You can't convert an unencrypted DB cluster to an encrypted one. However, you can restore an unencrypted snapshot to an encrypted Aurora DB cluster. To do this, specify a KMS key when you restore from the unencrypted snapshot.
amazon AWS Certified Database - Specialty practice test
Question 1
A database specialist needs to review and optimize an Amazon DynamoDB table that is experiencing performance issues. A
thorough investigation by the database specialist reveals that the partition key is causing hot partitions, so a new partition
key is created. The database specialist must effectively apply this new partition key to all existing and new data.
How can this solution be implemented?
- A. Use Amazon EMR to export the data from the current DynamoDB table to Amazon S3. Then use Amazon EMR again to import the data from Amazon S3 into a new DynamoDB table with the new partition key.
- B. Use AWS DMS to copy the data from the current DynamoDB table to Amazon S3. Then import the DynamoDB table to create a new DynamoDB table with the new partition key.
- C. Use the AWS CLI to update the DynamoDB table and modify the partition key.
- D. Use the AWS CLI to back up the DynamoDB table. Then use the restore-table-from-backup command and modify the partition key.
Answer:
D
Discussions
0
/ 1000
Question 2
A database specialist is designing an enterprise application for a large company. The application uses Amazon DynamoDB
with DynamoDB Accelerator (DAX). The database specialist observes that most of the queries are not found in the DAX
cache and that they still require DynamoDB table reads.
What should the database specialist review first to improve the utility of DAX?
- A. The DynamoDB ConsumedReadCapacityUnits metric
- B. The trust relationship to perform the DynamoDB API calls
- C. The DAX cluster’s TTL setting
- D. The validity of customer-specified AWS Key Management Service (AWS KMS) keys for DAX encryption at rest
Answer:
A
Explanation:
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html
Discussions
0
/ 1000
Question 3
A company is developing an application that performs intensive in-memory operations on advanced data structures such as
sorted sets. The application requires sub-millisecond latency for reads and writes. The application occasionally must run a
group of commands as an ACID-compliant operation. A database specialist is setting up the database for this application.
The database specialist needs the ability to create a new database cluster from the latest backup of the production cluster.
Which type of cluster should the database specialist create to meet these requirements?
- A. Amazon ElastiCache for Memcached
- B. Amazon Neptune
- C. Amazon ElastiCache for Redis
- D. Amazon DynamoDB Accelerator (DAX)
Answer:
D
Explanation:
Reference: https://aws.amazon.com/blogs/database/how-to-determine-if-amazon-dynamodb-is-appropriate-for-your-needs-
and-then-plan-your-migration/
Discussions
0
/ 1000
Question 4
A company is developing a multi-tier web application hosted on AWS using Amazon Aurora as the database. The application
needs to be deployed to production and other non-production environments. A Database Specialist needs to specify different
MasterUsername and MasterUserPassword properties in the AWS CloudFormation templates used for automated
deployment. The CloudFormation templates are version controlled in the companys code repository. The company also
needs to meet compliance requirement by routinely rotating its database master password for production. What is most
secure solution to store the master password?
- A. Store the master password in a parameter file in each environment. Reference the environment-specific parameter file in the CloudFormation template.
- B. Encrypt the master password using an AWS KMS key. Store the encrypted master password in the CloudFormation template.
- C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
- D. Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems Manager Parameter Store and enable automatic rotation.
Answer:
C
Discussions
0
/ 1000
Question 5
A financial company wants to store sensitive user data in an Amazon Aurora PostgreSQL DB cluster. The database will be
accessed by multiple applications across the company. The company has mandated that all communications to the database
be encrypted and the server identity must be validated. Any non-SSL-based connections should be disallowed access to the
database.
Which solution addresses these requirements?
- A. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=allow.
- B. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=disable.
- C. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-ca.
- D. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-full.
Answer:
D
Explanation:
Reference: https://forums.aws.amazon.com/message.jspa?messageID=734076
Discussions
0
/ 1000
Question 6
An application reads and writes data to an Amazon RDS for MySQL DB instance. A new reporting dashboard needs read-
only access to the database. When the application and reports are both under heavy load, the database experiences
performance degradation. A database specialist needs to improve the database performance.
What should the database specialist do to meet these requirements?
- A. Create a read replica of the DB instance. Configure the reports to connect to the replication instance endpoint.
- B. Create a read replica of the DB instance. Configure the application and reports to connect to the cluster endpoint.
- C. Enable Multi-AZ deployment. Configure the reports to connect to the standby replica.
- D. Enable Multi-AZ deployment. Configure the application and reports to connect to the cluster endpoint.
Answer:
C
Explanation:
Reference: https://www.nops.io/enable-multi-az-for-rds-instances/
Discussions
0
/ 1000
Question 7
A finance company migrated its 3 on-premises PostgreSQL database to an Amazon Aurora PostgreSQL DB cluster.
During a review after the migration, a database specialist discovers that the database is not encrypted at rest. The database
must be encrypted at rest as soon as possible to meet security requirements. The database specialist must enable
encryption for the DB cluster with minimal downtime.
Which solution will meet these requirements?
- A. Modify the unencrypted DB cluster using the AWS Management Console. Enable encryption and choose to apply the change immediately.
- B. Take a snapshot of the unencrypted DB cluster and restore it to a new DB cluster with encryption enabled. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
- C. Create an encrypted Aurora Replica of the unencrypted DB cluster. Promote the Aurora Replica as the new master.
- D. Create a new DB cluster with encryption enabled and use the pg_dump and pg_restore utilities to load data to the new DB cluster. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
Answer:
A
Explanation:
To enable encryption for a new DB cluster, choose Enable encryption on the console. For information on creating a DB
cluster.
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html
Discussions
0
/ 1000
1Â year ago
Question 8
A retail company with its main office in New York and another office in Tokyo plans to build a database solution on AWS.
The companys main workload consists of a mission-critical application that updates its application data in a data store. The
team at the Tokyo office is building dashboards with complex analytical queries using the application data. The dashboards
will be used to make buying decisions, so they need to have access to the application data in less than 1 second. Which
solution meets these requirements?
- A. Use an Amazon RDS DB instance deployed in the us-east-1 Region with a read replica instance in the ap-northeast-1 Region. Create an Amazon ElastiCache cluster in the ap-northeast-1 Region to cache application data from the replica to generate the dashboards.
- B. Use an Amazon DynamoDB global table in the us-east-1 Region with replication into the ap-northeast-1 Region. Use Amazon QuickSight for displaying dashboard results.
- C. Use an Amazon RDS for MySQL DB instance deployed in the us-east-1 Region with a read replica instance in the ap- northeast-1 Region. Have the dashboard application read from the read replica.
- D. Use an Amazon Aurora global database. Deploy the writer instance in the us-east-1 Region and the replica in the ap- northeast-1 Region. Have the dashboard application read from the replica apnortheast-1 Region.
Answer:
D
Discussions
0
/ 1000
Question 9
A large ecommerce company uses Amazon DynamoDB to handle the transactions on its web portal. Traffic patterns
throughout the year are usually stable; however, a large event is planned. The company knows that traffic will increase by up
to 10 times the normal load over the 3-day event. When sale prices are published during the event, traffic will spike rapidly.
How should a Database Specialist ensure DynamoDB can handle the increased traffic?
- A. Ensure the table is always provisioned to meet peak needs
- B. Allow burst capacity to handle the additional load
- C. Set an AWS Application Auto Scaling policy for the table to handle the increase in traffic
- D. Preprovision additional capacity for the known peaks and then reduce the capacity after the event
Answer:
B
Discussions
0
/ 1000
Question 10
A company has a database fleet that includes an Amazon RDS for MySQL DB instance. During an audit, the company
discovered that the data that is stored on the DB instance is unencrypted.
A database specialist must enable encryption for the DB instance. The database specialist also must encrypt all connections
to the DB instance.
Which combination of actions should the database specialist take to meet these requirements? (Choose three.)
- A. In the RDS console, choose Enable encryption to encrypt the DB instance by using an AWS Key Management Service (AWS KMS) key.
- B. Encrypt the read replica of the unencrypted DB instance by using an AWS Key Management Service (AWS KMS) key. Fail over the read replica to the primary DB instance.
- C. Create a snapshot of the unencrypted DB instance. Encrypt the snapshot by using an AWS Key Management Service (AWS KMS) key. Restore the DB instance from the encrypted snapshot. Delete the original DB instance.
- D. Require SSL connections for applicable database user accounts.
- E. Use SSL/TLS from the application to encrypt a connection to the DB instance.
- F. Enable SSH encryption on the DB instance.
Answer:
A E F
Explanation:
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
Discussions
0
/ 1000
Question 11
A company has an on-premises production Microsoft SQL Server with 250 GB of data in one database. A database
specialist needs to migrate this on-premises SQL Server to Amazon RDS for SQL Server. The nightly native SQL Server
backup file is approximately 120 GB in size. The application can be down for an extended period of time to complete the
migration. Connectivity between the onpremises environment and AWS can be initiated from on-premises only.
How can the database be migrated from on-premises to Amazon RDS with the LEAST amount of effort?
- A. Back up the SQL Server database using a native SQL Server backup. Upload the backup files to Amazon S3. Download the backup files on an Amazon EC2 instance and restore them from the EC2 instance into the new production RDS instance.
- B. Back up the SQL Server database using a native SQL Server backup. Upload the backup files to Amazon S3. Restore the backup files from the S3 bucket into the new production RDS instance.
- C. Provision and configure AWS DMS. Set up replication between the on-premises SQL Server environment to replicate the database to the new production RDS instance.
- D. Back up the SQL Server database using AWS Backup. Once the backup is complete, restore the completed backup to an Amazon EC2 instance and move it to the new production RDS instance.
Answer:
B
Explanation:
Reference: https://www.sqlshack.com/aws-rds-sql-server-migration-using-native-backups/
Discussions
0
/ 1000
Question 12
A Database Specialist is setting up a new Amazon Aurora DB cluster with one primary instance and three Aurora Replicas
for a highly intensive, business-critical application. The Aurora DB cluster has one medium-sized primary instance, one
large-sized replica, and two medium sized replicas. The Database Specialist did not assign a promotion tier to the replicas.
In the event of a primary failure, what will occur?
- A. Aurora will promote an Aurora Replica that is of the same size as the primary instance
- B. Aurora will promote an arbitrary Aurora Replica
- C. Aurora will promote the largest-sized Aurora Replica
- D. Aurora will not promote an Aurora Replica
Answer:
A
Explanation:
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-ug.pdf
Discussions
0
/ 1000
Question 13
A company is going through a security audit. The audit team has identified cleartext master user password in the AWS
CloudFormation templates for Amazon RDS for MySQL DB instances. The audit team has flagged this as a security risk to
the database team.
What should a database specialist do to mitigate this risk?
- A. Change all the databases to use AWS IAM for authentication and remove all the cleartext passwords in CloudFormation templates.
- B. Use an AWS Secrets Manager resource to generate a random password and reference the secret in the CloudFormation template.
- C. Remove the passwords from the CloudFormation templates so Amazon RDS prompts for the password when the database is being created.
- D. Remove the passwords from the CloudFormation template and store them in a separate file. Replace the passwords by running CloudFormation using a sed command.
Answer:
C
Discussions
0
/ 1000
Question 14
A Database Specialist is performing a proof of concept with Amazon Aurora using a small instance to confirm a simple
database behavior. When loading a large dataset and creating the index, the Database Specialist encounters the following
error message from Aurora:
ERROR: cloud not write block 7507718 of temporary file: No space left on device
What is the cause of this error and what should the Database Specialist do to resolve this issue?
- A. The scaling of Aurora storage cannot catch up with the data loading. The Database Specialist needs to modify the workload to load the data slowly.
- B. The scaling of Aurora storage cannot catch up with the data loading. The Database Specialist needs to enable Aurora storage scaling.
- C. The local storage used to store temporary tables is full. The Database Specialist needs to scale up the instance.
- D. The local storage used to store temporary tables is full. The Database Specialist needs to enable local storage scaling.
Answer:
C
Explanation:
Reference: https://serverfault.com/questions/109828/how-can-i-tune-postgres-to-avoid-this-error
Discussions
0
/ 1000
Question 15
A database specialist wants to ensure that an Amazon Aurora DB cluster is always automatically upgraded to the most
recent minor version available. Noticing that there is a new minor version available, the database specialist has issues an
AWS CLI command to enable automatic minor version updates. The command runs successfully, but checking the Aurora
DB cluster indicates that no update to the Aurora version has been made.
What might account for this? (Choose two.)
- A. The new minor version has not yet been designated as preferred and requires a manual upgrade.
- B. Configuring automatic upgrades using the AWS CLI is not supported. This must be enabled expressly using the AWS Management Console.
- C. Applying minor version upgrades requires sufficient free space.
- D. The AWS CLI command did not include an apply-immediately parameter.
- E. Aurora has detected a breaking change in the new minor version and has automatically rejected the upgrade.
Answer:
C D
Discussions
0
/ 1000