AWS Certified Database Specialty DBS-C01 (DBS-C01) — Questions 601675

1730 questions total · 24pages · All types, answers revealed

Page 8

Page 9 of 24

Page 10
601
MCQeasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. The database has a table with 100 million rows. During the migration using AWS DMS, the full load phase is taking too long. What change can speed up the full load?

A.Increase the number of DMS task mappings (parallel threads)
B.Reduce the target RDS instance storage to minimize write latency
C.Increase the size of the source on-premises database instance
D.Disable LOB columns in the task settings
AnswerA

More threads can process data in parallel, speeding up full load.

Why this answer

Option B is correct because increasing the number of DMS task mappings (parallel threads) can improve throughput. Option A is wrong because reducing storage does not help. Option C is wrong because disabling LOBs is not always possible and may lose data.

Option D is wrong because increasing RDS instance size of the source doesn't affect DMS performance.

602
MCQhard

A company is using Amazon DynamoDB with global tables (multi-region) for a gaming application. The application writes to a table in us-east-1 and reads from a table in eu-west-1. The team notices that writes in us-east-1 are taking longer than expected to propagate to eu-west-1. What is the most likely cause?

A.Network latency between the regions is causing replication delay
B.The write capacity in eu-west-1 is insufficient
C.Conflicts are being resolved due to concurrent writes
D.DynamoDB Streams is disabled on the table
AnswerA

Global tables use asynchronous replication; inter-region latency adds propagation time.

Why this answer

Option D is correct because global tables eventually replicate asynchronously; network latency between regions can cause delays. Option A is wrong because conflict resolution does not cause delays. Option B is wrong because throughput is separate per region.

Option C is wrong because Streams are used for replication, not the cause of delay.

603
MCQeasy

A company wants to migrate an on-premises Oracle database to Amazon RDS for Oracle with minimal downtime. Which AWS service should be used for the initial data load and ongoing replication?

A.AWS Database Migration Service (DMS)
B.AWS Snowball
C.AWS Direct Connect
D.AWS Schema Conversion Tool (SCT)
AnswerA

DMS supports full load and ongoing replication for minimal downtime.

Why this answer

AWS DMS can perform a full load and then continuously replicate changes to keep the target in sync with the source, enabling minimal downtime migration. SCT is used for schema conversion, not replication. Direct Connect provides network connectivity, not data migration.

Snowball is for offline data transfer and does not support ongoing replication.

604
MCQmedium

A social media company uses Amazon ElastiCache for Redis to store user session data. The application experiences occasional spikes in traffic, causing cache misses and increased latency. The operations team notices that the cache hit ratio drops to 60% during spikes. Which action would most effectively improve the cache hit ratio?

A.Enable ElastiCache for Redis Cluster Mode to distribute data across shards.
B.Upgrade to a larger cache node type to store more data.
C.Enable Redis persistence (AOF) and configure a replication group with a read replica.
D.Decrease the TTL of session keys to force more frequent refreshes.
AnswerC

Persistence ensures data survives restarts, and replicas can help rebuild the cache faster after a spike-induced eviction.

Why this answer

Option C is correct because enabling persistence and replication ensures data availability to rebuild the cache. Option A is wrong because TTL is already low; increasing it might cause stale data. Option B is wrong because larger instance types may help but don't address the root cause of misses.

Option D is wrong because Cluster Mode improves scalability but not hit ratio.

605
MCQmedium

Refer to the exhibit. A DBA deploys this CloudFormation stack. After creation, the DBA needs to enable deletion protection for the DB instance. Which modification to the template would accomplish this?

A.Add 'DeletionProtection': true to the Properties.
B.Add 'DeletionPolicy: Retain' to the resource.
C.Add 'PreventRDSDeletion: true' to the Properties.
D.Add 'DeletionProtection': 'Enabled' to the Properties.
AnswerA

Correct property to enable deletion protection.

Why this answer

Option D is correct. Adding DeletionProtection: true enables deletion protection. Option A is wrong because DeletionPolicy is a CloudFormation attribute, not a property.

Option B is wrong because PreventRDSDeletion is not a valid property. Option C is wrong because the syntax is incorrect.

606
Multi-Selectmedium

A company is migrating a large Oracle data warehouse to Amazon Redshift. Which THREE design considerations are important for performance optimization?

Select 3 answers
A.Choose appropriate distribution styles (KEY, ALL, EVEN).
B.Use compression encodings for columns.
C.Define sort keys for commonly filtered columns.
D.Enable cross-Region replication for data locality.
E.Use row-based storage for fact tables.
AnswersA, B, C

Affects data distribution across nodes.

Why this answer

Option A is correct because distribution styles (KEY, ALL, EVEN) control how data is distributed across compute nodes in Amazon Redshift. Choosing the right distribution style minimizes data movement during joins and aggregations, which is critical for performance in a large data warehouse migration from Oracle. For example, using KEY distribution on a frequently joined column keeps related rows on the same node, reducing network traffic.

Exam trap

The trap here is that candidates may confuse disaster recovery features (like cross-Region replication) with performance design choices, or mistakenly think row-based storage applies to Redshift because of their Oracle background, where row storage is the norm.

607
MCQhard

A financial services company is using Amazon DynamoDB to store customer transaction data. The compliance team requires that all data be encrypted at rest using a customer-managed AWS KMS key, and that access to the key be auditable via AWS CloudTrail. Additionally, the security team wants to ensure that DynamoDB can only be accessed from within the VPC using a VPC endpoint. Which combination of steps should the company take to meet these requirements?

A.Use a CloudHSM key for encryption and create a VPC peering connection to DynamoDB.
B.Enable server-side encryption with a customer-managed KMS key and route all traffic through a NAT gateway.
C.Enable server-side encryption with a customer-managed KMS key and create an interface VPC endpoint for DynamoDB.
D.Use AWS managed KMS key and a gateway VPC endpoint for DynamoDB.
AnswerC

Customer-managed KMS key provides encryption and auditing; interface endpoint allows private VPC access.

Why this answer

Option D is correct because DynamoDB uses KMS for encryption; an interface VPC endpoint (AWS PrivateLink) is used for private access. Option A is wrong because gateway endpoints are for S3 and DynamoDB, but DynamoDB supports both, however interface endpoint is recommended for private access with security groups. Option B is wrong because using a NAT gateway is not secure and does not enforce VPC-only access.

Option C is wrong because CloudHSM is not needed for encryption; KMS is sufficient.

608
MCQmedium

A company wants to run a MongoDB-compatible database on AWS with automated patching and backups. Which service should they choose?

A.Amazon DocumentDB (with MongoDB compatibility)
B.Self-managed MongoDB on Amazon EC2
C.Amazon DynamoDB
D.Amazon RDS for MySQL
AnswerA

Fully managed MongoDB-compatible database.

Why this answer

Amazon DocumentDB with MongoDB compatibility is the correct choice because it is a fully managed, MongoDB-compatible database service that provides automated patching and backups. It supports the MongoDB wire protocol and drivers, allowing existing MongoDB applications to migrate with minimal changes while offloading administrative tasks like patching, backup, and replication to AWS.

Exam trap

The trap here is that candidates may confuse Amazon DocumentDB's MongoDB compatibility with full feature parity, but DocumentDB does not support all MongoDB features (e.g., some aggregation pipeline stages or change streams), so the exam expects you to recognize it as the only managed MongoDB-compatible option with automated patching and backups.

How to eliminate wrong answers

Option B is wrong because self-managed MongoDB on Amazon EC2 requires the company to manually handle patching, backups, and operational overhead, which contradicts the requirement for automated patching and backups. Option C is wrong because Amazon DynamoDB is a key-value and document database that is not MongoDB-compatible; it uses a different API and data model, so it cannot run MongoDB workloads. Option D is wrong because Amazon RDS for MySQL is a relational database that does not support the MongoDB wire protocol or document model, making it incompatible with MongoDB-based applications.

609
MCQhard

A company is migrating a 3 TB SQL Server database to Amazon RDS for SQL Server. The migration must be completed with less than 15 minutes of downtime. The company has set up AWS DMS with ongoing replication. During the final cutover, the DMS task fails with a 'Target error: Cannot insert duplicate key' error. What is the most likely cause?

A.The target table has an identity column that is not set to allow insert of explicit values.
B.The DMS task is not set to truncate the target before loading.
C.The source database transaction log is full.
D.The source database has a primary key violation.
AnswerA

If identity insert is off, DMS cannot insert source values, causing duplicate key errors.

Why this answer

Option D is correct because duplicate key errors in DMS often occur when there are identity columns or triggers on the target that generate values conflicting with the source. Option A is wrong because DMS handles primary key conflicts by default. Option B is wrong because DMS usually handles this if configured, but the error suggests target-side uniqueness.

Option C is wrong because transaction log size does not cause duplicate key errors.

610
Multi-Selecthard

A company is deploying a new Amazon RDS for Oracle instance and needs to ensure high availability and automatic failover. Which TWO configurations should be used?

Select 2 answers
A.Read Replicas in a different Region
B.Multi-AZ deployment
C.Enhanced Monitoring
D.Automated backups with point-in-time recovery
E.Deletion protection
AnswersB, D

Multi-AZ provides automatic failover to a standby in another AZ.

Why this answer

Option B (Multi-AZ deployment) is correct because it provisions a synchronous standby replica in a different Availability Zone, enabling automatic failover without data loss when the primary instance fails. This meets the high availability and automatic failover requirements for Amazon RDS for Oracle.

Exam trap

The trap here is that candidates often confuse Read Replicas with Multi-AZ, assuming read replicas provide automatic failover, but they require manual promotion and do not offer synchronous replication or automatic failover.

611
Multi-Selectmedium

Which THREE considerations are important when designing a database for a global, multi-Region application using Amazon DynamoDB Global Tables? (Select THREE.)

Select 3 answers
A.Using a single write region to avoid conflicts
B.Strongly consistent reads across regions
C.Application tolerance for eventually consistent reads
D.Provisioning sufficient write capacity in each region
E.Conflict resolution using last writer wins
AnswersC, D, E

Cross-region replication is asynchronous; reads may be eventually consistent.

Why this answer

Global Tables replicate data across regions asynchronously, so conflict resolution (last writer wins) is important. Applications must handle eventually consistent reads. Write capacity must be provisioned in each region.

Option D (strong consistency) is not guaranteed across regions. Option E (single write region) defeats the purpose of Global Tables.

612
MCQeasy

A company needs to store and query JSON documents that have varying attributes. The workload is read-heavy, and the team wants to use SQL-like queries. Which service is most appropriate?

A.Amazon Neptune
B.Amazon DocumentDB (with MongoDB compatibility)
C.Amazon DynamoDB with PartiQL
D.Amazon RDS for MySQL with JSON data type
AnswerB

DocumentDB is a document database that natively stores JSON and supports MongoDB queries.

Why this answer

Option B is correct because Amazon DocumentDB (with MongoDB compatibility) stores JSON documents natively and supports MongoDB-like queries. Option A is wrong because DynamoDB is key-value, not optimized for rich JSON queries. Option C is wrong because RDS requires a fixed schema.

Option D is wrong because Neptune is a graph database.

613
Multi-Selectmedium

A company is using Amazon Redshift and needs to encrypt data at rest with a customer-managed key. Which THREE steps are required to enable encryption with a customer-managed AWS KMS key?

Select 3 answers
A.Create a customer-managed key in AWS KMS.
B.Specify the KMS key when creating the Redshift cluster.
C.Use the AWS CLI to modify the cluster to enable encryption.
D.Configure the Redshift cluster to use an HSM.
E.Request AWS Support to enable encryption.
AnswersA, B, C

You need a customer managed key.

Why this answer

Options A, B, and D are correct. You must create a KMS key (A), specify it during cluster creation (B), and modify the cluster to use encryption if not already encrypted (D). Option C is wrong because Redshift does not use CloudHSM for KMS-based encryption.

Option E is wrong because only the cluster owner can manage encryption; AWS does not manage it.

614
MCQmedium

A company runs a MySQL database on Amazon RDS. They need to export a subset of data to Amazon S3 for analysis using Amazon Athena. The data is stored in multiple tables with complex joins. What is the MOST efficient way to export the data?

A.Use the COPY command from Amazon Redshift to pull data from RDS.
B.Use the SELECT INTO OUTFILE S3 extension to export the query results directly to S3.
C.Use the AWS Schema Conversion Tool (SCT) to extract the data to S3.
D.Use mysqldump to export the tables and then upload the files to S3.
AnswerB

This RDS feature allows exporting arbitrary SQL query results to S3.

Why this answer

RDS for MySQL supports the SELECT INTO OUTFILE command to export query results to S3. This allows you to specify a SQL query (including joins) and export the results directly to S3 as CSV or other formats. This is efficient because it does not require an intermediate EC2 instance.

Option A (mysqldump) exports table by table and requires manual processing. Option C (pg_dump) is for PostgreSQL. Option D (copy command) is for Redshift.

615
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 500 GB and has a 4-hour downtime window. Which AWS service should be used to perform the migration with minimal downtime?

A.AWS Database Migration Service (DMS)
B.Oracle Data Pump using Amazon RDS option groups
C.AWS Snowball Edge
D.Amazon S3 Transfer Acceleration
AnswerA

DMS can perform a one-time full load and then ongoing replication to minimize downtime.

Why this answer

Option B is correct because AWS DMS supports ongoing replication to minimize downtime during migration. Option A is wrong because AWS Snowball is for large data transfers but does not support ongoing replication. Option C is wrong because S3 is not a migration tool.

Option D is wrong because RDS does not natively support Oracle Data Pump directly; DMS is the recommended service.

616
MCQmedium

A company is migrating a 1 TB Microsoft SQL Server database to Amazon RDS for SQL Server using native backup and restore. The DBA has taken a full backup of the source database and uploaded it to an S3 bucket. The DBA then uses the 'aws rds restore-db-instance-from-db-snapshot' CLI command to restore the backup to an RDS instance. The restore fails with an error: 'Could not find the specified backup file in the S3 bucket.' The DBA verifies that the backup file exists in the correct S3 bucket and that the IAM role used by RDS has permissions to access the bucket. What is the most likely cause of the failure?

A.The backup file has an incorrect file extension, such as .trn instead of .bak.
B.The backup file is not encrypted with AWS KMS.
C.The RDS instance is not configured to use native restore.
D.The backup file is not placed in the correct S3 bucket path that includes the account ID prefix.
AnswerD

RDS expects the backup file to be in a path like 'bucket-name/account-id/filename'. If missing, it cannot find the file.

Why this answer

Option C is correct. The backup file must be stored with a specific key prefix that includes the AWS account ID and the hyphen, e.g., '123456789012/mybackup.bak'. The error 'Could not find the specified backup file' often occurs when the file is not in the expected path.

Option A is wrong because the backup file does not need to be encrypted; native restore can handle unencrypted backups. Option B is wrong because RDS supports native restore from S3; the error is not about unsupported features. Option D is wrong because the backup file extension does not matter; RDS accepts both .bak and .trn files.

617
MCQmedium

A gaming company uses Amazon DynamoDB with provisioned capacity. During a new game launch, the read activity spikes and some requests receive 'ProvisionedThroughputExceededException' errors. The operations team needs to monitor read throttling in real-time. Which CloudWatch metric should they create an alarm for?

A.ReadLatency
B.ConsumedReadCapacityUnits
C.ReadThrottleEvents
D.ThrottledRequests
AnswerC

This metric specifically counts throttled read requests.

Why this answer

Option B is correct because ReadThrottleEvents directly measures throttled read requests. Option A is wrong because ConsumedReadCapacityUnits shows actual usage, not throttled events. Option C is wrong because ThrottledRequests includes write throttles as well.

Option D is wrong because ReadLatency shows latency, not throttling.

618
Multi-Selecteasy

A company is migrating an on-premises MySQL database to Amazon RDS for MySQL. The database is 500 GB and the migration must have minimal downtime. Which TWO AWS services should be used together to accomplish this?

Select 2 answers
A.AWS App2Container
B.AWS CloudFormation
C.AWS DataSync
D.AWS Database Migration Service (AWS DMS)
E.AWS Schema Conversion Tool (AWS SCT)
AnswersD, E

AWS DMS handles data migration with minimal downtime.

Why this answer

AWS DMS provides data migration with ongoing replication, and AWS SCT can help convert schema if needed, but for homogeneous migration, DMS alone is sufficient. However, the combination is commonly used. Option C (CloudFormation) is for provisioning.

Option D (DataSync) is for file transfer. Option E (App2Container) is for containerization.

619
MCQeasy

A company runs a production Amazon DynamoDB table with on-demand capacity. The table stores session data for a web application. Recently, users have reported occasional slow response times. The operations team notices that the table's ConsumedWriteCapacityUnits metric shows occasional spikes that exceed the provisioned throughput (though on-demand auto-scales), and ThrottledWriteEvents metrics show occasional throttling. The application uses the AWS SDK with default retry logic. The database specialist is asked to investigate. Upon reviewing the table configuration, the specialist finds that the table has a simple primary key (partition key only) and the data access pattern is heavily skewed toward a small number of partition keys. The application writes in batches of 25 items using the BatchWriteItem API. What should the specialist recommend to reduce throttling and improve performance?

A.Implement write sharding by adding a random suffix to the partition key to distribute writes more evenly.
B.Increase the provisioned read capacity units to handle the load.
C.Switch the table to provisioned capacity mode and increase write capacity.
D.Enable DynamoDB Accelerator (DAX) to cache write operations.
AnswerA

Write sharding spreads writes across multiple partitions, reducing throttling.

Why this answer

The correct answer is A because the throttling is caused by a hot partition: the table uses a single partition key, and writes are heavily skewed toward a few keys. By adding a random suffix to the partition key (write sharding), the writes are distributed evenly across all partitions, eliminating hot spots and reducing throttling. The on-demand capacity mode already handles overall throughput, but it cannot prevent throttling on individual partitions when access is skewed.

Exam trap

The trap here is that candidates assume on-demand capacity mode eliminates all throttling, but it only manages total table throughput, not per-partition limits, so hot keys still cause throttling.

How to eliminate wrong answers

Option B is wrong because increasing read capacity units does not address write throttling; the issue is with write operations, not reads. Option C is wrong because switching to provisioned capacity and increasing write capacity does not solve the hot partition problem; even with higher provisioned capacity, a single partition can still be throttled if writes are concentrated on it. Option D is wrong because DynamoDB Accelerator (DAX) is an in-memory cache for read operations only; it does not cache or accelerate write operations, so it cannot reduce write throttling.

620
MCQmedium

A company is using Amazon Redshift for data warehousing. The security team requires that all data be encrypted at rest using a customer-managed AWS KMS key. Additionally, the team wants to ensure that the key must be used only for this specific Redshift cluster. Which configuration should be applied?

A.Create a new KMS key and associate it with the Redshift cluster's subnet group.
B.Create a new KMS key with a key policy that grants access only to the Redshift cluster's IAM role.
C.Use the default AWS managed KMS key for Redshift.
D.Use an HSM-backed key from CloudHSM.
AnswerB

KMS key can be restricted to a specific role used by Redshift.

Why this answer

Option D is correct because Redshift uses KMS keys for encryption; a cluster-specific key can be created and used. Option A is wrong because default KMS key is AWS managed, not customer-managed. Option B is wrong because cluster subnet group does not affect encryption.

Option C is wrong because HSM is not used for Redshift encryption.

621
MCQhard

A company uses Amazon DynamoDB to store session data for a web application. The application is experiencing occasional throttling (ProvisionedThroughputExceededException) during peak hours. The DynamoDB table has on-demand capacity mode. Which combination of steps should be taken to resolve the issue?

A.Review the partition key design and consider using a write sharding pattern to distribute traffic evenly.
B.Enable DynamoDB Accelerator (DAX) to cache the frequently accessed items.
C.Enable auto scaling for the table and set minimum and maximum capacity.
D.Switch to provisioned capacity and increase the read and write capacity units.
AnswerA

A hot partition causes throttling even in on-demand mode; distributing the writes across partitions resolves the issue.

Why this answer

Option D is correct because on-demand tables can still throttle if a single partition receives more than 3,000 RCU or 1,000 WCU. Using adaptive capacity with a more uniform partition key distributes traffic. Option A is wrong because on-demand does not require adjusting RCU/WCU.

Option B is wrong because auto scaling is for provisioned capacity. Option C is wrong because DAX is a caching layer that reduces read load but does not eliminate throttling for hot partitions.

622
Drag & Dropmedium

Arrange the steps to troubleshoot a connection timeout issue from an EC2 instance to an Amazon RDS for SQL Server DB instance in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Troubleshooting connectivity involves checking security groups, network ACLs, network configuration, and testing with telnet.

623
MCQhard

A company is migrating a 10 TB PostgreSQL database from on-premises to Amazon RDS for PostgreSQL. They need to minimize downtime and have limited network bandwidth. Which approach is most appropriate?

A.Use AWS Database Migration Service (DMS) with a full load and ongoing replication to keep the target in sync.
B.Use pg_dump to export the database and pg_restore to import to RDS, then use DMS for replication.
C.Use AWS Snowball to transfer a physical backup to AWS, then use DMS for ongoing replication.
D.Use AWS Direct Connect to increase bandwidth and then use DMS for full load and replication.
AnswerC

Snowball handles the large initial load offline; DMS handles ongoing changes with minimal bandwidth.

Why this answer

Using AWS DMS for ongoing replication after a full load is the standard approach to minimize downtime. Snowball is suitable for large initial loads over limited bandwidth, but ongoing replication still requires DMS. Using only DMS replication may take too long for the initial load over slow bandwidth. pg_dump/pg_restore requires downtime during the dump and restore.

624
MCQmedium

A company is migrating a 5 TB MySQL database to Amazon RDS for MySQL. They need to minimize downtime. Which approach should they use?

A.Use Percona XtraBackup to take a backup and restore to RDS
B.Use mysqldump to export and import data
C.Use AWS DMS with full load and change data capture (CDC)
D.Use AWS DataSync to copy database files
AnswerC

Minimizes downtime with CDC.

Why this answer

AWS DMS with full load and change data capture (CDC) minimizes downtime by performing an initial full load of the 5 TB database while continuously replicating ongoing changes from the source. Once the full load completes and the target is nearly synchronized, you can cut over with minimal downtime, typically seconds to minutes. This approach is specifically designed for large-scale migrations with low downtime requirements.

Exam trap

The trap here is that candidates often choose mysqldump (Option B) because it is familiar, but they overlook its inability to handle CDC and the impracticality of exporting 5 TB with minimal downtime.

How to eliminate wrong answers

Option A is wrong because Percona XtraBackup creates a physical backup of the MySQL data files, but restoring to RDS requires additional steps like uploading to S3 and using the mysql_restore tool, which does not support CDC and thus cannot minimize downtime for a live database. Option B is wrong because mysqldump is a logical backup tool that exports data as SQL statements, which is extremely slow for 5 TB and requires the source database to be read-locked or offline during the export, causing significant downtime. Option D is wrong because AWS DataSync is designed for copying files over NFS or SMB, not for direct database migration; it cannot handle MySQL's internal file structure or ongoing transactional changes, and would require the database to be stopped to ensure consistency.

625
MCQhard

A database specialist observes the CloudWatch metric for a production RDS for MySQL instance. The max_connections parameter is set to 150. The Sum of DatabaseConnections over 1-minute periods is shown. The application reports intermittent connection failures. What is the most likely cause?

A.The number of connections exceeded the max_connections limit.
B.The average number of connections is below the limit.
C.The DatabaseConnections metric is unreliable.
D.The application is not using connection pooling.
AnswerA

The Sum metric shows up to 200 connections per minute, exceeding the limit.

Why this answer

Option A is correct because the Sum metric over 1-minute period represents the total number of connections during that minute. A Sum of 200 indicates that at some point during the minute, connections exceeded the max_connections of 150, causing failures. Option B is wrong because the metric shows Sum, not average.

Option C is wrong because connection pooling reduces connections, not increases. Option D is wrong because the metric clearly shows high connection counts.

626
MCQmedium

A company is migrating a 1 TB SQL Server database from on-premises to Amazon RDS for SQL Server. The database has a large table with a LOB column. The network bandwidth between the on-premises data center and AWS is limited to 50 Mbps. The migration must be completed within a week. Which approach should the company use?

A.Use BCP to export the LOB table to flat files and then import to RDS.
B.Use SQL Server native backup and restore to RDS.
C.Use AWS DMS with compression enabled.
D.Create a read replica of the on-premises database and promote it.
AnswerC

DMS supports compression to reduce data transfer time.

Why this answer

Option D is correct because AWS DMS can compress data during transfer, reducing the amount of data sent over the network, and can complete within a week even with a 50 Mbps connection. Option A is wrong because SQL Server native backup and restore requires the backup file to be transferred over the network, which may take too long with 50 Mbps. Option B is wrong because BCP export/import also transfers the entire data over the network.

Option C is wrong because creating a read replica is not possible from on-premises.

627
MCQhard

A financial services company uses Amazon DynamoDB to store transaction records. The security team requires that all items be encrypted at rest using a customer-managed AWS KMS key. Additionally, the company must be able to audit key usage and rotation. What is the MOST secure and auditable approach?

A.Enable default encryption on the DynamoDB table using SSE-S3.
B.Use SSE-KMS with a customer-managed key and manually rotate the key every 90 days.
C.Use SSE-KMS with a customer-managed key, enable automatic key rotation, and enable CloudTrail data events for the key.
D.Use client-side encryption with the AWS Encryption SDK.
AnswerC

This provides encryption control and full audit trail.

Why this answer

Using a customer-managed KMS key with automatic annual rotation and enabling CloudTrail logging of key usage provides encryption control and auditing. Option A is wrong because SSE-S3 does not provide customer control or audit. Option B is wrong because SSE-KMS with automatic rotation is more secure and auditable than manual rotation.

Option D is wrong because default encryption with AES-256 does not allow customer key rotation or detailed audit.

628
Multi-Selecteasy

A company is using Amazon RDS for Oracle with Automated Backups enabled. The database size is 1 TB. The company wants to improve the backup and restore performance. Which TWO actions should be taken? (Choose two.)

Select 2 answers
A.Use Provisioned IOPS storage for the database.
B.Enable backup compression.
C.Use a smaller DB instance class to reduce backup size.
D.Increase the backup retention period to 35 days.
E.Disable Multi-AZ to reduce backup time.
AnswersA, B

Higher IOPS improves backup and restore throughput.

Why this answer

Option A is correct because enabling backup compression reduces backup size and speeds up transfers. Option B is correct because using Provisioned IOPS improves I/O performance for backups. Option C is wrong because increasing retention does not improve performance.

Option D is wrong because disabling Multi-AZ reduces availability. Option E is wrong because using a smaller instance class would worsen performance.

629
MCQhard

A company is migrating a 2 TB Oracle database to Amazon RDS for Oracle. The migration requires minimal downtime. They use AWS SCT to convert the schema and AWS DMS for data migration. After the full load, DMS ongoing replication is unable to capture changes because the archived redo logs are being deleted on the source before DMS can read them. The source database has a log retention setting of 2 hours. The team cannot increase the retention due to storage constraints. What should they do?

A.Switch to a full load only migration strategy.
B.Disable archiving on the source database.
C.Increase the DMS replication instance size to improve log reading speed.
D.Configure DMS to use an S3 bucket to store archived redo logs.
AnswerD

S3 acts as a buffer; DMS can read logs from S3 before they are deleted.

Why this answer

Option B is correct: using an S3 staging area to store archived logs temporarily gives DMS more time to read them. Option A is wrong because increasing instance size does not affect log retention. Option C is wrong because it would cause data loss.

Option D is wrong because changing to full load only would cause downtime.

630
MCQmedium

An Amazon RDS for MySQL DB instance has a high number of connections and the application is experiencing slow response times. The database administrator wants to identify the queries that are causing the most load. Which approach is most effective?

A.Enable slow query logs and analyze them in CloudWatch Logs
B.Monitor the DatabaseConnections metric in CloudWatch
C.Enable Amazon RDS Performance Insights and review the top SQL queries
D.Check RDS events for any error messages
AnswerC

Performance Insights provides real-time and historical analysis of database load and top queries.

Why this answer

Option C is correct because Performance Insights provides a dashboard to identify top queries by load. Option A is wrong because it shows connections, not query performance. Option B is wrong because CloudWatch logs show slow queries but not in real-time.

Option D is wrong because RDS events show instance events, not query load.

631
MCQhard

A company uses Amazon DynamoDB to store sensitive user data. The security team wants to ensure that all data is encrypted at rest using a customer-managed AWS KMS key. The DynamoDB table was created with the default AWS managed key. What is the required action to change the encryption key?

A.Use the UpdateTable API to specify the new KMS key.
B.Create a new DynamoDB table with the desired KMS key, export data from the old table, and import into the new table.
C.Enable automatic key rotation on the existing KMS key.
D.Delete the default AWS managed key and create a new customer managed key.
AnswerB

Encryption key can only be set at table creation.

Why this answer

Option D is correct because DynamoDB encryption at rest uses KMS and the encryption key can only be changed when creating a new table. You cannot modify the encryption key on an existing table. Option A is wrong because there is no UpdateTable API for encryption key.

Option B is wrong because the default key cannot be deleted if in use. Option C is wrong because KMS key rotation does not change the key material used by DynamoDB.

632
MCQmedium

A company uses Amazon DynamoDB for a time-series IoT workload. Each device sends a data point every minute. The primary key consists of device_id (partition key) and timestamp (sort key). The company wants to efficiently retrieve the latest 10 data points for a specific device. Which query design is most efficient?

A.Use GetItem on the device_id partition key with the maximum timestamp.
B.Query the table with ScanIndexForward=true and Limit=10, then reverse the result set.
C.Query the table with ScanIndexForward=false and Limit=10.
D.Scan the entire table and filter by device_id, then sort by timestamp.
AnswerC

This returns the most recent 10 items in descending order by timestamp.

Why this answer

Option C is correct because Query with ScanIndexForward=false retrieves items in descending order by the sort key (timestamp), and Limit=10 stops after the first 10 items, which are the most recent 10 data points for the given device_id. This is the most efficient design as it reads only the 10 items needed, leveraging the DynamoDB local secondary index or table's sort key order without any post-processing.

Exam trap

The trap here is that candidates may confuse ScanIndexForward=true with 'latest' results, or incorrectly assume GetItem can retrieve the maximum sort key without knowing its value, leading them to choose inefficient options like scanning or reversing an ascending query.

How to eliminate wrong answers

Option A is wrong because GetItem requires both partition key and sort key; using only device_id with a maximum timestamp is not a valid operation—GetItem cannot compute a max value, and you would need to know the exact timestamp. Option B is wrong because ScanIndexForward=true retrieves items in ascending order (oldest first), so with Limit=10 you get the oldest 10 items, not the latest; reversing the result set still gives the oldest 10, not the newest. Option D is wrong because Scan reads the entire table, which is inefficient and costly for large datasets, and filtering by device_id after scanning defeats the purpose of using DynamoDB's indexed access.

633
MCQhard

An administrator runs the CLI command shown in the exhibit and sees the output. The DB instance 'mydb' is currently running MySQL 5.7.22. What does the output indicate?

A.The master user password has been changed
B.The DB instance has failed to apply modifications
C.The DB instance is using a custom DB parameter group
D.The DB instance has a pending minor version upgrade to 5.7.23
AnswerD

The EngineVersion in PendingModifiedValues indicates a pending upgrade.

Why this answer

Option A is correct because the PendingModifiedValues show EngineVersion 5.7.23, indicating a pending minor version upgrade. Option B is wrong because the parameter group is the default, not custom. Option C is wrong because the password is pending modification, but the question asks about the version.

Option D is wrong because the output does not show a failure.

634
MCQmedium

A company is using Amazon Redshift for data warehousing. They notice that query performance has degraded over time. The database administrator checks the system tables and finds that there is significant skew in data distribution across slices. What action should be taken to improve query performance?

A.Recreate the table with a different distribution style, such as KEY distribution on a column with high cardinality.
B.Increase the number of nodes in the cluster.
C.Run the VACUUM command to reclaim space and update statistics.
D.Modify the sort keys to better match the query patterns.
AnswerA

Changing distribution style can redistribute data evenly across slices, reducing skew.

Why this answer

Option D is correct because data skew causes some slices to have more data than others, leading to slower queries. Recreating the table with a different distribution style can help. Option A is incorrect because vacuum reclaims space and analyzes statistics, but does not fix data skew.

Option B is incorrect because modifying sort keys can improve query performance but does not address data skew. Option C is incorrect because adding more nodes does not automatically redistribute existing data; skew persists.

635
MCQmedium

A company is using Amazon RDS for SQL Server with Always On Availability Groups. The primary DB instance is in us-east-1, and the secondary is in us-west-2. The application writes to the primary and reads from the secondary. The secondary instance becomes unreachable due to a network issue. What happens to the primary instance?

A.The primary continues to accept read and write operations.
B.The primary stops accepting write operations.
C.The primary automatically fails over to the secondary.
D.The primary becomes read-only until the secondary is restored.
AnswerA

The primary operates independently.

Why this answer

Option A is correct because the primary continues to accept writes independently; the secondary failure does not affect primary operations. Option B is wrong because failover is not automatic for read replicas. Option C is wrong because the primary does not become read-only.

Option D is wrong because write operations continue.

636
MCQhard

A company needs to migrate a 10 TB SQL Server database from on-premises to Amazon RDS for SQL Server with minimal downtime. The database is heavily used with frequent write operations. Which migration strategy should be used?

A.Use native SQL Server backup and restore to Amazon S3, then restore to RDS.
B.Export the database to CSV files, upload to S3, and use the COPY command in RDS.
C.Use AWS Schema Conversion Tool (SCT) to convert the schema, then use AWS DMS for full load.
D.Use AWS DMS with ongoing replication from the on-premises database to RDS until cutover.
AnswerD

DMS ongoing replication enables minimal downtime by keeping the target current.

Why this answer

Option C is correct because AWS DMS with ongoing replication allows minimal downtime by keeping the target in sync until cutover. Option A is wrong because native backup/restore would require downtime and is not designed for minimal downtime. Option B is wrong because SCT is for schema conversion, not data migration.

Option D is wrong because exporting to CSV and using COPY is not suitable for large databases with minimal downtime.

637
MCQeasy

A startup is using Amazon RDS for MySQL as its primary database. The database contains user profiles and payment information. The security team wants to ensure that database snapshots are encrypted and that the encryption key is managed by the company. The team also wants to enforce that all future snapshots are encrypted automatically. The current RDS instance is not encrypted. What should they do?

A.Enable encryption on the existing RDS instance by modifying the DB instance.
B.Create a new encrypted RDS instance, migrate the data, and point the application to the new instance.
C.Use AWS KMS to encrypt the underlying EBS volumes of the RDS instance.
D.Take a snapshot of the current instance, copy it with encryption enabled, and restore from the encrypted snapshot.
AnswerB

This is the only way to encrypt an existing RDS instance.

Why this answer

Option B is correct. RDS encryption cannot be enabled on an existing unencrypted instance. They must create a new encrypted instance, migrate the data, and delete the old instance.

Option A is wrong because you cannot enable encryption on an existing instance. Option C is wrong because only the AWS managed key is used for encrypting snapshots of unencrypted instances, but that does not encrypt the instance itself. Option D is wrong because RDS does not support encryption at the storage level.

638
MCQeasy

A company is using Amazon ElastiCache for Redis as a caching layer for frequently accessed data. The application needs to support caching of session data that must be highly available across multiple Availability Zones. Which ElastiCache configuration should be used?

A.Deploy a single Redis node in one Availability Zone.
B.Deploy a Redis cluster with cluster mode disabled.
C.Deploy a Memcached cluster with multiple nodes.
D.Deploy a Redis cluster with cluster mode enabled and replica nodes in a different Availability Zone.
AnswerD

Cluster mode with replicas across AZs provides high availability and automatic failover.

Why this answer

Option D is correct because deploying a Redis cluster with cluster mode enabled and replica nodes in a different Availability Zone provides both high availability and automatic failover for session data. ElastiCache for Redis with cluster mode enabled supports sharding and replication, allowing replica nodes to be placed in a separate AZ to survive an AZ failure. This configuration ensures session data remains accessible even if the primary node or an entire AZ becomes unavailable, meeting the requirement for multi-AZ high availability.

Exam trap

The trap here is that candidates often confuse cluster mode enabled/disabled with multi-AZ support, mistakenly thinking that cluster mode disabled cannot place replicas in different AZs, when in fact both modes support multi-AZ replication, but the question's requirement for 'highly available across multiple Availability Zones' and the specific wording of the correct answer point to cluster mode enabled as the intended solution for a Redis cluster that can scale and survive AZ failures.

How to eliminate wrong answers

Option A is wrong because a single Redis node in one AZ provides no redundancy; if the node or AZ fails, all session data is lost and the application becomes unavailable. Option B is wrong because a Redis cluster with cluster mode disabled (i.e., a single shard with replicas) can provide multi-AZ replication, but the question specifies 'cluster mode enabled' is required for the configuration that explicitly supports sharding and scaling; however, the core issue is that cluster mode disabled still allows replicas in different AZs, but the exam trap is that candidates may think cluster mode disabled cannot achieve multi-AZ HA—actually it can, but the question's correct answer explicitly requires cluster mode enabled for the described scenario, and the other options are clearly wrong. Option C is wrong because Memcached does not support replication or persistence; it is a pure caching engine with no built-in high availability or failover, so it cannot guarantee session data durability across AZ failures.

639
MCQmedium

A company is running an Amazon RDS for SQL Server DB instance. The company needs to capture changes to a specific table and replicate them to an Amazon S3 bucket in near real time. Which AWS service should be used to achieve this?

A.AWS Glue
B.AWS Database Migration Service (AWS DMS) with ongoing replication
C.Amazon RDS for SQL Server native replication
D.Amazon Kinesis Data Streams
AnswerB

DMS supports change data capture to replicate changes to S3 nearly in real time.

Why this answer

AWS DMS with ongoing replication (change data capture) can capture changes and replicate them to S3. Option B (AWS Glue) is for ETL jobs, not real-time CDC. Option C (Amazon Kinesis Data Streams) could ingest data but requires additional configuration.

Option D (Amazon RDS for SQL Server replication) does not directly write to S3.

640
MCQeasy

A company uses Amazon DynamoDB for a gaming application that stores player data. The application frequently accesses items by the player's user ID. However, the company also needs to query players by their subscription tier (Gold, Silver, Bronze) and registration date. Which design should the database specialist recommend for this access pattern?

A.Export the data to Amazon Elasticsearch Service for querying.
B.Create a Local Secondary Index (LSI) on subscription tier and registration date.
C.Enable DynamoDB Streams and process the stream to populate a separate table.
D.Create a Global Secondary Index (GSI) on subscription tier and registration date.
AnswerD

A GSI allows querying on different attributes with its own partition and sort keys.

Why this answer

A Global Secondary Index (GSI) on subscription tier and registration date is the correct choice because it allows efficient querying on non-primary key attributes without affecting the base table's primary key structure. DynamoDB GSIs support eventually consistent reads and can be created on any table, enabling the required access pattern of querying players by subscription tier and registration date while maintaining the primary access pattern by user ID.

Exam trap

Cisco often tests the distinction between LSI and GSI, where candidates mistakenly choose LSI because they think it's the only index that can include multiple attributes, but they forget that LSI shares the base table's partition key and cannot be added after table creation.

How to eliminate wrong answers

Option A is wrong because exporting data to Amazon Elasticsearch Service introduces unnecessary complexity, latency, and cost for a simple query pattern that DynamoDB can handle natively with an index. Option B is wrong because a Local Secondary Index (LSI) can only be created at table creation time and shares the same partition key as the base table, which would not allow efficient querying by subscription tier and registration date as a composite sort key across all partitions. Option C is wrong because enabling DynamoDB Streams and populating a separate table adds operational overhead and eventual consistency delays without providing the direct query capability that a GSI offers.

641
MCQmedium

An IAM policy is shown in the exhibit. What is the effect of this policy when a user tries to create an unencrypted RDS DB instance?

A.The user is denied from creating the unencrypted instance because of the Deny statement.
B.The user is allowed to create the unencrypted instance because the Deny statement is not valid.
C.The user is denied from creating any DB instance because of an implicit deny.
D.The user is allowed to create the unencrypted instance because of the Allow statement.
AnswerA

The Deny statement explicitly denies creation when encryption is false.

Why this answer

Option C is correct because the Deny statement with condition rds:StorageEncrypted=false explicitly denies creating unencrypted instances. The Allow statement allows all creates, but the Deny overrides it. Option A is wrong because the Deny takes precedence.

Option B is wrong because the Allow alone would allow it, but the Deny blocks it. Option D is wrong because the Deny is explicit, not implicit.

642
MCQmedium

A company has a self-managed Redis cluster that needs to be migrated to Amazon ElastiCache for Redis. The cluster is 100 GB in size and has a high write throughput. The migration must have minimal downtime. Which steps should be taken?

A.Use AWS DMS to migrate the data with ongoing replication
B.Take a snapshot of the source and restore to ElastiCache
C.Use the SAVE command to create a dump, upload to S3, and import to ElastiCache
D.Set up replication from the source to ElastiCache using Redis replication
AnswerD

Replication allows minimal downtime by continuously syncing changes.

Why this answer

Option D is correct because setting up replication from the on-premises Redis to ElastiCache using the replication features can achieve minimal downtime. Option A is wrong because AWS DMS does not support Redis as a source. Option B is wrong because taking a snapshot and restoring requires downtime during the restore process.

Option C is wrong because the SAVE command is synchronous and can cause performance issues; BGSAVE is preferred.

643
Multi-Selecthard

Which THREE of the following are best practices for securing an Amazon DynamoDB table? (Select THREE.)

Select 3 answers
A.Enable point-in-time recovery (PITR) to protect against accidental writes or deletes.
B.Enable encryption at rest using AWS KMS.
C.Enable public access to the table to allow easy data sharing.
D.Use IAM policies to restrict access to the table based on the principle of least privilege.
E.Limit the maximum item size to 100 KB to reduce storage costs.
AnswersA, B, D

PITR allows restoring to any point within the last 35 days.

Why this answer

Options A, C, and D are correct. IAM policies should be used to grant least privilege. DynamoDB supports encryption at rest with KMS.

Point-in-time recovery (PITR) is a security best practice for data protection. Option B (public access) is not a security best practice; DynamoDB tables are private by default. Option E (limiting item size) is a performance consideration, not a security best practice.

644
MCQeasy

A company wants to migrate its on-premises Oracle database to Amazon Aurora PostgreSQL. The company needs to convert the database schema and code from Oracle to PostgreSQL. Which AWS service should they use for schema conversion?

A.AWS DMS
B.AWS Glue
C.AWS Schema Conversion Tool (SCT)
D.AWS Database Migration Service
AnswerC

SCT converts Oracle schemas to PostgreSQL.

Why this answer

Option A is correct because AWS SCT (Schema Conversion Tool) is specifically designed to convert database schemas and code from one engine to another, including Oracle to PostgreSQL. Option B is wrong because AWS DMS focuses on data migration, not schema conversion. Option C is wrong because AWS Database Migration Service is for data migration, not conversion.

Option D is wrong because AWS Glue is for ETL, not schema conversion.

645
MCQhard

A database specialist created the above IAM policy for a user. When the user attempts to delete an item from the Orders table, what happens?

A.The user cannot delete items because the Deny statement takes precedence.
B.The user cannot delete items because the policy does not include a condition.
C.The user can delete items because the Allow statement grants permission.
D.The user can delete items only if they have another policy that allows it.
AnswerA

Explicit Deny overrides any Allow.

Why this answer

Option C is correct. The explicit Deny overrides the Allow, so the user cannot delete items. Option A is wrong because Deny takes precedence.

Option B is wrong because the Deny explicitly restricts deletion. Option D is wrong because the policy explicitly denies deletion.

646
MCQeasy

A company needs to migrate a 100 GB MongoDB database to Amazon DocumentDB (with MongoDB compatibility). The migration must have minimal impact on the source database performance. Which approach should the company take?

A.Use AWS Database Migration Service (AWS DMS) with ongoing replication from the MongoDB source.
B.Use AWS DataSync to transfer the MongoDB data files.
C.Set up a MongoDB replica set on Amazon EC2 and promote it to primary, then migrate to DocumentDB.
D.Use mongodump to export the data and mongorestore to import into DocumentDB.
AnswerA

AWS DMS supports MongoDB as a source and can perform continuous replication with minimal impact.

Why this answer

AWS DMS with ongoing replication is the correct approach because it supports continuous change data capture (CDC) from MongoDB, enabling a live migration with minimal performance impact on the source. DMS reads the MongoDB oplog to capture changes without locking the database, which is critical for a 100 GB production database. This allows the target DocumentDB to stay synchronized until cutover, reducing downtime and avoiding the need for a full export/import that would strain the source.

Exam trap

The trap here is that candidates often choose mongodump/mongorestore (Option D) as the simplest tool, overlooking that it causes significant source performance impact and downtime for large databases, while AWS DMS's CDC capability is specifically designed for minimal-impact migrations.

How to eliminate wrong answers

Option B is wrong because AWS DataSync is designed for file-based transfers (e.g., NFS, SMB) and cannot directly read MongoDB's internal data files or handle the BSON format; it would require stopping the database to ensure consistency, causing significant impact. Option C is wrong because setting up a MongoDB replica set on EC2 and promoting it to primary involves complex manual steps, potential downtime, and does not directly migrate to DocumentDB; it also requires managing EC2 instances and does not leverage AWS-managed services for minimal impact. Option D is wrong because mongodump and mongorestore perform a full logical dump, which locks the source database during the dump (or requires a secondary read), causing performance degradation on a 100 GB database; it also lacks ongoing replication, leading to longer downtime.

647
Multi-Selecteasy

A company is migrating a PostgreSQL database to Amazon Aurora PostgreSQL. They want to use the AWS DMS for the migration. Which THREE resources need to be created in the AWS account?

Select 3 answers
A.Application Load Balancer for the replication instance.
B.AWS CloudFormation stack to provision resources.
C.DMS target endpoint pointing to Aurora PostgreSQL.
D.DMS replication instance.
E.DMS source endpoint pointing to the PostgreSQL database.
AnswersC, D, E

The target endpoint defines the connection to the target database.

Why this answer

Options A, B, and D are correct. DMS requires a replication instance, source endpoint, and target endpoint. Option C is wrong because a CloudFormation stack is not required.

Option E is wrong because a load balancer is not needed for DMS.

648
MCQeasy

A company wants to store and analyze time-series sensor data from millions of IoT devices. The data is append-only and rarely updated. Queries aggregate data over time ranges. Which AWS database service is most cost-effective and performant for this workload?

A.Amazon DynamoDB with time-series design pattern
B.Amazon Timestream
C.Amazon Redshift
D.Amazon RDS for MySQL with partitioning by date
AnswerB

Amazon Timestream is a fast, scalable, fully managed time-series database service.

Why this answer

Option A is correct because Timestream is purpose-built for time-series data, offering automatic tiering and optimized aggregation queries. Option B (DynamoDB) can handle time-series but requires careful design and is less cost-effective for large-scale. Option C (RDS) is relational and not optimized for time-series.

Option D (Redshift) is for analytical workloads but is heavier and more expensive for IoT sensor data.

649
MCQmedium

A company is designing a relational database for an e-commerce application that requires high availability and automated failover across AWS Regions. Which AWS database service should they use?

A.Amazon DynamoDB Global Tables
B.Amazon RDS with Multi-AZ deployment
C.Amazon Aurora Global Database
D.Amazon Redshift with cross-Region snapshot copy
AnswerC

Supports cross-Region replication and failover.

Why this answer

Amazon Aurora Global Database provides cross-Region replication and automated failover, meeting the high availability requirements. Option A (DynamoDB) is NoSQL, not relational. Option B (RDS Multi-AZ) is single-Region.

Option D (Redshift) is a data warehouse, not for OLTP.

650
MCQmedium

A company is using Amazon Redshift for data warehousing. The query performance has degraded over time. The DBA suspects that the distribution style of large tables is suboptimal. Which Redshift system view should be queried to identify distribution skew?

A.STL_SCAN
B.PG_TABLE_DEF
C.SVV_DISKUSAGE
D.STV_TBL_PERM
AnswerC

SVV_DISKUSAGE shows disk usage per slice, revealing distribution skew.

Why this answer

Option C is correct because SVV_DISKUSAGE provides information about disk usage per slice, which helps identify skew. Option A is wrong because STL_SCAN is for scan operations. Option B is wrong because STV_TBL_PERM shows permissions.

Option D is wrong because PG_TABLE_DEF shows table definitions.

651
MCQeasy

A company is migrating a PostgreSQL database to Amazon Aurora PostgreSQL. To minimize downtime, they plan to use the AWS DMS with change data capture (CDC). During the full load phase, DMS reports an error: 'Failed to add foreign key constraint'. What is the most likely cause?

A.CDC is incompatible with foreign key constraints
B.Referential integrity violations in the source data
C.The target table lacks a primary key
D.Data type mismatch between source and target
AnswerB

DMS applies constraints after loading data, and if data violates them, the task fails.

Why this answer

Option B is correct because DMS disables foreign key constraints during full load to speed up data transfer, then re-enables them. If the data violates constraints, it fails. Option A is wrong because DMS handles data type conversions automatically.

Option C is wrong because CDC is not the issue. Option D is wrong because DMS doesn't require a primary key in the target during full load.

652
MCQmedium

A company uses Amazon DynamoDB with provisioned capacity for a gaming application. During a new game launch, write traffic spikes to 2x the provisioned write capacity for 30 minutes. Some writes are throttled. The company wants to handle these predictable spikes without manual intervention. What is the MOST cost-effective solution?

A.Increase the provisioned write capacity to 2x the baseline permanently.
B.Change the table to on-demand capacity mode.
C.Enable DynamoDB auto scaling with a target utilization of 70%.
D.Use Amazon SQS to buffer writes and process them later.
AnswerC

Auto scaling dynamically adjusts capacity to match traffic, cost-effective for predictable spikes.

Why this answer

Option D is correct because DynamoDB auto scaling adjusts capacity based on actual usage and can handle predictable spikes with minimal cost. Option A is wrong because switching to on-demand can be more expensive for predictable workloads. Option B is wrong because increasing capacity manually requires monitoring and intervention.

Option C is wrong because SQS does not directly handle DynamoDB write throttling.

653
MCQeasy

A database administrator wants to receive an alert when an RDS instance's storage space drops below 10% of total allocated storage. Which AWS service should be used to set up this alert?

A.Amazon SNS
B.AWS CloudTrail
C.AWS Config
D.Amazon CloudWatch Alarms
AnswerD

CloudWatch Alarms monitor metrics and trigger actions when thresholds are breached.

Why this answer

Option B is correct because CloudWatch Alarms can trigger on FreeStorageSpace metric. Option A is wrong because SNS is a notification service, not monitor. Option C is wrong because CloudTrail is for API activity.

Option D is wrong because Config tracks configuration changes.

654
MCQeasy

A database specialist notices that an RDS MySQL instance's FreeableMemory metric is consistently below 100 MB. Which monitoring tool should be used to identify the queries consuming the most memory?

A.Performance Insights
B.Amazon S3 access logs
C.AWS CloudTrail
D.CloudWatch Logs
AnswerA

Performance Insights provides database load and wait events per query.

Why this answer

Option B is correct because Performance Insights shows detailed query-level performance. Option A is wrong because CloudWatch Logs are for log files. Option C is wrong because CloudTrail is for API calls.

Option D is wrong because S3 does not monitor RDS memory.

655
MCQmedium

A company is migrating a 500 GB on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The migration must have minimal downtime and support ongoing replication after the initial load. Which AWS service should be used?

A.AWS Schema Conversion Tool (SCT)
B.AWS Database Migration Service (DMS) with full load only
C.AWS Database Migration Service (DMS) with ongoing replication
D.AWS Glue
AnswerC

DMS supports full load plus CDC for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) with ongoing replication (change data capture, CDC) is required because the scenario demands minimal downtime and continuous synchronization after the initial 500 GB load. DMS uses transaction logs (e.g., PostgreSQL WAL) to capture and apply ongoing changes, enabling a near-zero-duration cutover. Full load only (Option B) would cause downtime during the final sync and cannot support ongoing replication.

Exam trap

The trap here is that candidates often confuse 'full load only' with 'full load + CDC' and overlook the requirement for ongoing replication, or they mistakenly think AWS SCT handles data migration when it only handles schema conversion.

How to eliminate wrong answers

Option A is wrong because AWS Schema Conversion Tool (SCT) is used for converting database schema and code (e.g., from Oracle to PostgreSQL), not for migrating data with ongoing replication. Option B is wrong because AWS DMS with full load only performs a one-time snapshot and does not capture ongoing changes, resulting in downtime during the final sync and no support for ongoing replication. Option D is wrong because AWS Glue is a serverless ETL service designed for batch data processing and transformation, not for continuous database replication or minimal-downtime migrations.

656
MCQmedium

A company runs an Amazon RDS for MySQL Multi-AZ DB instance. The application experiences intermittent read latency spikes. The DB instance type is db.r5.large with 500 GB of General Purpose SSD (gp2) storage. The spike occurs during peak hours when read activity is high. Which action would most effectively reduce read latency?

A.Change the storage type to Provisioned IOPS (io1).
B.Enable Multi-AZ with a standby replica.
C.Increase the allocated storage to 1 TB to improve IOPS.
D.Create an Amazon RDS read replica and direct read traffic to it.
AnswerD

Read replicas offload read traffic, reducing latency.

Why this answer

Option D is correct. Adding a read replica offloads read traffic from the primary instance, reducing latency. Option A is wrong because Multi-AZ does not improve read performance; the standby is not used for reads.

Option B is wrong because increasing storage may improve throughput but not resolve read contention. Option C is wrong because gp3 provides consistent performance but does not solve read scaling.

657
Multi-Selecthard

A company is migrating a 3 TB SQL Server database to Amazon RDS for SQL Server. They have limited network bandwidth (100 Mbps) and need to complete the migration within 3 days. Which two approaches could meet the requirements? (Choose TWO.)

Select 2 answers
A.Export the database to a flat file, compress it, and upload to S3 via the internet, then import into RDS.
B.Use AWS DataSync to transfer the database files directly to Amazon S3.
C.Use AWS Snowball to physically transfer a full database backup to AWS, then restore into RDS.
D.Use AWS DMS with ongoing replication to perform a full load over the internet and then continuously replicate changes until cutover.
E.Establish a VPN connection and use AWS DMS with full load only.
AnswersC, D

Snowball transfers large data quickly regardless of bandwidth.

Why this answer

Options A and D are correct. AWS Snowball can transfer the backup offline, bypassing network constraints. AWS DMS with ongoing replication can use change data capture to minimize downtime after initial load.

Option B is wrong because VPN does not increase bandwidth. Option C is wrong because DataSync is for file storage, not databases. Option E is wrong because direct transfer over the internet would be too slow.

658
MCQhard

A company hosts a critical application on Amazon RDS for PostgreSQL. The security team requires that all database connections be encrypted in transit. Which configuration step is necessary?

A.Create a VPN connection between the application and the database.
B.Set the rds.force_ssl parameter to 1 in the DB parameter group.
C.Modify the security group to allow only port 5432 from the application.
D.Enable encryption at rest using AWS KMS.
AnswerB

This parameter enforces SSL connections to the database.

Why this answer

Enforcing SSL/TLS for connections is required for encryption in transit. Option B is correct. Option A is wrong because enabling encryption at rest does not encrypt data in transit.

Option C is wrong because a VPN encrypts network traffic but does not enforce database-level SSL. Option D is wrong because modifying security group rules does not encrypt connections.

659
Multi-Selecthard

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The security team requires that all database connections use SSL and that the database is encrypted at rest. Which THREE steps are required to meet these requirements? (Choose THREE.)

Select 3 answers
A.Upload a custom SSL certificate to the RDS instance.
B.Install the SSL certificate on every client machine.
C.Modify the DB parameter group to set 'require_ssl' to 'true'.
D.Download the RDS SSL certificate and configure the application to trust it.
E.Enable encryption at rest when creating the RDS instance.
AnswersC, D, E

This enforces SSL connections.

Why this answer

Options A, B, and D are correct. Enabling encryption at rest is done during instance creation. SSL enforcement requires modifying the parameter group and downloading the certificate.

Option C is wrong because RDS manages the certificate; you don't upload your own. Option E is wrong because you don't need to install the certificate on every client; it's needed on the application side.

660
MCQmedium

A company is using Amazon RDS for MySQL with encryption at rest enabled. The security team requires that all access to the database be authenticated using IAM database authentication. Which combination of steps must the company take to meet this requirement?

A.Create an IAM role with a policy that allows rds:Connect and attach it to the RDS instance.
B.Create a database user with a password and attach an IAM role that allows rds-db:connect to the database user.
C.Enable SSL on the RDS instance and create an IAM policy that allows rds:Connect.
D.Create an IAM policy that allows the rds-db:connect action and map the IAM role to a database user created with the AWSAuthenticationPlugin.
AnswerD

This is the correct procedure for IAM database authentication with RDS MySQL.

Why this answer

Option C is correct because IAM database authentication for RDS MySQL requires creating an IAM role with a policy that allows the rds-db:connect action, then mapping that role to a database user using the CREATE USER statement with the AWSAuthenticationPlugin. Option A is wrong because SSL is not required for IAM auth, though recommended. Option B is wrong because the policy must include rds-db:connect, not rds:connect.

Option D is wrong because the database user must be created with AWSAuthenticationPlugin, not with a password.

661
Drag & Dropmedium

Arrange the steps to configure a read replica for an Amazon RDS for PostgreSQL DB instance in a different AWS Region in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Cross-Region read replicas require backups enabled on the source, then creating a replica in another Region and monitoring lag.

662
MCQhard

Refer to the exhibit. An IAM policy is attached to a role used by an application that accesses the DynamoDB 'Orders' table. The application needs to perform a Scan operation on the table. According to the policy, is the Scan operation allowed?

A.Yes, but only if the scan uses a filter expression
B.No, because the Deny statement blocks all actions
C.Yes, because the policy explicitly allows Scan
D.No, because the policy does not specify a condition
AnswerC

The Allow statement includes 'Scan', so it is permitted.

Why this answer

The IAM policy includes an explicit Allow statement for the `dynamodb:Scan` action on the `Orders` table. In IAM policy evaluation logic, an explicit Allow overrides any default implicit Deny, and the Deny statement in the policy only blocks actions that match its `NotAction` element, which does not include Scan. Therefore, the Scan operation is allowed.

Exam trap

The trap here is that candidates misread the Deny statement's `NotAction` as a blanket denial of all actions, when in fact it only denies actions not explicitly listed, allowing the explicit Allow for Scan to take effect.

How to eliminate wrong answers

Option A is wrong because the policy does not require a filter expression for Scan; filter expressions are optional and do not affect IAM authorization. Option B is wrong because the Deny statement uses `NotAction` to block all actions except those listed (like `dynamodb:GetItem`), but `dynamodb:Scan` is not listed in the Deny's `NotAction`, so it is not blocked. Option D is wrong because IAM policies do not require a condition element for an action to be allowed; conditions are optional and only refine permissions.

663
MCQeasy

A company wants to run a graph database for a social network application. The data model involves users, posts, comments, and likes, with many-to-many relationships. Which AWS database service is most appropriate?

A.Amazon RDS for PostgreSQL
B.Amazon Neptune
C.Amazon DocumentDB
D.Amazon DynamoDB
AnswerB

Neptune is purpose-built for graph databases and efficiently handles complex relationships.

Why this answer

Amazon Neptune is a fully managed graph database service optimized for highly connected data. DynamoDB is NoSQL but not graph. RDS is relational, which can model graphs but with complex queries.

DocumentDB is document-based.

664
MCQhard

A company uses Amazon Redshift for data warehousing. The security team has implemented column-level security using Redshift's column-level access controls. However, during a security audit, it is discovered that a user with SELECT privilege on a table can still see the content of a column that should be restricted. The column is defined with a GRANT statement that only allows SELECT on certain columns to specific users. What is the most likely cause of this issue?

A.The column is part of a distribution key that bypasses security controls.
B.The user is accessing the table via a stored procedure that bypasses column-level security.
C.The column-level security is not supported in Redshift; it must be implemented using views.
D.The user was previously granted SELECT on the entire table, and the column-level GRANT did not revoke that broader permission.
AnswerD

Column-level GRANTs are additive; they do not remove existing table-level permissions.

Why this answer

Option C is correct because column-level GRANTs in Redshift do not revoke existing permissions; they only add. If the user already had SELECT on the table, they still have access to all columns. Option A is not relevant.

Option B is about views, not the issue. Option D is unrelated.

665
MCQhard

A financial services company uses Amazon RDS for MySQL to store transaction data. The database has a single table 'transactions' with 500 million rows. The table has an auto-increment primary key and an index on 'transaction_date'. The company runs a monthly report that aggregates transactions by account_id and transaction_date. The report query uses a GROUP BY on account_id and transaction_date, and scans the entire table. The query takes over 2 hours to complete and often times out. The DBA suggests creating a materialized view. However, the company wants to minimize operational overhead. Which solution meets the requirements with the LEAST operational overhead?

A.Increase the RDS instance size to the largest available to improve performance.
B.Migrate the reporting workload to Amazon Redshift by loading the transactions table into Redshift and running the report query there.
C.Create a materialized view in MySQL that pre-aggregates the data and refreshes it nightly.
D.Add a composite index on (account_id, transaction_date) to speed up the GROUP BY.
AnswerB

Redshift is optimized for analytical queries and can handle large aggregations efficiently with minimal operational overhead.

Why this answer

Option B is correct because Amazon Redshift is purpose-built for large-scale analytical queries. By migrating the reporting workload to Redshift, the company offloads the heavy aggregation from the transactional RDS instance to a columnar storage engine that can scan and aggregate 500 million rows efficiently using massively parallel processing (MPP). This approach requires no changes to the existing RDS database and minimizes operational overhead compared to managing a materialized view or manual indexing.

Exam trap

The trap here is that candidates often assume a larger instance or a composite index can fix any performance issue, but the DBS-C01 exam tests the understanding that analytical workloads require a different engine (Redshift) and that operational overhead includes ongoing maintenance, not just initial setup.

How to eliminate wrong answers

Option A is wrong because simply increasing the RDS instance size does not address the fundamental architectural limitation: MySQL is optimized for OLTP, not for full-table scans and large aggregations; the query will still be I/O and CPU-bound, and scaling vertically has a hard ceiling and high cost. Option C is wrong because creating a materialized view in MySQL adds significant operational overhead—it requires custom refresh logic, storage management, and risks data staleness, contradicting the requirement to minimize overhead. Option D is wrong because adding a composite index on (account_id, transaction_date) will not help a query that scans the entire table with a GROUP BY; the optimizer will likely ignore the index for a full scan, and even if used, it cannot avoid reading all rows for aggregation.

666
Multi-Selecthard

Which THREE factors should be considered when designing a database for a high-traffic web application that requires low-latency reads and writes?

Select 3 answers
A.Caching layer
B.Partitioning strategy
C.Strict normalization
D.Connection pooling
E.Denormalization of data
AnswersA, B, D

Caching reduces database load and latency.

Why this answer

A caching layer (e.g., Amazon ElastiCache for Redis or Memcached) reduces read latency by serving frequently accessed data from in-memory stores, offloading the primary database. For high-traffic web applications, this minimizes disk I/O and improves response times for both reads and writes when combined with write-through or write-behind strategies.

Exam trap

The trap here is that candidates may confuse denormalization as a mandatory design choice for low-latency reads, when in fact it is a trade-off that can complicate writes and is not a core factor for both low-latency reads and writes in a high-traffic web application.

667
MCQmedium

A company has an Amazon RDS for PostgreSQL database that is experiencing intermittent connection timeouts. The application logs show 'FATAL: remaining connection slots are reserved for non-replication superuser connections'. The database has a max_connections parameter set to 200. The application uses a connection pool. The DBA checks the CloudWatch metric 'DatabaseConnections' and sees it at 195 during peak hours. The application is deployed on AWS Lambda with a provisioned concurrency of 100. The Lambda function creates a new connection for each invocation. What should the DBA do to resolve the issue?

A.Reduce the Lambda provisioned concurrency to 50.
B.Increase max_connections to 500 to accommodate more connections.
C.Set up Amazon RDS Proxy to manage the database connections from Lambda.
D.Decrease max_connections to 100 to reserve more slots.
AnswerC

RDS Proxy pools connections and reduces the number of connections needed.

Why this answer

Option A is correct because the Lambda function creates new connections, exhausting the pool. Using RDS Proxy manages connections efficiently. Option B is wrong because increasing max_connections may cause resource contention.

Option C is wrong because reducing provisioned concurrency may not solve the root cause. Option D is wrong because decreasing max_connections would worsen the issue.

668
MCQmedium

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The database is experiencing increased latency and the application team reports slow queries. The DBA wants to identify the queries that consume the most resources. Which AWS service should be used to capture and analyze these queries?

A.Amazon RDS Performance Insights
B.Amazon CloudWatch Logs
C.Amazon RDS Enhanced Monitoring
D.AWS CloudTrail
AnswerA

Performance Insights analyzes database performance and identifies top queries.

Why this answer

Option C is correct because Performance Insights provides a database performance tuning and monitoring feature that allows you to assess the load on your database and determine when and where to take action. Option A is wrong because CloudWatch Logs does not capture query-level performance. Option B is wrong because CloudTrail tracks API activity, not database queries.

Option D is wrong because RDS Enhanced Monitoring provides OS-level metrics, not query-level metrics.

669
MCQeasy

A company wants to migrate its Oracle data warehouse to Amazon Redshift. The source database is 10 TB and has many complex stored procedures. Which AWS service should be used primarily for converting the stored procedures to Amazon Redshift compatible code?

A.AWS Glue
B.AWS Database Migration Service (AWS DMS)
C.Amazon Redshift COPY command
D.AWS Schema Conversion Tool (AWS SCT)
AnswerD

SCT converts schema and code objects like stored procedures to target engine syntax.

Why this answer

Option A is correct because AWS Schema Conversion Tool (AWS SCT) is designed to convert database schema and code objects like stored procedures from one engine to another. Option B is wrong because AWS DMS migrates data, not schema/code. Option C is wrong because Amazon Redshift's COPY command loads data from S3.

Option D is wrong because AWS Glue is an ETL service, not specialized for schema conversion.

670
Multi-Selectmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. They need to minimize downtime. Which TWO actions should they take?

Select 2 answers
A.Set up AWS DMS with change data capture (CDC) from the source
B.Increase the allocated storage on the target RDS instance to improve performance
C.Use AWS SCT to validate and convert the schema before migration
D.Deploy the target RDS instance as a Single-AZ to simplify replication
E.Disable Oracle archivelog mode to speed up data transfer
AnswersA, C

CDC enables near-zero downtime migration.

Why this answer

Options A and C are correct. Setting up AWS DMS with ongoing replication allows minimal downtime, and validating the schema with SCT before migration is a best practice. Option B is wrong because disabling archiving would prevent CDC.

Option D is wrong because increasing storage does not affect downtime. Option E is wrong because a single-AZ deployment does not inherently reduce downtime.

671
MCQhard

A company uses Amazon RDS for MySQL with a Multi-AZ deployment. During a recent failover, the application experienced a 2-minute downtime because it was connecting to the primary instance endpoint. The company needs to reduce failover downtime to under 30 seconds. What should be done?

A.Implement Amazon ElastiCache to cache database connections.
B.Use the Multi-AZ DB cluster endpoint instead of the instance endpoint.
C.Increase the instance size to improve failover speed.
D.Deploy a read replica and promote it manually during failover.
AnswerB

Cluster endpoint automatically redirects to the new primary after failover.

Why this answer

The Multi-AZ DB cluster endpoint provides a single DNS name that automatically routes connections to the current writer instance, eliminating the need for application-side reconnection logic. During a failover, the endpoint updates its DNS record to point to the new primary within seconds, reducing downtime to under 30 seconds. This is the recommended approach for minimizing failover disruption in Multi-AZ deployments.

Exam trap

The trap here is that candidates assume increasing instance size or using read replicas will speed up failover, but the real bottleneck is DNS propagation and the lack of an automatic redirect for the instance endpoint, which the cluster endpoint specifically addresses.

How to eliminate wrong answers

Option A is wrong because ElastiCache caches query results or session data, not database connections; it does not reduce failover downtime for the database itself. Option C is wrong because increasing instance size improves performance but does not affect the failover process timing, which is governed by DNS propagation and replication lag, not compute capacity. Option D is wrong because promoting a read replica manually requires application reconfiguration and typically takes longer than 30 seconds due to DNS changes and manual intervention, defeating the goal of automated fast failover.

672
MCQeasy

A startup is building a social media application that requires storing user profiles, posts, comments, and likes. The workload has variable traffic, with spikes after marketing campaigns. The team expects to run complex JOIN queries to generate a user's feed. Which AWS database service is MOST suitable for this relational workload?

A.Amazon Neptune
B.Amazon RDS for PostgreSQL
C.Amazon DynamoDB with global secondary indexes
D.Amazon ElastiCache for Redis
AnswerB

RDS PostgreSQL offers full relational capabilities and managed scaling.

Why this answer

Amazon RDS provides managed relational databases (MySQL, PostgreSQL) that support complex JOINs and can be scaled vertically or with read replicas. Option B is wrong because DynamoDB is NoSQL and does not natively support JOINs. Option C is wrong because ElastiCache is an in-memory cache, not a primary database.

Option D is wrong because Neptune is a graph database, which is overkill and not optimized for typical relational queries.

673
Multi-Selecthard

Which THREE components are required to set up IAM database authentication for an Amazon RDS for MySQL DB instance? (Choose three.)

Select 3 answers
A.An IAM role that the application can assume.
B.An AWS KMS key to encrypt the authentication token.
C.A database user that is mapped to the IAM role.
D.A DB parameter group with require_secure_transport set to ON.
E.An RDS Proxy to manage connections.
AnswersA, C, D

The application assumes the IAM role to get authentication tokens.

Why this answer

Options A, C, and E are correct. Option A: An IAM role for the application to assume. Option C: A database user mapped to the IAM role.

Option E: A DB parameter group with require_secure_transport set to ON to enforce SSL. Option B is wrong because a KMS key is not required for IAM authentication. Option D is wrong because an RDS proxy is optional, not required.

674
MCQeasy

A company is using Amazon RDS for SQL Server with Multi-AZ deployment. The security team wants to ensure that database audit logs are stored in a secure S3 bucket for long-term retention. The audit logs are currently stored on the RDS instance. Which approach should be used to export the audit logs to S3?

A.Use the Amazon RDS for Oracle 'Audit' feature and specify an S3 bucket as the audit trail destination.
B.Modify the RDS instance to use the 'SQLSERVER_AUDIT' option and specify an S3 bucket as the audit destination.
C.Enable the 'General Log' option in the RDS parameter group and configure the log destination as S3.
D.Configure the RDS instance to publish logs to CloudWatch Logs, and then export CloudWatch Logs to S3 using a subscription filter.
AnswerB

RDS for SQL Server supports this option group for exporting audit logs to S3.

Why this answer

Option D is correct because RDS for SQL Server supports exporting audit logs to S3 via the 'rds_sqlserver_audit' option group or by using the 'mysql' option? Actually, for SQL Server, you can use the 'SQLSERVER_AUDIT' option and specify an S3 bucket. Option A is for general log files. Option B is for Oracle.

Option C is for MySQL.

675
Multi-Selectmedium

A company is migrating an on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The database is 2 TB and the migration must have minimal downtime. Which TWO AWS services should be used together to accomplish this?

Select 2 answers
A.AWS CloudFormation
B.AWS DataSync
C.AWS Schema Conversion Tool (AWS SCT)
D.AWS CloudEndure Migration
E.AWS Database Migration Service (AWS DMS)
AnswersC, E

AWS SCT can assess and convert schema if needed, though not strictly required for homogeneous migration.

Why this answer

AWS DMS provides data migration with ongoing replication, and AWS SCT can help convert schema if needed, but for homogeneous migration, DMS alone is sufficient. However, the question asks for two services; the combination of DMS and SCT is commonly used for heterogeneous migrations. For homogeneous, DMS alone is enough, but SCT can still be used to assess schema compatibility.

Option E is incorrect because CloudEndure is for server migration.

Page 8

Page 9 of 24

Page 10