Instant Access Amazon.DBS-C01.v2023-12-26.q241 Actual Practice Test Engine for Free (Page 2)

Question 1

A software company is conducting a security audit of its three-node Amazon Aurora MySQL DB cluster.
Which finding is a security concern that needs to be addressed?

A.The AWS account root user does not have the minimum privileges required for client applications.
B.Encryption in transit is not configured for all Aurora native backup processes.
C.Each Aurora DB cluster node is not in a separate private VPC with restricted access.
D.The IAM credentials used by the application are not rotated regularly.

Question 2

A large retail company recently migrated its three-tier ecommerce applications to AWS. The company's backend database is hosted on Amazon Aurora PostgreSQL. During peak times, users complain about longer page load times. A database specialist reviewed Amazon RDS Performance Insights and found a spike in IO:XactSync wait events. The SQL attached to the wait events are all single INSERT statements.
How should this issue be resolved?

A.Modify the application to commit transactions in batches
B.Add a new Aurora Replica to the Aurora DB cluster.
C.Add an Amazon ElastiCache for Redis cluster and change the application to write through.
D.Change the Aurora DB cluster storage to Provisioned IOPS (PIOPS).

Question 3

A database specialist is launching a test graph database using Amazon Neptune for the first time. The database specialist needs to insert millions of rows of test observations from a .csv file that is stored in Amazon S3. The database specialist has been using a series of API calls to upload the data to the Neptune DB instance.
Which combination of steps would allow the database specialist to upload the data faster? (Choose three.)

A.Ensure Amazon Cognito returns the proper AWS STS tokens to authenticate the Neptune DB instance to the S3 bucket hosting the CSV file.
B.Ensure the vertices and edges are specified in different .csv files with proper header column formatting.
C.Use AWS DMS to move data from Amazon S3 to the Neptune Loader.
D.Curl the S3 URI while inside the Neptune DB instance and then run the addVertex or addEdge commands.
E.Ensure an IAM role for the Neptune DB instance is configured with the appropriate permissions to allow access to the file in the S3 bucket.
F.Create an S3 VPC endpoint and issue an HTTP POST to the database's loader endpoint.

Correct Answer: B,E,F

Correct Answer: B, E, F
Explanation from Amazon documents:
To upload data faster to a Neptune DB instance from a .csv file stored in Amazon S3, the database specialist should use the Neptune Bulk Loader, which is a feature that allows you to load data from external files directly into a Neptune DB instance1. The Neptune Bulk Loader is faster and has less overhead than the API calls, such as SPARQL INSERT statements or Gremlin addV and addE steps2. The Neptune Bulk Loader supports both RDF and Gremlin data formats1.
To use the Neptune Bulk Loader, the database specialist needs to do the following13:
Ensure the vertices and edges are specified in different .csv files with proper header column formatting. This is required for the Gremlin data format, which uses two .csv files: one for vertices and one for edges. The first row of each file must contain the column names, which must match the property names of the graph elements. The files must also have a column named ~id for vertices and ~from and ~to for edges, which specify the unique identifiers of the graph elements1.
Ensure an IAM role for the Neptune DB instance is configured with the appropriate permissions to allow access to the file in the S3 bucket. This is required for the Neptune DB instance to read the data from the S3 bucket. The IAM role must have a trust policy that allows Neptune to assume the role, and a permissions policy that allows access to the S3 bucket and objects3.
Create an S3 VPC endpoint and issue an HTTP POST to the database's loader endpoint. This is required for the Neptune DB instance to communicate with the S3 bucket without going through the public internet. The S3 VPC endpoint must be in the same VPC as the Neptune DB instance. The HTTP POST request must specify the source parameter as the S3 URI of the .csv file, and optionally other parameters such as format, failOnError, parallelism, etc1.
Therefore, option B, E, and F are the correct steps to upload the data faster. Option A is not necessary because Amazon Cognito is not used for authenticating the Neptune DB instance to the S3 bucket. Option C is not suitable because AWS DMS is not designed for loading graph data into Neptune. Option D is not efficient because curling the S3 URI and running the addVertex or addEdge commands will be slower and more costly than using the Neptune Bulk Loader.

Question 4

A company wants to automate the creation of secure test databases with random credentials to be stored safely for later use. The credentials should have sufficient information about each test database to initiate a connection and perform automated credential rotations. The credentials should not be logged or stored anywhere in an unencrypted form.
Which steps should a Database Specialist take to meet these requirements using an AWS CloudFormation template?

A.Create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add an SecretTargetAttachment resource with the SecretId property set to the Amazon Resource Name (ARN) of the secret and the TargetId property set to a parameter value matching the desired database ARN. Then, create a database with the MasterUserName and MasterUserPassword properties set to the previously created values in the secret.
B.Create the database with the MasterUserName and MasterUserPassword properties set to the default values. Then, create the secret with the user name and password set to the same default values. Add a Secret Target Attachment resource with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database. Finally, update the secret's password value with a randomly generated string set by the GenerateSecretString property.
C.Add a resource of type AWS::SecretsManager::Secret and specify the GenerateSecretString property.
Then, define the database user name in the SecureStringTemplate template. Create a resource for the database and reference the secret string for the MasterUserName and MasterUserPassword properties.
Then, add a resource of type AWS::SecretsManagerSecretTargetAttachment with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database.
D.Add a Mapping property from the database Amazon Resource Name (ARN) to the secret ARN. Then, create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add the database with the MasterUserName and MasterUserPassword properties set to the user name of the secret.

Question 5

A company's Security department established new requirements that state internal users must connect to an existing Amazon RDS for SQL Server DB instance using their corporate Active Directory (AD) credentials. A Database Specialist must make the modifications needed to fulfill this requirement.
Which combination of actions should the Database Specialist take? (Choose three.)

A.Disable Transparent Data Encryption (TDE) on the RDS SQL Server DB instance.
B.Modify the RDS SQL Server DB instance to use the directory for Windows authentication. Create appropriate new logins.
C.Use the AWS Management Console to create an AWS Managed Microsoft AD. Create a trust relationship with the corporate AD.
D.Stop the RDS SQL Server DB instance, modify it to use the directory for Windows authentication, and start it again. Create appropriate new logins.
E.Use the AWS Management Console to create an AD Connector. Create a trust relationship with the corporate AD.
F.Configure the AWS Managed Microsoft AD domain controller Security Group.

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File