DBS-C01 Practice Exam Questions with Answers AWS Certified Database - Specialty Certification

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html

When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint (the old DB Instance can be deleted if so desired). This is done to enable you to create multiple DB Instances from a specific DB Snapshot or point in time."

Correct Answer: A

Explanation from Amazon documents:

Amazon Aurora PostgreSQL is a fully managed relational database service that is compatible with PostgreSQL. Aurora PostgreSQL offers up to three times better performance than standard PostgreSQL, as well as high availability, scalability, security, and durability. Aurora PostgreSQL also supports Babelfish, which is a new feature that enables Aurora to understand queries from applications written for Microsoft SQL Server. Babelfish allows you to migrate your SQL Server databases to Aurora PostgreSQL with minimal or no code changes, and run complex T-SQL queries and stored procedures on Aurora PostgreSQL.

Migrating the database to Amazon Aurora PostgreSQL and turning on Babelfish will meet the requirements of minimizing database server maintenance and operating costs, and minimizing the need to rewrite code as part of the migration effort. This solution will allow the company to benefit from the performance, reliability, and cost-efficiency of Aurora PostgreSQL, while preserving the compatibility and functionality of SQL Server. The company will also avoid the hassle and expense of managing and licensing SQL Server on premises or on AWS.

Therefore, option A is the correct solution to meet the requirements. Option B is not suitable because Amazon S3 is an object storage service that is not designed for OLTP workloads. Amazon Redshift Spectrum is a feature that allows you to query data in S3 using Amazon Redshift, but it is not compatible with SQL Server or T-SQL. Option C is not optimal because Amazon RDS for SQL Server is a managed relational database service that supports SQL Server, but it does not offer the same performance, scalability, or cost savings as Aurora PostgreSQL. Kerberos authentication is a security feature that does not affect the migration effort or the operating costs. Option D is not suitable because Amazon EMR is a big data processing service that runs Apache Hadoop and Spark clusters, not relational databases. EMR does not support SQL Server or T-SQL, and it is not optimized for OLTP workloads.

https://aws.amazon.com/blogs/database/configuring-amazon-elasticache-for-redis-for-higher-availability/

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html#bp-partition-key-throughput-bursting

"DynamoDB provides some flexibility in your per-partition throughput provisioning by providing burst capacity. Whenever you're not fully using a partition's throughput, DynamoDB reserves a portion of that unused capacity for later bursts of throughput to handle usage spikes. DynamoDB currently retains up to 5 minutes (300 seconds) of unused read and write capacity. During an occasional burst of read or write activity, these extra capacity units can be consumed quickly—even faster than the per-second provisioned throughput capacity that you've defined for your table. DynamoDB can also consume burst capacity for background maintenance and other tasks without prior notice. Note that these burst capacity details might change in the future."

On-demand mode is a good option if any of the following are true: You create new tables with unknown workloads. You have unpredictable application traffic. You prefer the ease of paying for only what you use. https://docs.aws.amazon.com/amazondynamodb/ latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual

Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html

https://aws.amazon.com/blogs/database/migrating-oracle-databases-with-near-zero-downtime-using-aws-dms/

The correct answer is D. Create one table for each game. Use the player identifier as the partition key. Use the event time as the sort key.

The explanation is as follows:

• The ItemCollectionSizeLimitExceededException error occurs when an item collection exceeds the 10 GB limit1. An item collection is a group of items that have the same partition key value but different sort key values2. In this case, the item collection is based on the game name, which has only three possible values. This means that all events for each game are stored in the same item collection, which can easily exceed the 10 GB limit given the high volume and size of events.
• To avoid this error, a database specialist should recommend a design change that distributes the events across more partitions and reduces the size of each item collection. Option D achieves this by creating one table for each game, and using the player identifier as the partition key. This way, each event is stored in a separate partition based on the player identifier, and sorted by the event time. This design also supports efficient queries by game, player, and time range.
• Option A is incorrect because it still uses a single table for all events, which can cause hot partitions and throttling due to uneven access patterns across games. Also, using the player identifier as the partition key can result in many small partitions that are underutilized and waste provisioned capacity. Adding a global secondary index with the game name as the partition key and the event time as the sort key does not solve the problem of item collection size limit, because global secondary indexes have their own item collections that are subject to the same limit3.
• Option B is incorrect because it creates two tables with redundant data and increases storage costs. Also, using the game name as the partition key in both tables does not solve the problem of item collection size limit, as explained above.
• Option C is incorrect because it still uses a single table for all events, which can cause hot partitions and throttling due to uneven access patterns across games. Also, replacing the sort key with a compound value consisting of the player identifier collated with the event time does not reduce the size of each item collection, because each event still has a unique sort key value. Adding a local secondary index with the player identifier as the sort key does not solve the problem of item collection size limit, because local secondary indexes share the same item collections as their base table4.

References: 1: ItemCollectionSizeLimitExceededException (AWS SDK for Java - 1.12.547) 2: Best practices for designing and using partition keys effectively - Amazon DynamoDB 3: Global Secondary Indexes - Amazon DynamoDB 4: Local Secondary Indexes - Amazon DynamoDB

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.html

https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-sql-server/ec2-fci.html

An FCI is generally preferable over an Always on availability group when: You’re using SQL Server Standard edition instead of Enterprise edition.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html "When you set a stack policy, all resources are protected by default. To allow updates on all resources, we add an Allow statement that allows all actions on all resources. Although the Allow statement specifies all resources, the explicit Deny statement overrides it for the resource with the ProductionDatabase logical ID. This Deny statement prevents all update actions, such as replacement or deletion, on the ProductionDatabase resource."

https://medium.com/@souri29/how-to-migrate-from-amazon-rds-aurora-or-mysql-to-amazon-aurora-serverless -55f9a4a74078

Correct Answer: D

Explanation from Amazon documents:

A CloudFormation stack policy is a JSON document that defines the update actions that can be performed on designated resources in a CloudFormation stack. A stack policy can be used to prevent accidental updates or deletions of stack resources, such as a production database.

The Update:Replace action is an update action that replaces an existing resource with a new one during a stack update. This action can cause data loss or downtime for the resource. To prevent this action from affecting the production database resources, the database engineer should use a Deny statement for the Update:Replace action on the production database resources in the stack policy. This statement will override any Allow statements for the same action and resource, and protect the production database resources from being replaced during a stack update.

Therefore, option D is the correct stack policy action to meet the requirements. Option A is incorrect because the Update:Modify action is not a valid update action for a stack policy. The valid update actions are Update:Replace, Update:Skip, and Delete. Option B is incorrect because it does not specify a valid update action for the Deny statement. Option C is incorrect because the Update:Delete action is not a valid update action for a stack policy. The valid update actions are Update:Replace, Update:Skip, and Delete.

Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected data sets1. Graph databases are designed to store and query data that has complex relationships and interconnections, such as social networks, recommendation engines, fraud detection, and knowledge graphs2. Amazon Neptune supports two popular graph models: Property Graph and Resource Description Framework (RDF), and their respective query languages: Apache TinkerPop Gremlin and SPARQL2.

Amazon Neptune also supports IAM policies to control access to the database resources and operations. You can use IAM database authentication to authenticate users and applications that connect to a Neptune DB cluster. IAM database authentication works with MySQL and PostgreSQL database clients. You can also use IAM roles to manage access to Neptune from other AWS services, such as Amazon EC2, AWS Lambda, and Amazon SageMaker2.

Therefore, Amazon Neptune DB cluster is a suitable solution for the marketing company’s requirements, as it can provide a graph database storage solution that is optimized for highly connected data and can limit connections and programmatic access by using IAM policies.

The best combination of actions to meet the company’s requirements are:

• A. Establish an AWS Direct Connect hosted connection between the company’s data center and AWS. This will provide a secure and high-bandwidth connection for the Always On data replication and minimize the network latency and data loss.
• D. Deploy a new SQL Server Always On availability group DB cluster on Amazon EC2. Configure Always On distributed availability groups between the on-premises DB cluster and the AWS DB cluster. Fail over to the AWS DB cluster when it is time to migrate. This will allow the company to use the same SQL Server version and edition as on-premises, and leverage the distributed availability group feature to span two separate availability groups across different locations. The failover process will be fast and seamless, with minimal downtime and data loss.
• F. Configure the third-party backup product to perform backups of the DB cluster on Amazon EC2. This will enable the company to continue using their existing backup solution, which requires system-level access to the databases. Amazon RDS for SQL Server does not support system-level access, so it is not a suitable option for this requirement.

Amazon Aurora global databases span multiple AWS Regions, enabling low latency global reads and providing fast recovery from the rare outage that might affect an entire AWS Region. An Aurora global database has a primary DB cluster in one Region, and up to five secondary DB clusters in different Regions. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html

A - https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/

D - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html

F - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html

Correct Answer: B

Explanation from Amazon documents:

Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log of all your application changes. Amazon QLDB tracks each and every application data change and maintains a complete and verifiable history of changes over time1. This makes it ideal for storing historical records that need to be tamper-proof and auditable. Amazon QLDB also supports PartiQL, a SQL-compatible query language that lets you query data using familiar SQL operators2.

Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch, an open source search and analytics engine. Amazon OpenSearch Service lets you store, search, and analyze large volumes of data quickly and at low cost3. You can use Amazon OpenSearch Service to index and query your employee record history data stored in Amazon QLDB using the QLDB Streams feature. This way, you can leverage the powerful search and analytics capabilities of OpenSearch Service to run fast and flexible queries on your historical data.

Therefore, option B is the best solution that meets the requirements of preventing modification of the historical records and maximizing the speed of the queries. Option A is not suitable because DynamoDB is a key-value and document database that does not provide a ledger-like transaction log. Option C is not suitable because Aurora PostgreSQL is a relational database that does not guarantee immutability of the historical records. Option D is not suitable because Redshift is a data warehouse that is optimized for analytical queries on large datasets, not for storing and querying individual records.

AWS Backup is a fully managed service that simplifies data protection across AWS services, in the cloud, and on premises. You can use AWS Backup to create backup plans that define how and when your backups are created, how long they are stored, and where they are replicated1. You can also use AWS Backup to monitor and audit your backup activity.

Using AWS Backup to create a backup plan and configure cross-Region replication is a cost-effective solution for the company’s requirements, as it can automate the nightly backup of the DynamoDB table and store the backups in the us-west-2 Region for one year. You can specify the source and destination Regions, the backup vault, and the retention period for your cross-Region replication rule in your backup plan2. You can also assign your DynamoDB table to your backup plan by using a resource assignment3.

https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and- customer-managed-cmks.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.cluster-cache-mgmt.html

https://aws.amazon.com/blogs/database/introduction-to-aurora-postgresql-cluster-cache-management/

"You can customize the order in which your Aurora Replicas are promoted to the primary instance after a failure by assigning each replica a priority. Priorities range from 0 for the first priority to 15 for the last priority. If the primary instance fails, Amazon RDS promotes the Aurora Replica with the better priority to the new primary instance. You can modify the priority of an Aurora Replica at any time. Modifying the priority doesn't trigger a failover. More than one Aurora Replica can share the same priority, resulting in promotion tiers. If two or more Aurora Replicas share the same priority, then Amazon RDS promotes the replica that is largest in size. If two or more Aurora Replicas share the same priority and size, then Amazon RDS promotes an arbitrary replica in the same promotion tier. "

Amazon Aurora with PostgreSQL compatibility now supports cluster cache management, providing a faster path to full performance if there's a failover. With cluster cache management, you designate a specific reader DB instance in your Aurora PostgreSQL cluster as the failover target. Cluster cache management keeps the data in the designated reader's cache synchronized with the data in the read-write instance's cache. If a failover occurs, the designated reader is promoted to be the new read-write instance, and workloads benefit immediately from the data in its cache.

https://aws.amazon.com/premiumsupport/knowledge-center/rds-snapshots-share-account/

https://aws.amazon.com/premiumsupport/knowledge-center/aurora-serverless-logs-enable-view/

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html

https://docs .aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html

https://aws.amazon.c om/blogs/database/how-to-choose-the-best-disaster-recovery-option-for-your-amazon-aurora-mysql-cluster/

https://aws.amazon.com/about -aws/whats-new/2019/11/aurora-supports-in-place-conversion-to-global-database/

Correct Answer: B

Explanation from Amazon documents:

The rds.log_retention_period parameter specifies how long your RDS for PostgreSQL DB instance keeps its log files. The default setting is 3 days (4,320 minutes), but you can set this value to anywhere from 1 day (1,440 minutes) to 7 days (10,080 minutes)123. By reducing the log retention period, you can free up storage space on your DB instance without affecting its availability or performance.

To modify the rds.log_retention_period parameter, you need to use a custom DB parameter group for your RDS for PostgreSQL instance. You can modify the parameter value using the AWS Management Console, the AWS CLI, or the RDS API1. The parameter change is applied immediately, but it may take up to 24 hours for the database logs to be deleted2. Therefore, you do not need to reboot the DB instance to save the changes or to reclaim the storage space.

Therefore, option B is the correct solution to meet the requirements. Option A is incorrect because setting the rds.log_retention_period parameter to 0 disables log retention and prevents you from viewing or downloading any database logs1. Rebooting the DB instance is also unnecessary and may cause downtime. Option C is incorrect because the temp file_limit parameter controls the maximum size of temporary files that a session can generate, not the size of database logs. Modifying this parameter will not reclaim any storage space on the DB instance. Option D is incorrect because rebooting the DB instance is not required to save the changes or to reclaim the storage space.

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html

https://aws.amazon.com/blogs/infrastructure-and-automation/securing-passwords-in-aws-quick-starts-using-aws-secrets-manager/

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Clone.html

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Clone.html#Aurora.Managing.Clone.Cross-Account

Correct Answer: A

Explanation from Amazon documents:

Amazon Aurora PostgreSQL supports cluster cache management, which is a feature that helps reduce the impact of failover on query performance by preserving the cache of the primary DB instance on one or more Aurora Replicas. Cluster cache management allows you to assign a promotion priority tier to each DB instance in your Aurora DB cluster. The promotion priority tier determines the order in which Aurora Replicas are considered for promotion to the primary instance after a failover. The lower the numerical value of the tier, the higher the priority.

By enabling cluster cache management for the Aurora DB cluster and setting the promotion priority for the writer DB instance and replica to tier-0, the database specialist can minimize the performance degradation after failover. This solution will ensure that the primary DB instance and one Aurora Replica have the same cache contents and are in the same promotion priority tier. In the event of a failover, Aurora will promote the tier-0 replica to the primary role, and the cache will be preserved. This will reduce the number of cache misses and improve query performance after failover.

Therefore, option A is the correct solution to minimize the performance degradation after failover. Option B is incorrect because setting the promotion priority for the writer DB instance and replica to tier-1 will not preserve the cache after failover. Aurora will first try to promote a tier-0 replica, which may have a different cache than the primary instance. Option C is incorrect because enabling Query Plan Management and performing a manual plan capture will not affect the cache behavior after failover. Query Plan Management is a feature that helps you control query execution plans and improve query performance by creating and enforcing custom execution plans. Option D is incorrect because enabling Query Plan Management and forcing the query optimizer to use the desired plan will not affect the cache behavior after failover. Forcing the query optimizer to use a desired plan may improve query performance by avoiding suboptimal plans, but it will not prevent cache misses after failover.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html

https://aws.amazon.com/blogs/database/migrate-tde-enabled-sql-server-databases-to-amazon-rds-for-sql-server/

https://aws.amazon.com/premiumsupport/knowledge-center/back-up-dynamodb-s3/

https://docs.aws.amazon.com/redshift/latest/dg/super-overview.htm

Correct Answer: B. Use time range, measure name, and dimensions in the WHERE clause of the query.

Explanation from Amazon documents:

Amazon Timestream is a serverless time series database service that allows you to store and analyze time series data at any scale. To optimize the cost of queries, you should use the following best practices1:

• Include only the measure and dimension names essential to query. Adding extraneous columns will increase data scans and therefore will also increase the query cost.
• Include a time range in the WHERE clause of your query. For example, if you only need the last one hour of data in your dataset, include a time predicate such as time > ago (1h).
• Include the measure names in the WHERE clause of the query when a query accesses a subset of measures in a table.

Option B follows these best practices, while option A does not. Option C is incorrect because canceling a query can save on cost if the query will not return the desired results1. Option D is irrelevant because exponential backoff is a technique to handle throttling errors, not to optimize query costs2.

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/encryption.html

Correct Answer: C

Explanation from Amazon documents:

Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is a storage class for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee1. S3 Standard-IA is designed for long-lived and infrequently accessed data. Examples include disaster recovery, backups, and long-term data retention1.

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run2. Athena scales automatically—executing queries in parallel—so results are fast, even with large datasets and complex queries2.

The news portal can use S3 Standard-IA to store its metadata about posts and comments, which are not frequently looked up or updated. This way, the portal can benefit from the low storage cost of S3 Standard-IA ($0.0125 per GB per month) and the high durability and availability of S31. The portal can also use Athena to query the data stored in S3 using SQL, without having to set up any servers or databases. The portal only pays for the amount of data scanned by each query ($5 per TB scanned) and can optimize the query cost by partitioning, compressing, and converting the data into columnar formats2.

Therefore, option C is the most cost-effective solution for the news portal’s use case. Option A is not cost-effective because DynamoDB on-demand capacity mode charges for read and write requests ($1.25 per million read requests and $1.25 per million write requests), regardless of how frequently the data is accessed3. Purchasing reserved capacity can reduce the cost, but it requires a minimum commitment of 100 units per region. Option B is not suitable because ElastiCache for Redis is an in-memory data store that provides sub-millisecond latency, but it is more expensive than S3 Standard-IA ($0.046 per GB per hour for cache.t2.micro node type). ElastiCache for Redis is also not designed for long-term data storage, but for caching frequently accessed data. Option D is not available because DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) is not a valid table class for DynamoDB. The only table classes for DynamoDB are On-Demand and Provisioned.

The point-in-time restore capability of Amazon RDS for MySQL allows you to create a new DB instance with the same configuration as the original one, but with data restored to a specific time within your backup retention period. You can specify any time within your backup retention period, up to the last five minutes of your DB instance’s usage1. This feature is useful for recovering from logical corruption or user errors that affect your database.

However, when you use the point-in-time restore capability, you are creating a new DB instance with a different endpoint. Therefore, you need to change the application connection string to point to the new, restored DB instance. You can also delete or rename the original DB instance if you no longer need it1

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Clone.html

"To ensure that your data was migrated accurately from the source to the target, we highly recommend that you use data validation." https://docs.aws.amazon.com/dms/latest/userguide/CHAP_BestPractices.html

The correct answer is A. Add an inbound security group rule to the database security group that allows access from the developer account VPC CIDR on port 5432. Add an outbound security group rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432.

The explanation is as follows:

• To allow the reporting application to access the production database, the database administrator needs to configure the security group rules for both the database and the EC2 instance. The security group rules must allow traffic between the peered VPCs on the port that the database uses, which is 5432 for PostgreSQL1.
• Option A is correct because it adds an inbound rule to the database security group that allows access from the developer account VPC CIDR on port 5432. This means that the database can accept connections from the EC2 instance in the peered VPC. It also adds an outbound rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432. This means that the EC2 instance can initiate connections to the database in the peered VPC.
• Option B is incorrect because it adds an outbound rule to the database security group, which is not necessary. The database does not need to initiate connections to the EC2 instance, only accept them. It also does not add an inbound rule to the EC2 security group, which is not required. The EC2 instance does not need to accept connections from the database, only initiate them.
• Option C is incorrect because it adds an inbound rule to the database security group that allows access from the developer account VPC CIDR on all TCP ports. This is too permissive and violates the principle of least privilege2. It also adds an inbound rule to the EC2 security group that allows access to the production account VPC CIDR on port 5432. This is unnecessary and does not help with connectivity.
• Option D is incorrect because it adds an outbound rule to the EC2 security group that allows access to the production account VPC CIDR on all TCP ports. This is too permissive and violates the principle of least privilege2. It also does not add an outbound rule to the database security group, which is not needed.

References: 1: [Working with PostgreSQL and pgAdmin - Amazon Aurora] 2: [Security best practices in IAM - AWS Identity and Access Management]

https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-rds-data-api-now-supports-aws-privatelink/

https://docs.amazonaws.cn/en_us/amazondynamodb/latest/developerguide/DAX.html

"Applications that are read-intensive, but are also cost-sensitive. With DynamoDB, you provision the number of reads per second that your application requires. If read activity increases, you can increase your tables' provisioned read throughput (at an additional cost). Or, you can offload the activity from your application to a DAX cluster, and reduce the number of read capacity units that you need to purchase otherwise."

https://aws.amazon.com/rds/features/read-replicas/

"Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. "

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.XRgn.html

https://aws.amazon.com/premiumsupport/knowledge-center/dynamodb-table-throttled/

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.security-group

https://aws.amazon.com/blogs/mt/integrating-aws-cloudformation-with-aws-systems-manager-parameter-store/

If your workload is unpredictable, you can enable storage autoscaling for an Amazon RDS DB instance. With storage autoscaling enabled, when Amazon RDS detects that you are running out of free database space it automatically scales up your storage. https://aws.amazon.com/about-aws/whats-new/2019/06/rds-storage-auto-scaling/

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling

• Option A is correct because it sets the audit_logs cluster parameter to enabled. This enables auditing on the DocumentDB cluster, which records events that were performed in the cluster, such as successful and failed authentication attempts, dropping a collection in a database, or creating an index1. By enabling auditing, the database specialist can review the logs to see who and when deleted the primary DocumentDB database, and what other actions were taken on the cluster.
• Option B is correct because it enables DocumentDB log export to Amazon CloudWatch Logs. This allows the DocumentDB cluster to export its auditing records (JSON documents) to Amazon CloudWatch Logs, where they can be analyzed, monitored, and archived1. By enabling log export, the database specialist can access the logs even if the primary DocumentDB database is deleted, as they are stored in a separate service.

Step 1: Download S3 Files

Amazon RDS for SQL Server comes with several custom stored procedures and functions. These are located in the msdb database. The stored procedure to download files from S3 is "rds_download_from_s3". The syntax for this stored procedure is shown here:

exec msdb.dbo.rds_download_from_s3

@s3_arn_of_file='arn:aws:s3:::/',

@rds_file_path='D:\S3\\',

@overwrite_file=1;

https://aws .amazon.com/premiumsupport/knowledge-center/rds-instance-high-cpu/

https://aws.amazon.com/premiumsupport/knowledge-center/rds-mysql-slow-query/

https://aws.amazon.com/dynamodb/dax/#:~:text=Amazon%20DynamoDB%20Accelerator%20(DAX)%20is,millions%20of%20requests%20per%20second. "Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. "

https://docs.aws.amazon.com/dms/latest/userguide/CHAP_BestPractices.html#CHAP_BestPractices.Performance

For a full load task, we recommend that you drop primary key indexes, secondary indexes, referential integrity constraints, and data manipulation language (DML) triggers. Or you can delay their creation until after the full load tasks are complete. You don't need indexes during a full load task, and indexes incur maintenance overhead if they are present. Because the full load task loads groups of tables at a time, referential integrity constraints are violated. Similarly, insert, update, and delete triggers can cause errors, for example if a row insert is triggered for a previously bulk loaded table. Other types of triggers also affect performance due to added processing. https://docs.aws.amazon.com/dms/latest/userguide/CHAP_BestPractices.html

https://aws.amazon.com/premiumsupport/knowledge-center/rds- db-storage-size/

Use AWS Database Migration Service (AWS DMS) for minimal downtime.

https://aws.amazon.com/dynamodb/?nc1=h_ls

https://www.quora.com/What-is-the-difference-between-a-RDS-read-replica-and-an-Amazon-Aurora-Read-replica

https://aws.amazon.com/premiumsupport/knowledge-center/rds-mysql-high-replica-lag/

https://docs.aws.amazon.com/dms/latest/userguide/CHAP_BestPractices.html#CHAP_BestPractices.LOBS ,

"AWS DMS migrates LOB data in two phases: 1. AWS DMS creates a new row in the target table and populates the row with all data except the associated LOB value. 2.AWS DMS updates the row in the target table with the LOB data." This means that we would need two tasks, one per phase and use limited LOB mode for best performance.

The fastest way to replicate all the data from the original table is to use AWS Database Migration Service (AWS DMS) with ongoing replication in inline LOB mode. This option allows AWS DMS to transfer LOBs smaller than the specified size inline, which means that they are fetched from the database in bulk as VARCHAR data types. This is significantly faster than other methods that require piece-by-piece migration of LOBs. LOBs larger than the specified size are replicated using full LOB mode, which means that they are migrated one at a time. This option is suitable for the scenario where most of the LOB data is smaller than 32 KB, and only a few records are large in size. Using inline LOB mode can also avoid data truncation that might occur in limited LOB mode, where LOBs that exceed the maximum LOB size are cut off and a warning is issued to the log file. Full LOB mode can be quite slow, as it migrates all LOBs regardless of size, and it does not pre-allocate memory or load the LOB data in bulk. Taking a snapshot of the database and creating a new DB instance by using the snapshot is not a valid option, as it does not meet the requirement of updating the new table with any changes to the original table that happen while the migration is in progress

https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.LOBSupport.html

The following items need to be reconfigured after restoring the DynamoDB table.

--AutoScaling policy

--IAM policy

--CloudWatch settings

--Tags

--Stream settings

--TTL

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/backuprestore_HowItWorks.html

RDS event subscriptions do not cover "data is inserted into a table" - see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html We can use stored procedure to invoke Lambda function - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Lambda.html

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.cluster-management.html#DAX.cluster-management.custom-settings.ttl

By default, an application directs its read operations to the primary member in a replica set (i.e. read preference mode "primary"). But, clients can specify a read preference to send read operations to secondaries. https://www.mongodb.com/docs/manual/core/read-preference/

A read replica instance is an Amazon DocumentDB instance that supports only read operations. An Amazon DocumentDB cluster can have up to 15 replicas in addition to the primary instance. Having multiple replicas enables you to distribute read workloads and increase the read throughput of your cluster1.

The read preference option determines how your MongoDB client or driver routes read requests to instances in your Amazon DocumentDB cluster. The secondary preferred option instructs the client to route read queries to the replicas, unless none are available, in which case the queries are routed to the primary instance2. This option can improve the overall database performance by offloading read requests from the primary instance, which handles all write requests, and balancing them across the replicas.

Using this solution, the company can:

• Improve the overall database performance by adding one read replica instance and setting the read preference to secondary preferred.
• Avoid creating additional application overhead by using the built-in read preference capabilities of the MongoDB client or driver, without having to update the application code or connection string.
• Handle the expected increase in write requests by freeing up resources on the primary instance.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.UsingDashboard.AnalyzeDBLoad.AdditionalMetrics.MySQL.html

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Procedural.UploadtoCloudWatch.htm

https://aws.amazon.com/premiumsupport/knowledge-center/rds-aurora-mysql-logs-cloudwatch/

https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html

Correct Answer: B

Explanation from Amazon documents:

Amazon Aurora PostgreSQL supports IAM authentication, which is a method of using AWS Identity and Access Management (IAM) to manage database access. IAM authentication allows you to use IAM users and roles to control who can access your Aurora PostgreSQL DB cluster, instead of using a traditional database username and password. IAM authentication also provides more security by using temporary credentials that are automatically rotated.

To enable IAM authentication on an existing Aurora PostgreSQL DB cluster, the database specialist needs to do the following :

• Modify the DB cluster settings to enable IAM database authentication. This can be done using the AWS Management Console, the AWS CLI, or the RDS API.
• Create IAM and database credentials for each user who needs access to the DB cluster. The IAM credentials consist of an access key ID and a secret access key. The database credentials consist of a database username and an optional password. The IAM credentials and the database username must match.
• Distribute the IAM and database credentials to the appropriate users. The users must keep their credentials secure and not share them with anyone else.
• Run the generate-db-auth-token command with the user names to generate a temporary password for the users. This command is part of the AWS CLI and it generates an authentication token that is valid for 15 minutes. The authentication token is a string that has the same format as a password. The users can use this token as their password when they connect to the DB cluster using a SQL client.

Therefore, option B is the correct solution to establish the credentials for the users to use to log in to the DB cluster. Option A is incorrect because adding the users’ IAM credentials to the Aurora cluster parameter group is not necessary or possible. A cluster parameter group is a collection of DB engine configuration values that define how a DB cluster operates. Option C is incorrect because adding the users’ IAM credentials to the default credential profile and using the AWS Management Console to access the DB cluster is not supported or secure. The default credential profile is a file that stores your AWS credentials for use by AWS CLI or SDKs. The AWS Management Console does not allow you to connect to an Aurora PostgreSQL DB cluster using IAM authentication. Option D is incorrect because using an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint is not supported or secure. AWS STS is a service that enables you to request temporary, limited-privilege credentials for IAM users or federated users. The DB cluster API endpoint is an endpoint that allows you to perform administrative actions on your DB cluster using RDS API calls.

For details about using Aurora and Amazon Comprehend together, see Using Amazon Comprehend for sentiment detection. Aurora machine learning uses a highly optimized integration between the Aurora database and the AWS machine learning (ML) services SageMaker and Amazon Comprehend.

https://www.stackovercloud.com/2019/11/27/new-for-amazon-aurora-use-machine-learning-directly-from-your-databases/

https://docs.aws.amazon.com/redshift/latest/gsg/rs-gsg-create-an-iam-role.html

"Now that you have created the new role, your next step is to attach it to your cluster. You can attach the role when you launch a new cluster or you can attach it to an existing cluster. In the next step, you attach the role to a new cluster."

https://docs.aws.amazon.com/redshift/latest/dg/copy-usage_notes-access-permissions.html

• Option C is correct because Amazon DynamoDB is a fast, flexible, and scalable NoSQL database service that can support single-digit millisecond performance at any scale. Amazon DynamoDB global tables allow you to create tables that are automatically replicated across two or more AWS Regions, providing fast, local read and write performance for globally distributed applications. Amazon DynamoDB global tables use multi-master replication, which means that you can perform data plane operations, such as reads and writes, on any replica table. This would meet the requirement of active reads and writes in multiple Regions at the same time. Amazon DynamoDB also supports de-normalized data models and querying by unique IDs using primary keys or secondary indexes.

as Local secondary index can only be created while creating the Dynamodb table. and query needs to use third attribute on top of primary and sort key, so Local Secondary index has primary and sort key as well as the third attribute. Global secondary index can be created without primary and sort key

https://d ocs.aws.amazon.com/neptune/latest/userguide/bulk-load-optimize.html

"A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region." https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.html

• Option C is correct because it solves the throttling issue without requiring changes to the app. On-demand capacity mode is a flexible billing option for DynamoDB that automatically accommodates your workload as it ramps up or down. With on-demand mode, you pay per request for the data reads and writes your application performs on your tables, and you don’t need to specify how much read and write throughput you expect. On-demand mode can handle sudden increases and decreases in activity without throttling, as long as the request rate does not exceed the default table quotas1. To use on-demand mode, you only need to update the table settings in the AWS Management Console or by using the AWS SDK2. You don’t need to modify any application logic, as on-demand mode is compatible with existing DynamoDB API calls.

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-replicas-adding.html

https://aws.amazon.com/blogs/aws/fine-grained-access-control-for-amazon-dynamodb/

Correct Answer: A

Explanation from Amazon documents:

Amazon RDS for Microsoft SQL Server supports two types of database snapshots: automated and manual. Automated snapshots are taken daily and are retained for a period of time that you specify, from 1 to 35 days. Manual snapshots are taken by you and are retained until you delete them.

To save a particular automated database snapshot for longer than the maximum number of days, the database administrator can create a manual copy of the snapshot. This can be done using the AWS Management Console, the AWS CLI, or the RDS API. The manual copy of the snapshot will be retained until it is deleted, regardless of the retention period of the automated snapshot. This solution is the most operationally efficient way to meet the requirements, because it does not require any additional steps or resources.

Therefore, option A is the correct solution to meet the requirements. Option B is not operationally efficient because it requires exporting the contents of the snapshot to an Amazon S3 bucket, which can be time-consuming and costly. Option C is not possible because the maximum retention period for automated snapshots is 35 days, not 45 days. Option D is not operationally efficient because it requires creating a native SQL Server backup and saving it to an Amazon S3 bucket, which can also be time-consuming and costly.