• Home
  • Articles
  • 2024 Realistic AWS-Certified-Database-Specialty Dumps Questions To Gain Brilliant Result [Q139-Q156]

2024 Realistic AWS-Certified-Database-Specialty Dumps Questions To Gain Brilliant Result [Q139-Q156]

Share

2024 Realistic AWS-Certified-Database-Specialty Dumps Questions To Gain Brilliant Result

Start your AWS-Certified-Database-Specialty Exam Questions Preparation with Updated 325 Questions

NEW QUESTION # 139
A database specialist needs to enable IAM authentication on an existing Amazon Aurora PostgreSQL DB cluster. The database specialist already has modified the DB cluster settings, has created IAM and database credentials, and has distributed the credentials to the appropriate users.
What should the database specialist do next to establish the credentials for the users to use to log in to the DB cluster?

  • A. Add the users' IAM credentials to the Aurora cluster parameter group.
  • B. Add the users' IAM credentials to the default credential profile, Use the AWS Management Console to access the DB cluster.
  • C. Use an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint.
  • D. Run the generate-db-auth-token command with the user names to generate a temporary password for the users.

Answer: D

Explanation:
Explanation from Amazon documents:
Amazon Aurora PostgreSQL supports IAM authentication, which is a method of using AWS Identity and Access Management (IAM) to manage database access. IAM authentication allows you to use IAM users and roles to control who can access your Aurora PostgreSQL DB cluster, instead of using a traditional database username and password. IAM authentication also provides more security by using temporary credentials that are automatically rotated.
To enable IAM authentication on an existing Aurora PostgreSQL DB cluster, the database specialist needs to do the following :
Modify the DB cluster settings to enable IAM database authentication. This can be done using the AWS Management Console, the AWS CLI, or the RDS API.
Create IAM and database credentials for each user who needs access to the DB cluster. The IAM credentials consist of an access key ID and a secret access key. The database credentials consist of a database username and an optional password. The IAM credentials and the database username must match.
Distribute the IAM and database credentials to the appropriate users. The users must keep their credentials secure and not share them with anyone else.
Run the generate-db-auth-token command with the user names to generate a temporary password for the users. This command is part of the AWS CLI and it generates an authentication token that is valid for 15 minutes. The authentication token is a string that has the same format as a password. The users can use this token as their password when they connect to the DB cluster using a SQL client.
Therefore, option B is the correct solution to establish the credentials for the users to use to log in to the DB cluster. Option A is incorrect because adding the users' IAM credentials to the Aurora cluster parameter group is not necessary or possible. A cluster parameter group is a collection of DB engine configuration values that define how a DB cluster operates. Option C is incorrect because adding the users' IAM credentials to the default credential profile and using the AWS Management Console to access the DB cluster is not supported or secure. The default credential profile is a file that stores your AWS credentials for use by AWS CLI or SDKs. The AWS Management Console does not allow you to connect to an Aurora PostgreSQL DB cluster using IAM authentication. Option D is incorrect because using an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint is not supported or secure. AWS STS is a service that enables you to request temporary, limited-privilege credentials for IAM users or federated users. The DB cluster API endpoint is an endpoint that allows you to perform administrative actions on your DB cluster using RDS API calls.


NEW QUESTION # 140
A company hosts an on-premises Microsoft SQL Server Enterprise edition database with Transparent Data Encryption (TDE) enabled. The database is 20 TB in size and includes sparse tables. The company needs to migrate the database to Amazon RDS for SQL Server during a maintenance window that is scheduled for an upcoming weekend. Data-at-rest encryption must be enabled for the target DB instance.
Which combination of steps should the company take to migrate the database to AWS in the MOST operationally efficient manner? (Choose two.)

  • A. Restore the backup to the RDS for SQL Server DB instance. Enable TDE for the RDS for SQL Server DB instance.
  • B. Encrypt the data with client-side encryption before transferring the data to Amazon RDS.
  • C. Disable TDE. Create a database backup without encryption. Copy the backup to Amazon S3.
  • D. Use AWS Database Migration Service (AWS DMS) to migrate from the on-premises source database to the RDS for SQL Server target database.
  • E. Set up an AWS Snowball Edge device. Copy the database backup to the device. Send the device to AWS. Restore the database from Amazon S3.

