A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code.
Which combination of actions should the developer take to achieve this goal? (Select TWO)

1. A. Install the Amazon CloudWatch agent on the EC2 instances.
2. B. Install the AWS X-Ray daemon on the EC2 instances.
3. C. Configure the application to write JSON-formatted togs to /var/log/cloudwatch.
4. D. Configure the application to write trace data to /Var/log-/xray.
5. E. Install and configure the AWS X-Ray SDK for Python in the application.

Correct Answer: BE
This solution will meet the requirements by using AWS X-Ray to enable tracing of application requests to debug performance issues in the code. AWS X-Ray is a
service that collects data about requests that the applications serve, and provides tools to view, filter, and gain insights into that data. The developer can install the AWS X-Ray daemon on the EC2 instances, which is a software that listens for traffic on UDP port 2000, gathers raw segment data, and relays it to the X-Ray API. The developer can also install and configure the AWS X-Ray SDK for Python in the application, which is a library that enables instrumenting Python code to generate and send trace data to the X-Ray daemon. Option A is not optimal because it will install the Amazon CloudWatch agent on the EC2 instances, which is a software that collects metrics and logs from EC2 instances and on- premises servers, not application performance data. Option C is not optimal because it will configure the application to write JSON-formatted logs to /var/log/cloudwatch, which is not a valid path or destination for CloudWatch logs. Option D is not optimal because it will configure the application to write trace data to /var/log/xray, which is also not a valid path or destination for X-Ray trace data.
References: [AWS X-Ray], [Running the X-Ray Daemon on Amazon EC2]

An application runs on multiple EC2 instances behind an ELB.
Where is the session data best written so that it can be served reliably across multiple requests?

1. A. Write data to Amazon ElastiCache
2. B. Write data to Amazon Elastic Block Store
3. C. Write data to Amazon EC2 instance Store
4. D. Wide data to the root filesystem

Correct Answer: A
The solution that will meet the requirements is to write data to Amazon ElastiCache. This way, the application can write session data to a fast, scalable, and reliable in-memory data store that can be served reliably across multiple requests. The other options either involve writing data to persistent storage, which is slower and more expensive than in-memory storage, or writing data to the root filesystem, which is not shared among multiple EC2 instances.
Reference: Using ElastiCache for session management

A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM) on multiple AWS Lambda functions.
When the application is deployed, the developer wants to shift 10% of the traffic to the new deployment of the application for the first 10 minutes after deployment. If there are no issues, all traffic must switch over to the new version.
Which change to the AWS SAM template will meet these requirements?

1. A. Set the Deployment Preference Type to Canary10Percent10Minute
2. B. Set theAutoPublishAlias property to the Lambda alias.
3. C. Set the Deployment Preference Type to LinearlOPercentEvery10Minute
4. D. Set AutoPubIishAIias property to the Lambda alias.
5. E. Set the Deployment Preference Type to CanaryIOPercentIOMinute
6. F. Set the PreTraffic and PostTraffic properties to the Lambda alias.
7. G. Set the Deployment Preference Type to LinearlOPercentEveryIOMinute
8. H. Set PreTraffic and Post Traffic properties to the Lambda alias.

Correct Answer: A
The AWS Serverless Application Model (AWS SAM) comes built-in with CodeDeploy to provide gradual AWS Lambda deployments1.
The DeploymentPreference property in AWS SAM allows you to specify the type of deployment that you want. The Canary10Percent10Minutes option means that 10 percent of your customer traffic is immediately shifted to your new version. After 10 minutes, all traffic is shifted to the new version1. The AutoPublishAlias property in AWS SAM allows AWS SAM to automatically create an alias that points to the updated version of the Lambda function1. Therefore, option A is correct.

A company is building a web application on AWS. When a customer sends a request, the application will generate reports and then make the reports available to the customer within one hour. Reports should be accessible to the customer for 8 hours. Some reports are larger than 1 MB. Each report is unique to the customer. The application should delete all reports that are older than 2 days.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Generate the reports and then store the reports as Amazon DynamoDB items that have a specified TT
2. B. Generate a URL that retrieves the reports from DynamoD
3. C. Provide the URL to customers through the web application.
4. D. Generate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryptio
5. E. Attach the reports to an Amazon Simple Notification Service (Amazon SNS) messag
6. F. Subscribe the customer to email notifications from Amazon SNS.
7. G. Generate the reports and then store the reports in an Amazon S3 bucket that uses server-side encryptio
8. H. Generate a presigned URL that contains an expiration date Provide the URL to customers through the web applicatio
9. I. Add S3 Lifecycle configuration rules to the S3 bucket to delete old reports.
10. J. Generate the reports and then store the reports in an Amazon RDS database with a date stam
11. K. Generate an URL that retrieves the reports from the RDS databas
12. L. Provide the URL to customers through the web applicatio
13. M. Schedule an hourly AWS Lambda function to delete database records that have expired date stamps.

Correct Answer: C
This solution will meet the requirements with the least operational overhead because it uses Amazon S3 as a scalable, secure, and durable storage service for the reports. The presigned URL will allow customers to access their reports for a limited time (8 hours) without requiring additional authentication. The S3 Lifecycle configuration rules will automatically delete the reports that are older than 2 days, reducing storage costs and complying with the data retention policy. Option A is not optimal because it will incur additional costs and complexity to store the reports as DynamoDB items, which have a size limit of 400 KB. Option B is not optimal because it will not provide customers with access to their reports within one hour, as Amazon SNS email delivery is not guaranteed. Option D is not optimal because it will require more operational overhead to manage an RDS database and a Lambda function for storing and deleting the reports.
References: Amazon S3 Presigned URLs, Amazon S3 Lifecycle

A company needs to set up secure database credentials for all its AWS Cloud resources. The company's resources include Amazon RDS DB instances Amazon DocumentDB clusters and Amazon Aurora DB instances. The company's security policy mandates that database credentials be encrypted at rest and rotated at a regular interval.
Which solution will meet these requirements MOST securely?

1. A. Set up IAM database authentication for token-based acces
2. B. Generate user tokens to provide centralized access to RDS DB instance
3. C. Amazon DocumentDB clusters and Aurora DB instances.
4. D. Create parameters for the database credentials in AWS Systems Manager Parameter Store Set the Type parameter to Secure Stin
5. E. Set up automatic rotation on the parameters.
6. F. Store the database access credentials as an encrypted Amazon S3 object in an S3 bucket Block all public access on the S3 bucke
7. G. Use S3 server-side encryption to set upautomatic rotation on the encryption key.
8. H. Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager consol
9. I. Create secrets for the database credentials in Secrets Manager Set up secrets rotation on a schedule.

Correct Answer: D
This solution will meet the requirements by using AWS Secrets Manager, which is a service that helps protect secrets such as database credentials by encrypting them with AWS Key Management Service (AWS KMS) and enabling automatic rotation of secrets. The developer can create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console, which provides a sample code for rotating secrets for RDS DB instances, Amazon DocumentDB clusters, and Amazon Aurora DB instances. The developer can also create secrets for the database credentials in Secrets Manager, which encrypts them at rest and provides secure access to them. The developer can set up secrets rotation on a schedule, which changes the database credentials periodically according to a specified interval or event. Option A is not optimal because it will set up IAM database authentication for token-based access, which may not be compatible with all database engines and may require additional configuration and management of IAM roles or users. Option B is not optimal because it will create parameters for the database credentials in AWS Systems Manager Parameter Store, which does not support automatic rotation of secrets. Option C is not optimal because it will store the database access credentials as an encrypted Amazon S3 object in an S3 bucket, which may introduce additional costs and complexity for accessing and securing the data.
References: [AWS Secrets Manager], [Rotating Your AWS Secrets Manager Secrets]