A company has an application that uses an AWS Lambda function to process customer orders. The company notices that the application processes some orders more than once.
A developer needs to update the application to prevent duplicate processing.
Which solution will meet this requirement with the LEAST implementation effort?
Answer : A
Requirement Summary:
Orders are being processed more than once
Need to prevent duplicate processing
Looking for least implementation effort
Key Concept:
Lambda + Event-driven patterns can occasionally result in duplicate invocations (at-least-once delivery model)
You need idempotency (i.e., prevent repeated processing of same event)
Evaluate Options:
A . Use DynamoDB for de-duplication
Simple and widely used approach
Store a unique orderId as the primary key
Before processing, check if order exists
If yes skip
If no process and store the ID
Minimal code changes required
B . ECS + Step Functions
Overkill for basic de-duplication
Adds significant complexity
C . Retry logic with fixed delay
Doesn't prevent duplication --- makes it worse
Retrying might trigger the same message again
D . Athena to identify duplicates
Reactive solution, not preventative
Not suitable for real-time event de-duplication
Lambda idempotency: https://docs.aws.amazon.com/lambda/latest/dg/invocation-retries.html
A developer built an application that calls an external API to obtain data, processes the data, and saves the result to Amazon S3. The developer built a container image with all of the necessary dependencies to run the application as a container.
The application runs locally and requires minimal CPU and RAM resources. The developer has created an Amazon ECS cluster. The developer needs to run the application hourly in Amazon ECS.
Which solution will meet these requirements with the LEAST amount of infrastructure management overhead?
Answer : C
Requirement Summary:
Containerized app
Runs hourly
Minimal CPU and RAM
Goal: Least infrastructure management
Evaluate Options:
A . Add a capacity provider to manage instances
Capacity providers are used for managing EC2-backed ECS clusters, which still require underlying EC2 management.
B . Add an Amazon EC2 instance
Involves managing infrastructure (provisioning, patching, scaling, etc.)
C . Use AWS Fargate launch type
Serverless container runtime
No server management
Easily scheduled using EventBridge + ECS Fargate Task
Best fit for periodic workloads like this
D . Use managed node groups
Applies to EKS (Kubernetes), not ECS
Unnecessary overhead for this use case
Fargate: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/what-is-fargate.html
A company stores its data in data tables in a series of Amazon S3 buckets. The company received an alert that customer credit card information might have been exposed in a data table on one of the company's public applications. A developer needs to identify all potential exposures within the application environment.
Which solution will meet these requirements?
Answer : B
Requirement Summary:
Customer credit card data may be exposed
Data is stored in Amazon S3
Developer must identify all exposure risks
Tool to Use:
Amazon Macie is designed to:
Automatically scan S3 for sensitive data
Detect financial information, PII, credentials, etc.
Finding Type Mapping:
Credit card data maps to: SensitiveData:S3Object/Financial
Evaluate Options:
A . Athena + filtering
Athena is a query engine; it doesn't detect sensitive data automatically
B . Macie + Financial finding type
Correct
Designed for this use case
C . Macie + Personal finding type
Personal maps to names, addresses, etc., not credit cards
D . Athena + Financial
Again, Athena can't classify data -- it only queries structured data
Macie Overview: https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html
Finding Types: https://docs.aws.amazon.com/macie/latest/user/findings-types.html
Financial finding type: SensitiveData:S3Object/Financial
A real-time messaging application uses Amazon API Gateway WebSocket APIs with backend HTTP service. A developer needs to build a feature in the application to identify a client that keeps connecting to and disconnecting from the WebSocket connection. The developer also needs the ability to remove the client
Which combination of changes should the developer make to the application to meet these requirements? (Select TWO.)
Answer : D, E
Requirement Summary:
WebSocket-based messaging app using API Gateway WebSocket APIs
Need to:
Identify clients repeatedly connecting/disconnecting
Be able to remove problematic clients
Evaluate Options:
A . Switch to HTTP APIs
HTTP APIs don't support WebSocket connections
B . Switch to REST APIs
REST APIs are not compatible with WebSockets
C . Use the callback URL to disconnect clients
Possible, but not a direct option
Callback URLs are used for sending messages to connected clients, not for disconnecting
D . Track client status in ElastiCache
Good solution: Store and update connection state (connected, disconnected, timestamps)
Helps track abuse or reconnections
E. Implement $connect and $disconnect routes
Required to capture connection lifecycle events
These can be used to log/store client behavior and decide on removal
A developer uses AWS IAM Identity Center to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation.
What is the MOST likely cause of the developer's access issue?
Answer : C
Requirement Summary:
Developer uses AWS IAM Identity Center (SSO) with AWS CLI / SDKs
Initially working fine
Now receiving AccessDenied errors
No changes to config or scripts
Key Understanding:
IAM Identity Center credentials are temporary and time-limited. When you use SSO-based access via the AWS CLI (aws sso login), it obtains temporary credentials stored in the local cache.
By default, these expire in 1 hour (can be extended).
Evaluate Options:
A . Permissions to CLI binary changed
Unlikely -- this would produce execution errors, not AccessDenied from AWS API
B . Permission set lacks required permissions
Then the error would have occurred from the beginning, not after time
C . IAM Identity Center credentials expired
Most likely -- user hasn't refreshed credentials using aws sso login again
After expiration, API calls fail with AccessDenied
D . Developer is calling the wrong AWS account
Would likely show different types of errors (AccountNotFound, etc.)
SSO and AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
A company needs to develop a proof of concept for a web service application. The application will show the weather forecast for one of the company's office locations. The application will provide a REST endpoint that clients can call. Where possible, the application should use caching features provided by AWS to limit the number of requests to the backend service. The application backend will receive a small amount of traffic only during testing.
Which approach should the developer take to provide the REST endpoint MOST cost-effectively?
Answer : B
Requirement Summary:
Simple REST endpoint for weather data
Light backend usage (POC, testing)
Wants caching support to reduce backend calls
Must be cost-effective
Evaluate Options:
B: Lambda + API Gateway + SAM
Serverless = No idle costs
API Gateway can enable caching (response caching at endpoint level)
SAM makes deployment simple and repeatable
Perfect for low-traffic testing
A: EKS + API Gateway
High overhead
Not cost-effective for POC/testing
C: ECS + API Gateway
Similar to A: Container orchestration not needed for light REST endpoint
D: Elastic Beanstalk + ALB + Lambda
Overly complex and does not directly expose Lambda
Beanstalk better suited for full apps, not small REST functions
Serverless Best Practices: https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html
A company operates a media streaming platform that delivers on-demand video content to users from around the world. User requests flow through an Amazon CloudFront distribution, an Amazon API Gateway REST API, AWS Lambda functions, and Amazon DynamoDB tables.
Some users have reported intermittent buffering issues and delays when users try to start a video stream. The company needs to investigate the issues to discover the underlying cause.
Which solution will meet this requirement?
Answer : A
Requirement Summary:
Users experience buffering/delay when starting video stream
Architecture:
CloudFront API Gateway Lambda DynamoDB
Need to identify root cause of performance issues
Evaluate Options:
A: Enable AWS X-Ray tracing
Ideal for end-to-end tracing
Visualizes latency across services (API Gateway, Lambda, DynamoDB)
Creates a service map for easy identification of bottlenecks or errors
Designed specifically for distributed tracing and performance monitoring
B: CloudWatch Logs Insights
Helpful for querying logs
But lacks the visual trace linkage across services like X-Ray
Does not identify where latency accumulates
C: AWS Config
Tracks configuration changes, not runtime performance
D: CloudTrail + CloudWatch Logs
More useful for audit/logging, not tracing performance or latency issues
X-Ray overview: https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html
Service map: https://docs.aws.amazon.com/xray/latest/devguide/xray-console-service-map.html