AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 451525

1730 questions total · 24pages · All types, answers revealed

Page 6

Page 7 of 24

Page 8
451
MCQhard

A database administrator runs the command shown in the exhibit to create a read replica in us-west-2 from a source DB instance in us-east-1. The command fails. What is the most likely cause?

A.The source DB instance does not have backup retention enabled.
B.The source DB instance is not publicly accessible.
C.The replica instance class db.r5.large is not available in us-west-2.
D.The replica must use the same DB instance class as the source.
AnswerA

Cross-region read replicas require automated backups enabled on the source.

Why this answer

Option B is correct because cross-region read replicas require that the source DB instance have backup retention enabled, which is a prerequisite for automated backups. Option A is wrong because the instance class is valid. Option C is wrong because public accessibility is not required for read replicas.

Option D is wrong because the replica can have a different instance class.

452
MCQeasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. The database is 500 GB in size and has a 24-hour maintenance window. Which AWS service or tool should be used for the initial data transfer with minimal downtime?

A.Amazon S3 with AWS Glue
B.AWS Snowball Edge
C.AWS Database Migration Service (DMS)
D.mysqldump and restore to RDS
AnswerC

DMS supports ongoing replication from on-premises to RDS, minimizing downtime.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication to minimize downtime during migration. Option B is wrong because AWS Snowball is for large data transfers but does not support continuous replication. Option C is wrong because S3 is not directly used for database migration.

Option D is wrong because RDS does not support native MySQL replication from on-premises without DMS.

453
MCQmedium

A company is running an Amazon RDS for PostgreSQL DB instance with Multi-AZ. The database experiences a failover during a maintenance window. After the failover, the application connection pool continues to use the old primary endpoint, causing connection errors. What is the BEST way to ensure application connections automatically redirect to the new primary after a failover?

A.Use the RDS endpoint (CNAME) provided by RDS, which automatically points to the primary instance.
B.Create a custom Route 53 failover routing policy pointing to both DB instances.
C.Modify the application connection string to point to the new primary IP address after each failover.
D.Configure the application to use a static IP address of the primary instance.
AnswerA

The RDS endpoint is a DNS CNAME that updates after failover, ensuring seamless redirection.

Why this answer

Option C is correct because using the RDS DNS CNAME record (which points to the primary instance and automatically updates after failover) ensures connections are redirected. Option A is wrong because modifying the connection string manually is not automated. Option B is wrong because a custom DNS solution adds complexity and is unnecessary.

Option D is wrong because the RDS endpoint is dynamic and not static; the DNS record handles the failover.

454
MCQmedium

A company has a high-traffic e-commerce application that uses Amazon RDS for MySQL. During flash sales, the database experiences high read load causing slow page loads. The application is read-heavy with occasional writes. Which design change would provide the most immediate performance improvement?

A.Add an Amazon ElastiCache layer
B.Create read replicas of the RDS instance
C.Enable Multi-AZ deployment
D.Upgrade to a larger instance type
AnswerB

Read replicas offload read traffic, improving performance.

Why this answer

Adding read replicas offloads read traffic from the primary instance, improving performance for read-heavy workloads. Option B (Multi-AZ) is wrong because it provides high availability, not read scaling. Option C (ElastiCache) is wrong because it caches only data that is explicitly cached, but read replicas reduce load on the primary.

Option D (instance upgrade) is wrong because it can help but is more expensive and less scalable than adding replicas.

455
MCQhard

A company is deploying a new Amazon RDS for SQL Server DB instance with Multi-AZ. The database will be used by a critical application that requires minimal downtime during failover. The application uses a single connection string with the CNAME of the RDS endpoint. During a recent failover test, the application experienced a 3-minute timeout. The DBA wants to reduce the failover time. The current RDS instance is db.r5.large with 100 GB gp2 storage. The application is hosted on EC2 in the same VPC. Which change would MOST effectively reduce the failover time?

A.Change the storage to Provisioned IOPS (io1)
B.Change the instance type to db.r5.xlarge
C.Configure the application to use a low TTL for DNS lookups and implement connection retries
D.Use a read replica with automatic failover
AnswerC

Low TTL ensures the DNS record is refreshed quickly, reducing failover time.

Why this answer

Option A is correct because Multi-AZ failover typically completes within 1-2 minutes; the 3-minute timeout may be due to DNS caching. Enabling TTL=5 on the application side for DNS lookups can reduce failover time. Option B is wrong because increasing instance size does not directly reduce failover time.

Option C is wrong because Provisioned IOPS does not reduce failover time. Option D is wrong because read replicas do not provide automatic failover.

456
MCQeasy

A developer needs to monitor the number of throttled read requests for a DynamoDB table. Which CloudWatch metric should be used?

A.ReadThrottleEvents
B.ThrottledWriteEvents
C.SuccessfulRequestLatency
D.ConsumedReadCapacityUnits
AnswerA

This metric directly counts throttled read requests.

Why this answer

Option C is correct because ReadThrottleEvents counts throttled read requests. Option A is wrong because ConsumedReadCapacityUnits shows successful reads, not throttled ones. Option B is wrong because ThrottledWriteEvents counts write throttles.

Option D is wrong because SuccessfulRequestLatency measures latency, not throttles.

457
Multi-Selecteasy

A company is selecting a database for a time-series application that collects sensor data from thousands of devices. The data is written at a high velocity (millions of data points per second). The application needs to query recent data (last hour) with sub-second latency and perform long-term analysis on months of data. Which TWO AWS database services best meet these requirements?

Select 2 answers
A.Amazon ElastiCache for Redis with Time Series module.
B.Amazon Timestream for both real-time and historical queries.
C.Amazon DynamoDB with TTL and export to S3 for historical analysis.
D.Amazon Redshift for real-time queries and historical analysis.
E.Amazon Quantum Ledger Database (QLDB) for immutable time-series records.
AnswersB, C

Timestream is optimized for time-series data and provides fast recent data queries and historical analysis.

Why this answer

Option A (Timestream) is built for time-series data with fast queries. Option D (DynamoDB with TTL) can handle high write throughput and automatically expire old data to S3 for analysis. Option B is wrong because Redshift is not designed for sub-second real-time queries.

Option C is wrong because ElastiCache is primarily a cache. Option E is wrong because QLDB is for ledger data.

458
MCQhard

A company uses Amazon DynamoDB with a global secondary index (GSI) and client-side encryption using the AWS Encryption SDK. The security team requires that the partition key and sort key be searchable by the application but not stored in plaintext in the table. Which approach should be taken?

A.Encrypt the entire item client-side and use a secondary index on the encrypted keys.
B.Use server-side encryption with a KMS key and enable DynamoDB Streams to decrypt on read.
C.Use client-side encryption to encrypt only the non-key attributes, leaving the partition and sort keys in plaintext.
D.Use DynamoDB encryption at rest with a customer-managed KMS key.
AnswerC

This allows querying on keys while encrypting sensitive data.

Why this answer

Client-side encryption can encrypt certain attributes while leaving the key attributes in plaintext for querying. Option A is wrong because DynamoDB encryption at rest encrypts entire table, not selectively. Option B is wrong because making the table encrypted at rest does not allow search on encrypted keys.

Option D is wrong because using a KMS key with DynamoDB encryption at rest still encrypts the whole table, not selectively.

459
MCQhard

An administrator is troubleshooting a permissions issue. A user with the IAM policy shown is unable to share an automated system snapshot with another AWS account. Which action should the administrator take to resolve this issue?

A.Add the rds:ModifyDBSnapshotAttribute action to the policy.
B.Add the rds:CopyDBSnapshot action for cross-region copy.
C.Change the Resource to "arn:aws:rds:us-east-1:123456789012:snapshot:automated:*".
D.Change the Resource to "arn:aws:rds:us-east-1:123456789012:snapshot:rds:*".
AnswerC

Automated snapshots require a resource ARN that includes 'automated'.

Why this answer

Option C is correct because the policy allows actions on DB snapshots, but automated snapshots have the resource type 'automated-snapshot' and require explicit resource ARN instead of '*'. Option A is wrong because the policy already includes the necessary actions. Option B is wrong because the issue is not about cross-region copying.

Option D is wrong because the issue is not about manual snapshots.

460
MCQhard

A financial services company needs a database to store transaction records with strong consistency and the ability to run complex analytical queries. The data volume is in the terabytes and is expected to grow. The company also needs point-in-time recovery. Which AWS database solution meets these requirements?

A.Amazon Redshift with automated snapshots
B.Amazon RDS for MySQL with read replicas
C.Amazon ElastiCache for Redis with AOF persistence
D.Amazon DynamoDB with on-demand backup
AnswerA

Redshift is built for analytics and supports point-in-time recovery via snapshots.

Why this answer

Amazon Redshift with automated snapshots provides point-in-time recovery and is optimized for analytical queries on large datasets. Option A (DynamoDB) does not support complex SQL analytics. Option B (RDS MySQL) is for OLTP and may not handle terabytes of analytical queries efficiently.

Option D (ElastiCache) is in-memory caching.

461
MCQeasy

A database administrator needs to audit all SQL statements executed on an Amazon RDS for PostgreSQL DB instance. Which service should be used to capture and log the SQL statements?

A.AWS CloudTrail
B.AWS Config
C.Amazon Inspector
D.Amazon RDS for PostgreSQL database activity streams
AnswerD

Database activity streams provide a near real-time stream of database activities including SQL statements.

Why this answer

Option D is correct. Amazon RDS for PostgreSQL supports database activity streams, which can be integrated with services like Amazon CloudWatch and AWS CloudTrail to provide a near real-time stream of database activities. The other options do not capture SQL statements: CloudTrail records API calls to RDS, Config records resource configuration changes, and Inspector is for vulnerability assessment.

462
MCQhard

A team is troubleshooting an Amazon RDS for SQL Server instance that is running out of storage. The instance uses General Purpose SSD (gp2) storage. The team wants to increase storage without downtime. Which action should they take?

A.Migrate to gp3 storage.
B.Add a read replica to offload queries.
C.Take a snapshot and restore to a larger instance.
D.Modify the DB instance to increase allocated storage.
AnswerD

Correct. RDS allows modifying storage online without downtime.

Why this answer

Option D is correct because RDS supports modifying storage settings without downtime, and the change occurs during the next maintenance window. Option A is wrong because creating a snapshot does not increase storage. Option B is wrong because gp3 is not supported for SQL Server.

Option C is wrong because read replicas do not increase storage on the primary.

463
MCQeasy

A company is using Amazon RDS for MySQL with encryption at rest enabled. The security team wants to ensure that the database backups stored in Amazon S3 are also encrypted using a customer-managed KMS key. What should be done to meet this requirement?

A.Create a new KMS key and specify it when creating the DB instance to encrypt backups differently.
B.No additional action is required; RDS automatically uses the same KMS key for backups.
C.Modify the DB instance to enable backup encryption using a new KMS key.
D.Enable default encryption on the S3 bucket where backups are stored.
AnswerB

RDS automatically encrypts backups with the same key.

Why this answer

The correct answer is A because RDS automatically encrypts automated backups, snapshots, and read replicas with the same KMS key used for the DB instance. Option B is incorrect because RDS does not support a separate KMS key for backups; it inherits the key from the DB instance. Option C is incorrect because RDS automatically encrypts backups at rest with the same key.

Option D is incorrect because enabling S3 default encryption is not applicable to RDS backup storage.

464
MCQeasy

A company's application is logging the error shown in the exhibit. The application is deployed on Amazon EC2 and connects to an Amazon RDS for MySQL Multi-AZ DB instance. Which configuration change is most likely to resolve this issue?

A.Add an additional standby instance in a third Availability Zone.
B.Increase the connection pool timeout in the application configuration.
C.Create a read replica and direct write traffic to it.
D.Increase the DB instance class to handle more concurrent connections.
AnswerD

A larger instance can handle more connections and reduce timeouts.

Why this answer

The error log indicates that the application is hitting the maximum number of connections allowed by the RDS DB instance. Increasing the DB instance class (Option D) provides more memory and CPU resources, which allows the instance to support a higher `max_connections` value (calculated as `DBInstanceClassMemory / 12582880` for MySQL). This directly resolves the connection limit issue without changing the application's connection pool behavior or architecture.

Exam trap

The trap here is that candidates often confuse connection pool timeout adjustments (Option B) with connection limit increases, but timeout only affects how long a request waits, not the hard limit imposed by the database engine's `max_connections` parameter.

How to eliminate wrong answers

Option A is wrong because adding a third standby instance in a Multi-AZ deployment does not increase the connection limit; it only improves availability and failover capability. Option B is wrong because increasing the connection pool timeout does not reduce the number of concurrent connections; it only changes how long the application waits for a connection, which could actually worsen the backlog. Option C is wrong because a read replica cannot accept write traffic; directing writes to it would cause application errors, and it does not increase the write capacity or connection limit of the primary instance.

465
Multi-Selectmedium

A company is designing a database for an IoT application that ingests sensor data from thousands of devices. Each device sends a reading every minute. The data includes device_id, timestamp, temperature, humidity, and pressure. The application needs to store this data and support queries that retrieve all readings for a specific device within a time range. The company expects high write throughput and moderate read frequency. The data must be stored with high durability. Which TWO database designs are appropriate for this workload? (Choose TWO.)

Select 2 answers
A.Use Amazon DynamoDB with device_id as partition key and store all readings for a device as a list attribute in a single item, updating the list every minute.
B.Use Amazon S3 to store compressed JSON files per device per hour, and query using Amazon Athena.
C.Use Amazon DynamoDB with device_id as partition key and timestamp as sort key.
D.Use Amazon RDS for MySQL with a single table and index on device_id and timestamp.
E.Use Amazon Timestream, a time series database, with device_id as dimension and timestamp as time column.
AnswersC, E

DynamoDB can handle high write throughput and efficient queries by device and time range.

Why this answer

Option C is correct because DynamoDB's partition key (device_id) and sort key (timestamp) design allows efficient retrieval of all readings for a specific device within a time range using a Query operation with a KeyConditionExpression on the sort key. This schema supports high write throughput by distributing writes across partitions based on device_id, and DynamoDB's multi-AZ replication provides high durability.

Exam trap

The trap here is that candidates often overlook DynamoDB's item size limit and write hotspot issues in Option A, or assume that any SQL database can handle high write throughput without considering single-writer bottlenecks in Option D.

466
Multi-Selectmedium

Which TWO database services are most suitable for workloads that require ACID transactions?

Select 2 answers
A.Amazon Neptune
B.Amazon Timestream
C.Amazon Aurora
D.Amazon RDS for MySQL
E.Amazon DynamoDB
AnswersC, D

Aurora is a relational database with full ACID support.

Why this answer

Amazon Aurora is correct because it is a MySQL- and PostgreSQL-compatible relational database engine that provides full ACID (Atomicity, Consistency, Isolation, Durability) transaction support, including multi-statement transactions with commit and rollback. Aurora uses a distributed, fault-tolerant storage subsystem that replicates data across three Availability Zones, ensuring durability and consistency for transactional workloads.

Exam trap

The trap here is that candidates often assume DynamoDB supports full ACID transactions because of its 'DynamoDB Transactions' feature, but those transactions are limited to a maximum of 25 items or 4 MB per transaction and do not provide the same isolation guarantees as a relational database, making it unsuitable for workloads requiring strict ACID compliance across many rows or tables.

467
MCQmedium

A company runs a MongoDB-compatible workload on Amazon DocumentDB. They notice that many read requests are returning stale data even though reads are directed to the primary instance. What is the MOST likely cause?

A.The application's session is pinned to a secondary replica despite requesting the primary.
B.The application is using a read preference that allows secondary reads.
C.The primary instance is experiencing high CPU utilization, causing delayed writes.
D.The storage volume is using the default eventually consistent configuration for primary reads.
AnswerB

If the read preference is set to 'secondaryPreferred' or similar, reads may go to secondary replicas which are eventually consistent.

Why this answer

DocumentDB uses a distributed storage volume with six copies across three Availability Zones. Reads from the primary are strongly consistent by default. However, if the application uses read preferences that allow secondary reads (e.g., 'secondaryPreferred'), then reads may go to replicas which are eventually consistent.

The question implies reads are directed to primary, but if the application uses 'secondaryPreferred' and the primary is unavailable, reads may go to secondary. Alternatively, if the application uses a read preference that does not require primary, stale reads can occur. Option D addresses the most common cause: read preference set to allow secondary reads.

468
MCQmedium

A company uses Amazon Redshift for data warehousing. They run a daily ETL job that loads data into the cluster. Recently, the job started failing with 'Disk Full' errors. The cluster has 5 RA3 nodes. Which step should be taken to resolve the issue?

A.Disable concurrency scaling to free up resources
B.Run a VACUUM command to reclaim space from deleted rows
C.Resize the cluster to a larger node type or add more nodes
D.Enable Redshift Spectrum to offload queries to S3
AnswerC

RA3 nodes separate compute and storage; you can increase storage by resizing or adding nodes.

Why this answer

Option A is correct because RA3 nodes use managed storage; resizing the cluster to a different node type or adding more nodes can increase storage capacity. Option B is wrong because VACUUM reorganizes data but does not free space if the disk is full; it may even require temporary space. Option C is wrong because Analytics is not a feature that affects storage.

Option D is wrong because disabling concurrency scaling does not free disk space.

469
Multi-Selecthard

Which TWO settings should be verified when troubleshooting an RDS for MySQL instance that has a high number of aborted connections? (Choose 2.)

Select 2 answers
A.connect_timeout parameter
B.max_allowed_packet parameter
C.query_cache_type parameter
D.binlog_retention_hours parameter
E.max_connections parameter
AnswersA, B

Low connect_timeout can cause aborted connections if client takes too long.

Why this answer

Options A and C are correct because connection timeout and max allowed packet can cause aborted connections. Option B is wrong because max_connections limits total connections but not aborts. Option D is wrong because query cache is not related to connections.

Option E is wrong because binlog retention is for replication.

470
MCQhard

Based on the CLI output, what is true about this RDS instance?

A.The instance runs Amazon Aurora PostgreSQL
B.The instance is a Multi-AZ deployment
C.The instance is a Read Replica of another RDS instance
D.The instance uses Provisioned IOPS (io1) storage
AnswerC

ReadReplicaSourceDBInstanceIdentifier is set.

Why this answer

The CLI output shows `ReplicaLag` with a value of `0`, which is a field that only appears when the RDS instance is configured as a Read Replica. A Read Replica maintains asynchronous replication from a source DB instance, and the lag metric indicates how far behind the replica is. Since the output includes this field, the instance must be a Read Replica.

Exam trap

The trap here is that candidates see `ReplicaLag: 0` and assume it means no replication is happening or that it indicates a Multi-AZ setup, but in reality, a lag of 0 simply means the replica is fully caught up, and the presence of the field itself confirms it is a Read Replica, not a Multi-AZ standby.

How to eliminate wrong answers

Option A is wrong because the output does not show any Aurora-specific fields (e.g., `DBClusterIdentifier`, `AuroraReplicaLag`) and the engine would be listed as `aurora` or `aurora-postgresql`, not a standard RDS engine. Option B is wrong because a Multi-AZ deployment does not expose a `ReplicaLag` field; Multi-AZ uses synchronous replication and the replica is not directly accessible for reads. Option D is wrong because the output does not include `StorageType` set to `io1` or `ProvisionedIOPS`; without those fields, we cannot conclude the instance uses Provisioned IOPS storage.

471
Multi-Selectmedium

A company is designing a database for an IoT application that ingests millions of sensor readings per second. The data is time-series and is queried to generate reports on average temperature over the last hour. Which TWO database solutions are most suitable for this workload?

Select 2 answers
A.Amazon DynamoDB with time-series data model and TTL
B.Amazon Neptune
C.Amazon RDS for PostgreSQL
D.Amazon Timestream
E.Amazon ElastiCache for Redis
AnswersA, D

Can handle time-series with proper design.

Why this answer

Option B (Timestream) is a purpose-built time-series database for IoT data. Option D (DynamoDB with TTL and optimized access pattern) can also handle time-series data if designed properly with partition key and sort key. Option A is wrong because Neptune is for graph data.

Option C is wrong because ElastiCache is a cache, not a primary store for long-term data. Option E is wrong because RDS is not optimized for high-ingestion time-series.

472
MCQhard

A financial services company uses Amazon DynamoDB to store sensitive customer data. The security team requires that all data at rest be encrypted using a customer-managed AWS KMS key (CMK) with automatic rotation enabled. The DynamoDB table was created with the default AWS-managed key. Which steps are necessary to transition to a customer-managed CMK while minimizing downtime and data loss?

A.Modify the DynamoDB table to update the encryption key to the new CMK using the AWS Console.
B.Export the table data to Amazon S3, create a new DynamoDB table with the new CMK, import the data, and update the application to use the new table.
C.Disable encryption at rest, then re-enable it with the new CMK.
D.Update the KMS key policy to grant DynamoDB access to the new CMK, then rotate the key.
AnswerB

This is the only way to change the encryption key, as DynamoDB does not allow in-place key changes.

Why this answer

Option B is correct because DynamoDB does not support in-place modification of the encryption key for an existing table. To transition from an AWS-managed key to a customer-managed CMK, you must export the table data to Amazon S3, create a new DynamoDB table configured with the new CMK, import the data, and update the application to point to the new table. This approach minimizes downtime by allowing the original table to serve reads/writes during the export and import process, and avoids data loss by using DynamoDB's native export and import features.

Exam trap

The trap here is that candidates assume DynamoDB allows in-place encryption key changes (like some other AWS services), but DynamoDB requires a table recreation to change the encryption key, making the export/import workflow necessary.

How to eliminate wrong answers

Option A is wrong because the AWS Console does not allow modifying the encryption key of an existing DynamoDB table; encryption settings can only be set at table creation time. Option C is wrong because DynamoDB does not support disabling encryption at rest on an existing table; encryption is always enabled and cannot be toggled off or changed in place. Option D is wrong because updating the KMS key policy or rotating the key does not change the encryption key used by the table; the table continues to use the originally assigned key, and key rotation only affects future encryption operations, not the key used for existing data.

473
MCQhard

A company is migrating a 3 TB on-premises Oracle database to Amazon Aurora PostgreSQL. The source database runs Oracle 12c on a Linux server with a 1 Gbps network connection to AWS via Direct Connect. The migration must have minimal downtime and be completed within a 2-day window. The database is heavily used during business hours (9 AM - 5 PM) and has low activity overnight. The company has a test environment on AWS already. The migration team plans to use AWS DMS with CDC for ongoing replication. They also plan to use AWS SCT for schema conversion. They start the migration on a Friday evening. On Saturday morning, the CDC replication lag is increasing, and the target Aurora instance is struggling to keep up. The team notices that the source database has a high number of write transactions even during the weekend, and the DMS replication instance is a small instance type. Which action should the team take to complete the migration on time?

A.Reduce the number of tables being migrated to lower the load.
B.Upgrade the DMS replication instance to a larger size to increase throughput.
C.Pause the migration and restart it on Monday during low activity.
D.Switch to use AWS Snowball to transfer data and bypass DMS.
AnswerB

Larger instance can handle more write transactions.

Why this answer

Option B is correct because upgrading the DMS replication instance increases its capacity to handle high write volume. Option A is wrong because it doesn't address the bottleneck. Option C is wrong because it adds complexity and may not help.

Option D is wrong because it doesn't solve the replication lag.

474
MCQmedium

A database administrator needs to audit all SQL statements executed on an Amazon RDS for Oracle DB instance. The audit logs must be stored in Amazon S3 for long-term retention and analysis with Amazon Athena. Which solution meets these requirements?

A.Enable Enhanced Monitoring on the RDS instance and publish logs to CloudWatch Logs.
B.Configure Oracle's unified auditing and stream audit logs to CloudWatch Logs, then export to S3.
C.Enable AWS CloudTrail to capture RDS API calls and store them in S3.
D.Enable detailed billing reports and configure them to include database queries.
AnswerB

Unified auditing captures SQL statements and can be streamed to S3.

Why this answer

Option D is correct because Oracle's unified auditing can be configured to write logs to S3 via the database activity stream, which integrates with CloudWatch Logs and then to S3. Option A is wrong because RDS Enhanced Monitoring provides OS metrics, not SQL audit. Option B is wrong because CloudTrail does not capture SQL statements.

Option C is wrong because enabling detailed billing does not provide SQL audit.

475
MCQmedium

Refer to the exhibit. An IAM policy is attached to a user. What is the effect when the user attempts to delete the RDS DB instance named 'prod-db'?

A.The user can delete any other instance except 'prod-db'.
B.The user can delete the instance because the Deny statement only applies to snapshots.
C.The user cannot delete the instance because of the explicit Deny statement.
D.The user can delete the instance because of the Allow on DescribeDBInstances.
AnswerC

Explicit Deny overrides Allow.

Why this answer

The policy explicitly denies the rds:DeleteDBInstance action on the specific resource. Even though there is an Allow on other actions, an explicit Deny overrides any Allow. The user cannot delete the instance.

Option A is wrong because the Deny takes precedence. Option B is wrong because the policy explicitly prevents deletion. Option D is wrong because the Deny is on the specific instance.

476
MCQhard

A company is deploying a multi-region application with Amazon Aurora Global Database. They need to ensure that the secondary region can be promoted to primary with minimal data loss in the event of a regional failure. Which configuration should they use?

A.Deploy Amazon Aurora Serverless with cross-Region replication.
B.Deploy Amazon Aurora Global Database with one primary Region and up to five secondary Regions.
C.Deploy Amazon RDS for MySQL with cross-Region read replicas.
D.Deploy Amazon RDS for PostgreSQL with Multi-AZ and cross-Region snapshot copy.
AnswerB

Aurora Global Database provides low-latency reads and managed failover with minimal data loss.

Why this answer

Option B (Aurora Global Database with one primary and up to five secondary regions) is correct because it provides failover with typically less than 1 second of data loss. Option A (Cross-Region Read Replicas) is not Aurora Global Database. Option C (Multi-AZ) is within a region.

Option D (Aurora Serverless) does not support global databases.

477
MCQhard

An e-commerce application stores order data in Amazon RDS for MySQL. The database has grown to 1.5 TB and the company needs to retain data for 7 years for compliance. Current queries are becoming slow due to the large table size. The compliance requirement mandates that data older than 1 year must be retained but is rarely accessed. What strategy would reduce the active table size while maintaining compliance?

A.Create a read replica and run reports against it.
B.Partition the table by date and archive partitions older than 1 year to Amazon S3 using AWS DMS.
C.Delete data older than 1 year and use automated backups for compliance.
D.Vertically partition the table to separate frequently and infrequently accessed columns.
AnswerB

Removes old data from active table, retains in S3 for compliance.

Why this answer

Option C is correct because partitioning the table by date and archiving old partitions to a separate table or S3 meets compliance and reduces active table size. Option A is wrong because vertical partitioning (splitting columns) doesn't address the row count issue. Option B is wrong because read replicas do not reduce storage size.

Option D is wrong because deleting data violates compliance.

478
MCQeasy

A company has a 100 GB MySQL database on an EC2 instance. They want to migrate to Amazon RDS for MySQL with minimal downtime. They have set up replication from the source to the target using MySQL native replication. After enabling replication, the 'Seconds_Behind_Master' value is increasing. The source database is write-heavy. What should the team do to reduce replication lag?

A.Tune the source database to reduce write load.
B.Enable Multi-AZ on the RDS instance.
C.Increase the RDS instance size to a larger instance class.
D.Switch to AWS DMS for migration.
AnswerC

More CPU and I/O capacity reduces apply lag.

Why this answer

Option B is correct: using a larger RDS instance class provides more resources to apply changes. Option A is wrong because enabling Multi-AZ does not improve replication performance. Option C is wrong because DMS is not needed.

Option D is wrong because tuning the source may help but the target is the bottleneck.

479
Multi-Selecthard

A company is using Amazon DynamoDB with provisioned capacity. The application is experiencing throttling on write requests. The database specialist needs to identify the cause. Which THREE metrics should be reviewed in CloudWatch? (Select THREE.)

Select 3 answers
A.ConsumedWriteCapacityUnits
B.WriteThrottleEvents
C.ThrottledWriteRequests
D.ReadThrottleEvents
E.SuccessfulRequestLatency
AnswersA, B, C

Shows consumed capacity to compare with provisioned capacity.

Why this answer

Option A is correct because 'ThrottledWriteRequests' directly indicates throttling. Option B is correct because 'WriteThrottleEvents' is another metric for throttling events. Option C is correct because 'ConsumedWriteCapacityUnits' helps understand if provisioned capacity is being fully used.

Option D is wrong because 'ReadThrottleEvents' is for reads, not writes. Option E is wrong because 'SuccessfulRequestLatency' measures latency, not throttling.

480
MCQeasy

A company wants to encrypt an existing unencrypted Amazon RDS for PostgreSQL DB instance. What is the correct procedure?

A.Take a snapshot of the instance, create an encrypted copy of the snapshot, and restore the encrypted snapshot to a new DB instance.
B.Take a snapshot of the instance and restore it with encryption enabled.
C.Modify the DB instance and enable encryption in the RDS console.
D.Create a read replica of the instance and enable encryption on the replica.
AnswerA

This is the standard procedure to migrate to an encrypted instance.

Why this answer

Option C is correct because you must create a snapshot, copy it with encryption, and restore to a new encrypted instance. Option A is wrong because you cannot modify an existing instance to enable encryption. Option B is wrong because enabling encryption requires a snapshot copy.

Option D is wrong because creating a read replica does not encrypt the primary.

481
MCQmedium

A company is running an Amazon Aurora MySQL database cluster. The database specialist notices that the write latency is high during peak hours. The cluster consists of one writer and two reader instances. Which action should the specialist take to reduce write latency?

A.Enable Auto Scaling on the cluster to automatically adjust capacity.
B.Increase the instance class of the writer instance to a larger size.
C.Enable Multi-AZ deployment for the cluster.
D.Add more reader instances to distribute the read load.
AnswerB

A larger instance class provides more CPU and memory, reducing write latency.

Why this answer

Option C is correct because increasing the instance class of the writer can improve performance. Option A is wrong because read replicas do not help with write latency. Option B is wrong because Auto Scaling does not apply to Aurora instance classes automatically.

Option D is wrong because Multi-AZ is already inherent in Aurora.

482
MCQhard

A company has an Amazon DynamoDB table with on-demand capacity mode. They notice that write requests are being throttled during peak hours. The table has a global secondary index (GSI) that is also throttled. Which action should the database specialist take to resolve the throttling?

A.Review the partition key design and consider adding a suffix to distribute writes more evenly.
B.Enable DynamoDB Streams to offload write operations.
C.Switch to provisioned capacity mode and increase write capacity units (WCU).
D.Increase the write capacity of the GSI by updating the table's provisioned throughput.
AnswerA

Even distribution of write traffic across partitions reduces throttling.

Why this answer

Option C is correct because in on-demand mode, throttling can occur if a single partition key receives more than 1,000 WCU or 3,000 RCU. Adjusting the partition key design to spread the workload more evenly can resolve throttling. Option A is wrong because the table is on-demand, so switching to provisioned capacity might not help if the access pattern is uneven.

Option B is wrong because the GSI inherits throttling from the base table; adding more GSI capacity is not applicable in on-demand mode. Option D is wrong because DynamoDB Streams do not directly affect throttling.

483
MCQeasy

A company is designing a document management system using Amazon S3 and needs to store metadata such as document ID, owner, creation date, and tags. The metadata must be searchable with low latency, supporting queries like 'Find all documents owned by user X with tag Y created after date Z'. Which AWS database service is most suitable for storing and querying this metadata?

A.Amazon DynamoDB with a GSI on (owner, creation_date) and a filter on tags.
B.Amazon Redshift Spectrum querying metadata stored in S3 as CSV.
C.Amazon RDS for PostgreSQL with a normalized schema.
D.Amazon ElastiCache for Redis with sorted sets for tags.
AnswerA

DynamoDB provides fast queries and flexible indexing.

Why this answer

Amazon DynamoDB is the most suitable choice because it provides single-digit millisecond latency for queries at any scale, which meets the low-latency search requirement. By creating a Global Secondary Index (GSI) on (owner, creation_date), you can efficiently query documents by owner and date range, and then apply a filter expression on tags to narrow results. This schema avoids the overhead of joins and normalization, making it ideal for high-throughput metadata lookups.

Exam trap

The trap here is that candidates often choose a relational database like PostgreSQL because they think normalized schemas are required for complex queries, but DynamoDB's GSI and filter expressions can handle this access pattern more efficiently at scale without the overhead of joins.

How to eliminate wrong answers

Option B is wrong because Amazon Redshift Spectrum is designed for analytical queries on large datasets in S3, not for low-latency, point-query or filtered lookups on metadata; it incurs significant overhead for each query and does not support sub-second response times. Option C is wrong because Amazon RDS for PostgreSQL with a normalized schema would require complex joins and indexing to support the multi-condition query, and relational databases typically have higher latency and scaling limitations compared to DynamoDB for this access pattern. Option D is wrong because Amazon ElastiCache for Redis with sorted sets is an in-memory cache, not a durable database; it lacks native support for multi-attribute queries like filtering by owner, date, and tags simultaneously, and sorted sets are optimized for leaderboard-style range queries, not arbitrary metadata searches.

484
Multi-Selecteasy

A company uses Amazon ElastiCache for Redis. They want to monitor cache hit ratio. Which TWO metrics should be used to calculate the cache hit ratio?

Select 2 answers
A.GetTypeCmds
B.CacheHits
C.Evictions
D.CacheMisses
E.CurItems
AnswersB, D

Number of successful key lookups.

Why this answer

Options A and C are correct. Cache hit ratio = CacheHits / (CacheHits + CacheMisses). CurItems is for memory usage, Evictions is for memory pressure, and GetTypeCmds is total get commands.

485
MCQeasy

A company is migrating a MySQL database from on-premises to Amazon RDS for MySQL. The current database has several stored procedures and triggers that use user-defined functions (UDFs) compiled as shared libraries. What is the best practice for handling these UDFs in RDS?

A.Use Amazon RDS Custom for MySQL to upload the UDF libraries.
B.Use AWS Lambda to replace the UDFs.
C.Migrate to Amazon Aurora MySQL, which supports custom UDFs.
D.Refactor the stored procedures to avoid using the custom UDFs.
AnswerD

RDS does not support custom compiled UDFs; the application must be refactored.

Why this answer

Amazon RDS for MySQL does not allow access to the underlying file system, so you cannot upload custom UDF shared libraries (.so files). The best practice is to refactor the stored procedures and triggers to remove dependencies on these UDFs, replacing their logic with native MySQL functions or application-level code. This ensures compatibility with the managed RDS environment without requiring custom binaries.

Exam trap

The trap here is that candidates assume RDS Custom or Aurora MySQL will support custom UDFs, but neither service allows loading arbitrary shared libraries, making refactoring the only viable option.

How to eliminate wrong answers

Option A is wrong because Amazon RDS Custom for MySQL still restricts custom UDFs; RDS Custom provides OS-level access for patching and configuration but does not support loading arbitrary shared libraries for UDFs. Option B is wrong because AWS Lambda is an event-driven compute service that cannot directly replace UDFs used inside stored procedures or triggers; it would require significant architectural changes and introduce latency. Option C is wrong because Amazon Aurora MySQL does not support custom UDFs compiled as shared libraries; it only supports a limited set of built-in functions and Lambda-based functions via the native function interface.

486
MCQeasy

A company runs a reporting application on Amazon Redshift. The application queries a large fact table that is distributed by a key. The report queries filter on a date column. The report performance is slow. The database has 10 nodes. The company wants to improve query performance by optimizing the table design. Which design change should be made?

A.Set the sort key to the date column.
B.Increase the number of nodes in the cluster.
C.Change the distribution style to ALL to avoid data redistribution.
D.Change the distribution style to KEY on the date column.
AnswerA

Sort keys enable efficient range filtering, improving query performance for date-based filters.

Why this answer

Setting the sort key to the date column improves query performance by enabling range-restricted scans. When queries filter on a date column, Redshift uses zone maps to skip blocks that do not contain relevant data, drastically reducing the number of rows scanned. This is the most direct and cost-effective optimization for filter-heavy workloads on large fact tables.

Exam trap

The trap here is that candidates often confuse the purpose of distribution keys (for join co-location) with sort keys (for filter pruning), leading them to choose distribution changes (options C or D) instead of the correct sort key optimization.

How to eliminate wrong answers

Option B is wrong because increasing the number of nodes adds compute and storage capacity but does not address the root cause of slow scans; it is a scale-up solution that incurs additional cost without optimizing data access patterns. Option C is wrong because changing the distribution style to ALL replicates the entire table to every node, which eliminates data redistribution for joins but does not improve the efficiency of range-restricted scans on the date column; it also wastes storage and can degrade load performance. Option D is wrong because changing the distribution style to KEY on the date column would distribute rows based on date values, which can cause data skew if the date column has uneven cardinality (e.g., recent dates dominating), and it does not enable the block-minimax pruning that a sort key provides.

487
MCQmedium

A company is running an Amazon RDS for PostgreSQL DB instance with Multi-AZ deployment. They notice that the primary DB instance is experiencing high CPU utilization. The read replica shows normal CPU. Which action should the DBA take to reduce the load on the primary instance?

A.Failover to the standby instance
B.Increase the DB instance size
C.Convert the read replica to a Multi-AZ standby
D.Offload SELECT queries to the read replica
AnswerD

This reduces CPU on primary by moving read traffic.

Why this answer

Option A is correct because moving read-intensive workloads to the read replica reduces CPU on the primary. Option B is wrong because Multi-AZ failover does not help with CPU load. Option C is wrong because increasing instance size would help but is not the best first step.

Option D is wrong because read replicas are asynchronous and cannot be used for writes.

488
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database size is 2 TB and the network bandwidth is limited. The company needs to minimize downtime during migration. Which AWS service should be used?

A.Oracle Data Pump export and import
B.AWS Schema Conversion Tool (SCT)
C.AWS Database Migration Service (DMS)
D.AWS Snowball Edge
AnswerC

DMS can migrate live data with minimal downtime.

Why this answer

Option D is correct because AWS DMS can perform live migration with minimal downtime. Option A is wrong because AWS SCT helps with schema conversion but not data migration. Option B is wrong because Export/Import from Oracle dump requires downtime.

Option C is wrong because AWS Snowball is for offline data transfer, which introduces downtime.

489
Multi-Selecthard

A company is using Amazon DynamoDB for a gaming leaderboard that updates frequently. They need to maintain a sorted list of top 100 players by score. Which THREE design patterns can achieve this efficiently?

Select 3 answers
A.Use a Global Secondary Index (GSI) with score as the sort key and query with ScanIndexForward=false and Limit=100.
B.Use DynamoDB Accelerator (DAX) to cache query results.
C.Use DynamoDB Streams and AWS Lambda to maintain a separate leaderboard table with the top 100 scores.
D.Scan the entire table and sort the results in memory.
E.Use Amazon ElastiCache for Redis with sorted sets to maintain the leaderboard.
AnswersA, C, E

This retrieves the top 100 scores efficiently.

Why this answer

Option A is correct because a Global Secondary Index (GSI) with score as the sort key allows you to query items in descending order using ScanIndexForward=false and limit the result to the top 100 players. This pattern efficiently retrieves the highest scores without scanning the entire table, leveraging DynamoDB's index query capabilities.

Exam trap

Cisco often tests the misconception that DAX can perform sorting or ranking operations, but DAX is only a cache and cannot reorder data or maintain sorted sets.

490
MCQhard

A company is running a production PostgreSQL database on an EC2 instance (db.m5.xlarge) with 500 GB of gp2 EBS storage. The database is used by a customer-facing application that requires low latency. The company plans to migrate this database to Amazon RDS for PostgreSQL with minimal downtime. The current database has a high write load with frequent updates and deletes, and the table sizes are growing. The company also wants to enable Multi-AZ for high availability and use read replicas for reporting workloads. During migration planning, they discover that the source database has several large unlogged tables and uses custom PostgreSQL extensions that are not available in RDS. Which migration strategy should the company use to minimize downtime and meet all requirements?

A.Use AWS DMS with ongoing replication, convert unlogged tables to logged tables, and migrate custom extensions using AWS SCT.
B.Use pg_dump to export the database and pg_restore to import into RDS, then set up read replicas.
C.Copy the database files to Amazon S3, then use the rdsadmin.rdsadmin_restore_from_s3 procedure to restore to RDS.
D.Set up PostgreSQL streaming replication from the EC2 instance to an RDS read replica, then promote the replica.
AnswerA

DMS can handle unlogged tables by replicating data as regular tables, and SCT can suggest alternatives for unsupported extensions.

Why this answer

Option B is correct because AWS DMS can migrate data while converting the unlogged tables to logged tables (since DMS replicates changes) and can handle custom extensions by focusing on schema conversion. Option A is wrong because unlogged tables cannot be replicated via streaming replication. Option C is wrong because native pg_dump/pg_restore is offline and would cause downtime.

Option D is wrong because S3 copy is not a supported migration method.

491
MCQeasy

A company needs to migrate a 5 TB Oracle database to Amazon Aurora PostgreSQL. The company has a limited maintenance window and requires the migration to be completed within a few hours. Which approach should be used?

A.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema and AWS DMS for data migration
B.Use pg_dump to export the Oracle database and pg_restore to import into Aurora
C.Use AWS Database Migration Service (AWS DMS) to migrate the data
D.Use AWS S3 to store the data and AWS Glue to transform and load into Aurora
AnswerC

AWS DMS supports heterogeneous migrations from Oracle to Aurora PostgreSQL.

Why this answer

AWS DMS can handle large data migrations efficiently. Option A is incorrect because pg_dump is for PostgreSQL, not Oracle. Option C is incorrect because S3 is not suitable for direct database migration.

Option D is incorrect because AWS SCT is for schema conversion, not data migration.

492
MCQhard

A database team uses Amazon DynamoDB with auto scaling enabled. They observe frequent throttling on a table during peak hours. The table's read capacity is set to 5000 RCU with auto scaling range 3000-7000. The consumed read capacity graph shows spikes to 6000 RCU but throttling occurs at 5500. What is the most likely cause?

A.Write capacity units are insufficient
B.Auto scaling is disabled for the table
C.The table has too many partitions
D.Auto scaling cannot react quickly enough to sudden traffic spikes
AnswerD

Auto scaling has a lag; spikes can exceed provisioned capacity before scaling completes.

Why this answer

Option D is correct because auto scaling uses a target utilization (default 70%) and cannot scale fast enough for sudden spikes. Option A is wrong because auto scaling is enabled. Option B is wrong because WCU are separate.

Option C is wrong because partition count doesn't directly cause throttling if RCU is sufficient.

493
MCQhard

A company runs a production Amazon RDS for PostgreSQL Multi-AZ DB instance (db.r5.large) with 500 GB of General Purpose SSD (gp2) storage. The application experiences intermittent latency spikes every 15 minutes. Monitoring shows that during these spikes, the ReadIOPS metric on the primary instance spikes to 5,000 IOPS (the baseline is 1,500 IOPS), and the BurstBalance drops from 100% to 20% then recovers. There is no increase in CPU or connections. The application uses connection pooling with pgBouncer on an EC2 instance. The team has verified that no long-running queries or index scans are causing the spikes. Which action is MOST likely to resolve the intermittent latency?

A.Create a read replica and redirect read traffic to it.
B.Increase the DB instance to db.r5.xlarge to improve CPU and network performance.
C.Migrate the storage to gp3 with a baseline of 3,000 IOPS and 125 MB/s throughput.
D.Scale the storage to 1,000 GB to increase baseline IOPS and burst credits.
AnswerC

gp3 provides consistent baseline IOPS without burst credits, eliminating the performance variability due to credit exhaustion.

Why this answer

Option B is correct because the burst balance dropping indicates the gp2 volume is exhausting its burst credits. The baseline IOPS for a 500 GB gp2 volume is 1,500 IOPS, but the spikes reach 5,000 IOPS, burning credits. Converting to gp3 provides a baseline of 3,000 IOPS (or more) without burst credits, eliminating the burst balance issue.

Option A increases volume size but does not change the burst behavior (larger gp2 still uses credits and needs even more IOPS). Option C adds read replicas but the issue is on the primary write instance. Option D increases instance size but the metric shows no CPU or connection bottleneck; the bottleneck is storage IOPS credit exhaustion.

494
MCQeasy

A company wants to deploy an Amazon RDS for MySQL database for a new application. The database must be highly available with automatic failover. Which configuration should they choose?

A.Deploy a single-AZ instance with automated backups
B.Deploy a cross-region replica
C.Deploy a single-AZ instance with a read replica
D.Deploy a Multi-AZ instance with a standby replica
AnswerD

Multi-AZ provides automatic failover to the standby.

Why this answer

Multi-AZ deployment provides automatic failover to a standby in a different AZ. Option A (single-AZ) does not provide HA. Option C (read replicas) do not provide automatic failover.

Option D (cross-region) is for DR, not HA.

495
MCQhard

A multinational e-commerce company runs an Amazon Aurora MySQL database for its product catalog. The database is 2 TB and has a high write volume. The company needs to create a test environment that contains a subset (10%) of the production data for developers to use. The test environment must be refreshed daily with the latest production data. The operations team wants to minimize cost and ensure that the test environment does not impact production performance. Which solution should they implement?

A.Use AWS DMS to continuously replicate a filtered subset of data to a test cluster.
B.Take a manual snapshot of the production cluster, restore it to a new cluster, and delete 90% of the data.
C.Use Aurora cloning to create a clone of the production cluster. Use database triggers or scripts to delete 90% of the data after cloning.
D.Create a read replica of the production cluster, promote it to a standalone cluster, and delete 90% of the data.
AnswerC

Cloning is fast, cost-effective, and does not impact production.

Why this answer

Using Aurora cloning creates a copy that shares storage with the source, minimizing cost and avoiding performance impact. Option A is correct. Option B (snapshot and restore) creates a full copy, costing more.

Option C (DMS) adds cost and overhead. Option D (read replica and promote) would impact production replication.

496
MCQhard

A database administrator has the IAM policy shown in the exhibit. Which action will be allowed by this policy?

A.Modify the prod-db instance.
B.Create a snapshot of the prod-db instance.
C.Delete the prod-db instance.
D.Describe all DB instances in the account.
AnswerB

Explicitly allowed.

Why this answer

Option B is correct. The policy explicitly allows CreateDBSnapshot on the resource. Option A is denied.

Option C is not in the policy. Option D is not in the policy.

497
MCQhard

A company runs a large-scale e-commerce platform using Amazon RDS for MySQL with a Multi-AZ deployment. The database has a table 'orders' with 200 million rows. Recently, they added a new index on the 'order_date' column to improve reporting queries. After adding the index, they noticed increased write latency and occasional replication lag. The application writes new orders continuously. The table experiences about 10,000 writes per second. The DB instance is db.r5.4xlarge. The index creation was done using the ALTER TABLE statement with a default algorithm. What is the most likely cause of the increased write latency and replication lag?

A.The index creation DDL statement is not replicated to the standby instance, causing inconsistency.
B.The instance size is insufficient for the write workload.
C.The index was created using the default algorithm (COPY), which locks the table and blocks writes, causing replication lag.
D.The new index is causing excessive overhead on write operations due to index maintenance.
AnswerC

In MySQL 5.6 and 5.7, ALTER TABLE uses COPY algorithm by default, which locks the table for writes during the operation.

Why this answer

Option C is correct because the default algorithm for ALTER TABLE in MySQL is COPY, which creates a new table, copies all rows, and rebuilds indexes. During this process, the table is locked with a write lock, blocking DML operations and causing increased write latency. In a Multi-AZ deployment, the DDL is replicated to the standby, but the lock on the primary delays writes, which can manifest as replication lag when the standby applies the same blocking DDL.

Exam trap

The trap here is that candidates often assume any index addition causes permanent write overhead (Option D), but the question describes a sudden latency spike immediately after the operation, which is characteristic of the blocking COPY algorithm, not ongoing maintenance.

How to eliminate wrong answers

Option A is wrong because DDL statements like ALTER TABLE are replicated to the standby instance via the binary log in MySQL Multi-AZ deployments; the index creation is not skipped, so inconsistency does not occur. Option B is wrong because the db.r5.4xlarge instance (16 vCPUs, 128 GB memory) is more than sufficient for 10,000 writes per second on a single table; the issue is not raw capacity but the blocking nature of the DDL operation. Option D is wrong because while index maintenance does add overhead to writes, the sudden increase in write latency and replication lag immediately after adding the index points to the blocking DDL operation itself, not the ongoing maintenance cost of the new index.

498
MCQeasy

A company has an Amazon RDS for PostgreSQL DB instance with automated backups enabled. The retention period is set to 7 days. A developer accidentally performed a DROP TABLE operation on a critical table 2 days ago. How can the table be recovered with minimal data loss?

A.Perform a point-in-time restore to a time just before the DROP TABLE operation.
B.Use the pg_dump utility to create a manual backup and restore it.
C.Create a read replica of the DB instance and promote it to a standalone instance.
D.Restore the DB instance from the oldest automated snapshot.
AnswerA

PITR allows recovery to any point within the retention period.

Why this answer

Point-in-time restore allows recovery to any time within the backup retention period. The table was dropped 2 days ago, so restoring to a time just before the drop will recover the data. Option A (restore from oldest snapshot) would lose data from the last 7 days; Option C (manual backup) is not available; Option D (replicate to another region) does not help.

499
MCQeasy

A company is using Amazon DynamoDB for a web application. The company notices that read requests to a particular table are throttled during peak hours. The table has a provisioned read capacity of 1000 read capacity units (RCUs). The read requests are mostly eventually consistent reads. What should the company do to reduce throttling without changing the application code?

A.Use Amazon ElastiCache to cache the read results.
B.Switch to strongly consistent reads to reduce the number of read requests.
C.Implement DynamoDB Accelerator (DAX) to cache read requests.
D.Increase the provisioned read capacity for the table.
AnswerD

This directly increases the number of allowed reads per second, reducing throttling.

Why this answer

Increasing the provisioned read capacity directly addresses throttling by allowing more reads per second. Option B is wrong because DynamoDB Accelerator (DAX) requires code changes to use. Option C is wrong because eventually consistent reads are already used.

Option D is wrong because using strongly consistent reads would increase RCU consumption, worsening throttling.

500
MCQhard

A company is using Amazon DynamoDB for a high-traffic application. The application is experiencing intermittent `ProvisionedThroughputExceededException` errors. The team has already increased the read and write capacity units multiple times but the errors persist. Which of the following is the MOST likely cause of the issue?

A.DynamoDB Accelerator (DAX) is not properly configured
B.The table is part of a DynamoDB Global Table and replication is causing conflicts
C.The provisioned capacity is not increased enough
D.A hot key or uneven partition access pattern is causing throttling
AnswerD

Hot keys can exceed the per-partition throughput limits, leading to throttling even if overall capacity is adequate.

Why this answer

Option B is correct because hot keys or uneven access patterns can cause throttling even if overall provisioned capacity appears sufficient. Option A is wrong because increasing capacity units should reduce throttling if the issue is simply capacity. Option C is wrong because Global Tables replication does not cause throttling on the source table.

Option D is wrong because DynamoDB Accelerator (DAX) reduces read load on the table, not write, and improper use might cause cache misses but not ProvisionedThroughputExceededException.

501
MCQmedium

A company is migrating a 200 GB PostgreSQL database to Amazon Aurora PostgreSQL. They want to use the AWS DMS console to create a migration task. The source database is in a VPC and the target Aurora cluster is in the same VPC. The DMS replication instance is also in the same VPC. The source database is publicly accessible. What additional configuration is required to enable connectivity between DMS and the source database?

A.Associate the DMS replication instance with a subnet group that includes public subnets.
B.Place the source database in the same public subnet as the DMS replication instance.
C.Create a VPC endpoint for the source database service.
D.Configure the source database's security group to allow inbound traffic from the DMS replication instance's security group.
AnswerD

The security group must allow traffic from DMS to reach the database.

Why this answer

Option D is correct because even though the source is publicly accessible, DMS is in a VPC and cannot directly access public IPs unless the VPC has an internet gateway and the route table allows it. The security group of the source must allow inbound traffic from the DMS replication instance's security group. Option A is wrong because DMS does not require a VPC endpoint for source connectivity.

Option B is wrong because the replication instance subnet group is already set. Option C is wrong because the source database should not be in public subnet; it can be private with proper routing.

502
MCQmedium

A company runs a customer relationship management (CRM) application on Amazon RDS for PostgreSQL. The application stores customer data in a table with over 50 million rows. The company recently added a new query that searches for customers by their email domain (e.g., '@example.com'). The query uses a LIKE pattern: 'WHERE email LIKE ''%@example.com'''. The query takes over 30 seconds to complete. The DBA has already created a B-tree index on the email column, but it does not help. Which action should the database specialist recommend to improve query performance?

A.Create a hash index on the email column.
B.Increase the shared_buffers parameter to improve caching.
C.Create a B-tree index on the reversed email string.
D.Create a trigram index (using pg_trgm extension) on the email column.
AnswerD

Trigram indexes are designed for fast LIKE queries.

Why this answer

The query uses a leading wildcard LIKE pattern ('%@example.com'), which prevents a standard B-tree index from being used because the search string does not have a fixed prefix. A trigram index, provided by the pg_trgm extension, breaks strings into three-character substrings (trigrams) and allows the database to efficiently match patterns with leading wildcards. This index type is specifically designed for fuzzy text matching and LIKE queries with wildcards, reducing the query time from over 30 seconds to milliseconds.

Exam trap

The trap here is that candidates assume a B-tree index can handle all LIKE patterns, but AWS specifically tests the understanding that leading wildcards disable B-tree index scans, requiring a specialized index like pg_trgm for pattern-matching performance.

How to eliminate wrong answers

Option A is wrong because hash indexes in PostgreSQL only support equality comparisons (=), not pattern-matching operations like LIKE. Option B is wrong because increasing shared_buffers improves caching of data pages but does not change the query execution plan; the B-tree index is still not used for leading-wildcard searches, so the query remains a full table scan. Option C is wrong because creating a B-tree index on the reversed email string would only help if the query were rewritten to use a trailing wildcard (e.g., WHERE REVERSE(email) LIKE 'moc.elpmaxe@%'), which is not the given query pattern and adds complexity without addressing the leading wildcard issue.

503
MCQeasy

A developer notices that an Amazon ElastiCache for Redis cluster is experiencing high latency. The cluster uses a single node. Which CloudWatch metric should be reviewed first to determine if the issue is due to memory pressure?

A.NetworkBytesIn
B.ReplicationLag
C.CPUUtilization
D.DatabaseMemoryUsagePercentage
AnswerD

High memory usage can cause evictions and latency.

Why this answer

Option A is correct because the DatabaseMemoryUsagePercentage metric indicates the percentage of the node's memory used, which can cause latency if high. Option B is wrong because CPUUtilization indicates CPU load, not memory. Option C is wrong because NetworkBytesIn measures incoming network traffic.

Option D is wrong because ReplicationLag only applies to clusters with replicas.

504
MCQmedium

A company is deploying a new multi-AZ Amazon RDS for PostgreSQL database. The security team requires that all traffic to the database be encrypted in transit. Which configuration ensures this?

A.Use a customer master key (CMK) for RDS
B.Enable SSL/TLS and require client connections to use SSL
C.Place the RDS instance in a public subnet
D.Enable encryption at rest using AWS KMS
AnswerB

SSL/TLS encrypts data in transit.

Why this answer

Enabling SSL/TLS and enforcing that client connections use SSL ensures encryption in transit. Option A (encryption at rest) does not cover transit. Option B (default VPC) does not enforce encryption.

Option D (KMS) is for encryption at rest.

505
MCQeasy

A startup uses Amazon ElastiCache for Redis as a caching layer for its database. Users report that application responses are slow. The developer checks the ElastiCache metrics and sees that 'CacheHits' are low and 'CacheMisses' are high. What is the most likely cause?

A.The cluster does not have enough read replicas.
B.The ElastiCache cluster does not have enough write capacity.
C.The ElastiCache nodes have high CPU utilization.
D.The cache key TTL is too short, causing frequent evictions.
AnswerD

Short TTL leads to early eviction and cache misses.

Why this answer

Option A is correct because a low cache hit ratio indicates the cache is not being used effectively, often due to a low TTL. Option B is wrong because insufficient read replicas would not cause low cache hits. Option C is wrong because high CPU might cause latency but not necessarily low cache hits.

Option D is wrong because insufficient write capacity is not relevant for ElastiCache read behavior.

506
Multi-Selecthard

A company uses Amazon Aurora MySQL-Compatible Edition. The security team wants to implement database activity streams to monitor database activity. Which THREE statements are true about Aurora database activity streams?

Select 3 answers
A.Activity streams can be started and stopped without restarting the database.
B.Activity streams are encrypted using a KMS key.
C.Activity streams automatically mask sensitive data in the logs.
D.Activity streams only capture DDL statements, not DML or SELECT.
E.Activity streams publish database activity to CloudWatch Logs and Kinesis Firehose.
AnswersA, B, E

Activity streams are started via the RDS console or API and do not require a restart.

Why this answer

Options A, B, and C are correct. Activity streams can be started and stopped without database restart (A). They send logs to Amazon CloudWatch Logs and Amazon Kinesis Firehose (B).

Data is encrypted using a KMS key (C). Option D is wrong because activity streams capture all SQL queries, not just DDL. Option E is wrong because activity streams do not capture data masking; they capture actual queries.

507
MCQmedium

Refer to the exhibit. A company is creating an Aurora MySQL cluster using the AWS CLI. The command fails with an error. The company has a default KMS key but the command specifies a customer-managed KMS key. What is the most likely cause of the failure?

A.The IAM user does not have permission to use the specified KMS key
B.The --kms-key-id parameter is not supported for aurora-mysql engine
C.The KMS key does not exist
D.The KMS key is in a different region
AnswerA

Permission to use the KMS key is required.

Why this answer

Option B is correct because the IAM role used to run the CLI command must have permission to use the specified KMS key. The error is likely due to missing KMS permissions. Option A is wrong because the --kms-key-id parameter is valid for Aurora clusters.

Option C is wrong because the key exists; the issue is permissions. Option D is wrong because KMS keys can be used across regions if configured, but the error is more likely due to permissions.

508
MCQmedium

A company runs an Amazon Redshift cluster with 8 dc2.large nodes for its data warehouse. The data engineering team loads data daily using COPY commands from S3. Recently, the load times have increased significantly. The cluster's CloudWatch metric 'CPUUtilization' is high during the load. The administrator runs the STL_LOAD_ERRORS table and finds no errors. The SVL_S3LOG shows that the COPY command is scanning many small files. The data in S3 is stored as 10,000 small CSV files (each ~100 KB). Which action will MOST improve the COPY performance?

A.Use the MANIFEST option to specify the files explicitly
B.Use the JSON format instead of CSV to reduce parsing overhead
C.Consolidate the small files into fewer, larger files (e.g., 100 files of 10 MB each)
D.Change the table's distribution style to ALL to avoid data redistribution
AnswerC

Larger files reduce the overhead of file opening and improve parallelism.

Why this answer

Option B is correct because Redshift performs better with fewer, larger files. Consolidating small files into larger ones reduces the overhead of opening many files. Option A is incorrect because the issue is not with the COPY command syntax.

Option C is incorrect because changing the distribution style does not affect COPY performance directly. Option D is incorrect because the issue is not with the column data type.

509
MCQhard

A financial services company is migrating a 10 TB Oracle data warehouse to Amazon Redshift. The source database uses a combination of partitioned tables, indexes, and materialized views. The migration team plans to use AWS SCT and DMS. Which approach should the team take to optimize query performance after migration?

A.Create indexes on frequently queried columns
B.Recreate all materialized views using standard views
C.Define appropriate distribution keys and sort keys
D.Partition tables by date using the PARTITION BY clause
AnswerC

These are the primary performance optimization mechanisms in Redshift.

Why this answer

Option D is correct because Redshift uses distribution keys and sort keys for performance, not traditional indexes. Option A is wrong because Redshift does not support materialized views in the same way. Option B is wrong because indexes are not used in Redshift.

Option C is wrong because partitioning in Redshift is done via distribution and sort keys, not like Oracle.

510
Multi-Selecteasy

Which TWO AWS services can be used to migrate an on-premises SQL Server database to Amazon RDS for SQL Server?

Select 2 answers
A.AWS DataSync
B.AWS DMS
C.Native SQL Server backup to S3 and restore to RDS
D.AWS Storage Gateway
E.AWS DynamoDB
AnswersB, C

DMS supports SQL Server as source and target.

Why this answer

Correct: A (AWS DMS) and C (native backup/restore to S3). B is for NoSQL; D is for file storage; E is for data transfer between on-premises and S3, not database migration.

511
MCQmedium

A database specialist sees the above output for an RDS MySQL instance. The application reports that the instance is not accepting writes. What is the most likely cause?

A.The instance is a read replica and cannot accept write requests.
B.The allocated IOPS are insufficient for the write workload.
C.Multi-AZ is not enabled, so the instance cannot accept writes.
D.Storage encryption is enabled, which prevents write operations.
AnswerA

Read replicas are read-only.

Why this answer

Option B is correct. The output shows the instance is a read replica (ReadReplicaSourceDBInstanceIdentifier is set), which means it is read-only and cannot accept writes. Option A is wrong because Multi-AZ does not affect write capability.

Option C is wrong because storage encryption does not prevent writes. Option D is wrong because insufficient IOPS would not make it read-only.

512
MCQeasy

A company is migrating an on-premises MongoDB database to Amazon DocumentDB. The migration must be online with minimal downtime. Which AWS service should be used?

A.AWS DataSync
B.AWS DMS
C.AWS S3
D.AWS Snowball Edge
AnswerB

DMS supports MongoDB to DocumentDB with CDC for minimal downtime.

Why this answer

Option B is correct because AWS DMS supports MongoDB as a source and DocumentDB as a target with ongoing replication. Option A is wrong because Snowball is offline. Option C is wrong because S3 is not a migration tool.

Option D is wrong because DataSync is for file storage.

513
MCQmedium

A company uses Amazon Aurora MySQL for its customer relationship management (CRM) system. The database has a table "contacts" with millions of rows. The application frequently searches for contacts by email address. The email column has a B-tree index. The DBA notices that queries are still slow, and the EXPLAIN plan shows index scans but not index-only scans. What is the most likely cause?

A.The query selects columns not included in the index, requiring table lookups.
B.The index is a composite index on (email, phone) and the query selects only email.
C.The index has low cardinality.
D.The index type is not suitable for equality searches.
AnswerA

If the query selects columns like phone not in the index, the database must access the table, preventing an index-only scan.

Why this answer

Option D is correct because if the index does not include all columns needed (like phone), the database must fetch rows from the table. Option A is wrong because composite indexes on email and phone would help if queries used both, but not for email-only. Option B is wrong because B-tree indexes are suitable for equality.

Option C is wrong because cardinality is likely high enough.

514
MCQhard

A company needs to comply with PCI DSS requirements for an Amazon RDS for Oracle DB instance. The requirements include encryption of sensitive data at rest and in transit, and automated key rotation. Which combination of services and configurations should be used? (Select THREE.)

A.Use AWS CloudHSM to generate and store encryption keys.
B.Enable encryption at rest on the RDS instance using AWS KMS.
C.Use AWS Secrets Manager to automatically rotate database credentials.
D.Enable SSL/TLS for connections to the database.
E.Enable VPC Flow Logs to audit database connections.
AnswerB, C, D

Encryption at rest is required for PCI DSS.

Why this answer

Options A, C, and D are correct. Option A: Enable encryption at rest with KMS. Option C: Enable encrypted replication for read replicas if used.

Option D: Use Secrets Manager for automated credential rotation. Option B is wrong because CloudHSM is not required for key rotation; KMS can rotate keys automatically. Option E is wrong because VPC Flow Logs are for network monitoring, not encryption.

515
MCQhard

A security team needs to grant an IAM user permission to modify only the 'db_secrets' secret in AWS Secrets Manager. Which IAM policy statement is correct?

A.{ 'Effect': 'Allow', 'Action': 'secretsmanager:UpdateSecret', 'Resource': '*' }
B.{ 'Effect': 'Allow', 'Action': 'secretsmanager:*', 'Resource': '*' }
C.{ 'Effect': 'Allow', 'Action': 'secretsmanager:PutSecretValue', 'Resource': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:*' }
D.{ 'Effect': 'Allow', 'Action': 'secretsmanager:PutSecretValue', 'Resource': 'arn:aws:secretsmanager:us-east-1:123456789012:secret:db_secrets-??????' }
AnswerD

This restricts to the specific secret and allows PutSecretValue.

Why this answer

Option D is correct because it restricts to the specific secret ARN. Option A allows all secrets. Option B allows all secrets with 'db_secrets' in name.

Option C allows all secrets.

516
MCQhard

A company uses Amazon RDS for SQL Server with Multi-AZ deployment. The security team has mandated that all connections to the database must use SSL/TLS. The database is accessed by multiple applications running on EC2 instances. Which configuration ensures that all connections use SSL/TLS?

A.Modify the DB instance by enabling the 'Require SSL' option in the RDS console.
B.Set the parameter rds.force_ssl to 1 in the DB parameter group and revoke permissions from users that do not use SSL.
C.Set the parameter rds.force_ssl to 1 in the DB parameter group.
D.Configure the applications to use a certificate from a trusted certificate authority and connect using SSL.
AnswerB

This combination ensures that all connections must use SSL, providing complete enforcement.

Why this answer

Option D is correct because to enforce SSL/TLS for all connections, you need to set the rds.force_ssl parameter to 1 in the RDS parameter group, which forces all connections to use SSL. Additionally, you should revoke non-SSL permissions from the database users. Option A is wrong because modifying the DB instance to require SSL is not a direct setting; the parameter group controls this.

Option B is wrong because using a certificate authority is not required; RDS provides a certificate. Option C is wrong because setting the parameter is the correct method, but you also need to revoke non-SSL permissions to fully enforce.

517
MCQeasy

A developer retrieved a database secret using the AWS CLI as shown. What is the MOST secure way to store and rotate this secret?

A.Store the secret in AWS Secrets Manager and enable automatic rotation with a Lambda function.
B.Store the secret in AWS Systems Manager Parameter Store as a SecureString.
C.Store the secret in a configuration file on the EC2 instance.
D.Use the secret as-is and change it manually every 90 days.
AnswerA

Secrets Manager handles rotation securely.

Why this answer

Option A is correct. Secrets Manager can automatically rotate secrets, and the secret should be retrieved using IAM permissions. Option B is insecure.

Option C is not best practice. Option D is not needed.

518
MCQeasy

A company wants to migrate their on-premises Oracle database to Amazon RDS for Oracle. They have a complex data loading process that uses Oracle Data Pump. Which migration approach is MOST efficient and minimizes downtime?

A.Use AWS Schema Conversion Tool (SCT) to convert the schema and then copy data files directly.
B.Use AWS Database Migration Service (DMS) with ongoing replication from the source Oracle database.
C.Take a physical backup of the on-premises database and restore to RDS.
D.Export data using Oracle Data Pump and import into RDS.
AnswerB

DMS supports full load + CDC, reducing downtime.

Why this answer

AWS DMS can perform a one-time full load followed by ongoing replication using Oracle LogMiner or binary reader. This minimizes downtime because after the full load, DMS continuously applies changes from the source. Data Pump export/import requires downtime.

SCT is used for schema conversion, not data movement. Backup and restore also requires downtime.

519
Multi-Selectmedium

A company is using Amazon DynamoDB with on-demand capacity. The operations team wants to monitor for throttled requests. Which TWO metrics from Amazon CloudWatch should be used to set up an alarm for throttling? (Select TWO.)

Select 2 answers
A.ConsumedWriteCapacityUnits
B.ReadThrottleEvents
C.ThrottledPutRecords
D.ProvisionedReadCapacityUnits
E.ThrottledGetRecords
AnswersC, E

This metric indicates throttled write requests.

Why this answer

Options A and B are correct. 'ThrottledGetRecords' and 'ThrottledPutRecords' are CloudWatch metrics that directly indicate throttled read and write requests. Option C is incorrect because 'ReadThrottleEvents' is not a standard DynamoDB metric. Option D is incorrect because 'ProvisionedReadCapacityUnits' is for provisioned mode.

Option E is incorrect because 'ConsumedWriteCapacityUnits' shows consumed capacity, not throttling.

520
MCQmedium

A company stores sensitive customer data in an Amazon S3 bucket. The data is accessed by an Amazon Redshift cluster using the COPY command. The security team wants to ensure that data is encrypted in transit between S3 and Redshift. Which configuration should be used?

A.Use a VPC endpoint for S3 with a bucket policy that denies HTTP.
B.Use the 'SSH' option in the COPY command to encrypt the transfer.
C.Use the 'ENCRYPTED' option with the COPY command and ensure the S3 bucket policy requires HTTPS.
D.Enable S3 server-side encryption on the bucket.
AnswerC

The 'ENCRYPTED' option forces the COPY command to use HTTPS encryption in transit.

Why this answer

Option C is correct because the COPY command supports encryption in transit via HTTPS when using the 'ENCRYPTED' option or using an S3 endpoint that enforces HTTPS. Option A is wrong because S3 supports HTTPS, and specifying 'ENCRYPTED' is needed. Option B is wrong because S3 server-side encryption protects data at rest, not in transit.

Option D is wrong because the COPY command does not use SSH; it uses HTTPS.

521
Multi-Selecthard

A company is running an Amazon RDS for SQL Server DB instance with Multi-AZ deployment. The security team wants to ensure that all data at rest is encrypted using a customer-managed key stored in AWS KMS. Which steps must be taken to achieve this? (Choose THREE.)

Select 3 answers
A.Modify the DB instance and enable encryption.
B.Enable Multi-AZ deployment to encrypt data at rest.
C.Copy the snapshot and specify encryption with a KMS key.
D.Create a manual snapshot of the existing DB instance.
E.Restore the DB instance from the encrypted snapshot.
AnswersC, D, E

Copying a snapshot allows you to enable encryption.

Why this answer

Options A, C, and E are correct. To encrypt an existing unencrypted RDS instance, you must create a snapshot, copy the snapshot with encryption using a KMS key, and then restore the DB instance from the encrypted snapshot. Option B is incorrect because you cannot enable encryption on an existing DB instance directly.

Option D is incorrect because Multi-AZ deployment does not automatically encrypt data.

522
MCQeasy

A company is implementing fine-grained access control for a DynamoDB table named UserSessions. The table has a partition key of 'user_id'. The above IAM policy is attached to an IAM role assumed by the application. What does this policy achieve?

A.Allows the application to perform all operations on the UserSessions table without restrictions
B.Restricts the application to access only items where the partition key matches the user's AWS user ID
C.Allows the application to read but not write items in the UserSessions table
D.Allows the application to access only the UserSessions table but not other tables
AnswerB

The condition uses 'aws:userid' to limit access to items with the corresponding partition key.

Why this answer

The IAM policy uses a condition key `dynamodb:LeadingKeys` with a value of `${aws:userid}`. This restricts access to items in the DynamoDB table where the partition key (`user_id`) matches the unique identifier of the IAM user or role that is making the request. This implements fine-grained access control, ensuring the application can only read or write items belonging to the authenticated user.

Exam trap

The trap here is that candidates often confuse `aws:userid` with the IAM user name or the partition key value, or they assume the policy grants full access (Option A) without noticing the condition that enforces row-level security.

How to eliminate wrong answers

Option A is wrong because the policy explicitly restricts access based on the partition key, so it does not allow all operations without restrictions. Option C is wrong because the policy does not specify any `Action` or `Effect` that limits operations to read-only; it allows all DynamoDB actions on the table, subject to the condition. Option D is wrong because the policy's `Resource` element is scoped to the `UserSessions` table ARN, but the condition is what restricts access within that table, not the ability to access other tables (which would be denied by default if not explicitly allowed).

523
MCQmedium

A financial services company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database has a high volume of write transactions and requires minimal downtime during migration. Which AWS service or feature should be used to replicate data continuously to the target RDS instance during the migration?

A.Amazon RDS Read Replica
B.Amazon RDS Multi-AZ deployment
C.AWS Database Migration Service (AWS DMS) with ongoing replication
D.AWS Schema Conversion Tool (AWS SCT)
AnswerC

AWS DMS can perform full load and then continuously replicate changes via CDC.

Why this answer

AWS Database Migration Service (AWS DMS) with ongoing replication (change data capture, CDC) is the correct choice because it continuously captures and applies changes from the source Oracle database to the target Amazon RDS for Oracle instance, enabling near-zero downtime during migration. This is achieved by using Oracle's redo logs to stream transactions in real time, which meets the high write volume and minimal downtime requirements.

Exam trap

The trap here is that candidates confuse continuous replication with high-availability features like Multi-AZ or read replicas, but those services cannot ingest data from an on-premises source; only AWS DMS with CDC provides the necessary ongoing replication for a live migration with minimal downtime.

How to eliminate wrong answers

Option A is wrong because Amazon RDS Read Replica is designed for read scaling and asynchronous replication from an RDS source, not for migrating an on-premises Oracle database; it cannot connect to an external source. Option B is wrong because Amazon RDS Multi-AZ deployment provides high availability by synchronously replicating data to a standby instance in another Availability Zone, but it does not support continuous replication from an on-premises database. Option D is wrong because the AWS Schema Conversion Tool (AWS SCT) is used to convert database schemas and code for heterogeneous migrations, not for continuous data replication.

524
MCQmedium

A company is deploying a new multi-AZ Aurora MySQL database. The application requires read-heavy workloads and low latency. Which configuration will best meet these requirements?

A.Enable Multi-AZ and use the secondary for read traffic.
B.Deploy a single instance with one read replica in the same AZ.
C.Enable Aurora Auto Scaling with a target metric of average CPU utilization.
D.Use an RDS Proxy in front of the database.
AnswerC

Aurora Auto Scaling adds reader instances automatically to handle read-heavy workloads, improving latency.

Why this answer

Option C is correct because Aurora Auto Scaling dynamically adds reader instances based on the average CPU utilization metric, which directly addresses the read-heavy workload requirement by distributing read traffic across multiple replicas. This configuration ensures low latency by scaling out read capacity automatically as demand increases, without manual intervention.

Exam trap

The trap here is that candidates confuse Multi-AZ with read scaling, assuming the standby instance can serve reads, but in Aurora Multi-AZ, the secondary is a writer instance for failover only, not a reader.

How to eliminate wrong answers

Option A is wrong because in Aurora Multi-AZ, the secondary (writer) instance is not used for read traffic; it only provides failover support, and using it for reads would degrade write performance and violate Aurora's architecture. Option B is wrong because deploying a single instance with one read replica in the same AZ does not provide high availability or fault tolerance, and a single replica cannot handle heavy read loads effectively, leading to potential latency issues. Option D is wrong because RDS Proxy manages connection pooling and reduces database load from connection churn, but it does not directly address read-heavy workloads or scale read capacity; it is a connection management tool, not a read scaling solution.

525
MCQmedium

A company is deploying a new web application on AWS. The application uses Amazon RDS for MySQL as its database. The database must be highly available and automatically failover in the event of an AZ outage. The company also needs to offload read traffic from the primary database to improve performance. The application read-to-write ratio is 80:20. The database workload is variable, with occasional spikes. The company wants a cost-effective solution that scales read capacity automatically. The operations team has limited experience with AWS. Which solution should the company implement?

A.Deploy an RDS for MySQL instance with Multi-AZ and one or more read replicas, and use Application Auto Scaling to add replicas based on CPU utilization
B.Deploy an RDS for MySQL instance with Multi-AZ and enable automatic scaling of the instance size
C.Deploy an Amazon Aurora MySQL cluster with Multi-AZ and enable Aurora Auto Scaling for read replicas
D.Deploy an RDS for MySQL instance with multiple read replicas and use a custom script to promote a read replica in case of failure
AnswerC

Aurora provides automatic failover and auto-scaling of read replicas, and is MySQL-compatible, making it a cost-effective and simpler solution.

Why this answer

Multi-AZ provides automatic failover. Read replicas offload read traffic. However, read replicas do not auto-scale automatically; you need to add replicas manually or use auto-scaling with a custom solution.

But given limited experience, the simplest solution is to use Multi-AZ and one or more read replicas. Option C (Multi-AZ with read replicas and Application Auto Scaling) is the most complete, but Application Auto Scaling for read replicas requires custom metrics. Option D (Aurora with Auto Scaling) is simpler because Aurora Auto Scaling automatically adds/removes read replicas based on CPU or connections.

Aurora is MySQL-compatible and provides better performance and scalability. For limited experience, Aurora is a better choice. Option A (Multi-AZ only) does not offload reads.

Option B (Read replicas only) lacks automatic failover. So the best is D.

Page 6

Page 7 of 24

Page 8