AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 526600

1730 questions total · 24pages · All types, answers revealed

Page 7

Page 8 of 24

Page 9
526
MCQmedium

A retail company uses Amazon RDS for PostgreSQL as the backend for its e-commerce platform. During a flash sale, the database experienced high CPU utilization and increased the number of active connections. The application team reported that some queries timed out. The database specialist reviewed the slow query log and found that several queries were performing sequential scans on large tables due to missing indexes. The specialist created the necessary indexes, but the issue persists for some queries. Upon further investigation, the specialist notices that the query planner is still choosing sequential scans for some queries. What should the database specialist do to ensure the query planner uses the indexes?

A.Increase maintenance_work_mem to speed up index creation.
B.Decrease the random_page_cost to make indexes more attractive.
C.Run the ANALYZE command to update table statistics.
D.Set enable_seqscan to off to force index usage.
AnswerC

Updated statistics help the planner use indexes.

Why this answer

Option A is correct because running ANALYZE updates table statistics, which helps the query planner choose the best plan. Option B is wrong because increasing maintenance_work_mem helps with autovacuum but not query planning. Option C is wrong because disabling sequential scans is a brute-force approach that may not be optimal.

Option D is wrong because setting cpu_tuple_cost changes the cost model but might not be necessary.

527
Multi-Selectmedium

A company is migrating a 200 GB Oracle database to Amazon Aurora MySQL. They want to minimize downtime and ensure data consistency. Which two services should they use together? (Choose TWO.)

Select 2 answers
A.AWS Snowball Edge
B.AWS Schema Conversion Tool (SCT)
C.AWS Database Migration Service (DMS)
D.AWS Data Pipeline
E.Amazon EC2 with Oracle installed
AnswersB, C

SCT converts Oracle schema to Aurora MySQL.

Why this answer

Options B and D are correct. AWS SCT converts the Oracle schema to MySQL-compatible format, and AWS DMS performs the data migration with ongoing replication to minimize downtime. Option A is wrong because Snowball is for offline data transfer, which would introduce downtime.

Option C is wrong because Data Pipeline is not the primary migration tool. Option E is wrong because EC2 is not needed.

528
MCQeasy

A financial services company uses Amazon DynamoDB to store transaction records. Each transaction has a unique transaction_id as the partition key and a timestamp as the sort key. The application frequently queries all transactions for a given customer within a date range. However, customer_id is not an attribute indexed for querying. The company wants to optimize these queries without redesigning the entire table schema. Which action should the company take?

A.Change the table's partition key to customer_id and use a composite sort key.
B.Create a Local Secondary Index (LSI) on customer_id.
C.Create a Global Secondary Index (GSI) with customer_id as the partition key and timestamp as the sort key.
D.Use the Scan operation with a filter expression for customer_id and timestamp.
AnswerC

A GSI allows querying by customer_id and timestamp range without modifying the base table.

Why this answer

Option C is correct because creating a Global Secondary Index (GSI) with customer_id as the partition key and timestamp as the sort key allows efficient querying of all transactions for a given customer within a date range without redesigning the base table. The GSI provides a new access pattern with its own partition and sort keys, enabling the Query operation on customer_id and timestamp, which is far more efficient than a Scan. This approach preserves the existing table schema and supports the required query pattern with minimal overhead.

Exam trap

The trap here is that candidates often confuse Local Secondary Indexes (LSIs) with Global Secondary Indexes (GSIs), assuming an LSI can be added later or can use a different partition key, when in fact LSIs must share the base table's partition key and can only be created at table creation time.

How to eliminate wrong answers

Option A is wrong because changing the table's partition key to customer_id would require a full table redesign, data migration, and application downtime, which contradicts the requirement to avoid redesigning the entire table schema. Option B is wrong because a Local Secondary Index (LSI) can only be created at table creation time and must use the same partition key as the base table (transaction_id), so it cannot index on customer_id as a partition key for range queries. Option D is wrong because using the Scan operation with a filter expression for customer_id and timestamp is inefficient, as it reads every item in the table and then filters, incurring high read capacity consumption and latency, especially for large tables.

529
MCQhard

A company is deploying a new web application using Amazon RDS for PostgreSQL. The application requires read-heavy workloads and automatic failover. Which configuration should be used?

A.Multi-AZ deployment without Read Replicas
B.Single-AZ with a Read Replica in the same region
C.Multiple Read Replicas in different regions
D.Multi-AZ deployment with one or more Read Replicas
AnswerD

Provides HA and read scaling.

Why this answer

Multi-AZ deployment provides automatic failover, and Read Replicas offload read traffic. Option D is correct. Option A (Single-AZ) no HA.

Option B (Multi-AZ) gives HA but no read scaling. Option C (Read Replicas only) no automatic failover.

530
MCQmedium

A company has a document database workload on Amazon DynamoDB that stores user session data. The application frequently updates session attributes (e.g., last activity timestamp). The current design stores the entire session as a single item and updates the entire item on each session activity. This is causing high write costs and throttling. Which design pattern would reduce write costs and improve performance?

A.Increase the write capacity units (WCUs) on the table.
B.Use UpdateItem with an update expression to modify only the changed attributes.
C.Implement DynamoDB Accelerator (DAX) to cache the session data.
D.Split the session item into multiple items, one per attribute.
AnswerB

Update expressions only write the changed attributes, consuming fewer write capacity units.

Why this answer

Option B is correct because using UpdateItem with an update expression allows you to modify only the specific attributes that changed (e.g., last activity timestamp) instead of rewriting the entire item. This reduces write consumption to a fraction of the original cost, since DynamoDB charges based on the size of the written data, and partial updates write only the changed attribute bytes. This directly addresses the high write costs and throttling caused by full-item overwrites.

Exam trap

The trap here is that candidates often confuse scaling solutions (increasing WCUs or adding DAX) with optimization patterns, failing to recognize that the real issue is the write amplification caused by full-item updates rather than insufficient capacity or read performance.

How to eliminate wrong answers

Option A is wrong because increasing write capacity units (WCUs) only raises the throughput limit but does not reduce the cost per write; it would increase costs further and does not solve the root cause of writing the entire item. Option C is wrong because DynamoDB Accelerator (DAX) is an in-memory cache that improves read performance, not write cost or write throttling; it does not reduce the amount of data written per update. Option D is wrong because splitting a session item into multiple items per attribute would require multiple write operations for each session update, increasing write costs and complexity, and DynamoDB charges per write request regardless of item size.

531
MCQeasy

A company is migrating an on-premises Oracle OLTP workload to AWS. The database has complex stored procedures and requires minimal code changes. Which AWS database service is the most suitable target?

A.Amazon Redshift
B.Amazon DynamoDB
C.Amazon Aurora PostgreSQL
D.Amazon RDS for Oracle
AnswerD

Minimal code changes required.

Why this answer

Amazon RDS for Oracle allows minimal code changes as it is compatible with Oracle. Option B (Aurora PostgreSQL) would require rewriting procedures. Option C (DynamoDB) is NoSQL.

Option D (Redshift) is for analytics.

532
MCQeasy

A company runs a MySQL database on Amazon RDS for an e-commerce platform. The application performs frequent INSERT and UPDATE operations on the 'orders' table. The team notices an increase in disk I/O and CPU usage. They want to optimize the database for write-heavy workloads without changing the application. Which option is the MOST effective?

A.Enable Multi-AZ deployment for redundancy
B.Change the storage engine to MyISAM
C.Increase the InnoDB buffer pool size
D.Upgrade to Amazon Aurora MySQL
AnswerC

A larger buffer pool reduces disk I/O by caching data and indexes in memory.

Why this answer

RDS provides enhanced monitoring and parameter groups. For write-heavy workloads, using InnoDB with appropriate buffer pool settings is key. Option A is wrong because switching to MyISAM is not recommended (no transaction support, table-level locking).

Option B is wrong because enabling Multi-AZ does not improve write performance (synchronous replication adds latency). Option D is wrong because converting to Aurora MySQL would improve performance but is more expensive and not without changes.

533
Multi-Selecthard

A company is designing a disaster recovery plan for an Amazon RDS for Oracle DB instance. The primary region is us-east-1, and the DR region is us-west-2. The RPO must be less than 5 minutes, and the RTO must be less than 15 minutes. Which THREE actions should be taken? (Choose THREE.)

Select 3 answers
A.Create a cross-region read replica in us-west-2.
B.Enable cross-region automated backups to us-west-2.
C.Deploy a Multi-AZ standby in us-east-1.
D.Set up cross-region replication using AWS DMS with ongoing replication.
E.Take daily manual snapshots and copy them to us-west-2.
AnswersA, B, D

A cross-region read replica can be promoted to a standalone instance quickly, meeting RTO.

Why this answer

Option A is correct because cross-region automated backups provide RPO of a few minutes. Option C is correct because a cross-region read replica can be promoted quickly, meeting RTO. Option E is correct because a cross-region manual snapshot is too slow for RPO.

Option B is wrong because Multi-AZ is within a single region. Option D is wrong because manual snapshots do not meet RPO. So correct: A, C, and E? Wait, E is manual snapshot - that is not good.

Let's re-evaluate: To achieve RPO<5min and RTO<15min, you need continuous replication. Cross-region automated backups have an RPO of up to 5 minutes. Cross-region read replica provides near-real-time replication and can be promoted quickly.

Option B is Multi-AZ within region, not cross-region. Option D is manual snapshots, too slow. Option E is cross-region replication with AWS DMS, which can achieve low RPO.

So correct: A (cross-region automated backups), C (cross-region read replica), and E (DMS). Actually, DMS is not typically used for RDS replication; but it can be. However, the more standard approach is cross-region read replica.

Let's analyze: Option A: cross-region automated backups - RPO up to 5 minutes, but RTO can be longer than 15 minutes because you need to restore from backup. Option C: cross-region read replica - can be promoted in minutes, RTO <15min, RPO seconds. Option E: cross-region multi-AZ is not a thing.

Option B: Multi-AZ is within region. Option D: manual snapshots are too slow. So the best three to meet both RPO and RTO: A, C, and maybe E? But DMS is an alternative.

However, the question expects three correct answers. Let's check typical AWS documentation: For cross-region DR with RDS, you can use cross-region automated backups (RPO ~5min, RTO depends on restore time) or cross-region read replica (RPO seconds, RTO minutes). Multi-AZ is not cross-region.

Manual snapshots are not suitable. So which three? Possibly: A, C, and D? No. I think the intended correct answers are A, C, and D? But D says manual snapshots, which are not good.

Let's reconsider: Maybe the question is 'Which THREE' and the answers include B (Multi-AZ) as one? But Multi-AZ does not provide cross-region DR. I'm going to correct: The three correct actions are: A (cross-region automated backups), C (cross-region read replica), and E (cross-region replication using AWS DMS). But DMS is a valid service for cross-region replication.

However, the more common approach is to use a cross-region read replica. But since the question says 'Which THREE', I'll go with A, C, and E. But wait, E says 'Set up cross-region replication using AWS Database Migration Service (DMS) with ongoing replication'.

That is a valid method. So I'll keep A, C, E.

534
MCQeasy

A startup is building a multi-tenant SaaS application where each tenant's data must be isolated. The data model is relational with complex joins. Which database deployment model is most appropriate?

A.Use a single Amazon DynamoDB table with a tenant_id partition key
B.Use a single Amazon Redshift cluster with tenant_id distribution key
C.Provision a separate Amazon RDS instance for each tenant
D.Use a single Amazon RDS database with a tenant_id column on every table
AnswerC

Separate instances ensure complete data isolation and independent scaling.

Why this answer

Option B is correct because a separate RDS instance per tenant provides strong isolation. Option A (single table with tenant_id) risks noisy neighbors. Option C (DynamoDB single table) is not relational.

Option D (Redshift) is for analytics, not OLTP.

535
MCQhard

A company is using Amazon DynamoDB Accelerator (DAX) for caching. The security team is concerned about data in transit between the application and DAX. What should the team do to ensure that all traffic to DAX is encrypted?

A.Launch the DAX cluster in a private subnet with a VPC endpoint.
B.Enable encryption in transit when creating the DAX cluster.
C.Use AWS Certificate Manager to issue a certificate for the DAX cluster.
D.Use client-side encryption to encrypt data before sending it to DAX.
AnswerB

DAX supports TLS encryption in transit when enabled at cluster creation.

Why this answer

Option B is correct. DAX supports encryption in transit by default when you create a DAX cluster. You must enable encryption in transit at the time of creation by checking the 'Encryption in transit' option.

Option A is incorrect because DAX does not support client-side encryption. Option C is incorrect because DAX does not use AWS Certificate Manager for its cluster; it uses its own encryption. Option D is incorrect because launching DAX in a private subnet does not encrypt traffic.

536
Multi-Selecteasy

Which TWO are valid use cases for Amazon ElastiCache for Redis? (Choose 2)

Select 2 answers
A.Storing graph data with relationships
B.Session management for web applications
C.Running complex analytical queries on large datasets
D.Caching frequently accessed database queries to reduce load on RDS
E.Persistent storage of relational data
AnswersB, D

Redis is often used for session storage due to low latency.

Why this answer

Amazon ElastiCache for Redis is an in-memory data store ideal for session management because it provides sub-millisecond latency for storing and retrieving session tokens, supports TTL-based key expiration to automatically clean up stale sessions, and offers atomic operations like SETEX for safe session creation. This makes it a perfect fit for stateless web applications that need to offload session state from the application server.

Exam trap

The trap here is that candidates often confuse caching (option D) with persistent storage (option E) or assume that Redis's data structures (like sorted sets) can handle graph relationships (option A), but Redis lacks the graph traversal and indexing capabilities of a dedicated graph database.

537
Multi-Selecthard

A company is deploying a new Amazon RDS for Oracle database in a VPC. The database must be accessed by an application running on an EC2 instance in a different subnet. Which THREE steps are required to allow this access?

Select 3 answers
A.Create a VPC peering connection between the subnets.
B.Attach an Internet Gateway to the VPC.
C.Configure the network ACL for the RDS subnet to allow inbound traffic from the EC2 subnet.
D.Ensure the VPC has the 'Enable DNS hostnames' attribute set to true.
E.Add an inbound rule to the RDS security group that allows traffic from the EC2 security group.
AnswersC, D, E

NACLs provide stateless filtering.

Why this answer

The security group of the RDS instance must allow inbound traffic from the EC2 security group. The VPC must have an association between subnets. The network ACLs must allow inbound traffic.

Option D (Internet Gateway) is not needed for private connectivity. Option E (VPC peering) is not needed if in same VPC.

538
Multi-Selectmedium

A company needs to migrate a 1 TB Oracle database to Amazon RDS for Oracle. The migration must have minimal downtime and the source database is running on-premises. Which TWO AWS services should be used together to achieve this?

Select 2 answers
A.AWS Database Migration Service (DMS)
B.AWS Schema Conversion Tool (SCT)
C.AWS CloudEndure Migration
D.AWS Snowball
E.AWS Direct Connect
AnswersA, B

DMS supports ongoing replication for minimal downtime.

Why this answer

Options B and D are correct. AWS DMS (B) can perform the initial full load and ongoing replication, while AWS SCT (D) can help convert the Oracle schema to be compatible with RDS. Option A is wrong because Snowball is for large offline data transfer, not for minimal downtime migration with ongoing replication.

Option C is wrong because Direct Connect is a network service, not a migration service. Option E is wrong because CloudEndure is for server migration, not database migration.

539
MCQeasy

A company wants to deploy a DynamoDB table that requires consistent single-digit millisecond latency regardless of traffic spikes. Which DynamoDB capacity mode should be selected?

A.DynamoDB Accelerator (DAX) enabled.
B.Provisioned capacity mode with auto scaling.
C.On-demand capacity mode.
D.Provisioned capacity mode with fixed read/write capacity.
AnswerC

Automatically scales to handle any traffic level.

Why this answer

Option D is correct because on-demand mode automatically scales to handle traffic spikes while maintaining latency. Option A is wrong because provisioned mode can throttle if capacity is exceeded. Option B is wrong because provisioned with auto scaling still has a maximum capacity.

Option C is wrong because global tables are for multi-region replication, not for handling spikes.

540
MCQhard

A company is running a MongoDB-compatible Amazon DocumentDB cluster. The application experiences high write latency during peak hours. The database administrator checks the CloudWatch metrics and notices that the Write IOPS metric is consistently at the maximum for the instance size. What should the administrator do to reduce write latency?

A.Increase the instance size to a larger instance class with higher IOPS limits.
B.Switch to a memory-optimized instance class.
C.Increase the allocated storage size to improve I/O performance.
D.Enable Multi-AZ deployment to offload writes to the standby.
AnswerA

Larger instance classes have higher baseline IOPS and burst IOPS, reducing write latency.

Why this answer

Option A is correct because increasing the instance size provides more IOPS capacity, which can reduce write latency if the instance is hitting IOPS limits. Option B is incorrect because enabling Multi-AZ adds a standby but does not increase write IOPS capacity on the primary. Option C is incorrect because increasing the storage size may increase IOPS if using gp2 but not necessarily, and the issue is IOPS, not storage capacity.

Option D is incorrect because the instance class is already optimized for memory; the issue is I/O, not memory.

541
Multi-Selectmedium

A company is running a production Amazon RDS for Oracle DB instance. The database specialist is setting up monitoring to detect and troubleshoot performance issues. Which TWO metrics should be used to identify whether the database is experiencing I/O bottlenecks?

Select 2 answers
A.DatabaseConnections
B.CPUUtilization
C.ReadLatency
D.WriteLatency
E.FreeStorageSpace
AnswersC, D

High read latency indicates I/O bottlenecks on reads.

Why this answer

ReadLatency and WriteLatency directly measure the time taken for I/O operations. High values indicate I/O bottlenecks. DatabaseConnections and CPUUtilization measure other resources.

FreeStorageSpace indicates storage capacity, not performance.

542
MCQeasy

A company is running a production Amazon DynamoDB table and notices that read requests are being throttled. The table has on-demand capacity mode enabled. Which action should the database specialist take to troubleshoot the throttling?

A.Check the CloudWatch metric 'ThrottledRequests' for the table and review 'SystemErrors' to identify hot partitions.
B.Enable auto scaling on the table to automatically adjust capacity.
C.Enable DynamoDB Accelerator (DAX) to reduce read load on the table.
D.Switch the table to provisioned capacity mode and increase the read capacity units.
AnswerA

Throttling with on-demand can be due to a hot partition; CloudWatch metrics help identify it.

Why this answer

Option A is correct because throttling with on-demand capacity can be due to a single partition receiving too many requests. Option B is wrong because switching to provisioned capacity does not fix the root cause. Option C is wrong because CloudWatch does not have a metric for hot partitions.

Option D is wrong because enabling auto scaling is for provisioned capacity.

543
MCQmedium

Refer to the exhibit. An IAM policy is attached to an IAM user that performs database migrations. When the user tries to start an AWS DMS replication task that writes to the RDS instance 'targetdb', the task fails with an access denied error. Which additional permission is required?

A.dms:CreateEndpoint
B.dms:CreateReplicationInstance
C.dms:DescribeReplicationInstances
D.rds:ModifyDBInstance on the source database
AnswerC

The user may need to describe replication instances to select one for the task.

Why this answer

The policy allows dms:StartReplicationTask but does not include the necessary DMS permissions for the replication instance or endpoints. Specifically, the user needs dms:CreateReplicationInstance and dms:CreateEndpoint. Also, the task may need to pass a role.

But from the error, likely missing dms:StartReplicationTask? No, that's allowed. The error might be due to missing dms:CreateReplicationTask? That is allowed. Actually, the task might need to describe endpoints or replication instances.

The missing permission is likely dms:DescribeReplicationInstances or dms:DescribeEndpoints. However, the most common missing permission is dms:DescribeReplicationInstances to list available instances. Option D (dms:DescribeReplicationInstances) is plausible.

Option A (rds:ModifyDBInstance) is allowed for targetdb. Option B (dms:CreateReplicationInstance) is not needed if instance exists. Option C (dms:CreateEndpoint) is needed if endpoint not created.

But the exhibit shows the task already created? The user might need to describe replication instances to choose one. However, the task was started, so the instance must exist. The most likely missing permission is dms:DescribeReplicationInstances.

544
MCQhard

A company is using Amazon DynamoDB with global tables. The application team reports that data written in one region is not immediately available in another region. The database specialist needs to monitor the replication lag. Which CloudWatch metric should be used?

A.Monitor the 'ConsumedWriteCapacityUnits' metric in both regions.
B.Monitor the 'PendingReplicationCount' metric in the source region.
C.Monitor the 'ThrottledRequests' metric in the source region.
D.Monitor the 'ReplicationLatency' metric in the replica region.
AnswerD

ReplicationLatency measures the time lag for global tables replication.

Why this answer

Option B is correct because 'ReplicationLatency' measures the time taken for updates to propagate. Option A is wrong because 'ThrottledRequests' is for throttling. Option C is wrong because 'PendingReplicationCount' shows number of pending items, not time.

Option D is wrong because 'ConsumedWriteCapacityUnits' is for capacity.

545
MCQeasy

A database administrator notices that an Amazon RDS for MySQL instance's storage is filling up unexpectedly. The administrator has enabled automated backups and retains them for 7 days. Which of the following actions would help reduce storage consumption without losing the ability to perform point-in-time recovery?

A.Modify the DB instance to a smaller instance class
B.Reduce the backup retention period to 1 day
C.Delete manual DB snapshots
D.Disable automated backups
AnswerB

Reducing backup retention period deletes older automated backups, freeing storage space while still allowing point-in-time recovery within the retained window.

Why this answer

Option B is correct because deleting old automated backups reduces storage used by backup data. Option A is wrong because manual snapshots are separate and do not affect automated backup storage. Option C is wrong because disabling backups would remove point-in-time recovery capability.

Option D is wrong because modifying DB instance class does not reduce storage consumption.

546
MCQmedium

A company is migrating a 2 TB Oracle database to Amazon Aurora PostgreSQL. They need to minimize downtime and ensure data consistency. Which migration strategy should they use?

A.Use AWS DMS with full load only, then cut over during a maintenance window.
B.Use AWS DMS with ongoing replication (change data capture) from Oracle to Aurora.
C.Export the database to Amazon S3 using Oracle Data Pump, then import into Aurora.
D.Use pg_dump to export the database and pg_restore to import into Aurora.
AnswerB

DMS CDC captures ongoing changes, allowing near-zero downtime migration.

Why this answer

Option C is correct because AWS DMS with ongoing replication allows continuous data sync, minimizing downtime. Option A is wrong because exporting to CSV and importing is manual and not suitable for minimal downtime. Option B is wrong because native PostgreSQL pg_dump/pg_restore requires downtime.

Option D is wrong because S3 transfer is for file-based data, not live databases.

547
MCQhard

A company is using Amazon ElastiCache for Redis as a caching layer for a web application. The application's response time has increased, and the operations team suspects that cache evictions are occurring frequently. Which ElastiCache metric should be monitored to confirm cache evictions?

A.CacheHits
B.SwapUsage
C.Evictions
D.CurrItems
AnswerC

Evictions metric directly counts evicted keys.

Why this answer

Option B is correct because Evictions metric shows the number of keys evicted due to memory pressure. Option A is wrong because CacheHits shows successful retrievals. Option C is wrong because CurrItems shows the current number of items, not evictions.

Option D is wrong because SwapUsage shows swap usage, not evictions.

548
MCQhard

A company is using Amazon DynamoDB for a gaming application. During a new game launch, write traffic spikes and some users receive 'ProvisionedThroughputExceededException' errors. The company wants to handle these spikes automatically and cost-effectively. What should be done?

A.Implement application-level retries with exponential backoff and a queue.
B.Switch the table to on-demand capacity mode.
C.Increase the provisioned write capacity to the expected peak.
D.Enable DynamoDB auto scaling with a target utilization of 70%.
AnswerD

Auto scaling automatically adjusts capacity to handle traffic spikes.

Why this answer

Option B is correct because DynamoDB auto scaling adjusts capacity based on actual traffic patterns, preventing throttling while optimizing cost. Option A is wrong because application-level queuing adds latency. Option C is wrong because on-demand mode is cost-inefficient for predictable spikes.

Option D is wrong because increasing provisioned capacity manually is not automatic.

549
MCQhard

A company is using Amazon DynamoDB with provisioned capacity and Auto Scaling. They notice that during a marketing campaign, write traffic exceeded the provisioned WCU and caused throttling. Auto Scaling increased the WCU, but the throttling persisted for several minutes. Which additional measure can prevent throttling during such predictable spikes?

A.Switch the table to on-demand capacity mode.
B.Enable DynamoDB Accelerator (DAX) to cache write requests.
C.Increase the maximum provisioned WCU in the Auto Scaling policy.
D.Configure a scheduled scaling action in Application Auto Scaling to increase WCU before the campaign.
AnswerD

Scheduled scaling pre-provisions capacity for known traffic patterns.

Why this answer

Option A is correct because using Application Auto Scaling scheduled scaling allows pre-scaling capacity before the spike. Option B is wrong because DAX is for reads. Option C is wrong because on-demand may be costlier but solves unpredictability; for predictable spikes, scheduled scaling is better.

Option D is wrong because increasing max capacity alone doesn't pre-scale.

550
MCQhard

A company is planning to migrate a 5 TB Oracle data warehouse to Amazon Redshift. They need to transform the data during migration. Which AWS service should they use to perform the transformation?

A.Amazon Kinesis Data Analytics for real-time transformation.
B.Amazon Athena to query the source data and write results to Redshift.
C.AWS Glue to perform extract, transform, and load (ETL) jobs.
D.AWS Database Migration Service (DMS) with transformation rules.
AnswerC

Glue is a fully managed ETL service suitable for transforming data before loading into Redshift.

Why this answer

Option D is correct because AWS Glue is a serverless ETL service that can perform transformations. Option A is wrong because AWS DMS is for database migration with minimal transformation. Option B is wrong because Kinesis is for real-time streaming data.

Option C is wrong because Athena is a query service, not an ETL tool.

551
MCQmedium

A company is using a Multi-AZ RDS for MySQL instance. The primary instance recently experienced an unexpected failover, and the application experienced a brief interruption. The database administrator wants to investigate the root cause. Which AWS service should be used to review the failover event and its details?

A.AWS Config
B.AWS Support (Trusted Advisor)
C.Amazon RDS Event Notifications
D.AWS CloudTrail
AnswerB

AWS Support provides detailed analysis and logs for RDS events, including failover root cause analysis.

Why this answer

AWS Support provides detailed logs and analysis for events like failovers through the AWS Support API and AWS Support Center. CloudTrail records API calls, RDS events show notifications but not deep root cause analysis, and Config tracks configuration changes. The correct service for RCA is AWS Support.

552
MCQeasy

A company wants to migrate an on-premises MongoDB database to Amazon DocumentDB. The migration should be performed with minimal application changes. Which AWS service should be used?

A.Amazon S3 Transfer Acceleration
B.AWS DataSync
C.AWS Schema Conversion Tool (AWS SCT)
D.AWS Database Migration Service (AWS DMS)
AnswerD

AWS DMS can migrate data from MongoDB to DocumentDB with minimal application changes.

Why this answer

AWS DMS is the correct service because it supports homogeneous migrations from MongoDB to Amazon DocumentDB, including ongoing replication via change data capture (CDC) to minimize downtime. It handles schema conversion automatically for compatible data types, requiring minimal application changes since DocumentDB is MongoDB-compatible. AWS DMS can migrate data directly from a MongoDB source to a DocumentDB target without needing an intermediate schema transformation tool.

Exam trap

The trap here is that candidates may choose AWS SCT thinking schema conversion is always required, but for a homogeneous migration to a MongoDB-compatible target like DocumentDB, AWS DMS alone handles both schema and data migration without needing SCT.

How to eliminate wrong answers

Option A is wrong because Amazon S3 Transfer Acceleration is used to speed up uploads to S3 over long distances, not for database migration or replication. Option B is wrong because AWS DataSync is designed for moving large datasets between on-premises storage and AWS storage services (e.g., S3, EFS, FSx), not for database migration or ongoing replication. Option C is wrong because AWS Schema Conversion Tool (AWS SCT) is used for heterogeneous database migrations (e.g., Oracle to Aurora) to convert schema and code, but it is not needed for a homogeneous migration from MongoDB to DocumentDB, and it does not perform the actual data migration.

553
MCQhard

A company stores financial data in an Amazon Aurora MySQL DB cluster. The security team requires that database audit logs be stored in Amazon CloudWatch Logs and encrypted at rest using a customer-managed KMS key. The database specialist enables audit log publishing to CloudWatch Logs and specifies a KMS key for log encryption. However, the audit logs are not appearing in CloudWatch Logs. What is the most likely cause?

A.The CloudWatch Logs log group does not exist and RDS cannot create it automatically.
B.The DB cluster is not configured to export error logs, only audit logs.
C.The IAM role used for publishing logs does not have the necessary permissions to use the KMS key for CloudWatch Logs.
D.CloudWatch Logs does not support encryption with customer-managed KMS keys for audit logs.
E.The audit log parameter is static and requires a DB cluster reboot after modification.
AnswerC

The IAM role must have kms:Encrypt permission on the KMS key to allow log delivery.

Why this answer

When publishing database audit logs to CloudWatch Logs with a customer-managed KMS key, the IAM role used by RDS must have explicit permissions for the `kms:Encrypt` and `kms:Decrypt` actions on the KMS key. Without these permissions, RDS cannot encrypt the log stream, and the logs will not appear. Option C correctly identifies this missing permission as the most likely cause.

Exam trap

The trap here is that candidates often assume the issue is a missing log group or a static parameter, but the exam tests the nuanced requirement that the IAM role must have explicit KMS key permissions for log encryption to work.

How to eliminate wrong answers

Option A is wrong because RDS can automatically create the CloudWatch Logs log group when publishing is enabled; the log group does not need to pre-exist. Option B is wrong because the question specifically states audit logs are enabled, and the issue is that no logs appear at all, not that only error logs are missing. Option D is wrong because CloudWatch Logs fully supports encryption with customer-managed KMS keys for audit logs; this is a supported feature.

Option E is wrong because the audit log parameter (`server_audit_logging`) is dynamic and does not require a reboot; it takes effect immediately after modification.

554
MCQmedium

A database administrator is troubleshooting a backup failure for an Amazon RDS for SQL Server DB instance. The error message states 'Insufficient storage capacity for backup. Free storage space is 0 GB.' The DB instance has 200 GB allocated storage. What is the most likely cause?

A.The DB instance has insufficient free storage space to perform the backup.
B.The DB instance has reached the maximum number of manual snapshots.
C.The transaction logs are consuming all allocated storage.
D.The backup retention period is set to 0 days, disabling automated backups.
AnswerA

Automated backups require free space for temporary files.

Why this answer

Option A is correct because RDS requires free storage for automated backups and logs; insufficient free storage causes backup failure. Option B is wrong because backup retention does not consume storage. Option C is wrong because snapshot storage is separate.

Option D is wrong because transaction logs accumulate in allocated storage.

555
MCQhard

A company uses Amazon RDS for PostgreSQL to store sensor data. Each sensor sends a row every second. The table has grown to 500 GB and queries filtering on a timestamp column are slow even with an index. The team wants to improve query performance while keeping the data online. Which approach should they take?

A.Partition the table by time using PostgreSQL table partitioning
B.Migrate to Amazon Aurora PostgreSQL and enable parallel query
C.Add more indexes on the timestamp column
D.Create a read replica and direct queries to the replica
AnswerA

Partitioning by time allows partition pruning, significantly improving query performance on timestamp filters.

Why this answer

Partitioning the table by time (e.g., by day or month) allows PostgreSQL to prune partitions, reducing the amount of data scanned. This is a common pattern for time-series data. Adding more indexes can slow writes.

Read replicas help with read scaling but not query performance on the primary. Changing to Aurora PostgreSQL with parallel query can help but partitioning is a more direct solution.

556
MCQeasy

A company notices that its Amazon DynamoDB table is consuming more read capacity than expected. The table has a global secondary index (GSI) with a different sort key. Which action would most likely reduce the read consumption?

A.Increase the write capacity of the table.
B.Enable DAX (DynamoDB Accelerator) to cache read results.
C.Change the sort key of the base table to match the GSI sort key.
D.Create a local secondary index (LSI) with the same sort key as the GSI.
AnswerB

DAX reduces the number of reads to the table, lowering read capacity consumption.

Why this answer

Queries that use the GSI can consume read capacity from the index. However, if the query uses the base table's primary key, it consumes from the base table. Option A is wrong because local secondary indexes don't help.

Option B is wrong because adjusting write capacity doesn't affect reads. Option C is correct because enabling DynamoDB Accelerator (DAX) caches reads, reducing read capacity consumption. Option D is wrong because changing the sort key is not a direct solution.

557
MCQhard

A company is migrating a 2 TB Oracle database running on an on-premises Linux server to Amazon RDS for Oracle. The migration must have minimal downtime and must be fully reversible if any issues arise. The DBA has configured AWS DMS with a full load and ongoing replication task. The full load completes successfully, and CDC is replicating changes. During the cutover window, the DBA stops the source database and promotes the target RDS instance. However, after cutover, the application team reports that some recent transactions are missing from the target database. The DBA confirms that the DMS task showed a 'healthy' status before stopping. Which action should the DBA take to resolve the issue and prevent recurrence?

A.Rebuild the entire migration using a native Oracle export/import tool.
B.Increase the replication instance size to improve throughput.
C.Restart the DMS task from the beginning to recapture the missing data.
D.Before stopping the source database, run the 'Stop task' command with the '--apply-immediately' option to ensure all cached changes are written to the target.
AnswerD

This ensures that all remaining CDC changes are applied before stopping.

Why this answer

Option B is correct. In a DMS migration, the final step should be to capture remaining changes after stopping the source database. This is done by running the 'Stop task' command with the '--apply-immediately' flag or by using the 'Last Stop' command in the console.

Option A is wrong because increasing the replication instance size does not address missing transactions. Option C is wrong because restarting the task does not capture the missed transactions; they were already lost. Option D is wrong because rebuilding the migration from scratch is time-consuming and does not address the root cause.

558
MCQeasy

A company is deploying a new application that requires a highly available DynamoDB table with eventual consistency. The table will be accessed from multiple AWS Regions. What is the most appropriate deployment strategy?

A.Use DynamoDB auto scaling to handle regional traffic
B.Use DynamoDB Accelerator (DAX) to cache data across regions
C.Use DynamoDB global tables
D.Use DynamoDB Streams to replicate data to another region
AnswerC

Global tables provide managed multi-region replication with eventual consistency.

Why this answer

Option C is correct because DynamoDB global tables provide multi-region replication with eventual consistency, meeting the requirements. Option A is wrong because DynamoDB Accelerator (DAX) is a caching layer, not a multi-region solution. Option B is wrong because DynamoDB Streams can be used for cross-region replication but require custom code; global tables are the managed solution.

Option D is wrong because DynamoDB auto scaling adjusts capacity, not replication.

559
MCQeasy

A developer is using AWS Database Migration Service (DMS) to migrate a database from on-premises to Amazon RDS. The migration task is failing with 'Insufficient memory' error. Which resource should be increased to resolve this?

A.Increase the size of the DMS replication instance.
B.Increase the memory on the source database.
C.Increase the Amazon S3 bucket size for staging.
D.Increase the memory on the target RDS instance.
AnswerA

Correct. A larger replication instance provides more memory for data processing.

Why this answer

Option A is correct because the DMS replication instance may have insufficient memory. Increasing its size provides more memory. Option B is wrong because source database memory is not controlled by DMS.

Option C is wrong because target RDS instance memory may not be the bottleneck. Option D is wrong because S3 is not involved in the DMS process by default.

560
MCQeasy

A company runs an e-commerce application on AWS using an Aurora MySQL database cluster. The security team mandates that all database audit logs must be stored in Amazon S3 for at least one year for compliance. The database is currently configured to publish audit logs to Amazon CloudWatch Logs. The security team wants to use AWS Database Migration Service (DMS) to migrate the database to a new Aurora MySQL cluster, and during the migration, the audit logs must continue to be captured uninterrupted. Which solution meets these requirements with the LEAST operational overhead?

A.Enable Performance Insights on the source cluster and export the data to S3.
B.Create an Aurora MySQL read replica and enable audit logs on the replica, then migrate from the replica.
C.Use AWS CloudTrail to capture SQL queries and deliver them to S3.
D.Enable the Aurora MySQL advanced audit feature with file-based output, and configure the DMS task to use these log files as a source for ongoing replication.
AnswerD

Option B is correct: This captures audit logs in files that DMS can process, ensuring continuity.

Why this answer

Option D is correct because the Aurora MySQL advanced audit feature can output audit logs directly to files on the DB instance, and DMS can be configured to read these files as a source for ongoing replication. This ensures that audit logs are continuously captured and stored in S3 (via file-based output or subsequent upload) without interruption during the migration, minimizing operational overhead by avoiding additional services or manual log forwarding.

Exam trap

The trap here is that candidates may confuse CloudTrail (which logs AWS API calls) with database-level audit logging, or assume that a read replica can seamlessly inherit and forward audit logs from the source, when in fact it only logs its own activity.

How to eliminate wrong answers

Option A is wrong because Performance Insights provides performance metrics, not database audit logs, and cannot export SQL audit data to S3. Option B is wrong because creating a read replica and enabling audit logs on it would not capture audit logs from the source cluster during migration; the replica only logs its own activity, and the migration from the replica would still require uninterrupted audit capture from the source. Option C is wrong because CloudTrail captures AWS API calls (e.g., RDS management actions), not SQL queries or database-level audit logs, so it cannot fulfill the requirement to store database audit logs.

561
MCQmedium

A company is migrating a 2 TB Oracle database from on-premises to Amazon RDS for Oracle. The database has a 4-hour maintenance window and the migration must have minimal downtime. Which AWS service should be used for the migration?

A.Use AWS Schema Conversion Tool (SCT) to convert the schema and then perform a full data load.
B.Create an RDS Cross-Region Read Replica and promote it to a standalone instance.
C.Use AWS Database Migration Service (DMS) with ongoing replication from the source database.
D.Take a full backup of the on-premises database, upload it to S3, and restore it to RDS.
AnswerC

AWS DMS can perform continuous replication, minimizing downtime.

Why this answer

AWS DMS with ongoing replication (change data capture) is the correct choice because it allows you to perform a full load of the 2 TB Oracle database and then continuously replicate incremental changes from the source to the target RDS instance. This minimizes downtime by enabling a cutover window of minutes rather than hours, which is critical given the 4-hour maintenance window constraint.

Exam trap

The trap here is that candidates often confuse AWS SCT with DMS, assuming SCT can handle ongoing replication, or they mistakenly think RDS Cross-Region Read Replicas can be created from an on-premises source, when in fact they only work between RDS instances.

How to eliminate wrong answers

Option A is wrong because AWS Schema Conversion Tool (SCT) is used for heterogeneous migrations (e.g., Oracle to Aurora PostgreSQL) and does not handle ongoing replication; it only converts schema and performs a one-time full load, which would cause extended downtime. Option B is wrong because RDS Cross-Region Read Replicas are only supported within RDS itself, not for on-premises databases; they cannot replicate from an external Oracle source. Option D is wrong because taking a full backup, uploading to S3, and restoring to RDS is a one-time bulk operation that does not capture ongoing changes, resulting in significant downtime during the backup and restore process.

562
MCQmedium

A gaming company uses Amazon RDS for PostgreSQL to store player profiles and game state data. The database is currently 500 GB and grows by 10 GB per day. The company runs weekly reports that scan the entire database, causing high I/O and CPU usage. The application experiences read latency spikes during report generation. The team wants to minimize performance impact on the application while maintaining the ability to run reports. Which solution should the team implement?

A.Create a read replica and direct all report queries to the read replica.
B.Enable Multi-AZ deployment to provide a standby instance for failover and use it for reporting.
C.Scale up the RDS instance to a larger instance type to handle the additional load from reports.
D.Archive historical game state data to Amazon S3 and delete it from the database to reduce size.
AnswerA

A read replica offloads read-intensive workloads from the primary, reducing latency for the application.

Why this answer

Creating a read replica for Amazon RDS for PostgreSQL allows the team to offload all report queries to a separate read-only endpoint, eliminating the I/O and CPU contention on the primary database. This directly addresses the read latency spikes during report generation without requiring any application changes beyond redirecting the reporting queries. The read replica asynchronously replicates data from the primary instance, ensuring the reports see a near-real-time snapshot of the data while the primary remains dedicated to the application workload.

Exam trap

The trap here is that candidates often confuse Multi-AZ standby instances with read replicas, mistakenly believing the standby can be used for read traffic, but AWS explicitly prevents read access to the standby to maintain synchronous replication integrity.

How to eliminate wrong answers

Option B is wrong because a Multi-AZ standby instance is not accessible for read queries; it is a synchronous replica used solely for automatic failover and cannot serve traffic, so it would not offload the reporting workload. Option C is wrong because scaling up the RDS instance to a larger type only increases the capacity of the single instance, but the report queries would still compete with the application for the same I/O and CPU resources, failing to minimize the performance impact. Option D is wrong because archiving historical data to S3 reduces the database size but does not address the immediate I/O and CPU spikes caused by the weekly full-table scans; the reports would still scan the remaining data and cause latency issues.

563
MCQmedium

A developer deploys the CloudFormation stack. After testing, they delete the stack. What happens to the RDS instance?

A.The RDS instance is retained and the stack deletion fails.
B.The RDS instance is deleted after a final snapshot is taken.
C.The RDS instance is deleted without a final snapshot.
D.The RDS instance is retained and a final snapshot is taken automatically.
AnswerA

DeletionProtection causes the stack deletion to fail, retaining the instance.

Why this answer

Option D is correct because DeletionProtection is set to true, which prevents stack deletion from deleting the RDS instance. Option A is wrong because DeletionProtection prevents deletion. Option B is wrong because the instance is not deleted.

Option C is wrong because snapshot is not taken automatically due to DeletionProtection.

564
MCQhard

A company runs a data warehouse on Amazon Redshift. The workload has frequent DELETE and UPDATE operations on a large fact table. Over time, query performance degrades. Which maintenance operation should be scheduled regularly to optimize performance?

A.Run VACUUM FULL during maintenance windows
B.Run VACUUM and ANALYZE commands regularly
C.Alter the table to use a different DISTKEY
D.Drop and recreate the table periodically
AnswerB

Reclaims space and updates statistics for better query plans.

Why this answer

B is correct because frequent DELETE and UPDATE operations in Redshift create ghost rows and cause table bloat, degrading query performance. Running VACUUM reclaims space and re-sorts rows, while ANALYZE updates table statistics for the query optimizer; together they restore performance without requiring a full table rebuild.

Exam trap

The trap here is that candidates confuse VACUUM FULL (a PostgreSQL command) with Redshift's VACUUM options, or assume that changing the DISTKEY or recreating the table is a practical maintenance strategy instead of using the native VACUUM and ANALYZE commands.

How to eliminate wrong answers

Option A is wrong because VACUUM FULL is not a valid Redshift command; the correct commands are VACUUM (with optional FULL parameter) and VACUUM DELETE ONLY, but VACUUM FULL is a PostgreSQL command not applicable here. Option C is wrong because altering the DISTKEY is a schema design change that requires a table rebuild and does not address the immediate bloat and statistics issues caused by frequent DELETEs and UPDATEs. Option D is wrong because dropping and recreating the table is disruptive, causes downtime, and loses data unless carefully managed; it is not a regular maintenance operation and does not leverage Redshift's built-in VACUUM and ANALYZE capabilities.

565
MCQeasy

A company wants to restrict access to an Amazon RDS for MySQL DB instance so that only applications running in a specific VPC can connect. Which solution should be implemented?

A.Use an IAM policy to restrict database connections based on source IP.
B.Configure the DB instance's security group to allow inbound traffic only from the application's security group.
C.Configure the subnet's network ACL to allow inbound traffic only from the application's IP range.
D.Attach a security group to the subnet that allows inbound traffic from the application's VPC.
AnswerB

Security groups can reference other security groups.

Why this answer

Option A is correct because a VPC security group controls inbound traffic at the instance level. Option B is wrong because network ACLs are for subnets, not individual instances. Option C is wrong because IAM policies control API access, not network connectivity.

Option D is wrong because security groups are not attached to subnets.

566
MCQhard

A database administrator is troubleshooting connectivity to an Amazon RDS for MySQL DB instance. The application is running on an EC2 instance in the same VPC and security group. The application can connect using the endpoint shown in the exhibit. However, the security team requires that all connections be encrypted using SSL. The DBA has enabled SSL on the DB instance and modified the parameter group to set require_secure_transport to ON. The application is now failing to connect. What is the most likely cause?

A.The DB instance endpoint is not resolving to the correct IP address.
B.The database user account does not have the SSL privilege granted.
C.The application's JDBC connection string does not include SSL parameters such as useSSL=true.
D.The security group does not allow inbound traffic on port 3307, which is used for SSL connections.
AnswerC

The application must explicitly request SSL connections; otherwise, the server rejects the connection.

Why this answer

Option C is correct. When require_secure_transport is set to ON, the database server rejects non-SSL connections. The application must be configured to use SSL by adding the useSSL=true and requireSSL=true parameters to the JDBC connection string.

Option A is incorrect because the security group does not need to allow port 3307; SSL uses the same port. Option B is incorrect because the endpoint is a DNS name, not an IP address. Option D is incorrect because the user account does not need the SSL privilege if the server enforces SSL.

567
MCQeasy

A company needs to migrate a 2 TB PostgreSQL database from an on-premises data center to Amazon Aurora PostgreSQL. The network bandwidth is limited to 100 Mbps. The migration window is 5 days. Which approach is most cost-effective and likely to succeed?

A.Use AWS DMS with a VPN connection to the on-premises database
B.Set up AWS Direct Connect and use DMS
C.Use AWS Snowball Edge to transfer data offline
D.Export to Amazon S3 and import into Aurora
AnswerA

DMS can migrate online within bandwidth constraints.

Why this answer

Using AWS DMS over a VPN connection allows online migration without physical devices. Snowball requires shipping time. Direct Connect has setup time and cost.

S3 import is not supported for Aurora PostgreSQL.

568
MCQhard

A gaming company uses Amazon DynamoDB to store player profiles. Each profile is about 5 KB and is accessed frequently. The access pattern is mostly point reads by player ID. The company wants to reduce read costs while maintaining low latency. Currently, the table uses provisioned capacity with 3000 RCU. Which change would be MOST effective?

A.Use strongly consistent reads instead of eventually consistent reads.
B.Switch from provisioned capacity to on-demand capacity mode.
C.Decrease the provisioned RCU to 2000 and rely on adaptive capacity.
D.Use DynamoDB Accelerator (DAX) to cache frequently accessed items.
AnswerD

DAX reduces reads from the table, lowering RCU consumption.

Why this answer

Option B is correct because DynamoDB Accelerator (DAX) caches reads, reducing RCU consumption. Option A is wrong because switching to on-demand may increase costs if traffic is steady. Option C is wrong because decreasing RCU would cause throttling.

Option D is wrong because strongly consistent reads consume more RCU than eventually consistent.

569
MCQmedium

Refer to the exhibit. A DBA sees the above log entries for an Amazon Aurora MySQL cluster. What is the most likely cause?

A.There is underlying storage corruption
B.The reader instance is lagging behind the writer
C.The DB instance has run out of connections
D.A recent backup restore operation failed
AnswerA

Page corruption errors indicate storage issues.

Why this answer

Option D is correct because the logs indicate table corruption and page corruption, typically due to underlying storage issues. Option A is wrong because connection issues would show different errors. Option B is wrong because backup restore would not cause corruption.

Option C is wrong because replication lag shows different symptoms.

570
MCQmedium

A company is migrating a 500 GB Oracle database to Amazon RDS for Oracle. The migration must be completed within 24 hours with minimal downtime. The on-premises network bandwidth is 1 Gbps. The migration team plans to use AWS DMS with ongoing replication. During the initial load, the DMS task fails with an error indicating that the source database is experiencing high CPU utilization. The source database is a production system serving live traffic. The team needs to reduce the impact on the source database while still meeting the migration deadline. Which approach should the team take?

A.Change the DMS task to perform only full load and skip ongoing replication
B.Reduce the number of tables loaded in parallel in the DMS task and schedule the migration during off-peak hours
C.Increase the size of the DMS replication instance to speed up the migration
D.Use AWS Snowball to transfer the data offline and then use DMS for ongoing replication
AnswerB

This reduces source CPU load and still meets the deadline if off-peak window is sufficient.

Why this answer

The issue is that DMS is consuming too many resources on the source. Reducing the number of tables loaded in parallel and scheduling the migration during off-peak hours will reduce CPU impact. Option B is the most balanced.

Option A (increase DMS instance size) would increase source CPU usage. Option C (change to full load only) would require downtime. Option D (use Snowball) may not meet the 24-hour deadline due to shipping time.

571
MCQeasy

A developer accidentally deleted a critical table from an Amazon RDS for MySQL DB instance. Automated backups are enabled with a retention period of 7 days. The deletion occurred 3 hours ago. What is the fastest way to restore the deleted table without affecting other tables?

A.Use the RDS Query Editor to run a flashback query that retrieves the deleted data.
B.Restore the DB instance from the latest manual snapshot and extract the table.
C.Restore the table from the automated backup using the AWS Management Console table-level restore feature.
D.Perform a point-in-time restore of the DB instance to a time just before the deletion, then export the table.
AnswerD

Point-in-time restore creates a new DB instance as it was at the specified time, allowing table extraction without affecting the original instance.

Why this answer

Option D is correct because point-in-time recovery (PITR) allows you to restore the entire DB instance to any second within the automated backup retention period (7 days). By restoring to a time just before the deletion, you can then extract the deleted table using mysqldump or SELECT INTO OUTFILE, and import it back into the original instance. This is the fastest method because it leverages existing automated backups without requiring a manual snapshot or waiting for a full restore of a large instance.

Exam trap

The trap here is that candidates confuse the table-level restore feature available in Amazon Aurora (via backtrack or cloning) with standard RDS MySQL, which lacks such granularity and requires a full instance restore for point-in-time recovery.

How to eliminate wrong answers

Option A is wrong because RDS for MySQL does not support flashback queries; that feature is specific to Oracle Database and Amazon Aurora with MySQL compatibility (using undo logs). Option B is wrong because restoring from a manual snapshot would require you to have taken one before the deletion, and the scenario only mentions automated backups, not manual snapshots; even if a manual snapshot existed, restoring the entire instance and then extracting the table is slower than PITR. Option C is wrong because RDS for MySQL does not offer a table-level restore feature from automated backups; that capability exists for Amazon Aurora (using backtrack or cloning) but not for standard RDS MySQL.

572
MCQmedium

A company is migrating a 1 TB Amazon RDS for Oracle database to Amazon RDS for PostgreSQL. The migration must be completed within a 4-hour maintenance window. The database has a high volume of transactions. Which migration method minimizes risk of data loss?

A.Use AWS SCT to convert the schema, then use AWS DMS for full load and ongoing replication.
B.Set up Oracle log shipping to an EC2 instance, then restore to RDS PostgreSQL.
C.Use AWS DMS with a full load and change data capture (CDC) enabled, with task restart and validation.
D.Export the Oracle database using Data Pump, import to PostgreSQL using pgloader.
AnswerC

CDC captures ongoing changes, task restart ensures reliability.

Why this answer

AWS DMS with task restart and validation ensures data consistency and minimizes data loss. Option A (SCT + DMS) may not complete within 4 hours. Option C (export/import) is time-consuming.

Option D (log shipping) is not supported across engines.

573
MCQeasy

A company is migrating a 100 GB SQL Server database to Amazon RDS for SQL Server. They need to minimize downtime and ensure that only the schema is converted. Which tool should they use?

A.AWS Database Migration Service (DMS)
B.AWS Schema Conversion Tool (SCT)
C.AWS DMS with schema conversion enabled
D.SQL Server Management Studio (SSMS)
AnswerB

SCT is designed to convert database schema from one engine to another.

Why this answer

AWS Schema Conversion Tool (SCT) is the correct choice because it is specifically designed to convert database schemas (including stored procedures, functions, and data types) from one engine to another, such as SQL Server to Amazon RDS for SQL Server. Since the requirement is to minimize downtime and only convert the schema (not migrate data), SCT can perform an offline schema conversion without impacting the source database, whereas DMS is a continuous data replication tool that would incur downtime for schema changes.

Exam trap

The trap here is that candidates often confuse AWS DMS (which handles data replication) with AWS SCT (which handles schema conversion), and assume DMS can perform schema-only migrations without realizing it always includes data transfer and potential downtime.

How to eliminate wrong answers

Option A is wrong because AWS DMS is primarily a data migration service that replicates ongoing changes and requires a full load of data, which would cause downtime and does not focus on schema-only conversion. Option C is wrong because DMS with schema conversion enabled still performs data migration and schema conversion together, leading to unnecessary downtime and data transfer when only schema conversion is needed. Option D is wrong because SQL Server Management Studio (SSMS) can generate schema scripts but does not automate conversion to RDS SQL Server's specific dialect or handle compatibility issues, and it would require manual intervention and potential downtime.

574
MCQeasy

A company is using Amazon DynamoDB with auto scaling enabled. The table's read capacity is set to a minimum of 100 and maximum of 1000 read capacity units (RCUs). The actual consumed read capacity is consistently at 200 RCUs. What should the database specialist do to optimize costs without impacting performance?

A.Increase the minimum read capacity to 500 RCUs.
B.Lower the minimum read capacity to 200 RCUs.
C.Disable auto scaling and set the read capacity to 200 RCUs.
D.Decrease the maximum read capacity to 500 RCUs.
AnswerB

Matches the actual consumption, preventing over-provisioning.

Why this answer

Option A is correct because lowering the minimum to 200 RCUs ensures auto scaling does not scale below the actual usage, reducing provisioned capacity costs. Option B is wrong because decreasing the maximum could cause throttling during spikes. Option C is wrong because increasing the minimum would increase costs unnecessarily.

Option D is wrong because disabling auto scaling would require manual management and may lead to over-provisioning.

575
Multi-Selecthard

A company is migrating a large Oracle data warehouse to AWS. The warehouse contains 50 TB of data and runs complex analytical queries. The solution must support concurrency of up to 100 users and provide high performance for queries. Which THREE design decisions should the company make? (Choose three.)

Select 3 answers
A.Use distribution keys based on frequently joined columns
B.Design tables with columnar storage
C.Use Amazon RDS for Oracle with Multi-AZ
D.Use Amazon DynamoDB with global tables
E.Use Amazon Redshift as the database engine
AnswersA, B, E

Distribution keys enable parallel processing and reduce data movement.

Why this answer

Distribution keys based on frequently joined columns ensure that related data is co-located on the same compute nodes, minimizing data movement across the network during joins. This is critical for complex analytical queries on large datasets in Amazon Redshift, as it reduces shuffle overhead and improves query performance.

Exam trap

The trap here is that candidates may confuse Amazon RDS for Oracle (an OLTP database) with a suitable data warehouse solution, overlooking that Redshift’s columnar storage and MPP architecture are specifically designed for large-scale analytical workloads.

576
Matchingmedium

Match each AWS monitoring tool to its capability for databases.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Collects metrics and logs, sets alarms

Visualizes database performance and identifies bottlenecks

Provides OS-level metrics for RDS instances

Records API calls for auditing and governance

SNS-based alerts for database events like failovers

Why these pairings

Tools for monitoring and troubleshooting database performance.

577
MCQhard

A financial services company needs to enforce row-level security on a MySQL database hosted on Amazon RDS. They want to restrict access so that each application user can only see their own data. Which approach should they take?

A.Place each user's data in a separate database and use VPC endpoints to isolate access
B.Create separate database views for each user
C.Use a MySQL proxy that injects session context variables and enable row-level security in the application queries
D.Use IAM database authentication and define fine-grained access policies
AnswerC

Allows dynamic row filtering per user.

Why this answer

Using MySQL proxy with session context variables allows row-level filtering based on user identity. Option A (IAM policy) doesn't apply to database rows. Option B (views per user) is not scalable.

Option D (VPC endpoints) doesn't control row access.

578
MCQeasy

A database specialist is troubleshooting an Amazon RDS for MySQL DB instance that is running out of storage. The instance has automated backups enabled. The specialist needs to free up storage space immediately without losing backup capability. Which action should the specialist take?

A.Modify the DB instance to reduce the backup retention period to 0 days.
B.Delete older automated backups that are no longer needed.
C.Delete manual snapshots from the RDS console.
D.Disable automated backups to stop storage consumption.
AnswerB

Automated backups consume DB instance storage; deleting old ones frees space.

Why this answer

Option C is correct because deleting old automated backups frees up storage space without affecting the current backup capability. Option A is wrong because modifying the backup retention period does not free space immediately. Option B is wrong because manual snapshots are stored in Amazon S3 and do not affect the DB instance storage.

Option D is wrong because disabling backups would stop future backups.

579
MCQeasy

A company is using Amazon RDS for MySQL and notices that the Read IOPS metric is consistently high during business hours. The application is read-heavy. Which configuration change would most likely reduce Read IOPS?

A.Add a Multi-AZ standby instance.
B.Create one or more read replicas and redirect read traffic to them.
C.Increase the DB instance size to a larger instance type.
D.Enable storage Auto Scaling on the RDS instance.
AnswerB

Read replicas handle read queries from the primary, reducing read IOPS on the source instance.

Why this answer

Creating read replicas offloads read queries from the primary DB instance to replica instances, directly reducing the number of read I/O operations on the primary. Since the application is read-heavy and Read IOPS is high during business hours, distributing read traffic to replicas alleviates the I/O bottleneck on the primary instance without requiring a larger instance or storage changes.

Exam trap

The trap here is that candidates often confuse Multi-AZ with read replicas, assuming a standby instance can handle read traffic, but in RDS for MySQL, Multi-AZ standby is passive and does not serve reads.

How to eliminate wrong answers

Option A is wrong because a Multi-AZ standby instance is for high availability and failover, not for read scaling; it does not serve read traffic and thus does not reduce Read IOPS on the primary. Option C is wrong because increasing the DB instance size may improve throughput but does not reduce the number of read I/O operations; it only provides more capacity to handle the same I/O load, potentially leaving Read IOPS high. Option D is wrong because enabling storage Auto Scaling automatically increases storage when needed but does not reduce read I/O operations; it addresses storage capacity, not read workload distribution.

580
MCQmedium

A company needs to store and query time-series data from IoT sensors. The data is written continuously and queried by time range for dashboards. Which AWS database service is most cost-effective and scalable for this workload?

A.Amazon ElastiCache for Redis with time-series data structures.
B.Amazon DynamoDB with time-based partition keys.
C.Amazon Timestream.
D.Amazon RDS for PostgreSQL with time-based indexing.
AnswerC

Managed time-series database with built-in analytics.

Why this answer

Amazon Timestream is purpose-built for time-series data, offering automatic tiering between in-memory and magnetic stores for cost efficiency, and built-in functions for time-based aggregations and windowed queries. It is serverless and scales automatically to handle continuous writes from IoT sensors and low-latency dashboard queries by time range, making it the most cost-effective and scalable choice.

Exam trap

The trap here is that candidates often choose DynamoDB for its scalability, overlooking that time-series workloads with sequential timestamps cause hot partitions and lack native time-series query capabilities, while Timestream is the only service specifically designed for this use case with automatic tiering and cost optimization.

How to eliminate wrong answers

Option A is wrong because ElastiCache for Redis is an in-memory cache, not a durable, scalable database for continuous time-series ingestion; it requires manual management of data eviction and lacks built-in time-series query optimization for large historical datasets. Option B is wrong because DynamoDB with time-based partition keys can lead to hot partitions due to sequential writes, and it lacks native time-series functions like interpolation or smoothing, requiring complex application logic for dashboard queries. Option D is wrong because RDS for PostgreSQL with time-based indexing incurs high storage and compute costs for continuous writes, requires manual scaling and partitioning, and lacks the automatic data tiering and query optimization that Timestream provides for time-series workloads.

581
MCQmedium

A DBA runs the IAM policy simulation above. The DBA can describe the DB instance but cannot modify it. What is the most likely cause?

A.The resource ARN in the simulation is incorrect.
B.An IAM policy explicitly denies the rds:ModifyDBInstance action.
C.The DBA's IAM policy does not include an allow for rds:ModifyDBInstance.
D.The DBA is not within the VPC where the DB instance resides.
AnswerB

The evaluation result shows 'explicitDeny' for ModifyDBInstance.

Why this answer

Option A is correct because an explicit deny overrides any allow. Option B is wrong because the simulation does not check network conditions. Option C is wrong because the DBA can describe, so there is an allow for that action.

Option D is wrong because the resource ARN is correct for the DB instance.

582
MCQeasy

A company is running an Amazon RDS for MySQL DB instance. The database performance has degraded over time, and the company suspects that slow queries are the cause. Which AWS service should the company use to identify the slow queries and analyze the database performance?

A.AWS Trusted Advisor
B.Amazon RDS Enhanced Monitoring
C.Amazon CloudWatch Logs
D.Amazon RDS Performance Insights
AnswerD

Performance Insights offers a detailed view of database performance and helps identify slow queries.

Why this answer

Performance Insights provides a dashboard to analyze database performance and identify slow queries. CloudWatch Logs (A) is for logs, not query analysis. RDS Enhanced Monitoring (B) provides OS metrics, not query details.

AWS Trusted Advisor (D) provides best-practice checks, not query analysis.

583
MCQeasy

A company is running an Amazon RDS for MySQL instance as shown in the exhibit. The application is experiencing high write latency. The instance has a high number of write operations and the storage queue depth is consistently above 100. Which change would most effectively reduce write latency?

A.Modify the storage type to Provisioned IOPS (io1) with 3000 IOPS.
B.Change the instance class to db.m5.xlarge.
C.Enable Multi-AZ to offload writes to a standby.
D.Increase the allocated storage to 200 GB.
AnswerA

Provisioned IOPS provides consistent, low-latency performance.

Why this answer

The correct answer is A because the instance is experiencing high write latency with a consistently high storage queue depth (above 100), which indicates that the current storage (likely gp2 or magnetic) cannot keep up with the write IOPS demand. Provisioned IOPS (io1) with 3000 IOPS guarantees a dedicated level of IOPS, reducing queue depth and write latency by ensuring the storage subsystem can handle the write workload without throttling.

Exam trap

The trap here is that candidates often confuse Multi-AZ replication as a way to distribute write load, but in reality, Multi-AZ only handles failover and read replicas for reads, not writes, and increasing storage or instance size without addressing the IOPS bottleneck will not resolve high queue depth.

How to eliminate wrong answers

Option B is wrong because changing the instance class to db.m5.xlarge improves compute and memory resources but does not address the storage-level bottleneck causing high queue depth and write latency. Option C is wrong because enabling Multi-AZ provides synchronous replication to a standby for high availability and failover, but it does not offload writes; writes must still be committed to the primary instance's storage, so it does not reduce write latency. Option D is wrong because increasing allocated storage to 200 GB may improve baseline IOPS for gp2 (since gp2 IOPS scale with size) but does not guarantee the consistent, high IOPS needed to reduce queue depth; the queue depth above 100 indicates a need for Provisioned IOPS, not just more storage.

584
MCQmedium

A company uses Amazon RDS for PostgreSQL and needs to ensure that only specific IP addresses can connect to the database. Which configuration should be used?

A.Configure the DB subnet group to allow only specific IP addresses.
B.Set the rds.force_ssl parameter in the DB parameter group.
C.Create an IAM policy that restricts access to the RDS API based on source IP.
D.Modify the VPC security group associated with the DB instance to allow inbound traffic only from specific IP addresses.
AnswerD

Security groups act as a virtual firewall and can restrict inbound traffic based on IP addresses.

Why this answer

Option C is correct because security group rules control inbound traffic based on IP addresses or other security groups. Option A is wrong because DB subnet groups define subnets, not IP filtering. Option B is wrong because parameter groups control database engine parameters, not network access.

Option D is wrong because IAM policies control permissions for AWS actions, not network-level access.

585
MCQmedium

A database administrator sees repeated 'Aborted connection' warnings in the RDS for MySQL error log. The application team reports intermittent connection errors. What is the most likely cause of these aborted connections?

A.The wait_timeout parameter is too low, causing idle connections to be terminated.
B.The user 'appuser' does not have permission to connect from host '10.0.0.50'.
C.The database instance is running out of memory, causing connection drops.
D.The application is closing the database connection abruptly without completing the handshake.
AnswerD

Aborted connections often occur when the client disconnects before finishing the login handshake, which is a common application bug.

Why this answer

The error 'Got an error reading communication packets' typically indicates a network issue or the client disconnecting unexpectedly. The most common cause is that the database connection is being closed by the application without properly closing the connection, or the network between the application and database is unstable. Option C is plausible but less likely because the error message points to communication issues.

586
MCQmedium

A social media startup is using Amazon ElastiCache for Redis to cache user profiles. The cache currently has a 24-hour TTL. The application experiences a sudden spike in traffic after a celebrity mentions the service, causing the cache to be flooded with requests for uncached profiles. This results in high latency and database load. Which design pattern should the company implement to prevent this in the future?

A.Use a read-through cache with a longer TTL (e.g., 48 hours).
B.Implement a local cache in each application instance to reduce load on the centralized Redis cluster.
C.Use a write-through cache with a longer TTL (e.g., 48 hours).
D.Use a write-through cache with a shorter TTL (e.g., 1 hour).
AnswerB

Local caching reduces the number of requests to Redis and the database, helping to mitigate cache stampedes.

Why this answer

Option B is correct because implementing a local cache (e.g., using a library like Caffeine or Guava) in each application instance reduces the number of requests hitting the centralized Redis cluster during a traffic spike. This pattern, often called a multi-tier or near-cache, absorbs repeated reads for the same uncached profiles locally, preventing cache flooding and database overload without relying solely on Redis TTL adjustments.

Exam trap

The trap here is that candidates often assume extending TTL or changing cache write strategies (write-through vs. read-through) will solve a cache-miss storm, when in fact the core issue is the volume of concurrent misses, which only a local cache or similar request-reduction pattern can mitigate.

How to eliminate wrong answers

Option A is wrong because simply extending the TTL to 48 hours does not prevent the initial flood of requests for uncached profiles; it only keeps cached data longer once it is loaded, but the spike still causes a cache-miss storm. Option C is wrong because a write-through cache with a longer TTL focuses on write consistency and does not address read-side cache misses during a traffic spike; it would also increase write latency unnecessarily. Option D is wrong because a write-through cache with a shorter TTL would evict data faster, exacerbating cache misses and making the flood problem worse, not better.

587
MCQhard

A company uses Amazon DynamoDB for a session management system. They need to store session data with a TTL of 24 hours. However, they notice that expired items are not being deleted promptly, causing storage costs to increase. What is the most likely cause?

A.The table has insufficient write capacity
B.TTL is not enabled on the table
C.DynamoDB typically deletes expired items within 48 hours
D.The TTL attribute is set as a string instead of a number
AnswerC

TTL deletions are eventually consistent and can take up to 48 hours.

Why this answer

Option C is correct because DynamoDB's TTL mechanism typically deletes expired items within 48 hours, not immediately. The service processes TTL deletions as a background process, and while items are marked as expired at the TTL time, actual deletion can be delayed up to 48 hours. This explains why expired session data persists and increases storage costs despite TTL being properly configured.

Exam trap

The trap here is that candidates assume TTL deletions are instantaneous or happen within minutes, but AWS explicitly documents a 48-hour window, making delayed deletion the expected behavior rather than a misconfiguration.

How to eliminate wrong answers

Option A is wrong because write capacity affects throughput for writes, not the timing of TTL-based deletions; TTL deletions consume no write capacity units. Option B is wrong because the question states the company 'needs to store session data with a TTL of 24 hours,' implying TTL is enabled; if TTL were not enabled, no expired items would be deleted at all, not just delayed. Option D is wrong because DynamoDB TTL supports both Number and String data types for the TTL attribute, as long as the value is a Unix epoch timestamp; setting it as a string does not prevent deletion, though it must be a valid epoch value.

588
MCQeasy

A startup is building a social media analytics application that ingests high-velocity streaming data from multiple sources. The data consists of JSON objects with varying schemas. The application needs to store this data for real-time querying and later batch processing. Which AWS database solution is most cost-effective and scalable for this workload?

A.Amazon ElastiCache for Redis with persistence enabled.
B.Amazon DynamoDB with on-demand capacity.
C.Amazon RDS for MySQL with multiple read replicas.
D.Amazon Redshift with auto-ingest from Kinesis.
AnswerB

DynamoDB handles high-velocity writes and varying schemas, and is cost-effective for unpredictable workloads.

Why this answer

Amazon DynamoDB with on-demand capacity is the most cost-effective and scalable solution for this workload because it is a fully managed NoSQL database that can handle high-velocity streaming data with varying JSON schemas without requiring schema definition or provisioning. Its on-demand capacity mode automatically scales to accommodate unpredictable traffic spikes, making it ideal for real-time querying and batch processing via features like DynamoDB Streams and integration with AWS Glue or EMR.

Exam trap

The trap here is that candidates often choose Amazon Redshift (Option D) because they associate streaming data with data warehousing, but Redshift is optimized for batch analytics on structured data, not for real-time ingestion and querying of schema-less JSON, making DynamoDB the correct choice for this specific workload.

How to eliminate wrong answers

Option A is wrong because Amazon ElastiCache for Redis is an in-memory cache, not a durable primary data store; while persistence can be enabled, it is not designed for long-term storage of high-velocity streaming data with varying schemas and would be cost-prohibitive for large datasets. Option C is wrong because Amazon RDS for MySQL requires a fixed schema, which cannot handle JSON objects with varying schemas efficiently, and its read replicas do not address the write scalability needed for high-velocity ingestion. Option D is wrong because Amazon Redshift is a columnar data warehouse optimized for analytical queries on structured data, not for real-time querying of raw JSON with varying schemas; auto-ingest from Kinesis adds latency and cost, and Redshift is not designed for high-frequency point lookups or schema-less data.

589
Multi-Selecthard

A company is using Amazon Redshift for analytics. The security team wants to audit all SQL queries executed against the database, including the actual query text, for compliance. They also want to ensure that the audit logs are stored in a secure, immutable location. Which THREE services or features should they use together to meet these requirements?

Select 3 answers
A.Redshift Audit Logging
B.VPC Flow Logs
C.Amazon CloudWatch Logs
D.Redshift Spectrum
E.S3 Object Lock
AnswersA, C, E

Captures SQL query logs.

Why this answer

Options A, C, and E are correct. Redshift Audit Logging captures SQL queries. CloudWatch Logs can be used as a destination for audit logs (via streaming).

Then, CloudWatch Logs can export logs to S3, and S3 Object Lock provides immutability. Option B is for performance, not auditing. Option D is for network monitoring.

590
MCQeasy

A startup wants to store session data for a web application. Each session is small (under 1 KB) and accessed frequently with low latency. The data can be ephemeral and does not require complex queries. Which AWS database service is most suitable?

A.Amazon DynamoDB
B.Amazon RDS for PostgreSQL
C.Amazon Neptune
D.Amazon ElastiCache for Redis
AnswerD

In-memory key-value store with sub-millisecond latency, ideal for session management.

Why this answer

Option A is correct because Amazon ElastiCache for Redis provides in-memory storage with low latency, perfect for session data. Option B is wrong because RDS is relational and overkill for simple key-value session data. Option C is wrong because DynamoDB is also suitable but for this use case, ElastiCache is simpler and faster.

Option D is wrong because Neptune is a graph database, not appropriate for session storage.

591
MCQhard

A financial services company is migrating a 500 GB Oracle database to Amazon Aurora MySQL-Compatible Edition. The migration must have minimal downtime and support bidirectional replication for a test-and-cutover approach. The company currently uses Oracle GoldenGate for replication. Which migration strategy should be used?

A.Use AWS DMS with a full load and ongoing replication from Oracle to Aurora MySQL, then cut over.
B.Use AWS Schema Conversion Tool (SCT) to convert the schema and then use AWS DMS for a one-time full load.
C.Use AWS DMS with Oracle GoldenGate as a source for continuous replication to Aurora MySQL.
D.Use Oracle GoldenGate to replicate directly to Aurora MySQL, then cut over.
AnswerA

DMS supports ongoing replication for cross-engine migrations, enabling minimal downtime and test-and-cutover.

Why this answer

Option C is correct because AWS DMS supports ongoing replication from Oracle to Aurora MySQL, enabling a test-and-cutover approach with minimal downtime. Option A is wrong because the AWS Schema Conversion Tool (SCT) does not handle data replication. Option B is wrong because AWS DMS supports cross-engine migrations from Oracle to Aurora MySQL.

Option D is wrong because AWS DMS cannot use Oracle GoldenGate as a source; GoldenGate is a separate replication tool that is not directly integrated.

592
MCQeasy

A company wants to migrate an on-premises MongoDB database to Amazon DocumentDB. The migration must be performed with minimal downtime and should support live data synchronization. Which AWS service should be used?

A.AWS Glue with streaming ETL jobs.
B.AWS Data Pipeline to schedule periodic data loads.
C.AWS S3 with AWS Lambda functions to sync data.
D.AWS Database Migration Service (DMS) with ongoing replication.
AnswerD

DMS can connect to MongoDB as source and DocumentDB as target with change data capture for minimal downtime.

Why this answer

Option A is correct because AWS DMS supports MongoDB as a source and DocumentDB as a target, and can perform live synchronization. Option B is wrong because Data Pipeline is for data processing, not live migration. Option C is wrong because Glue is for ETL, not ongoing replication.

Option D is wrong because S3 is for storage, not data replication.

593
Multi-Selecthard

A company is migrating a 5 TB MySQL database to Amazon Aurora MySQL. The migration must have minimal downtime and support ongoing replication. The source database is in a corporate data center with a 500 Mbps internet connection. Which THREE steps should the database specialist take?

Select 3 answers
A.Establish a VPN connection to AWS and use mysqldump.
B.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema.
C.Create an Aurora read replica from the source database.
D.Set up AWS Database Migration Service (AWS DMS) with change data capture (CDC).
E.Use an AWS Snowball Edge device to transfer the initial data load.
AnswersB, D, E

SCT helps with schema conversion if needed.

Why this answer

Options A, C, and E are correct. Option A: AWS DMS with CDC allows ongoing replication with minimal downtime. Option C: Using AWS SCT helps convert the schema if needed.

Option E: Using an AWS Snowball Edge device for initial load reduces the time for large data transfer over slow internet. Option B is wrong because a VPN alone does not migrate data. Option D is wrong because a read replica is not a migration tool; it is a feature of Aurora.

594
MCQhard

Refer to the exhibit. A DynamoDB table has a primary key of pk (partition key) and sk (sort key). An application needs to perform GetItem and Query operations but should only be allowed to retrieve the pk and sk attributes. The IAM policy above is applied to the application's IAM role. Why does the policy fail to achieve the goal?

A.The Deny statement uses the wrong condition key; it should use 'dynamodb:Select' instead of 'dynamodb:Attributes'.
B.The policy should use 'dynamodb:ReturnValues' condition key.
C.The Deny statement does not prevent retrieval of all attributes when no ProjectionExpression is specified.
D.The Allow statement should include 'dynamodb:Scan' to allow Query operations.
AnswerC

If the request does not specify attributes, the condition has no values to compare, so the Deny is not applied, allowing full access.

Why this answer

The Deny statement with the condition ForAllValues:StringNotEquals will deny a request if ANY requested attribute is not in the specified list. However, GetItem and Query can request specific attributes using ProjectionExpression. If the request does not specify any attributes, the condition evaluates to true (since no values to compare), and the Deny does not apply, allowing full item retrieval.

Also, the condition uses StringNotEquals incorrectly; it should use StringEquals. The correct approach is to use a condition on dynamodb:Select or use a fine-grained access control with a condition on the requested attributes.

595
MCQhard

A company is migrating a 2 TB on-premises Microsoft SQL Server database to Amazon RDS for SQL Server. The migration must have minimal downtime. The company uses AWS DMS with ongoing CDC. During the full load phase, the DMS task fails with an error indicating that the source table 'Orders' has a large number of LOB columns and the task is running out of memory. The DMS replication instance is a dms.c4.large with 4 GB RAM. The company needs to complete the migration successfully. What should the company do?

A.Set the LOB chunk size to 64 KB in the task settings.
B.Increase the replication instance size to dms.c4.xlarge (8 GB RAM).
C.Split the 'Orders' table into multiple DMS tasks running in parallel.
D.Change the DMS task settings to disable LOB support for the 'Orders' table.
AnswerB

More memory allows handling large LOB columns without running out of memory.

Why this answer

Option B is correct because increasing the replication instance size provides more memory to handle LOB columns. Option A is wrong because disabling LOB support would truncate LOB data. Option C is wrong because using a smaller LOB chunk size reduces memory per LOB but may not solve the memory issue; increasing instance size is more direct.

Option D is wrong because using parallel tasks does not address memory constraints.

596
MCQhard

A company uses Amazon DynamoDB with auto scaling enabled. They notice that a table's write capacity is frequently throttled during a specific hour each day. The access pattern is uniform across partitions. Which action would resolve the throttling without manual intervention?

A.Enable DynamoDB Accelerator (DAX) to cache writes.
B.Disable auto scaling and set a fixed higher capacity.
C.Create a larger number of partitions by splitting the table.
D.Increase the minimum provisioned capacity in auto scaling.
AnswerD

Correct. Setting a higher minimum ensures enough capacity during the spike, and auto scaling can scale up further if needed.

Why this answer

Option C is correct because auto scaling should increase capacity to meet demand, but if it is not scaling fast enough, adjusting the scaling policy can help. Option A is wrong because disabling auto scaling is not a solution. Option B is wrong because the pattern is uniform, so partitioning is not the issue.

Option D is wrong because DAX is for reads, not writes.

597
MCQhard

Refer to the exhibit. A company is creating an IAM policy for a migration engineer who needs to perform a database migration from an on-premises SQL Server to Amazon RDS for SQL Server using AWS DMS. The policy is attached to the engineer's IAM user. Which additional permission is required for the engineer to create a DMS replication instance?

A.kms:CreateKey
B.dms:CreateEndpoint
C.s3:PutObject
D.ec2:CreateInstance (or equivalent)
AnswerD

DMS replication instances require EC2 permissions to be created.

Why this answer

Option A is correct because to create a DMS replication instance, the IAM user needs permissions to create EC2 instances, as replication instances run on EC2. The policy currently allows creating DMS tasks but not the replication instance itself. Option B is wrong because DMS endpoints do not require EC2 permissions.

Option C is wrong because S3 permissions are not needed for the replication instance. Option D is wrong because KMS permissions are for encryption keys, not for creating the replication instance.

598
MCQmedium

A company uses Amazon ElastiCache for Redis and needs to encrypt data in transit between the application and the cache cluster. Which feature should be enabled?

A.Enable encryption in transit on the replication group.
B.Enable encryption at rest.
C.Use AWS KMS customer master keys.
D.Configure the VPC security group to allow only HTTPS traffic.
AnswerA

ElastiCache for Redis supports TLS encryption for data in transit.

Why this answer

Option D is correct because ElastiCache for Redis supports encryption in transit using TLS. Option A is wrong because encryption at rest is separate. Option B is wrong because KMS is used for encryption at rest, not transit.

Option C is wrong because security groups control network access, not encryption.

599
MCQhard

A company runs a time-series application that collects sensor data from millions of IoT devices. The data is written in batches every minute and queried to generate hourly, daily, and monthly aggregates. The database must support high ingestion rates and efficient storage. Which database service is most appropriate?

A.Amazon DynamoDB with TTL
B.Amazon Redshift
C.Amazon RDS for PostgreSQL
D.Amazon Timestream
AnswerD

Timestream is purpose-built for time-series data, with automatic storage tiering and aggregate functions.

Why this answer

Amazon Timestream is purpose-built for time-series data, offering a serverless architecture that automatically scales to handle high ingestion rates from millions of IoT devices. It optimizes storage by separating recent data (in memory) from historical data (in a magnetic store), and its built-in aggregation functions (e.g., `BIN`, `DATE_BIN`) efficiently compute hourly, daily, and monthly aggregates without manual partitioning or indexing.

Exam trap

The trap here is that candidates often choose Amazon DynamoDB for high ingestion rates, overlooking that time-series workloads require efficient time-based aggregation and storage optimization, which DynamoDB lacks, while Timestream is the only AWS service purpose-built for this exact use case.

How to eliminate wrong answers

Option A is wrong because Amazon DynamoDB with TTL is a key-value and document database optimized for low-latency lookups, not for time-series analytics; TTL only expires old data but does not provide native time-based aggregation or efficient range scans over time intervals. Option B is wrong because Amazon Redshift is a columnar data warehouse designed for complex analytical queries on structured data, but its high overhead for small, frequent batch writes (every minute) and lack of native time-series optimization make it unsuitable for high-ingestion IoT workloads. Option C is wrong because Amazon RDS for PostgreSQL is a relational database that requires manual schema design, indexing, and partitioning to handle time-series data, and it cannot match the ingestion throughput or storage efficiency of a purpose-built time-series engine.

600
MCQhard

A company is running an Oracle database on Amazon RDS with the configuration shown in the exhibit. The application is experiencing high latency for write operations. The storage is consistently showing high queue depth and write latency. Which change will most improve write performance?

A.Increase allocated storage to 1,000 GB to get higher gp2 baseline IOPS.
B.Enable storage auto scaling and increase storage throughput to 500 MB/s.
C.Change the DB instance class to db.r5.2xlarge.
D.Migrate to io1 or io2 storage with higher provisioned IOPS.
AnswerD

Provisioned IOPS storage provides consistent low-latency performance for write-intensive workloads.

Why this answer

Option D is correct because migrating to io1 or io2 block storage with higher provisioned IOPS directly addresses the root cause of high queue depth and write latency. Unlike gp2, which has a baseline IOPS of 3 per GB (up to 16,000 IOPS at 5,334 GB) and a burst bucket that depletes under sustained load, io1/io2 provide consistent, provisioned IOPS independent of volume size. This ensures the storage subsystem can keep up with the write workload, reducing queue depth and latency.

Exam trap

The trap here is that candidates often assume increasing storage size (Option A) or instance class (Option C) will fix I/O bottlenecks, but the real constraint is the gp2 burst model and insufficient provisioned IOPS for sustained write-heavy workloads.

How to eliminate wrong answers

Option A is wrong because increasing gp2 storage to 1,000 GB only raises baseline IOPS to 3,000 (3 IOPS/GB), which may still be insufficient for the workload, and does not address the burst bucket exhaustion that causes high latency under sustained writes. Option B is wrong because storage auto scaling adjusts volume size automatically, but it does not increase throughput beyond gp2 limits (250 MB/s for volumes up to 1,000 GB), and the problem is IOPS-bound, not throughput-bound; 500 MB/s throughput is not achievable on gp2 without exceeding its maximum of 250 MB/s. Option C is wrong because changing the DB instance class to db.r5.2xlarge improves CPU and memory but does not affect the storage layer's IOPS or queue depth; the bottleneck is at the EBS volume, not the compute instance.

Page 7

Page 8 of 24

Page 9