Amazon (DBS-C01) Exam Questions And Answers page 1
A banking company recently launched an Amazon RDS for MySQL DB instance as part of a proof-of-concept project. A database specialist has configured automated database snapshots. As a part of routine testing, the database specialist noticed one day that the automated database snapshot was not created.
Which of the following are possible reasons why the snapshot was not created? (Choose two.)
Which of the following are possible reasons why the snapshot was not created? (Choose two.)
A copy of the RDS automated snapshot for this DB instance is in progress in a different AWS Region.
The RDS maintenance window is not configured.
The RDS DB instance is in the STORAGE_FULL state.
RDS event notifications have not been enabled.
Database High Availability and Disaster Recovery
Database Monitoring and Troubleshooting
A bank plans to use an Amazon RDS for MySQL DB instance. The database should support read-intensive traffic with very few repeated queries.
Which solution meets these requirements?
Which solution meets these requirements?
Create an Amazon ElastiCache cluster. Use a write-through strategy to populate the cache.
Create an Amazon ElastiCache cluster. Use a lazy loading strategy to populate the cache.
Change the DB instance to Multi-AZ with a standby instance in another AWS Region.
Create a read replica of the DB instance. Use the read replica to distribute the read traffic.
Database Deployment, Migration, and Management
Database Performance Optimization and Tuning
A bike rental company operates an application to track its bikes. The application receives location and condition data from bike sensors. The application also receives rental transaction data from the associated mobile app.
The application uses Amazon DynamoDB as its database layer. The company has configured DynamoDB with provisioned capacity set to 20% above the expected peak load of the application. On an average day, DynamoDB used 22 billion read capacity units (RCUs) and 60 billion write capacity units (WCUs). The application is running well. Usage changes smoothly over the course of the day and is generally shaped like a bell curve. The timing and magnitude of peaks vary based on the weather and season, but the general shape is consistent.
Which solution will provide the MOST cost optimization of the DynamoDB database layer?
The application uses Amazon DynamoDB as its database layer. The company has configured DynamoDB with provisioned capacity set to 20% above the expected peak load of the application. On an average day, DynamoDB used 22 billion read capacity units (RCUs) and 60 billion write capacity units (WCUs). The application is running well. Usage changes smoothly over the course of the day and is generally shaped like a bell curve. The timing and magnitude of peaks vary based on the weather and season, but the general shape is consistent.
Which solution will provide the MOST cost optimization of the DynamoDB database layer?
Change the DynamoDB tables to use on-demand capacity.
Use AWS Auto Scaling and configure time-based scaling.
Enable DynamoDB capacity-based auto scaling.
Enable DynamoDB Accelerator (DAX).
Database Deployment, Migration, and Management
Database Performance Optimization and Tuning
A clothing company uses a custom ecommerce application and a PostgreSQL database to sell clothes to thousands of users from multiple countries. The company is migrating its application and database from its on-premises data center to the AWS Cloud. The company has selected Amazon EC2 for the application and Amazon RDS for PostgreSQL for the database. The company requires database passwords to be changed every 60 days. A Database Specialist needs to ensure that the credentials used by the web application to connect to the database are managed securely.
Which approach should the Database Specialist take to securely manage the database credentials?
Which approach should the Database Specialist take to securely manage the database credentials?
Store the credentials in a text file in an Amazon S3 bucket. Restrict permissions on the bucket to the IAM role associated with the instance profile only. Modify the application to download the text file and retrieve the credentials on start up. Update the text file every 60 days.
Configure IAM database authentication for the application to connect to the database. Create an IAM user and map it to a separate database user for each ecommerce user. Require users to update their passwords every 60 days.
Store the credentials in AWS Secrets Manager. Restrict permissions on the secret to only the IAM role associated with the instance profile. Modify the application to retrieve the credentials from Secrets Manager on start up. Configure the rotation interval to 60 days.
Store the credentials in an encrypted text file in the application AMI. Use AWS KMS to store the key for decrypting the text file. Modify the application to decrypt the text file and retrieve the credentials on start up. Update the text file and publish a new AMI every 60 days.
Database Security and Compliance
Database Monitoring and Troubleshooting
A company conducted a security audit of its AWS infrastructure. The audit identified that data was not encrypted in transit between application servers and a MySQL database that is hosted in Amazon RDS.
After the audit, the company updated the application to use an encrypted connection. To prevent this problem from occurring again, the company s database team needs to configure the database to require in-transit encryption for all connections.
Which solution will meet this requirement?
After the audit, the company updated the application to use an encrypted connection. To prevent this problem from occurring again, the company s database team needs to configure the database to require in-transit encryption for all connections.
Which solution will meet this requirement?
Connect to the database, and use ALTER USER to enable the REQUIRE SSL option on the database user.
Update the parameter group in use by the DB instance, and set the require_secure_transport parameter to ON.
Update the security group in use by the DB instance, and remove port 80 to prevent unencrypted connections from being established.
Update the DB instance, and enable the Require Transport Layer Security option.
Database Security and Compliance
A company developed an AWS CloudFormation template used to create all new Amazon DynamoDB tables in its AWS account. The template configures provisioned throughput capacity using hard-coded values. The company wants to change the template so that the tables it creates in the future have independently configurable read and write capacity units assigned.
Which solution will enable this change?
Which solution will enable this change?
Add values for the rcuCount and wcuCount parameters to the Mappings section of the template. Configure DynamoDB to provision throughput capacity using the stack s mappings.
Add values for two Number parameters, rcuCount and wcuCount, to the template. Replace the hard-coded values with calls to the Ref intrinsic function, referencing the new parameters.
Add values for the rcuCount and wcuCount parameters as outputs of the template. Configure DynamoDB to provision throughput capacity using the stack outputs.
Add values for the rcuCount and wcuCount parameters to the Mappings section of the template. Replace the hard-coded values with calls to the Ref intrinsic function, referencing the new parameters.
Database Performance Optimization and Tuning
Database High Availability and Disaster Recovery
A company developed a new application that is deployed on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances use the security group named sg-application-servers. The company needs a database to store the data from the application and decides to use an Amazon RDS for MySQL DB instance. The DB instance is deployed in a private DB subnet.
What is the MOST restrictive configuration for the DB instance security group?
What is the MOST restrictive configuration for the DB instance security group?
Only allow incoming traffic from the sg-application-servers security group on port 3306.
Only allow incoming traffic from the sg-application-servers security group on port 443.
Only allow incoming traffic from the subnet of the application servers on port 3306.
Only allow incoming traffic from the subnet of the application servers on port 443.
Database High Availability and Disaster Recovery
Database Security and Compliance
A company has a 20 TB production Amazon Aurora DB cluster. The company runs a large batch job overnight to load data into the Aurora DB cluster. To ensure the company s development team has the most up-to-date data for testing, a copy of the DB cluster must be available in the shortest possible time after the batch job completes.
How should this be accomplished?
How should this be accomplished?
Use the AWS CLI to schedule a manual snapshot of the DB cluster. Restore the snapshot to a new DB cluster using the AWS CLI.
Create a dump file from the DB cluster. Load the dump file into a new DB cluster.
Schedule a job to create a clone of the DB cluster at the end of the overnight batch process.
Set up a new daily AWS DMS task that will use cloning and change data capture (CDC) on the DB cluster to copy the data to a new DB cluster. Set up a time for the AWS DMS stream to stop when the new cluster is current.
Database High Availability and Disaster Recovery
Database Security and Compliance
A company has a 4 " on-premises Oracle Real Application Clusters (RAC) database. The company wants to migrate the database to AWS and reduce licensing costs. The company s application team wants to store JSON payloads that expire after 28 hours. The company has development capacity if code changes are required.
Which solution meets these requirements?
Which solution meets these requirements?
Use Amazon DynamoDB and leverage the Time to Live (TTL) feature to automatically expire the data.
Use Amazon RDS for Oracle with Multi-AZ. Create an AWS Lambda function to purge the expired data. Schedule the Lambda function to run daily using Amazon EventBridge.
Use Amazon DocumentDB with a read replica in a different Availability Zone. Use DocumentDB change streams to expire the data.
Use Amazon Aurora PostgreSQL with Multi-AZ and leverage the Time to Live (TTL) feature to automatically expire the data.
Database Deployment, Migration, and Management
Database High Availability and Disaster Recovery
A company has a 4 " on-premises Oracle Real Application Clusters (RAC) database. The company wants to migrate the database to AWS and reduce licensing costs. The company s application team wants to store JSON payloads that expire after 28 hours. The company has development capacity if code changes are required.
Which solution meets these requirements?
Which solution meets these requirements?
Use Amazon DynamoDB and leverage the Time to Live (TTL) feature to automatically expire the data.
Use Amazon RDS for Oracle with Multi-AZ. Create an AWS Lambda function to purge the expired data. Schedule the Lambda function to run daily using Amazon EventBridge.
Use Amazon DocumentDB with a read replica in a different Availability Zone. Use DocumentDB change streams to expire the data.
Use Amazon Aurora PostgreSQL with Multi-AZ and leverage the Time to Live (TTL) feature to automatically expire the data.
Database Deployment, Migration, and Management
Database High Availability and Disaster Recovery
Comments