1. A company has three different environments: Development, QA, and Production. The company wants to deploy its code first in the Development environment, then QA, and then Production. Which AWS service can be used to meet this requirement?

A) Use AWS CodeDeploy to create multiple deployment groups.
B) Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.
C) Use AWS CodeBuild to create, configure, and deploy multiple build application projects.
D) Use AWS CodeCommit to create multiple repositories to deploy the application.



2. A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower. Which of the following is MOST likely the cause of the application latency?

A) Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys.
B) The client encryption of the objects is using a poor algorithm.
C) KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.
D) The AWS KMS API calls limit is less than needed to achieve the desired performance.



3. A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client-side encryption. What steps must be followed?

A) Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
B) Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data
C) Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
D) Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data



4. A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-to-peer. All users need to work productively even when not connected to a network. Which source control service should be used?

A) AWS CodeBuild
B) AWS CodeCommit
C) Subversion
D) AWS CodeStar



5. A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords. Which of the following solutions would involve the LEAST administrative effort?

A) Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.
B) Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances.
C) Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.
D) Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances.