoDB handles natively.

How to eliminate wrong answers

Option A is wrong because Amazon QLDB is a ledger database optimized for immutable, cryptographically verifiable transaction logs, not for high-throughput write-heavy document storage with flexible tag queries; it lacks native support for secondary indexes on arbitrary attributes. Option C is wrong because Amazon ElastiCache for Redis is an in-memory cache designed for sub-millisecond read-heavy workloads and transient data, not for durable, write-heavy document persistence with complex query patterns. Option D is wrong because Amazon RDS for MySQL is a relational database with a fixed schema, which would require complex join tables or EAV (Entity-Attribute-Value) patterns to handle multiple tags, leading to performance degradation under write-heavy loads and poor scalability compared to DynamoDB's distributed architecture.

405
MCQmedium

A company is running a production Amazon RDS for MySQL DB instance. The database size is 500 GB and the workload is write-heavy. The team notices that the automated backups are taking longer than expected and are impacting the performance during the backup window. Which action should be taken to minimize the performance impact?

A.Disable automated backups and rely on manual snapshots taken during off-peak hours.
B.Create a read replica and configure automated backups on the replica.
C.Increase the DB instance size to improve backup performance.
D.Move the backup window to a time when the workload is lowest.
AnswerB

Offloading backups to a read replica ensures that backup operations do not affect the primary instance's performance.

Why this answer

Option D is correct because creating a read replica and taking backups from it offloads the backup load from the primary instance. Option A is wrong because disabling backups is risky for production. Option B is wrong because it affects the start time but not the performance impact.

Option C is wrong because increasing instance size may reduce backup duration but does not directly minimize the performance impact; it also adds cost.

406
MCQeasy

After migrating a database to Amazon RDS, an application on an EC2 instance in the same VPC cannot connect. The command in the exhibit shows the endpoint. What is the most likely cause?

A.The EC2 instance is in a different VPC and needs a VPN connection.
B.The security group for the DB instance does not allow inbound traffic from the EC2 instance's security group.
C.The DB instance endpoint is incorrect.
D.The DB instance is not publicly accessible.
AnswerB

Security group rules control access; if not configured, connections are blocked.

Why this answer

Option B is correct because the most common issue is security group rules not allowing inbound traffic on the database port from the EC2 instance. Option A is wrong because the endpoint is correct. Option C is wrong because the RDS instance is in the same VPC, so no VPN is needed.

Option D is wrong because public accessibility is not required for same VPC connectivity.

407
Multi-Selecthard

A company is using Amazon Redshift and needs to comply with regulatory requirements that mandate encryption of all data at rest and control of the encryption keys. Which THREE steps should be taken? (Choose THREE.)

Select 3 answers
A.Enable automatic key rotation for the KMS key.
B.Configure the cluster to use a customer-managed KMS key.
C.Use AWS CloudHSM to generate and manage encryption keys.
D.Enable encryption on the cluster after creation by modifying the cluster.
E.Create the cluster with encryption enabled using a KMS key.
AnswersA, B, E

Automatic rotation helps meet compliance requirements.

Why this answer

Option A is correct because encrypting the cluster at creation with a KMS key is required. Option C is correct because enabling KMS automatic key rotation meets key control requirements. Option D is correct because configuring the cluster to use a customer-managed key provides key control.

Option B is wrong because CloudHSM is not required. Option E is wrong because encryption at rest cannot be enabled after cluster creation without restoring from a snapshot.

408
MCQmedium

A company is using Amazon RDS for MySQL with Multi-AZ deployment. The database experiences a sudden increase in latency and the application reports timeouts. CloudWatch shows elevated 'ReadLatency' and 'WriteLatency' metrics, while 'CPUUtilization' and 'DatabaseConnections' remain normal. Which is the MOST likely cause?

A.A runaway query is consuming CPU resources
B.A Multi-AZ failover occurred
C.A large transaction is being processed
D.The database has insufficient provisioned IOPS
AnswerC

Large transactions can cause high I/O wait and latency without high CPU or connections.

Why this answer

Option B is correct because a large transaction can cause increased latency without high CPU or connection count, as it may be waiting on disk I/O or replication. Option A is wrong because Multi-AZ failover is automatic and would show a spike then recovery. Option C is wrong because insufficient storage I/O would show in 'BurstBalance' or 'WriteIOPS' metrics, not just latency.

Option D is wrong because normal CPU and connections rule out a runaway query in terms of CPU, though a query could be I/O-bound. However, a large transaction is a common cause of such symptoms.

409
MCQeasy

A company is using Amazon DynamoDB and wants to ensure that all data is automatically encrypted at rest. What is the default encryption status for a new DynamoDB table?

A.Encryption is optional and can be enabled during table creation.
B.Encryption is disabled by default and must be enabled manually.
C.Encryption is enabled by default using an AWS-owned key.
D.Encryption is enabled by default using a customer-managed key.
AnswerC

Default encryption uses AWS-owned KMS keys.

Why this answer

Option B is correct because all new DynamoDB tables are encrypted at rest by default using an AWS-owned key. Option A is wrong because encryption is enabled by default. Option C is wrong because the default key is AWS-owned, not a customer-managed key.

Option D is wrong because encryption is not optional; it is always enabled.

410
MCQeasy

A developer notices that an Amazon RDS for PostgreSQL DB instance is running low on free storage space. The instance has 100 GB of allocated storage. What is the recommended first step to troubleshoot this issue?

A.Enable storage auto scaling
B.Modify the DB instance to increase allocated storage
C.Check for unused indexes or table bloat using pg_repack or similar tools
D.Delete the oldest transaction logs
AnswerC

Index bloat and table bloat are common causes of storage consumption.

Why this answer

Option B is correct because checking for unused indexes or bloat is a typical starting point for storage issues. Option A is wrong because modifying storage is a solution, not a troubleshooting step. Option C is wrong because deleting logs may not recover much space.

Option D is wrong because enabling auto scaling is a preventive measure, not a troubleshooting step.

411
MCQhard

A company is deploying a new application that requires a globally distributed database with low latency reads. They choose Amazon DynamoDB global tables. What is a key consideration for this deployment?

A.Writes are synchronously replicated to all regions.
B.Each replica can serve reads and writes independently.
C.The table class must be DynamoDB Standard-Infrequent Access.
D.Global tables support strongly consistent reads from any region.
AnswerB

Global tables are multi-master; each region can handle both reads and writes.

Why this answer

DynamoDB global tables use active-active replication with eventual consistency. Writes are replicated asynchronously. Strongly consistent reads are only supported in the region where the write occurred.

Each replica can handle reads and writes. Table class is not region-specific.

412
MCQmedium

A company is using Amazon Redshift for data warehousing. Users report that queries are taking longer than expected. Which CloudWatch metric should be monitored to identify if queries are waiting for resources due to concurrency scaling?

A.WLMQueueLength
B.DiskSpaceUsage
C.QueryDuration
D.ConcurrencyScalingActiveQueries
AnswerD

This metric shows the number of queries running on concurrency scaling clusters.

Why this answer

Option A is correct because ConcurrencyScalingActiveQueries indicates queries running on concurrency scaling clusters. Option B is wrong because WLMQueueLength shows queue wait, not concurrency scaling. Option C is wrong because QueryDuration measures query execution time.

Option D is wrong because DiskSpaceUsage is for storage, not concurrency.

413
Multi-Selectmedium

A company is migrating a PostgreSQL database to Amazon Aurora PostgreSQL. The database has a large table that is frequently accessed. The team wants to minimize downtime during the migration. Which TWO strategies should be used together?

Select 2 answers
A.Use AWS DMS to create a target Aurora DB cluster and replicate data.
B.Take a manual snapshot of the source database and restore it to Aurora.
C.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema.
D.Use AWS DMS to perform a full load followed by ongoing replication.
E.Configure Aurora as a read replica of the PostgreSQL instance.
AnswersA, D

DMS can migrate data to Aurora with ongoing replication to minimize downtime.

Why this answer

Options B and D are correct because using AWS DMS with ongoing replication allows for near-zero downtime migration, and creating an Aurora read replica from a PostgreSQL instance is not possible; instead, DMS is the correct tool. Option A is wrong because taking a snapshot and restoring requires downtime. Option C is wrong because AWS SCT is for schema conversion, not data migration.

Option E is wrong because there is no direct replication from PostgreSQL to Aurora without DMS.

414
MCQmedium

A database administrator is troubleshooting a performance issue on an Amazon RDS for SQL Server instance. The CPU utilization is consistently above 90%, and the number of database connections is high. Which Amazon CloudWatch metric should be analyzed first to determine if the issue is due to a specific query?

A.DatabaseConnections
B.ReadIOPS
C.Enhanced Monitoring (cpuUtilization per process)
D.CPUUtilization
AnswerC

Enhanced Monitoring provides per-process CPU metrics, which can help identify which process (and thus which query) is consuming the most CPU.

Why this answer

While CloudWatch provides metrics like CPUUtilization, the question asks for a metric that helps identify a specific query causing high CPU. CloudWatch does not directly expose query-level metrics; however, enhanced monitoring provides OS-level metrics but not query details. To identify specific queries, you need to use RDS Performance Insights or SQL Server's own DMVs.

Among the options, 'DatabaseConnections' is not query-specific. The correct answer is to use Performance Insights, but since it's not listed, the best CloudWatch metric is 'CPUUtilization' to confirm high CPU, but the actual tool for query analysis is not CloudWatch. The question expects 'Enhanced Monitoring' as it gives per-process metrics that can lead to identifying queries if combined with other tools.

However, none directly identify a specific query. The closest is Enhanced Monitoring which can show top processes. 'DatabaseConnections' does not help. The correct answer is D because Enhanced Monitoring provides OS-level metrics that can help pinpoint resource-intensive processes that may be running specific queries.

415
MCQeasy

A company uses Amazon DynamoDB to store session data for a web application. The table has a partition key of 'SessionId'. The company wants to automatically expire sessions after 1 hour. Which feature should be used?

A.DynamoDB Global Tables
B.AWS Lambda function that scans the table every hour and deletes old items.
C.DynamoDB Streams
D.DynamoDB Time to Live (TTL)
AnswerD

TTL automatically deletes expired items.

Why this answer

Option B is correct because DynamoDB TTL automatically expires items after a specified timestamp. Option A is wrong because DynamoDB Streams captures changes but does not expire items. Option C is wrong because the application would need to scan and delete, which is inefficient.

Option D is wrong because Global Tables are for multi-region replication, not expiration.

416
MCQeasy

A database administrator needs to monitor the number of database connections to an Amazon RDS for PostgreSQL instance. Which Amazon CloudWatch metric should the administrator use?

A.DatabaseConnections
B.ActiveConnections
C.ConnectionsCount
D.DBInstanceIdentifier
AnswerA

This is the standard CloudWatch metric for active connections.

Why this answer

Option A is correct because DatabaseConnections is the standard metric. Option B is incorrect because it is not a CloudWatch metric. Option C is incorrect because it is a custom metric, not standard.

Option D is incorrect because it is a dimension, not a metric.

417
MCQmedium

A developer is trying to create a FULLTEXT index on a column in an RDS MySQL instance. The error log shows the index creation failed. What is the most likely cause?

A.The column 'description' has a length that exceeds the maximum allowed for FULLTEXT index.
B.The table size is too large for a FULLTEXT index to be created.
C.The table uses a character set that is not compatible with FULLTEXT indexes.
D.The InnoDB engine does not support FULLTEXT indexes.
AnswerA

The error states the column length is 4294967295, which is too large.

Why this answer

In RDS MySQL, FULLTEXT indexes have a maximum column length limit of 1000 bytes for InnoDB and 1000 characters for MyISAM. If the 'description' column exceeds this limit, the index creation will fail. This is the most likely cause because the error log indicates a failure without other configuration issues.

Exam trap

The trap here is that candidates often assume InnoDB does not support FULLTEXT indexes (a common misconception from older MySQL versions) or that table size is the issue, but the actual constraint is the column length limit.

How to eliminate wrong answers

Option B is wrong because table size does not prevent FULLTEXT index creation; large tables may take longer to index but will not cause a failure. Option C is wrong because MySQL FULLTEXT indexes support character sets like utf8, utf8mb4, latin1, etc., as long as they are compatible with the full-text parser; incompatible character sets are rare and would produce a different error. Option D is wrong because InnoDB has supported FULLTEXT indexes since MySQL 5.6, and RDS MySQL instances use InnoDB by default.

418
Multi-Selecthard

A company is running Amazon RDS for Oracle with a Multi-AZ deployment. The database is experiencing performance degradation due to high I/O waits. The team suspects that the issue is related to the transaction log (redo log) writes. Which THREE metrics should be monitored in Amazon CloudWatch to diagnose the issue?

Select 3 answers
A.DiskQueueDepth
B.CPUUtilization
C.RedoLogFileSyncWaits
D.ReadLatency
E.RedoLogSyncTime
AnswersA, C, E

High disk queue depth indicates that I/O requests are waiting, affecting redo log writes.

Why this answer

Options A, C, and E are correct because high redo log sync time, high redo log file sync waits, and high disk queue depth are indicators of I/O bottlenecks affecting redo log writes. Option B is wrong because read latency is not directly related to redo log writes. Option D is wrong because CPU utilization may be high but does not directly indicate redo log issues.

419
MCQeasy

A company wants to store database credentials for an Amazon RDS instance securely. Which AWS service should be used to rotate the credentials automatically?

A.AWS Secrets Manager
B.AWS CloudHSM
C.AWS Systems Manager Parameter Store
D.AWS IAM roles
AnswerA

Secrets Manager supports automatic rotation for RDS databases.

Why this answer

Option B is correct because AWS Secrets Manager can automatically rotate database credentials. Option A is wrong because Systems Manager Parameter Store stores parameters but does not natively rotate RDS credentials. Option C is wrong because IAM roles are for authentication, not for storing credentials.

Option D is wrong because CloudHSM is for encryption keys, not credential storage.

420
MCQeasy

An e-commerce company uses Amazon ElastiCache for Redis as a session store for its web application. The application experiences occasional latency spikes during flash sales. The operations team notices that the Redis cluster's CPU utilization reaches 90% during these events. The current cluster is a single shard with a cache.r5.large node. The team wants to reduce CPU utilization and improve performance. What should the database administrator do?

A.Add read replicas to offload read traffic from the primary node.
B.Increase the number of replicas for data durability.
C.Disable AOF persistence to reduce write overhead.
D.Enable encryption at rest to secure data.
AnswerA

Read replicas handle read requests, reducing CPU usage on the primary.

Why this answer

Option B is correct because adding read replicas distributes read traffic, reducing CPU load on the primary. Option A is wrong because increasing retention does not reduce CPU. Option C is wrong because disabling persistence reduces durability but does not significantly reduce CPU.

Option D is wrong because enabling encryption adds CPU overhead.

421
MCQeasy

A company needs to store and query time-series data from IoT devices. The data arrives in high volume and requires efficient range queries over time. Which database is most appropriate?

A.Amazon RDS for MySQL
B.Amazon Timestream
C.Amazon DynamoDB
D.Amazon Redshift
AnswerB

Timestream is a serverless time-series database designed for IoT and operational applications.

Why this answer

Amazon Timestream is a purpose-built time-series database that automatically scales to handle high-volume IoT data and is optimized for efficient range queries over time. It separates storage into a memory store for recent data and a magnetic store for historical data, enabling fast queries across time ranges with built-in time-series functions.

Exam trap

The trap here is that candidates often choose DynamoDB (Option C) because of its scalability, but they overlook that DynamoDB lacks native time-series optimization and requires complex workarounds for efficient range queries over time, making Timestream the correct purpose-built choice.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database not optimized for time-series workloads; it lacks automatic time-based partitioning and efficient range query performance at scale, and would require manual sharding and indexing. Option C is wrong because Amazon DynamoDB is a key-value and document database that does not natively support time-series range queries efficiently; it requires complex design patterns like composite sort keys and TTL for time-series data, and lacks built-in time-series functions. Option D is wrong because Amazon Redshift is a columnar data warehouse designed for OLAP and complex analytics on structured data, not for high-frequency time-series ingestion and real-time range queries; it incurs higher latency and cost for IoT workloads.

422
MCQhard

A company has an Amazon DynamoDB table with a global secondary index (GSI). The security team wants to ensure that only certain attributes are returned in query results based on the IAM policy of the calling user. What is the most secure and scalable approach?

A.Use an AWS Lambda function as a middleware to filter attributes before returning results.
B.Create multiple global secondary indexes that include only the allowed attributes for each user group.
C.Use IAM condition keys with 'dynamodb:Attributes' to restrict access to specific attributes.
D.Create a VPC endpoint for DynamoDB and attach a bucket policy that limits attribute access.
AnswerC

IAM policies can limit which attributes are returned in query results.

Why this answer

Option C is correct. Using IAM condition keys with 'dynamodb:Attributes' allows fine-grained access control at the attribute level. This is the recommended way to restrict access to specific attributes.

Option A is incorrect because attribute-level IAM policies can be applied without VPC endpoints. Option B is incorrect because DynamoDB does not support column-level security through Lambda. Option D is incorrect because modifying the GSI to include only allowed attributes would require multiple GSIs and is not scalable.

423
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 500 GB in size and has a 24/7 uptime requirement. The migration window is limited to 2 hours. Which strategy should be used to minimize downtime?

A.Use AWS Schema Conversion Tool (SCT) to convert the schema and copy data
B.Take an on-premises backup and restore to RDS using Oracle RMAN
C.Export the database to a dump file and import into RDS
D.Use AWS Database Migration Service (DMS) with ongoing replication
AnswerD

DMS supports minimal downtime by replicating changes until cutover.

Why this answer

Option C is correct because AWS DMS can replicate ongoing changes and allow a short cutover window. Option A is wrong because AWS SCT does not handle data migration. Option B is wrong because restoring a snapshot takes longer than 2 hours for 500 GB.

Option D is wrong because Export/Import requires downtime and is slow.

424
MCQmedium

A company is migrating a 5 TB Microsoft SQL Server database to Amazon RDS for SQL Server. The database has many stored procedures and triggers. The migration must have minimal downtime. Which approach should be used?

A.Use AWS SCT to convert the database schema and then use DMS for data load.
B.Use the SQL Server Import/Export wizard to copy data.
C.Use AWS DMS with full load and ongoing replication (CDC).
D.Take a native backup, copy to Amazon S3, and restore to RDS during a maintenance window.
AnswerC

CDC captures changes during migration, minimizing downtime.

Why this answer

Option C is correct because AWS DMS with full load and ongoing change data capture (CDC) enables continuous replication of changes from the source SQL Server to the target Amazon RDS for SQL Server, minimizing downtime to a brief cutover window. This approach handles the migration of stored procedures and triggers as part of the schema conversion via AWS SCT, while CDC captures ongoing transactions to keep the target synchronized until the final switch.

Exam trap

The trap here is that candidates often assume native backup and restore (Option D) is the simplest method for minimal downtime, but they overlook that it requires a maintenance window and does not support ongoing replication, whereas DMS with CDC is specifically designed for near-zero downtime migrations.

How to eliminate wrong answers

Option A is wrong because AWS SCT converts the schema but does not handle ongoing replication; using DMS for data load alone would require a full load without CDC, resulting in significant downtime as the database must be offline to capture a consistent snapshot. Option B is wrong because the SQL Server Import/Export wizard is a one-time, bulk copy tool that does not support ongoing replication or minimal downtime, and it cannot handle large databases like 5 TB efficiently without extended outages. Option D is wrong because taking a native backup, copying to S3, and restoring to RDS requires the database to be in a consistent state during the backup, which typically involves taking the database offline or using a maintenance window, causing downtime; it also does not provide ongoing replication to minimize the cutover period.

425
Multi-Selectmedium

Which TWO of the following are valid considerations when migrating an on-premises Oracle database to Amazon RDS for Oracle using AWS DMS? (Select TWO.)

Select 2 answers
A.DMS automatically converts Oracle stored procedures to RDS for Oracle compatible code.
B.DMS can continue to replicate changes after the full load is complete until the cutover.
C.DMS automatically converts partitioned tables to non-partitioned tables.
D.DMS can migrate directly to Amazon RDS Custom for Oracle without any configuration changes.
E.DMS can perform ongoing replication to minimize downtime during migration.
AnswersB, E

DMS supports ongoing replication for near-zero downtime.

Why this answer

AWS DMS supports ongoing replication (change data capture, CDC) after the full load completes, allowing you to keep the target database synchronized with the source until you perform the cutover. This minimizes downtime because you can replicate ongoing changes from the on-premises Oracle database to Amazon RDS for Oracle, then stop all applications and switch over with only a brief interruption.

Exam trap

AWS often tests the misconception that AWS DMS can automatically convert database code (like stored procedures) or that it can handle all schema transformations without additional tools, but in reality DMS focuses on data migration and ongoing replication, while schema and code conversion requires AWS Schema Conversion Tool (SCT).

426
MCQeasy

A startup needs a fully managed, serverless database for a new web application with unpredictable traffic. The application requires ACID transactions and SQL queries. Which AWS database service should they use?

A.Amazon Neptune
B.Amazon DynamoDB
C.Amazon Aurora Serverless v2
D.Amazon Redshift
AnswerC

Serverless, auto-scaling, MySQL/PostgreSQL compatible, ACID.

Why this answer

Amazon Aurora Serverless v2 is the correct choice because it provides a fully managed, serverless relational database that automatically scales capacity based on application demand, supports ACID transactions, and uses standard SQL queries. It is ideal for unpredictable traffic patterns as it can scale from zero to hundreds of thousands of transactions per minute without manual intervention.

Exam trap

The trap here is that candidates often confuse DynamoDB's 'transactions' feature (which supports ACID-like semantics only within a single AWS account and region) with full ACID compliance across multiple items, or they mistakenly think Neptune or Redshift can handle OLTP SQL workloads, when in fact they are specialized for graph and analytics respectively.

How to eliminate wrong answers

Option A is wrong because Amazon Neptune is a graph database designed for highly connected data (e.g., social networks, recommendation engines) and does not support ACID transactions or SQL queries in the traditional relational sense. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database that does not support ACID transactions across multiple items (only single-item atomicity) and uses a non-SQL API (e.g., PartiQL is limited). Option D is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries (OLAP) on large datasets, not for transactional (OLTP) workloads requiring ACID compliance and low-latency SQL queries.

427
MCQmedium

A company is using Amazon Aurora MySQL-Compatible Edition. The database is experiencing performance degradation due to long-running queries. The DBA needs to identify the queries that are consuming the most resources. Which action should be taken?

A.Enable Enhanced Monitoring and review the OS process list.
B.Enable the slow query log and use a third-party tool to analyze it.
C.Use Amazon RDS Performance Insights to identify the top SQL queries.
D.Enable CloudWatch Logs for the DB instance and search for errors.
AnswerC

Performance Insights helps identify queries that are consuming the most resources.

Why this answer

Option C is correct because Performance Insights provides a dashboard to analyze database performance and identify top SQL queries by load. Option A is wrong because RDS Enhanced Monitoring shows OS metrics, not specific queries. Option B is wrong because CloudWatch Logs collects logs but does not analyze query performance.

Option D is wrong because the slow query log must be enabled and analyzed separately.

428
MCQeasy

An Amazon RDS for Oracle instance is experiencing high swap usage. Which metric should be monitored to determine if the instance is memory-constrained?

A.CPUUtilization
B.SwapUsage
C.WriteIOPS
D.FreeableMemory
AnswerB

High swap usage indicates memory pressure.

Why this answer

SwapUsage indicates that the instance is using swap space, which is a sign of memory pressure. CPUUtilization is for CPU, not memory. FreeableMemory shows available memory, but swap usage directly indicates memory constraint.

429
MCQmedium

A company is migrating an on-premises Microsoft SQL Server database to Amazon RDS for SQL Server. The database uses SQL Server Agent jobs for ETL processes. After migration, the company needs to continue running these jobs. What is the MOST efficient way to manage these jobs in the AWS cloud?

A.Recreate the jobs as AWS Lambda functions and trigger them with Amazon CloudWatch Events.
B.Install SQL Server Agent on an Amazon EC2 instance and connect to RDS.
C.Use the AWS Schema Conversion Tool (AWS SCT) to convert the jobs to PostgreSQL functions.
D.Use AWS Database Migration Service (AWS DMS) tasks to replicate the jobs.
AnswerA

AWS Lambda can run ETL jobs and be scheduled via CloudWatch Events, replacing SQL Server Agent.

Why this answer

AWS Lambda functions triggered by Amazon CloudWatch Events (now Amazon EventBridge) provide a serverless, fully managed alternative to SQL Server Agent jobs. This approach eliminates the need to manage any compute infrastructure, as Lambda handles the execution of ETL logic directly against the RDS for SQL Server instance. It is the most efficient because it requires no additional servers, reduces operational overhead, and integrates natively with AWS monitoring and scheduling services.

Exam trap

The trap here is that candidates assume SQL Server Agent can be installed on an EC2 instance to control RDS, but RDS does not allow external Agent connections, and the correct approach is to use a serverless scheduling service like EventBridge with Lambda to replicate the job logic.

How to eliminate wrong answers

Option B is wrong because SQL Server Agent cannot be installed on an EC2 instance to manage jobs on RDS; RDS for SQL Server does not expose the SQL Server Agent service to external instances, and jobs must be managed within RDS using its limited Agent support or via external automation. Option C is wrong because the AWS Schema Conversion Tool (AWS SCT) is designed to convert database schemas and code to different database engines, not to convert SQL Server Agent jobs to PostgreSQL functions, and the question specifies staying with SQL Server on RDS. Option D is wrong because AWS DMS is a service for migrating data between databases, not for managing or replicating SQL Server Agent jobs; DMS tasks handle ongoing replication of data changes, not job scheduling or execution logic.

430
MCQeasy

A database specialist is trying to connect to an Amazon RDS for MySQL instance from an EC2 instance but receives a 'Connection timed out' error. The security group for the RDS instance allows inbound traffic on port 3306 from the security group of the EC2 instance. What should the specialist check next?

A.Check the network ACL associated with the subnet of the RDS instance to ensure it allows inbound traffic on port 3306 and outbound traffic on ephemeral ports.
B.Check that the RDS instance has a public DNS name and the EC2 instance can resolve it.
C.Ensure that the VPC has an internet gateway attached and the route table has a route to it.
D.Verify that the security group for the EC2 instance allows outbound traffic on port 3306.
AnswerA

Network ACLs are stateless and must allow both inbound and outbound traffic.

Why this answer

Option D is correct because the network ACL must allow inbound traffic on ephemeral ports for the response. Option A is wrong because the security group already allows inbound on 3306. Option B is wrong because the error is 'Connection timed out', not authentication.

Option C is wrong because if the VPC had no internet gateway, the error would be different for private connections.

431
MCQeasy

Refer to the exhibit. A database administrator runs the AWS CLI command to retrieve CloudWatch metrics for an Amazon RDS DB instance. The output shows a spike in WriteLatency at 10:05 UTC. What is the most likely cause of this spike?

A.The DB instance's gp2 volume has exhausted its burst credits.
B.The DB instance is in the process of taking a snapshot.
C.There is a large number of concurrent connections to the DB instance.
D.The DB instance experienced a Multi-AZ failover.
AnswerA

Exhausted burst credits cause the volume to operate at baseline performance, leading to higher latency.

Why this answer

Option A is correct because a sudden spike in write latency often indicates that the storage volume has exhausted its burst credits and is now using baseline performance, which may be slower. Option B is incorrect because a large number of connections typically causes increased CPU and memory usage, not necessarily a latency spike. Option C is incorrect because a Multi-AZ failover would cause a brief downtime, not a latency spike.

Option D is incorrect because a snapshot would cause I/O suspension, not a latency spike.

432
Multi-Selecthard

A company is migrating a 1 TB SQL Server database to Amazon RDS for SQL Server. The migration requires minimal downtime and must support ongoing changes. Which TWO AWS services should be used together to achieve this? (Choose two.)

Select 2 answers
A.AWS Schema Conversion Tool (AWS SCT) and AWS Snowball
B.AWS Database Migration Service (AWS DMS) and AWS Direct Connect
C.AWS Database Migration Service (AWS DMS) and AWS Lambda
D.AWS Database Migration Service (AWS DMS) and AWS Schema Conversion Tool (AWS SCT)
E.AWS Database Migration Service (AWS DMS) and AWS Snowball
AnswersD, E

DMS handles ongoing replication; SCT helps with schema conversion for compatibility.

Why this answer

AWS DMS is the primary service for database migration with minimal downtime and ongoing replication. AWS SCT is used to convert the schema from SQL Server to RDS SQL Server (which may not need conversion) but more importantly to assess and convert any incompatible objects. However, for a like-to-like migration (SQL Server to SQL Server), SCT may not be required, but the question says 'migrating' and 'ongoing changes', so DMS is necessary.

For minimal downtime, DMS uses Change Data Capture (CDC). To use CDC on SQL Server, you need to enable it, and SCT can help with schema conversion if needed. But the best pair is DMS and SCT because SCT can help with any schema incompatibilities and DMS handles data.

Option A (DMS + SCT) is the standard recommendation for heterogeneous and homogeneous migrations. Option B (DMS + Snowball) is for large initial loads, but with 1 TB and minimal downtime, DMS alone may suffice. Option C (SCT + Snowball) doesn't include DMS for ongoing replication.

Option D (DMS + Direct Connect) is about network, not a service. Option E (DMS + Lambda) is not typical. So correct is A and B? Wait: The question asks for TWO services.

The typical best practice for minimal downtime is to use DMS with ongoing replication. For large databases, you might use Snowball for initial load and then DMS for CDC. So DMS and Snowball is a valid combination.

Also DMS and SCT is also valid for schema conversion. Which two are correct? The question is 'Which TWO' and there are exactly two correct. I'll set correct options as A and B, but need to ensure exactly two.

I'll make A: DMS and SCT, B: DMS and Snowball. Both are valid. But the stem says 'must support ongoing changes', so DMS is needed.

SCT is for schema conversion, which may be needed but not always. Snowball is for initial load. Both are valid.

I'll choose A and B as correct. Explanation: DMS is required for ongoing replication; SCT helps with schema conversion; Snowball helps with initial load for large databases.

433
MCQeasy

A database administrator needs to retain backups of an Amazon RDS for PostgreSQL DB instance for 7 years to meet compliance requirements. The automated backup retention period is limited to 35 days. Which solution should be used?

A.Export the automated backups to Amazon S3 and apply an S3 lifecycle policy.
B.Create manual snapshots at regular intervals and retain them for 7 years.
C.Increase the automated backup retention period to 7 years.
D.Use an AWS Lambda function to copy automated backups to an EC2 instance.
AnswerB

Manual snapshots are retained until deleted, suitable for long-term retention.

Why this answer

Manual snapshots are retained indefinitely until deleted. Automated backups have a max retention of 35 days. Exporting to S3 is an option but not directly a backup retention method; you can export snapshots to S3, but manual snapshots are the standard way to retain backups long-term.

EC2 instance backups are not applicable.

434
MCQhard

A company runs a critical PostgreSQL database on Amazon RDS Multi-AZ. They need to perform a major version upgrade (e.g., from 12 to 13) with minimal downtime. Which approach should they take?

A.Take a snapshot, restore as a new instance with the upgraded engine version, and redirect traffic.
B.Initiate a major version upgrade directly on the Multi-AZ instance; the upgrade will be applied during the next maintenance window with minimal downtime.
C.Modify the DB instance to disable Multi-AZ, perform the upgrade, then re-enable Multi-AZ.
D.Create a read replica of the DB instance, perform the major version upgrade on the replica, then promote the replica to a new primary and update the connection string.
AnswerD

This approach reduces downtime because the upgrade is done on the replica while the original primary remains active.

Why this answer

RDS supports major version upgrades, but they require a brief downtime while the upgrade is applied. The recommended approach to minimize downtime is to create a read replica, upgrade the replica, promote it to a standalone instance, and then switch over. This way, the upgrade happens on the replica while the primary continues to serve traffic.

Option A describes this correctly. Option B is the standard upgrade but incurs downtime. Option C is not supported (can't upgrade Multi-AZ without downtime).

Option D suggests modifying the DB instance to Single-AZ, upgrading, then converting back to Multi-AZ, which also incurs downtime.

435
MCQhard

A financial services company needs to store trade data with strong consistency, high durability, and the ability to run complex SQL queries on the data. The data volume is 10 TB and grows by 1 GB per day. Queries must return results in less than 5 seconds. Which database solution best meets these requirements?

A.Amazon DynamoDB
B.Amazon DocumentDB
C.Amazon Aurora
D.Amazon Redshift
AnswerC

Aurora provides strong consistency, durability, and full SQL support.

Why this answer

Amazon Aurora is a MySQL/PostgreSQL-compatible relational database that provides strong consistency, high durability (6 copies across 3 AZs), and supports complex SQL queries. Option B (DynamoDB) is wrong because it does not natively support complex SQL queries (though PartiQL exists, it's not as powerful). Option C (Redshift) is wrong because it is optimized for data warehousing and may have higher latency for single-row operations.

Option D (DocumentDB) is wrong because it is MongoDB-compatible and not as strong on complex SQL joins.

436
MCQhard

A company is deploying a globally distributed application with users in the US, Europe, and Asia. The application requires sub-10ms read latency for user profiles stored in Amazon DynamoDB. Writes are less frequent. Which configuration meets the latency requirement while minimizing write conflicts?

A.Deploy Amazon RDS for MySQL with Multi-AZ and cross-Region read replicas.
B.Use Amazon ElastiCache for Redis Global Datastore with DynamoDB as backing store.
C.Deploy a single DynamoDB table in us-east-1 with DAX caches in each region.
D.Use DynamoDB global tables to replicate data to Regions close to users.
AnswerD

Global tables provide multi-region writes and reads with low latency.

Why this answer

DynamoDB global tables provide multi-region, multi-active replication with eventual consistency, enabling sub-10ms reads from local replicas while writes are replicated asynchronously. This minimizes write conflicts because DynamoDB uses last-writer-wins (LWW) conflict resolution, which is acceptable for user profiles where writes are infrequent and conflicts are rare.

Exam trap

The trap here is that candidates may confuse DynamoDB global tables with DAX caching, assuming that a local cache alone can solve global latency without addressing write replication and conflict resolution.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL with Multi-AZ and cross-Region read replicas cannot achieve sub-10ms read latency globally due to cross-Region replication lag and does not natively handle write conflicts across regions. Option B is wrong because ElastiCache for Redis Global Datastore provides low-latency reads but requires DynamoDB as a backing store, adding operational complexity and potential write conflicts from dual-write patterns. Option C is wrong because a single DynamoDB table in us-east-1 with DAX caches in each region still requires cross-Region reads from the primary table, which cannot guarantee sub-10ms latency due to network distance, and DAX does not replicate writes, so write conflicts are not addressed.

437
Multi-Selectmedium

A security engineer needs to restrict access to an Amazon DynamoDB table so that only users from a specific AWS account can read and write data. Which of the following can be used to achieve this? (Choose TWO.)

Select 2 answers
A.Use a VPC endpoint policy for DynamoDB.
B.Use a resource-based policy on the DynamoDB table.
C.Use an IAM policy with a condition key such as 'aws:SourceAccount'.
D.Use a security group to restrict access to the DynamoDB table.
E.Use an S3 bucket policy to allow access to the DynamoDB table.
AnswersA, C

VPC endpoint policies can restrict access to DynamoDB resources.

Why this answer

Options B and D are correct. An IAM policy with a condition that checks the 'aws:SourceAccount' or 'aws:SourceArn' can restrict access to requests coming from a specific account. Also, a VPC endpoint policy for DynamoDB can restrict access to specific tables and source accounts.

Option A is incorrect because DynamoDB does not support resource-based policies. Option C is incorrect because an S3 bucket policy does not apply to DynamoDB. Option E is incorrect because a security group does not control DynamoDB access at the account level.

438
MCQmedium

A company wants to migrate an on-premises MySQL database to Amazon RDS for MySQL with minimal downtime. The database is 500 GB and has moderate write activity. Which approach is MOST suitable?

A.Use AWS Database Migration Service (DMS) with a full load and ongoing replication.
B.Use mysqldump to export the database, then import into RDS.
C.Use AWS Server Migration Service (SMS) to migrate the database server.
D.Create a read replica of the on-premises database and promote it to RDS.
AnswerA

DMS supports ongoing replication to minimize downtime.

Why this answer

Option C is correct because AWS DMS with ongoing replication allows continuous data synchronization from on-premises to RDS, enabling a cutover with minimal downtime. Option A is wrong because taking a snapshot of the on-premises database and restoring to RDS would require downtime during backup and restore, and does not capture ongoing changes. Option B is wrong because AWS Database Migration Service (DMS) supports homogeneous migrations like MySQL to MySQL, not just heterogeneous.

Option D is wrong because exporting to a dump file and importing requires downtime and does not handle ongoing writes.

439
MCQeasy

A startup needs a cost-effective database for a small application that handles both transactional and analytical workloads. They expect low traffic initially but want the database to automatically scale as the business grows. Which database solution is BEST suited?

A.Amazon Aurora Serverless v2
B.Amazon DynamoDB with on-demand capacity
C.Amazon RDS for MySQL with a Single-AZ deployment
D.Amazon Redshift Serverless
AnswerA

Automatically scales capacity and is cost-effective for variable workloads.

Why this answer

Amazon Aurora Serverless v2 is the best fit because it automatically scales compute and memory capacity in fine-grained increments (down to 1 ACU) based on actual workload demand, supporting both transactional (OLTP) and analytical (OLAP) queries via the MySQL/PostgreSQL-compatible Aurora engine. It offers a pay-per-ACU model that is cost-effective for low-traffic startups while providing near-instant scaling to handle growth without manual intervention.

Exam trap

The trap here is that candidates often confuse 'serverless' with 'NoSQL' (DynamoDB) or assume that any 'serverless' database (Redshift Serverless) can handle mixed workloads, but the key differentiator is the need for relational SQL support for both transactional and analytical queries, which only Aurora Serverless v2 provides among the options.

How to eliminate wrong answers

Option B is wrong because Amazon DynamoDB with on-demand capacity is a NoSQL key-value/document database optimized for simple key-value lookups and high-throughput transactional workloads, but it lacks native support for complex analytical queries (e.g., joins, aggregations) that the application requires. Option C is wrong because Amazon RDS for MySQL with a Single-AZ deployment does not automatically scale compute or storage capacity; scaling requires manual instance resizing or Multi-AZ failover, and it cannot handle mixed transactional-analytical workloads efficiently without additional read replicas or separate analytics engines. Option D is wrong because Amazon Redshift Serverless is a petabyte-scale data warehouse designed for heavy analytical workloads and large-scale data warehousing, not for transactional (OLTP) workloads; it is over-provisioned and cost-inefficient for a small application with mixed workloads.

440
MCQeasy

Refer to the exhibit. A developer runs the AWS CLI command and receives the output shown. What is this output?

A.The DNS endpoint of the DB instance
B.The private IP address of the DB instance
C.The reader endpoint of a Multi-AZ cluster
D.The resource ID of the DB instance
AnswerA

RDS provides a DNS endpoint for connections.

Why this answer

Option C is correct. The output is the DNS endpoint of the RDS instance. Option A is wrong because it's not an IP address.

Option B is wrong because Resource ID looks different. Option D is wrong because the reader endpoint includes '-ro'.

441
MCQeasy

A company is using Amazon DynamoDB to store user session data. The security team requires that all access to the table be authenticated and authorized using AWS IAM. Which mechanism should the developer use to achieve this?

A.Create a VPC endpoint for DynamoDB and allow only traffic from the VPC.
B.Use Amazon Cognito identity pools to grant access to the DynamoDB table.
C.Use IAM policies to grant permissions to the DynamoDB table.
D.Use a DynamoDB resource-based policy to restrict access.
AnswerC

IAM is the native authentication/authorization for DynamoDB.

Why this answer

Option A is correct because DynamoDB is integrated with IAM for authentication and authorization. Option B is wrong because Cognito is for user authentication, not for direct DynamoDB access. Option C is wrong because VPC endpoints provide network isolation but not authentication.

Option D is wrong because resource-based policies are not supported for DynamoDB tables.

442
MCQmedium

A company is using Amazon RDS for MySQL and notices that database connections are being rejected intermittently. The application logs show 'Too many connections' errors. The DB instance has 1000 max_connections. Which action should the DBA take to troubleshoot and resolve this issue without impacting performance?

A.Increase the max_connections parameter to 5000 in the DB parameter group
B.Create a read replica to offload read traffic
C.Enable Performance Insights and review the 'DB Connections' metric to identify spikes and troubleshoot application connection pooling
D.Set the 'wait_timeout' parameter to a lower value to close idle connections faster
AnswerC

Performance Insights helps identify the source of connection bursts and allows tuning of the application's connection pooling behavior.

Why this answer

Option C is correct because enabling Performance Insights allows the DBA to monitor the 'DB Connections' metric in near real-time, identify exactly when connection spikes occur, and correlate those spikes with application behavior. This diagnostic approach pinpoints the root cause—such as a connection leak or insufficient connection pooling—without making changes that could degrade performance. Increasing max_connections or lowering wait_timeout without understanding the usage pattern can lead to resource exhaustion or premature connection termination.

Exam trap

The trap here is that candidates assume increasing max_connections or lowering timeouts is a quick fix, but AWS tests the ability to diagnose first using monitoring tools (Performance Insights) before making configuration changes that could harm performance or availability.

How to eliminate wrong answers

Option A is wrong because blindly increasing max_connections to 5000 does not resolve the underlying cause of connection spikes and can overwhelm the DB instance's memory and CPU, leading to worse performance or instability. Option B is wrong because a read replica offloads read traffic but does not address the 'Too many connections' error, which is a connection limit issue affecting all connections (reads and writes) on the primary instance. Option D is wrong because reducing wait_timeout may close idle connections faster, but it can disrupt long-running transactions or applications with legitimate idle periods, and it does not fix the root cause of connection spikes or leaks.

443
MCQhard

A company is running an Amazon RDS for Oracle database in Multi-AZ. The primary instance fails over unexpectedly. The DBA wants to determine the cause of the failover. What should the DBA do?

A.Review the Enhanced Monitoring metrics for the primary instance.
B.Query the database error logs for the failover time.
C.View the RDS events in the AWS Management Console.
D.Check AWS CloudTrail for any database-related API calls.
AnswerC

RDS events provide details about failover reasons.

Why this answer

Option C is correct because RDS events log failover reasons. Option A is wrong because Enhanced Monitoring does not capture failover events. Option B is wrong because CloudTrail logs API calls, not failover reasons.

Option D is wrong because error logs may not include failover cause.

444
MCQhard

A company is designing a database for an IoT application that ingests millions of sensor readings per second. Each reading includes device ID, timestamp, and measurement. The workload requires time-series analytics and data retention for 90 days. Which AWS database solution is MOST appropriate?

A.Amazon Redshift with auto-copy from S3
B.Amazon ElastiCache for Redis with time-series module
C.Amazon Timestream
D.Amazon DynamoDB with TTL
AnswerC

Timestream is purpose-built for time-series data, handles high ingestion, and includes built-in analytics.

Why this answer

Amazon Timestream is a purpose-built time-series database designed for IoT and operational applications that ingest millions of sensor readings per second. It automatically manages data retention policies (e.g., 90 days) by storing recent data in memory and historical data in a cost-optimized store, and it supports time-series analytics with built-in functions like interpolation and smoothing.

Exam trap

The trap here is that candidates often choose DynamoDB with TTL because they associate it with time-series data and automatic expiration, but they overlook the lack of native time-series analytics and the performance challenges of range queries across high-cardinality device IDs.

How to eliminate wrong answers

Option A is wrong because Amazon Redshift is a data warehouse optimized for complex analytical queries on structured data, not for ingesting millions of high-velocity sensor writes per second; the auto-copy from S3 adds latency and is not designed for real-time streaming ingestion. Option B is wrong because Amazon ElastiCache for Redis with the time-series module is an in-memory cache that cannot efficiently retain 90 days of data at scale due to memory cost and lack of tiered storage, and it is not designed for long-term durable storage. Option D is wrong because Amazon DynamoDB with TTL is a key-value and document database that lacks native time-series analytics functions (e.g., downsampling, interpolation) and cannot efficiently query over time ranges across millions of devices without complex secondary index design and scan-heavy patterns.

445
Multi-Selectmedium

A company is using Amazon Aurora MySQL and needs to audit database logins. Which of the following can be used to capture login events? (Choose TWO.)

Select 2 answers
A.VPC Flow Logs
B.Database Activity Streams
C.Enhanced Monitoring
D.AWS CloudTrail
E.Aurora MySQL audit plugin
AnswersB, E

DAS captures database activity including logins.

Why this answer

Options B and C are correct. Database activity streams (DAS) in Aurora capture login events and other activities. Additionally, you can enable the audit plugin in Aurora MySQL to log connections.

Option A is incorrect because CloudTrail does not capture database login events. Option D is incorrect because Enhanced Monitoring captures OS metrics. Option E is incorrect because VPC Flow Logs capture network traffic, not database logins.

446
MCQhard

A gaming company uses Amazon DynamoDB to store player profiles with partition key player_id. The access pattern is to retrieve profiles for multiple players in a single request. The application currently makes separate GetItem calls, causing high latency. Which design pattern reduces latency and cost?

A.Enable DynamoDB Accelerator (DAX)
B.Redesign to a single-table design
C.Create a global secondary index on player_id
D.Use BatchGetItem to retrieve multiple items in one request
AnswerD

BatchGetItem reduces I/O and latency.

Why this answer

BatchGetItem allows you to retrieve up to 100 items or 16 MB of data from multiple tables in a single API call, reducing the number of network round trips compared to individual GetItem calls. This directly addresses the high latency caused by multiple sequential requests and also reduces cost because you pay for read capacity units (RCUs) based on the total item size, not per request overhead.

Exam trap

AWS often tests the misconception that caching (DAX) or indexing (GSI) can solve multi-item retrieval latency, when the actual solution is to reduce the number of API calls using BatchGetItem, which directly targets the root cause of high latency from sequential requests.

How to eliminate wrong answers

Option A is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that speeds up individual GetItem queries but does not reduce the number of API calls; it still requires separate requests for each player_id, so it does not solve the latency issue of multiple sequential calls. Option B is wrong because the company already uses a single-table design with player_id as the partition key, and redesigning to another single-table design does not change the access pattern of needing multiple items; the problem is the number of API calls, not the table schema. Option C is wrong because a global secondary index on player_id is redundant—player_id is already the partition key of the base table, and creating an index on the same attribute does not enable batch retrieval or reduce latency; it would only add storage and write costs without addressing the multiple-request issue.

447
MCQmedium

A company has an Amazon Redshift cluster with a single node. The cluster is used for reporting. Recently, queries have become slow, and the cluster's disk space is 80% full. Which action should be taken to improve query performance and manage storage?

A.Resize the cluster to include additional compute nodes.
B.Enable compression on all columns using the ENCODE AUTO option.
C.Modify the table's distribution style to DISTSTYLE ALL for all tables.
D.Run the VACUUM command to reclaim space from deleted rows.
AnswerA

Adding nodes distributes data across more slices, improving query parallelism and providing more storage.

Why this answer

Option A is correct because adding nodes distributes data and workload, improving performance and increasing storage capacity. Option B is wrong because VACUUM only reclaims space from deleted rows; it does not add capacity. Option C is wrong because compression is applied during COPY; re-encoding existing data requires unloading and reloading.

Option D is wrong because DISTSTYLE ALL replicates data to all nodes, which increases storage usage and may not help.

448
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security policy requires that all connections to the database use SSL/TLS. What should the database administrator do to meet this requirement?

A.Download the RDS certificate bundle and set the 'rds.force_ssl' parameter to 1 in the DB parameter group.
B.Enable IAM database authentication for the DB instance.
C.Modify the DB instance security group to only allow traffic on port 443.
D.Set the DB instance to be publicly accessible and use a VPN connection.
AnswerA

This enforces SSL connections to the database.

Why this answer

Option C is correct. To enforce SSL/TLS connections to RDS for Oracle, you must download the RDS certificate bundle and configure the DB instance to require SSL by setting the 'rds.force_ssl' parameter to 1 in the DB parameter group. Clients must then connect using SSL.

Option A is incorrect because modifying the security group does not enforce SSL at the database level. Option B is incorrect because enabling IAM authentication does not enforce SSL. Option D is incorrect because setting the DB instance to publicly accessible is not secure and does not enforce SSL.

449
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database uses Oracle Data Pump for export/import. The migration must be completed within a short maintenance window. Which migration approach should they use?

A.Use AWS Snowball to transfer the database files to AWS and then restore to RDS.
B.Use AWS Database Migration Service with full load and change data capture (CDC).
C.Use Oracle Data Pump to export the database and import into RDS.
D.Use AWS Schema Conversion Tool (SCT) to convert the schema and then use DMS for data migration.
AnswerB

DMS with CDC minimizes downtime by replicating changes until cutover.

Why this answer

Option A (Use AWS DMS with a full load + CDC) is correct because it minimizes downtime by capturing changes. Option B (Use Oracle Data Pump export/import) requires significant downtime. Option C (Use AWS SCT to convert schema and then use DMS) is unnecessary if staying on Oracle.

Option D (Use AWS Snowball) is for large data transfers, not for minimal downtime.

450
MCQhard

A company's Amazon RDS for PostgreSQL instance is experiencing a high number of connections, causing performance degradation. The DBA wants to identify which user and application are creating the most connections. What should the DBA do?

A.Enable AWS CloudTrail to log database logins.
B.Enable Performance Insights and use the 'db.sql_tokenized' dimension to analyze connections by user.
C.Enable Enhanced Monitoring and check the 'Connection Count' metric.
D.Enable VPC Flow Logs to track connection attempts.
AnswerB

Performance Insights provides SQL-level performance data, including top users and applications.

Why this answer

Option D is correct because Performance Insights with the db.sql_tokenized dimension allows grouping by user and application. Option A is wrong because RDS Enhanced Monitoring does not show SQL-level details. Option B is wrong because VPC Flow Logs capture network traffic, not database connections.

Option C is wrong because CloudTrail logs API calls, not database connections.

Page 5

Page 6 of 24

Page 7