A company's application has an AWS Lambda function that processes messages from loT devices. The company wants to monitor the Lambda function to ensure that the Lambda function is meeting its required service level agreement (SLA). A developer must implement a solution to determine the application's throughput in near real time. The throughput must be based on the number of messages that the Lambda function receives and processes in a given time period. The Lambda function performs initialization and post-processing steps that must not factor into the throughput measurement. What should the developer do to meet these requirements?
A. Use the Lambda function's ConcurrentExecutions metric in Amazon CloudWatch to
measure the throughput.
B. Modify the application to log the calculated throughput to Amazon CloudWatch Logs. Use Amazon EventBridge to invoke a separate Lambda function to process the logs on a schedule.
C. Modify the application to publish custom Amazon CloudWatch metrics when the Lambda function receives and processes each message. Use the metrics to calculate the throughput.
D. Use the Lambda function's Invocations metric and Duration metric to calculate the throughput in Amazon CloudWatch.
A company has many microservices that are comprised of AWS Lambda functions. Multiple teams within the company split ownership of the microservices. An application reads configuration values from environment variables that are contained in the Lambda functions. During a security audit, the company discovers that some of the environment variables contain sensitive information. The company's security policy requires each team to have full control over the rotation of AWS KMS keys that the team uses for its respective microservices.
A. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys
to encrypt the environment variables. Add kms:Decrypt permissions to the Lambda function
execution roles.
B. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:Decrypt permission to the Lambda function execution roles.
C. Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.
D. Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.
A company runs an application on AWS The application uses an AWS Lambda function that is configured with an Amazon Simple Queue Service (Amazon SQS) queue called high priority queue as the event source A developer is updating the Lambda function with another SQS queue called low priority queue as the event source The Lambda function must always read up to 10 simultaneous messages from the high priority queue before processing messages from low priority queue. The Lambda function must be limited to 100 simultaneous invocations. Which solution will meet these requirements'?
A. Set the event source mapping batch size to 10 for the high priority queue and to 90 for
the low priority queue
B. Set the delivery delay to 0 seconds for the high priority queue and to 10 seconds for the low priority queue
C. Set the event source mapping maximum concurrency to 10 for the high priority queue and to 90 for the low priority queue
D. Set the event source mapping batch window to 10 for the high priority queue and to 90 for the low priority queue
A developer is creating an application that uses an Amazon DynamoDB table. The developer needs to develop code that reads all records that were added to the table during the previous day. creates HTML reports, and pushes the reports into third-party storage. The item size varies from 1 KB to 4 KB, and the index structure is defined with the date. The developer needs to minimize the read capacity that the application requires from the DynamoDB table. Which DynamoDB API operation should the developer use in the code to meet these requirements?
A. Query
B. Scan
C. BatchGetltem
D. Getltem
A developer is creating a microservices application that runs across multiple compute environments. The application must securely access secrets that are stored in AWS Secrets Manager with minimal network latency. The developer wants a solution that reduces the number of direct calls to Secrets Manager and simplifies secrets management across environments. Which solution will meet these requirements with the LEAST operational overhead?
A. Create a custom script that retrieves secrets directly from Secrets Manager and caches
the secrets in a local database for each compute environment.
B. Install the Secrets Manager Agent in each compute environment. Configure the agent to cache secrets locally. Securely retrieve the secrets from Secrets Manager as needed.
C. Implement lazy loading logic in the application to fetch secrets directly from Secrets Manager and to cache the secrets in Redis.
D. Store the secrets in an Amazon S3 bucket. Retrieve and load the secrets as environment variables during application startup for each compute environment.
A company uses AWS X-Ray to monitor a serverless application. The components of the application have different request rates. The user interactions and transactions are important to trace, but they are low in volume. The background processes such as application health checks, polling, and connection maintenance generate high volumes of read-only requests. Currently, the default X-Ray sampling rules are universal for all requests. Only the first request per second and some additional requests are recorded. This setup is not helping the company review the requests based on service or request type. A developer must configure rules to trace requests based on service or request properties. The developer must trace the user interactions and transactions without wasting effort recording minor background tasks. Which solution will meet these requirements?
A. Disable sampling for high-volume read-only requests. Sample at a lower rate for all
requests that handle user interactions or transactions.
B. Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a higher rate.
C. Disable sampling and trace all requests for requests that handle user interactions or transactions. Sample high-volume read-only requests at a lower rate.
D. Disable sampling for high-volume read-only requests. Sample at a higher rate for all requests that handle user interactions or transactions.
A developer needs to set up an API to provide access to an application and its resources. The developer has a TLS certificate. The developer must have the ability to change the default base URL of the API to a custom domain name. The API users are distributed globally. The solution must minimize API latency.
A. Create an Amazon CloudFront distribution that uses an AWS Lambda@Edge function to
process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the
CloudFront distribution.
B. Create an Amazon API Gateway REST API. Use the private endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.
C. Create an Amazon API Gateway REST API. Use the edge-optimized endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.
D. Create an Amazon CloudFront distribution that uses CloudFront Functions to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.
A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment. Which solution will meet this requirement with the LEAST operational overhead?
A. Set up a custom script within the application to randomly select 15% of users. Assign a
flag for the new feature to the selected users.
B. Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.
C. Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.
D. Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code.
A company is planning to deploy an application on AWS behind an Elastic Load Balancing (ELB) load balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses. Which load-balancing solution meets these requirements?
A. Use an Application Load Balancer and the X-Forwarded-For headers.
B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application.
C. Use an Application Load Balancer. Register the targets by the instance ID.
D. Use a Network Load Balancer and the X-Forwarded-For headers.
A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises source control management (SCM) system to Amazon EventBridge. The company has configured an EventBridge rule to listen for the events and to control application deployment in a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts. How can a developer meet these requirements without changing the configuration of the SCM system?
A. Deploy the API Gateway REST API to all the required AWS accounts. Use the same
custom domain name for all the gateway endpoints so that a single SCM webhook can be
used for all events from all accounts.
B. Deploy the API Gateway REST API to all the receiver AWS accounts. Create as many SCM webhooks as the number of AWS accounts.
C. Grant permission to the central AWS account for EventBridge to access the receiver AWS accounts. Add an EventBridge event bus on the receiver AWS accounts as the targets to the existing EventBridge rule.
D. Convert the API Gateway type from REST API to HTTP API.