Answer: A,C

Explanation:
Explanation
https://aws.amazon.com/blogs/database/migrate-tde-enabled-sql-server-databases-to-amazon-rds-for-sql-server/


NEW QUESTION # 141
In North America, a business launched a mobile game that swiftly expanded to 10 million daily active players. The game's backend is hosted on AWS and makes considerable use of a TTL-configured Amazon DynamoDB table.
When an item is added or changed, its TTL is set to 600 seconds plus the current epoch time. The game logic is reliant on the purging of outdated data in order to compute rewards points properly. At times, items from the table are read that are many hours beyond their TTL expiration.
How should a database administrator resolve this issue?

  • A. Include a query filter expression to ignore items with an expired TTL.
  • B. Set the ConsistentRead parameter to true when querying the table.
  • C. Create a local secondary index on the TTL attribute.
  • D. Use a client library that supports the TTL functionality for DynamoDB.

Answer: A

Explanation:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/howitworks-ttl.html


NEW QUESTION # 142
A company conducted a security audit of its AWS infrastructure. The audit identified that data was not encrypted in transit between application servers and a MySQL database that is hosted in Amazon RDS.
After the audit, the company updated the application to use an encrypted connection. To prevent this problem from occurring again, the company's database team needs to configure the database to require in-transit encryption for all connections.
Which solution will meet this requirement?

  • A. Update the DB instance, and enable the Require Transport Layer Security option.
  • B. Update the parameter group in use by the DB instance, and set the require_secure_transport parameter to ON.
  • C. Update the security group in use by the DB instance, and remove port 80 to prevent unencrypted connections from being established.
  • D. Connect to the database, and use ALTER USER to enable the REQUIRE SSL option on the database user.

Answer: B

Explanation:
https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-rds-mysql-supports-ssl-tls-connections/


NEW QUESTION # 143
A security team is conducting an audit for a financial company. The security team discovers that the database credentials of an Amazon RDS for MySQL DB instance are hardcoded in the source code. The source code is stored in a shared location for automatic deployment and is exposed to all users who can access the location.
A database specialist must use encryption to ensure that the credentials are not visible in the source code.
Which solution will meet these requirements?

  • A. Store the source code to access the credentials in an AWS Systems Manager Parameter Store secure string parameter that is encrypted by AWS Key Management Service (AWS KMS). Access the code with calls to Systems Manager.
  • B. Use an AWS Key Management Service (AWS KMS) key to encrypt the DB instance at rest. Activate RDS encryption in transit by using SSL certificates.
  • C. Store the credentials in an AWS Systems Manager Parameter Store secure string parameter that is encrypted by AWS Key Management Service (AWS KMS). Access the credentials with calls to Systems Manager.
  • D. Use an AWS Key Management Service (AWS KMS) key to encrypt the most recent database backup. Restore the backup as a new database to activate encryption.

Answer: C

Explanation:
only creds in system manager secure parameter.


NEW QUESTION # 144
A company's applications store data in Amazon Aurora MySQL DB clusters. The company has separate AWS accounts for its production, test, and development environments. To test new functionality in the test environment, the company's development team requires a copy of the production database four times a day.
Which solution meets this requirement with the MOST operational efficiency?

  • A. Share the Aurora DB cluster with the test account. Create a clone of the production database in the test account.
  • B. Take a manual snapshot in the production account. Export the snapshot to Amazon S3. Copy the snapshot to an S3 bucket in the test account. Restore the database from the snapshot.
  • C. Share the Aurora DB cluster with the test account. Create a snapshot of the production database in the test account. Restore the database from the snapshot.
  • D. Take a manual snapshot in the production account. Share the snapshot with the test account. Restore the database from the snapshot.

Answer: A

Explanation:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Clone.html
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Clone.html#Aurora.Managing.Clone.Cross-Account


NEW QUESTION # 145
A business is transferring its on-premises database workloads to the Amazon Web Services (AWS) Cloud. A database professional migrating an Oracle database with a huge table to Amazon RDS has picked AWS DMS.
The database professional observes that AWS DMS is consuming considerable time migrating the data.
Which activities would increase the pace of data migration? (Select three.)

  • A. Establish an AWS Direct Connect connection between the on-premises data center and AWS.
  • B. Increase the capacity of the AWS DMS replication server.
  • C. Enable full large binary object (LOB) mode to migrate all LOB data for all large tables.
  • D. Configure the AWS DMS replication instance with Multi-AZ.
  • E. Enable an Amazon RDS Multi-AZ configuration.
  • F. Create multiple AWS DMS tasks to migrate the large table.

