A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-effectively?

1. A. Amazon S3 with encrypted files prefixed with “config”
2. B. AWS Secrets Manager secrets with a tag that is named SecretString
3. C. AWS Systems Manager Parameter Store SecureString parameters
4. D. CloudFormation NoEcho parameters

Correct Answer: C
AWS Systems Manager Parameter Store is a service that provides secure, hierarchical storage for configuration data and secrets. Parameter Store supports SecureString parameters, which are encrypted using AWS Key Management Service (AWS KMS) keys. SecureString parameters can be used to store license keys in AWS and retrieve them securely from automation scripts that run in EC2 instances or CloudFormation stacks. Parameter Store is a cost-effective solution because it does not charge for storing parameters or API calls. Reference: Working with Systems Manager parameters

A company has an ecommerce application. To track product reviews, the company's development team uses an Amazon DynamoDB table.
Every record includes the following
• A Review ID a 16-digrt universally unique identifier (UUID)
• A Product ID and User ID 16 digit UUlDs that reference other tables
• A Product Rating on a scale of 1-5
• An optional comment from the user
The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product.
Which index will provide the FASTEST response for this query"?

1. A. A global secondary index (GSl) with Product ID as the partition key and Product Rating as the sort key
2. B. A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort key
3. C. A local secondary index (LSI) with Product ID as the partition key and Product Rating as the sort key
4. D. A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

Correct Answer: A
This solution allows the fastest response for the query because it enables the query to use a single partition key value (the Product ID) and a range of sort key values (the Product Rating) to find the matching items. A global secondary index (GSI) is an index that has a partition key and an optional sort key that are different from those on the base table. A GSI can be created at any time and can be queried or scanned independently of the base table. A local secondary index (LSI) is an index that has the same partition key as the base table, but a different sort key. An LSI can only be created when the base table is created and must be queried together with the base table partition key. Using a GSI with Product ID as the partition key and Review ID as the sort key will not allow the query to use a range of sort key values to find the highest ratings. Using an LSI with Product ID as the partition key and Product Rating as the sort key will not work because Product ID is not the partition key of the base table. Using an LSI with Review ID as the partition key and Product ID as the sort key will not allow the query to use a single partition key value to find the matching items.
Reference: [Global Secondary Indexes], [Querying]

A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.
Which solution will meet these requirements?

1. A. Create an Amazon ElastiCache for Redis instanc
2. B. Enable encryption of data in transit and at res
3. C. Store frequently accessed data in the cache.
4. D. Create an Amazon ElastiCache for Memcached instanc
5. E. Enable encryption of data in transit and at res
6. F. Store frequently accessed data in the cache.
7. G. Create an Amazon RDS for MySQL read replic
8. H. Connect to the read replica by using SS
9. I. Configure the read replica to store frequently accessed data.
10. J. Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the tabl
11. K. Store frequently accessed data in the DynamoDB table.

Correct Answer: A
Amazon ElastiCache is a service that offers fully managed in-memory data stores that are compatible with Redis or Memcached. The developer can create an ElastiCache for Redis instance and enable encryption of data in transit and at rest. This will ensure that the PHI is encrypted at all times. The developer can store frequently accessed data in the cache and use Redis features such as sorting and ranking to enhance the performance of the application.
References:
✑ [What Is Amazon ElastiCache? - Amazon ElastiCache]
✑ [Encryption in Transit - Amazon ElastiCache for Redis]
✑ [Encryption at Rest - Amazon ElastiCache for Redis]

A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI.
Which step should the developer complete prior to deploying the application?

1. A. Compress the application to a zip file and upload it into AWS Lambda.
2. B. Test the new AWS Lambda function by first tracing it m AWS X-Ray.
3. C. Bundle the serverless application using a SAM package.
4. D. Create the application environment using the eb create my-env command.

Correct Answer: C
This step should be completed prior to deploying the application because it prepares the application artifacts for deployment. The AWS Serverless Application Model (AWS SAM) is a framework that simplifies building and deploying serverless applications on AWS. The AWS SAM CLI is a command-line tool that helps you create, test, and deploy serverless applications using AWS SAM templates. The sam package command bundles the application artifacts, such as Lambda function code and API definitions, and uploads them to an Amazon S3 bucket. The command also returns a CloudFormation template that is ready to be deployed with the sam deploy command. Compressing the application to a zip file and uploading it to AWS Lambda will not work because it does not use AWS SAM templates or CloudFormation. Testing the new Lambda function by first tracing it in AWS X- Ray will not prepare the application for deployment, but only monitor its performance and errors. Creating the application environment using the eb create my-env command will not work because it is a command for AWS Elastic Beanstalk, not AWS SAM.

A developer is modifying an existing AWS Lambda function White checking the code the developer notices hardcoded parameter various for an Amazon RDS for SQL Server user name password database host and port. There also are hardcoded parameter values for an Amazon DynamoOB table. an Amazon S3 bucket, and an Amazon Simple Notification Service (Amazon SNS) topic.
The developer wants to securely store the parameter values outside the code m an encrypted format and wants to turn on rotation for the credentials. The developer also wants to be able to reuse the parameter values from other applications and to update the parameter values without modifying code.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create an RDS database secret in AWS Secrets Manage
2. B. Set the user name password, database, host and por
3. C. Turn on secret rotatio
4. D. Create encrypted Lambda environment variables for the DynamoDB table, S3 bucket and SNS topic.
5. E. Create an RDS database secret in AWS Secrets Manage
6. F. Set the user name password, database, host and por
7. G. Turn on secret rotatio
8. H. Create Secure String parameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3 bucket and SNS topic.
9. I. Create RDS database parameters in AWS Systems Manager Paramete
10. J. Store for the user name password, database, host and por
11. K. Create encrypted Lambda environment variables for me DynamoDB table, S3 bucket, and SNS topi
12. L. Create a Lambda function and set the logic for the credentials rotation task Schedule the credentials rotation task in Amazon EventBridge.
13. M. Create RDS database parameters in AWS Systems Manager Paramete
14. N. Store for the user name password database, host, and por
15. O. Store the DynamoDB tabl
16. P. S3 bucket, and SNS topic in Amazon S3 Create a Lambda function and set the logic for the credentials rotation Invoke the Lambda function on a schedule.

Correct Answer: B
This solution will meet the requirements by using AWS Secrets Manager and AWS Systems Manager Parameter Store to securely store the parameter values outside the code in an encrypted format. AWS Secrets Manager is a service that helps protect secrets such as database credentials by encrypting them with AWS Key Management Service (AWS KMS) and enabling automatic rotation of secrets. The developer can create an RDS database secret in AWS Secrets Manager and set the user name, password, database, host, and port for accessing the RDS database. The developer can also turn on secret rotation, which will change the database credentials periodically according to a specified schedule or event. AWS Systems Manager Parameter Store is a service that provides secure and scalable storage for configuration data and secrets. The developer can create Secure String parameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3 bucket, and SNS topic, which will encrypt them with AWS KMS. The developer can also reuse the parameter values from other applications and update them without modifying code. Option A is not optimal because it will create encrypted Lambdaenvironment variables for the DynamoDB table, S3 bucket, and SNS topic, which may not be reusable or updatable without modifying code. Option C is not optimal because it will create RDS database parameters in AWS Systems Manager Parameter Store, which does not support automatic rotation of secrets. Option D is not optimal because it will store the DynamoDB table, S3 bucket, and SNS topic in Amazon S3, which may introduce additional costs and complexity for accessing configuration data.
References: AWS Secrets Manager, [AWS Systems Manager Parameter Store]