- (Exam Topic 1)
A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.
Which solution meets these requirements?

1. A. Store the database user credentials in AWS Secrets Manager Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager
2. B. Store the database user credentials in AWS Systems Manager OpsCenter Grant the necessary IAM permissions to allow the web servers to access OpsCenter
3. C. Store the database user credentials in a secure Amazon S3 bucket Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.
4. D. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file syste
5. E. The web server should be able to decrypt the files and access the database

Correct Answer: A
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
Secrets Manager enables you to replace hardcoded credentials in your code, including passwords, with an API call to Secrets Manager to retrieve the secret programmatically. This helps ensure the secret can't be compromised by someone examining your code, because the secret no longer exists in the code. Also, you can configure Secrets Manager to automatically rotate the secret for you according to a specified schedule. This enables you to replace long-term secrets with short-term ones, significantly reducing the risk of compromise.

- (Exam Topic 3)
A company recently migrated its web application to AWS by rehosting the application on Amazon EC2 instances in a single AWS Region. The company wants to redesign its application architecture to be highly available and fault tolerant. Traffic must reach all running EC2 instances randomly.
Which combination of steps should the company take to meet these requirements? (Choose two.)

1. A. Create an Amazon Route 53 failover routing policy.
2. B. Create an Amazon Route 53 weighted routing policy.
3. C. Create an Amazon Route 53 multivalue answer routing policy.
4. D. Launch three EC2 instances: two instances in one Availability Zone and one instance in another Availability Zone.
5. E. Launch four EC2 instances: two instances in one Availability Zone and two instances in another Availability Zone.

Correct Answer: CE
https://aws.amazon.com/premiumsupport/knowledge-center/multivalue-versus-simple-policies/

- (Exam Topic 1)
A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.
Which solution will meet these requirements?

1. A. Use an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application receives an orde
2. B. Subscribe an AWS Lambda function to the topic to perform processing.
3. C. Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an orde
4. D. Configure the SQS FIFO queue to invoke an AWS Lambda function for processing.
5. E. Use an API Gateway authorizer to block any requests while the application processes an order.
6. F. Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the application receives an orde
7. G. Configure the SQS standard queue to invoke an AWS Lambda function for processing.

Correct Answer: B

- (Exam Topic 1)
A company is developing a two-tier web application on AWS. The company's developers have deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application. The company must also implement a solution to automatically rotate the database credentials on a regular basis.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Store the database credentials in the instance metadat
2. B. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and instance metadata at the same time.
3. C. Store the database credentials in a configuration file in an encrypted Amazon S3 bucke
4. D. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and the credentials in the configuration file at the same tim
5. E. Use S3 Versioning to ensure the ability to fall back to previous values.
6. F. Store the database credentials as a secret in AWS Secrets Manage
7. G. Turn on automatic rotation for the secre
8. H. Attach the required permission to the EC2 role to grant access to the secret.
9. I. Store the database credentials as encrypted parameters in AWS Systems Manager Parameter Stor
10. J. Turn on automatic rotation for the encrypted parameter
11. K. Attach the required permission to the EC2 role to grant access to the encrypted parameters.

Correct Answer: C
https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_database_secret.html

- (Exam Topic 3)
A company hosts a frontend application that uses an Amazon API Gateway API backend that is integrated with AWS Lambda When the API receives requests, the Lambda function loads many libranes Then the Lambda function connects to an Amazon RDS database processes the data and returns the data to the frontend application. The company wants to ensure that response latency is as low as possible for all its users with the fewest number of changes to the company's operations
Which solution will meet these requirements'?

1. A. Establish a connection between the frontend application and the database to make queries faster by bypassing the API
2. B. Configure provisioned concurrency for the Lambda function that handles the requests
3. C. Cache the results of the queries in Amazon S3 for faster retneval of similar datasets.
4. D. Increase the size of the database to increase the number of connections Lambda can establish at one time

Correct Answer: B
Configure provisioned concurrency for the Lambda function that handles the requests. Provisioned concurrency allows you to set the amount of compute resources that are available to the Lambda function, so that it can handle more requests at once and reduce latency. Caching the results of the queries in Amazon S3 could also help to reduce latency, but it would not be as effective as setting up provisioned concurrency. Increasing the size of the database would not help to reduce latency, as this would not increase the number of connections the Lambda function could establish, and establishing a direct connection between the frontend application and the database would bypass the API, which would not be the best solution either.
Using AWS Lambda with Amazon API Gateway - AWS Lambda https://docs.aws.amazon.com/lambda/latest/dg/services-apigateway.html AWS Lambda FAQs
https://aws.amazon.com/lambda/faqs/