Answer: A,B,F

Explanation:
Explanation
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.LOBSupport.html


NEW QUESTION # 146
A company has multiple applications serving data from a secure on-premises database. The company is migrating all applications and databases to the AWS Cloud. The IT Risk and Compliance department requires that auditing be enabled on all secure databases to capture all log ins, log outs, failed logins, permission changes, and database schema changes. A Database Specialist has recommended Amazon Aurora MySQL as the migration target, and leveraging the Advanced Auditing feature in Aurora.
Which events need to be specified in the Advanced Auditing configuration to satisfy the minimum auditing requirements? (Choose three.)

  • A. TABLE
  • B. CONNECT
  • C. QUERY_DML
  • D. QUERY
  • E. QUERY_DDL
  • F. QUERY_DCL

Answer: B,E,F

Explanation:
Explanation
Connect - logins / DCL - authorizations (grant,revoke), DDL - schema updates


NEW QUESTION # 147
A company recently acquired a new business. A database specialist must migrate an unencrypted 12 TB Amazon RDS for MySQL DB instance to a new AWS account. The database specialist needs to minimize the amount of time required to migrate the database.
Which solution meets these requirements?

  • A. Use mysqldump to back up the source database. Create an RDS for MySQL DB instance in the destination account. Use the mysql command to restore the backup in the destination database.
  • B. Use AWS Resource Access Manager to share the source DB instance with the destination account.
    Create a DB instance in the destination account using the shared resource.
  • C. Create a snapshot of the source DB instance in the source account. Share the snapshot with the destination account. In the target account, create a DB instance from the snapshot.
  • D. Create a read replica of the DB instance. Give the destination account access to the read replica. In the destination account, create a snapshot of the shared read replica and provision a new RDS for MySQL DB instance.

Answer: C

Explanation:
Explanation
Sharing an unencrypted manual DB snapshot enables authorized AWS accounts to directly restore a DB instance from the snapshot instead of taking a copy of it and restoring from that.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html However Resource Access Manager could not share non-Aurora cluster.
https://docs.aws.amazon.com/ram/latest/userguide/shareable.html


NEW QUESTION # 148
A financial company wants to store sensitive user data in an Amazon Aurora PostgreSQL DB cluster. The database will be accessed by multiple applications across the company. The company has mandated that all communications to the database be encrypted and the server identity must be validated. Any non-SSL-based connections should be disallowed access to the database.
Which solution addresses these requirements?

  • A. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificatebundle and configure the PostgreSQL connection string with sslmode=verify-ca.
  • B. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificatebundle and configure the PostgreSQL connection string with sslmode=allow.
  • C. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificatebundle and configure the PostgreSQL connection string with sslmode=disable.
  • D. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificatebundle and configure the PostgreSQL connection string with sslmode=verify-full.

Answer: D


NEW QUESTION # 149
A company is running its line of business application on AWS, which uses Amazon RDS for MySQL at the persistent data store. The company wants to minimize downtime when it migrates the database to Amazon Aurora.
Which migration method should a Database Specialist use?

  • A. Make a backup of the RDS for MySQL DB instance using the mysqldump utility, create a new Aurora DB cluster, and restore the backup.
  • B. Create a clone of the RDS for MySQL DB instance and promote the Aurora DB cluster.
  • C. Take a snapshot of the RDS for MySQL DB instance and create a new Aurora DB cluster with the option to migrate snapshots.
  • D. Create an Aurora Replica from the RDS for MySQL DB instance and promote the Aurora DB cluster.

Answer: D

Explanation:
https://aws.amazon.com/blogs/database/best-practices-for-migrating-rds-for-mysql-databases-to-amazon-aurora/
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Migrating.html#AuroraPostgreSQL.Migrating.RDSPostgreSQL.Replica


NEW QUESTION # 150
A user has a non-relational key-value database. The user is looking for a fully managed AWS service that will offload the administrative burdens of operating and scaling distributed databases. The solution must be cost- effective and able to handle unpredictable application traffic.
What should a Database Specialist recommend for this user?

