A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.
A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.
What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

1. A. Set up an S3 event notification that invokes the removePii function when an S3 GET request is mad
2. B. Call Amazon S3 by using a GET request to access the object without PII.
3. C. Set up an S3 event notification that invokes the removePii function when an S3 PUT request is mad
4. D. Call Amazon S3 by using a PUT request to access the object without PII.
5. E. Create an S3 Object Lambda access point from the S3 consol
6. F. Select the removePii functio
7. G. Use S3 Access Points to access the object without PII.
8. H. Create an S3 access point from the S3 consol
9. I. Use the access point name to call the GetObjectLegalHold S3 API functio
10. J. Pass in the removePii function name to access the object without PII.

Correct Answer: C
S3 Object Lambda allows you to add your own code to process data retrieved from S3 before returning it to an application. You can use an AWS Lambda function to modify the data, such as removing PII, redacting confidential information, or resizing images. You can create an S3 Object Lambda access point and associate it with your Lambda function. Then, you can use the access point to request objects from S3 and get the modified data back. This way, you can maintain only one copy of the original
document in S3 and apply different transformations depending on who accesses it. Reference: Using AWS Lambda with Amazon S3

A company built an online event platform For each event the company organizes quizzes and generates leaderboards that are based on the quiz scores. The company stores the leaderboard data in Amazon DynamoDB and retains the data for 30 days after an event is complete The company then uses a scheduled job to delete the old leaderboard data
The DynamoDB table is configured with a fixed write capacity. During the months when many events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.
A developer must create a long-term solution that deletes the old leaderboard data and optimizes write throughput
Which solution meets these requirements?

1. A. Configure a TTL attribute for the leaderboard data
2. B. Use DynamoDB Streams to schedule and delete the leaderboard data
3. C. Use AWS Step Functions to schedule and delete the leaderboard data.
4. D. Set a higher write capacity when the scheduled delete job runs

Correct Answer: A
"deletes the item from your table without consuming any write throughput" https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html

A company is building a new application that runs on AWS and uses Amazon API Gateway to expose APIs Teams of developers are working on separate components of the application in parallel The company wants to publish an API without an integrated backendso that teams that depend on the application backend can continue the development work before the API backend development is complete.
Which solution will meet these requirements?

1. A. Create API Gateway resources and set the integration type value to MOCK Configure the method integration request and integration response to associate a response with an HTTP status code Create an API Gateway stage and deploy the API.
2. B. Create an AWS Lambda function that returns mocked responses and various HTTP status code
3. C. Create API Gateway resources and set the integration type value to AWS_PROXY Deploy the API.
4. D. Create an EC2 application that returns mocked HTTP responses Create API Gateway resources and set the integration type value to AWS Create an API Gateway stage and deploy the API.
5. E. Create API Gateway resources and set the integration type value set to HTTP_PROX
6. F. Add mapping templates and deploy the AP
7. G. Create an AWS Lambda layer that returns various HTTP status codes Associate the Lambda layer with the API deployment

Correct Answer: A
The best solution for publishing an API without an integrated backend is to use the MOCK integration type in API Gateway. This allows the developer to return a static response to the client without sending the request to a backend service. The developer can configure the method integration request and integration response to associate a response with an HTTP status code, such as 200 OK or 404 Not Found. The developer can also create an API Gateway stage and deploy the API to make it available to the teams that depend on the application backend. The other solutions are either not feasible or not efficient. Creating an AWS Lambda function, an EC2 application, or an AWS Lambda layer would require additional resources and code to generate the mocked responses and HTTP status codes. These solutions would also incur additional costs and complexity, and would not leverage the built-in functionality of API Gateway. References
✑ Set up mock integrations for API Gateway REST APIs
✑ Mock Integration for API Gateway - AWS CloudFormation
✑ Mocking API Responses with API Gateway
✑ How to mock API Gateway responses with AWS SAM

A developer is creating an AWS Lambda function that consumes messages from an Amazon Simple Queue Service (Amazon SQS) standard queue. The developer notices that the Lambda function processes some messages multiple times.
How should developer resolve this issue MOST cost-effectively?

1. A. Change the Amazon SQS standard queue to an Amazon SQS FIFO queue by using the Amazon SQS message deduplication ID.
2. B. Set up a dead-letter queue.
3. C. Set the maximum concurrency limit of the AWS Lambda function to 1
4. D. Change the message processing to use Amazon Kinesis Data Streams instead of Amazon SQS.

Correct Answer: A
Amazon Simple Queue Service (Amazon SQS) is a fully managed queue service that allows you to de-couple and scale for applications1. Amazon SQS offers two types of queues: Standard and FIFO (First In First Out) queues1. The FIFO queue uses
the messageDeduplicationId property to treat messages with the same value as duplicate2.
Therefore, changing the Amazon SQS standard queue to an Amazon SQS FIFO queue using the Amazon SQS message deduplication ID can help resolve the issue of the Lambda function processing some messages multiple times. Therefore, option A is correct.

A developer is planning to migrate on-premises company data to Amazon S3. The data must be encrypted, and the encryption Keys must support automate annual rotation. The company must use AWS Key Management Service (AWS KMS) to encrypt the data.
When type of keys should the developer use to meet these requirements?

1. A. Amazon S3 managed keys
2. B. Symmetric customer managed keys with key material that is generated by AWS
3. C. Asymmetric customer managed keys with key material that generated by AWS
4. D. Symmetric customer managed keys with imported key material

Correct Answer: B
The type of keys that the developer should use to meet the requirements is symmetric customer managed keys with key material that is generated by AWS. This way, the developer can use AWS Key Management Service (AWS KMS) to encrypt the data with a symmetric key that is managed by the developer. The developer can also enable automatic annual rotation for the key, which creates new key material for the key every year. The other options either involve using Amazon S3 managed keys, which do not support automatic annual rotation, or using asymmetric keys or imported key material, which are not supported by S3 encryption.
Reference: Using AWS KMS keys to encrypt S3 objects