Question 1

A high-traffic news website is experiencing performance issues due to frequent, read-heavy queries to their main database, which stores frequently accessed user session data and website preferences. To enhance the website's responsiveness and reduce database load, they require a caching solution that provides high throughput and low latency for data retrieval.

Which AWS service should the website implement to efficiently cache frequently accessed data and improve application performance?

Options :

A : Configure Amazon S3 with Amazon CloudFront for caching static user session data and website preferences.

B : Implement Amazon ElastiCache to cache frequent read-query results and reduce direct database queries.

C : Deploy Amazon Relational Database Service (RDS) with read replicas to distribute the load of read queries.

D : Deploy Amazon DynamoDB with DAX (DynamoDB Accelerator) for caching read-heavy query results.

Answer: B

Question 2

A retail company has a customer data hub in an Amazon S3 bucket. Employees from many countries use the

data hub to support company-wide analytics. A governance team must ensure that the company's data analysts

can access data only for customers who are within the same country as the analysts.

Which solution will meet these requirements with the LEAST operational effort?

Options :

A :

Create a separate table for each country-s customer data. Provide access to each analyst based on the country that the analyst serves.

B :

Register the S3 bucket as a data lake location in AWS Lake Formation. Use the Lake Formation row-level security features to enforce the company-s access policies.

C :

Move the data to AWS Regions that are close to the countries where the customers are. Provide access to each analyst based on the country that the analyst serves.

D :

Load the data into Amazon Redshift. Create a view for each country. Create separate 1AM roles for

each country to provide access to data from each country. Assign the appropriate roles to the analysts.

Answer: B

Question 3

A digital media company processes large volumes of image and video files daily. These files are stored in an Amazon S3 bucket. The company needs to analyze metadata extracted from these files (such as file size, type, creation date) and store this information for quick retrieval and analysis. The solution should automatically handle new files as they are uploaded and be scalable to handle increasing data volumes.

Which AWS service should the company implement to extract, store, and manage the metadata efficiently?

Options :

A : Use AWS Glue to run ETL jobs on new files in S3, extract metadata, and store it in Amazon RDS for querying.

B : Configure Amazon S3 Event Notifications to trigger AWS Lambda functions for metadata extraction and storage in Amazon DynamoDB.

C : Utilize Amazon Athena to query S3 metadata directly and store the query results in Amazon ElastiCache for quick access.

D : Implement Amazon Kinesis Data Firehose to capture file metadata and load it into Amazon Redshift for analysis.

Answer: B

Question 4

A healthcare organization is looking to store highly confidential patient records in an Amazon S3 bucket. The storage solution must comply with regulatory standards that require not only encryption of data at rest but also stringent control and auditing over who can access the encryption keys. Since their IT team lacks the resources to manage encryption processes manually, they need an encryption method that is both secure and manageable within their AWS environment.

What encryption method should they use for their S3 bucket to ensure compliance with these standards?

Options :

A : Implement Server-Side Encryption with AWS Key Management Service (SSE-KMS) for encryption at rest and to maintain control over encryption keys

B : Enable Amazon S3 managed keys (SSE-S3) for server-side encryption to ensure data is encrypted at rest with Amazon-managed keys

C : Use Amazon S3 default encryption with an Amazon-managed key for automatic encryption of all stored data.

D : Opt for client-side encryption with a client-managed key for encrypting data before uploading it to the S3 bucket

Answer: A

Question 5

A company hosts its applications on Amazon EC2 instances. The company must use SSL/TLS connections

that encrypt data in transit to communicate securely with AWS infrastructure that is managed by a customer.

A data engineer needs to implement a solution to simplify the generation, distribution, and rotation of digital

certificates. The solution must automatically renew and deploy SSL/TLS certificates.

Which solution will meet these requirements with the LEAST operational overhead?

Options :

A : Store self-managed certificates on the EC2 instances.

B : Use AWS Certificate Manager (ACM).

C : Implement custom automation scripts in AWS Secrets Manager.

D : Use Amazon Elastic Container Service (Amazon ECS) Service Connect.

Answer: B