  • A. Create an Amazon DynamoDB table with provisioned capacity mode
  • B. Create an Amazon DocumentDB cluster
  • C. Create an Amazon DynamoDB table with on-demand capacity mode
  • D. Create an Amazon Aurora Serverless DB cluster

Answer: C

Explanation:
Reference:
Key-value database -> DynamoDB Capable of dealing with unexpected application traffic -> on-demand capacity mode A key-value database is a type of nonrelational database that uses a simple key-value method to store data. A key-value database stores data as a collection of key-value pairs in which a key serves as a unique identifier. On-demand mode is a good option to create new tables with unknown workloads. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand


NEW QUESTION # 151
A company is due for renewing its database license. The company wants to migrate its 80 TB transactional database system from on-premises to the AWS Cloud. The migration should incur the least possible downtime on the downstream database applications. The company's network infrastructure has limited network bandwidth that is shared with other applications.
Which solution should a database specialist use for a timely migration?

  • A. Use the AWS Schema Conversion Tool (AWS SCT) to migrate the full load of the source database over a VPN tunnel using the internet for its primary connection. Allow AWS SCT to handle syncing change data capture (CDC) data from the source to the target database.
  • B. Use AWS DMS to migrate the full load of the source database over a VPN tunnel using the internet for its primary connection. Allow AWS DMS to handle syncing change data capture (CDC) data from the source to the target database.
  • C. Perform a full backup of the source database to AWS Snowball Edge appliances and ship them to be loaded to Amazon S3. Periodically perform incremental backups of the source database to be shipped in another Snowball Edge appliance to handle syncing change data capture (CDC) data from the source to the target database.
  • D. Perform a full backup of the source database to AWS Snowball Edge appliances and ship them to be loaded to Amazon S3. Use AWS DMS to migrate change data capture (CDC) data from the source database to Amazon S3. Use a second AWS DMS task to migrate all the S3 data to the target database.

Answer: D

Explanation:
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html Using Amazon S3 as a target for AWS Database Migration Service


NEW QUESTION # 152
The Development team recently executed a database script containing several data definition language (DDL) and data manipulation language (DML) statements on an Amazon Aurora MySQL DB cluster. The release accidentally deleted thousands of rows from an important table and broke some application functionality. This was discovered 4 hours after the release. Upon investigation, a Database Specialist tracked the issue to a DELETE command in the script with an incorrect WHERE clause filtering the wrong set of rows.
The Aurora DB cluster has Backtrack enabled with an 8-hour backtrack window. The Database Administrator also took a manual snapshot of the DB cluster before the release started. The database needs to be returned to the correct state as quickly as possible to resume full application functionality. Data loss must be minimal. How can the Database Specialist accomplish this?

  • A. Perform a point-in-time recovery (PITR) of the DB cluster to a time before the release and copy the deleted rows from the restored database to the original database.
  • B. Quickly rewind the DB cluster to a point in time before the release using Backtrack.
  • C. Restore the DB cluster using the manual backup snapshot created before the release and change the application configuration settings to point to the new DB cluster.
  • D. Create a clone of the DB cluster with Backtrack enabled. Rewind the cloned cluster to a point in time before the release. Copy deleted rows from the clone to the original database.

Answer: B


NEW QUESTION # 153
A company runs online transaction processing (OLTP) workloads on an Amazon RDS for PostgreSQL Multi- AZ DB instance. Tests were run on the database after work hours, which generated additional database logs.
The free storage of the RDS DB instance is low due to these additional logs.
What should the company do to address this space constraint issue?

  • A. Create a ticket with AWS Support to have the logs deleted
  • B. Modify the rds.log_retention_period parameter to 1440 and wait up to 24 hours for database logs to be deleted
  • C. Log in to the host and run the rm $PGDATA/pg_logs/* command
  • D. Run the SELECT rds_rotate_error_log() stored procedure to rotate the logs

Answer: B

Explanation:
Explanation
To set the retention period for system logs, use the rds.log_retention_period parameter. You can find rds.log_retention_period in the DB parameter group associated with your DB instance. The unit for this parameter is minutes. For example, a setting of 1,440 retains logs for one day. The default value is 4,320 (three days). The maximum value is 10,080 (seven days).
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.Concepts.PostgreSQL.ht


NEW QUESTION # 154
A company uses an Amazon RDS for PostgreSQL database in the us-east-2 Region. The company wants to have a copy of the database available in the us-west-2 Region as part of a new disaster recovery strategy.
A database architect needs to create the new database. There can be little to no downtime to the source database. The database architect has decided to use AWS Database Migration Service (AWS DMS) to replicate the database across Regions. The database architect will use full load mode and then will switch to change data capture (CDC) mode.
Which parameters must the database architect configure to support CDC mode for the RDS for PostgreSQL database? (Choose three.)

