amazon AWS Certified Database - Specialty practice test


Question 1

A database specialist needs to review and optimize an Amazon DynamoDB table that is experiencing performance issues. A
thorough investigation by the database specialist reveals that the partition key is causing hot partitions, so a new partition
key is created. The database specialist must effectively apply this new partition key to all existing and new data.
How can this solution be implemented?

  • A. Use Amazon EMR to export the data from the current DynamoDB table to Amazon S3. Then use Amazon EMR again to import the data from Amazon S3 into a new DynamoDB table with the new partition key.
  • B. Use AWS DMS to copy the data from the current DynamoDB table to Amazon S3. Then import the DynamoDB table to create a new DynamoDB table with the new partition key.
  • C. Use the AWS CLI to update the DynamoDB table and modify the partition key.
  • D. Use the AWS CLI to back up the DynamoDB table. Then use the restore-table-from-backup command and modify the partition key.
Answer:

D

Discussions

Question 2

A database specialist is designing an enterprise application for a large company. The application uses Amazon DynamoDB
with DynamoDB Accelerator (DAX). The database specialist observes that most of the queries are not found in the DAX
cache and that they still require DynamoDB table reads.
What should the database specialist review first to improve the utility of DAX?

  • A. The DynamoDB ConsumedReadCapacityUnits metric
  • B. The trust relationship to perform the DynamoDB API calls
  • C. The DAX cluster’s TTL setting
  • D. The validity of customer-specified AWS Key Management Service (AWS KMS) keys for DAX encryption at rest
Answer:

A

Explanation:
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html

Discussions

Question 3

A company is developing an application that performs intensive in-memory operations on advanced data structures such as
sorted sets. The application requires sub-millisecond latency for reads and writes. The application occasionally must run a
group of commands as an ACID-compliant operation. A database specialist is setting up the database for this application.
The database specialist needs the ability to create a new database cluster from the latest backup of the production cluster.
Which type of cluster should the database specialist create to meet these requirements?

  • A. Amazon ElastiCache for Memcached
  • B. Amazon Neptune
  • C. Amazon ElastiCache for Redis
  • D. Amazon DynamoDB Accelerator (DAX)
Answer:

D

Explanation:
Reference: https://aws.amazon.com/blogs/database/how-to-determine-if-amazon-dynamodb-is-appropriate-for-your-needs-
and-then-plan-your-migration/

Discussions

Question 4

A company is developing a multi-tier web application hosted on AWS using Amazon Aurora as the database. The application
needs to be deployed to production and other non-production environments. A Database Specialist needs to specify different
MasterUsername and MasterUserPassword properties in the AWS CloudFormation templates used for automated
deployment. The CloudFormation templates are version controlled in the companys code repository. The company also
needs to meet compliance requirement by routinely rotating its database master password for production. What is most
secure solution to store the master password?

  • A. Store the master password in a parameter file in each environment. Reference the environment-specific parameter file in the CloudFormation template.
  • B. Encrypt the master password using an AWS KMS key. Store the encrypted master password in the CloudFormation template.
  • C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
  • D. Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems Manager Parameter Store and enable automatic rotation.
Answer:

C

Discussions

Question 5

A financial company wants to store sensitive user data in an Amazon Aurora PostgreSQL DB cluster. The database will be
accessed by multiple applications across the company. The company has mandated that all communications to the database
be encrypted and the server identity must be validated. Any non-SSL-based connections should be disallowed access to the
database.
Which solution addresses these requirements?

  • A. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=allow.
  • B. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=disable.
  • C. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-ca.
  • D. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-full.
Answer:

D

Explanation:
Reference: https://forums.aws.amazon.com/message.jspa?messageID=734076

Discussions

Question 6

An application reads and writes data to an Amazon RDS for MySQL DB instance. A new reporting dashboard needs read-
only access to the database. When the application and reports are both under heavy load, the database experiences
performance degradation. A database specialist needs to improve the database performance.
What should the database specialist do to meet these requirements?

  • A. Create a read replica of the DB instance. Configure the reports to connect to the replication instance endpoint.
  • B. Create a read replica of the DB instance. Configure the application and reports to connect to the cluster endpoint.
  • C. Enable Multi-AZ deployment. Configure the reports to connect to the standby replica.
  • D. Enable Multi-AZ deployment. Configure the application and reports to connect to the cluster endpoint.
Answer:

C

Explanation:
Reference: https://www.nops.io/enable-multi-az-for-rds-instances/

Discussions

Question 7

A finance company migrated its 3 on-premises PostgreSQL database to an Amazon Aurora PostgreSQL DB cluster.
During a review after the migration, a database specialist discovers that the database is not encrypted at rest. The database
must be encrypted at rest as soon as possible to meet security requirements. The database specialist must enable
encryption for the DB cluster with minimal downtime.
Which solution will meet these requirements?

  • A. Modify the unencrypted DB cluster using the AWS Management Console. Enable encryption and choose to apply the change immediately.
  • B. Take a snapshot of the unencrypted DB cluster and restore it to a new DB cluster with encryption enabled. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
  • C. Create an encrypted Aurora Replica of the unencrypted DB cluster. Promote the Aurora Replica as the new master.
  • D. Create a new DB cluster with encryption enabled and use the pg_dump and pg_restore utilities to load data to the new DB cluster. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
Answer:

A

Explanation:
To enable encryption for a new DB cluster, choose Enable encryption on the console. For information on creating a DB
cluster.
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html

Discussions

Question 8

A retail company with its main office in New York and another office in Tokyo plans to build a database solution on AWS.
The companys main workload consists of a mission-critical application that updates its application data in a data store. The
team at the Tokyo office is building dashboards with complex analytical queries using the application data. The dashboards
will be used to make buying decisions, so they need to have access to the application data in less than 1 second. Which
solution meets these requirements?

  • A. Use an Amazon RDS DB instance deployed in the us-east-1 Region with a read replica instance in the ap-northeast-1 Region. Create an Amazon ElastiCache cluster in the ap-northeast-1 Region to cache application data from the replica to generate the dashboards.
  • B. Use an Amazon DynamoDB global table in the us-east-1 Region with replication into the ap-northeast-1 Region. Use Amazon QuickSight for displaying dashboard results.
  • C. Use an Amazon RDS for MySQL DB instance deployed in the us-east-1 Region with a read replica instance in the ap- northeast-1 Region. Have the dashboard application read from the read replica.
  • D. Use an Amazon Aurora global database. Deploy the writer instance in the us-east-1 Region and the replica in the ap- northeast-1 Region. Have the dashboard application read from the replica apnortheast-1 Region.
Answer:

D

Discussions

Question 9

A large ecommerce company uses Amazon DynamoDB to handle the transactions on its web portal. Traffic patterns
throughout the year are usually stable; however, a large event is planned. The company knows that traffic will increase by up
to 10 times the normal load over the 3-day event. When sale prices are published during the event, traffic will spike rapidly.
How should a Database Specialist ensure DynamoDB can handle the increased traffic?

  • A. Ensure the table is always provisioned to meet peak needs
  • B. Allow burst capacity to handle the additional load
  • C. Set an AWS Application Auto Scaling policy for the table to handle the increase in traffic
  • D. Preprovision additional capacity for the known peaks and then reduce the capacity after the event
Answer:

B

Discussions

Question 10

A company has a database fleet that includes an Amazon RDS for MySQL DB instance. During an audit, the company
discovered that the data that is stored on the DB instance is unencrypted.
A database specialist must enable encryption for the DB instance. The database specialist also must encrypt all connections
to the DB instance.
Which combination of actions should the database specialist take to meet these requirements? (Choose three.)

  • A. In the RDS console, choose Enable encryption to encrypt the DB instance by using an AWS Key Management Service (AWS KMS) key.
  • B. Encrypt the read replica of the unencrypted DB instance by using an AWS Key Management Service (AWS KMS) key. Fail over the read replica to the primary DB instance.
  • C. Create a snapshot of the unencrypted DB instance. Encrypt the snapshot by using an AWS Key Management Service (AWS KMS) key. Restore the DB instance from the encrypted snapshot. Delete the original DB instance.
  • D. Require SSL connections for applicable database user accounts.
  • E. Use SSL/TLS from the application to encrypt a connection to the DB instance.
  • F. Enable SSH encryption on the DB instance.
Answer:

A E F

Explanation:
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Discussions
To page 2