  • A. Set max_replication_slots to 0 to support dynamic allocation of slots.
  • B. Set wal_sender_timeout to 20,000 milliseconds.
  • C. Set wal_sender_timeout to 5,000 milliseconds.
  • D. Set wal_level = logical.
  • E. Set max_replication_slots to 1 or more, depending on the number of DMS tasks.
  • F. Set wal_level = replica.

Answer: B,D,E

Explanation:
Explanation from Amazon documents:
To enable CDC mode for RDS for PostgreSQL database, the database architect needs to configure the following parameters12:
Set wal_level = logical. This parameter determines how much information is written to the write-ahead log (WAL). For CDC mode, the wal_level must be set to logical, which enables logical decoding of the WAL and allows AWS DMS to read changes from the source database1.
Set max_replication_slots to 1 or more, depending on the number of DMS tasks. This parameter specifies the maximum number of replication slots that the source database can support. A replication slot is a data structure that records the state of a replication stream. AWS DMS uses replication slots to set up logical replication and track changes in the source database. The max_replication_slots parameter must be equal to or greater than the number of DMS tasks that use CDC mode for the source database1.
Set wal_sender_timeout to 20,000 milliseconds. This parameter specifies the amount of time that a WAL sender process waits for feedback from a WAL receiver process before terminating the connection. A WAL sender process is a background process that streams WAL data from the source database to AWS DMS. A WAL receiver process is a background process that receives WAL data from a WAL sender process and writes it to a local file. The wal_sender_timeout parameter must be set to a value greater than 10,000 milliseconds (10 seconds) to prevent connection timeouts during CDC mode2.
Therefore, option A, C, and E are the correct parameters to support CDC mode for RDS for PostgreSQL database. Option B is incorrect because wal_level = replica is not sufficient for logical decoding and CDC mode. Option D is incorrect because max_replication_slots must be a positive integer, not zero. Option F is incorrect because wal_sender_timeout = 5,000 milliseconds is too low and may cause connection timeouts during CDC mode.


NEW QUESTION # 155
A small startup company is looking to migrate a 4 TB on-premises MySQL database to AWS using an Amazon RDS for MySQL DB instance.
Which strategy would allow for a successful migration with the LEAST amount of downtime?

  • A. Deploy a new RDS for MySQL DB instance and configure it for access from the on-premises data center. Use the mysqldump utility to create an initial snapshot from the on-premises MySQL server, and copy it to an Amazon S3 bucket. Import the snapshot into the DB instance using the MySQL utilities running on an Amazon EC2 instance. Establish replication into the new DB instance using MySQL replication. Stop application access to the on-premises MySQL server and let the remaining transactions replicate over. Point the application to the DB instance.
  • B. Deploy a new Amazon EC2 instance, install the MySQL software on the EC2 instance, and configure networking for access from the on-premises data center. Use the mysqldump utility to create a snapshot of the on-premises MySQL server. Copy the snapshot into the EC2 instance and restore it into the EC2 MySQL instance. Use AWS DMS to migrate data into a new RDS for MySQL DB instance. Point the application to the DB instance.
  • C. Deploy a new RDS for MySQL DB instance and configure it for access from the on-premises data center. Use the mysqldump utility to create an initial snapshot from the on-premises MySQL server, and copy it to an Amazon S3 bucket. Import the snapshot into the DB instance utilizing the MySQL utilities running on an Amazon EC2 instance. Immediately point the application to the DB instance.
  • D. Deploy a new Amazon EC2 instance, install the MySQL software on the EC2 instance, and configure networking for access from the on-premises data center. Use the mysqldump utility to create a snapshot of the on-premises MySQL server. Copy the snapshot into an Amazon S3 bucket and import the snapshot into a new RDS for MySQL DB instance using the MySQL utilities running on an EC2 instance. Point the application to the DB instance.

Answer: B


NEW QUESTION # 156
......

Easy Success Amazon AWS-Certified-Database-Specialty Exam in First Try: https://torrentpdf.practicedump.com/AWS-Certified-Database-Specialty-exam-questions.html

Related Articles

more
Amazon AWS-Certified-Database-Specialty Certification Practice Exam

Copyright © 2026 PracticeDump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy