Amazon DBS-C01 Practice Test - Questions Answers, Page 30

Explanation from Amazon documents:Amazon RDS for Oracle is a fully managed relational database service that supports Oracle Database. Amazon RDS for Oracle provides several features to monitor the performance and health of your database, such as RDS Performance Insights, Enhanced Monitoring, Amazon CloudWatch, and AWS CloudTrail.RDS Performance Insights is a feature that helps you quickly assess the load on your database and determine when and where to take action. RDS Performance Insights displays a dashboard that shows the database load in terms of average active sessions (AAS), which is the average number of sessions that are actively running SQL statements at any given time. RDS Performance Insights also shows the top SQL statements, waits, hosts, and users that are contributing to the database load.Enhanced Monitoring is a feature that provides metrics in real time for the operating system (OS) that your DB instance runs on. Enhanced Monitoring metrics include CPU utilization, memory, file system, disk I/O, network I/O, process list, and thread count. Enhanced Monitoring allows you to view how different threads use the CPU and how much memory each thread consumes.By enabling RDS Performance Insights and Enhanced Monitoring for the RDS for Oracle DB instance, the database specialist can monitor the latency of the database with the least operational overhead. This solution will allow the database specialist to use the RDS console or API to enable these features and view the metrics and dashboards without installing any additional software or tools. This solution will also provide comprehensive and granular information about the database load and resource utilization.Therefore, option C is the correct solution to meet the requirement. Option A is not optimal because publishing RDS Performance Insights metrics to Amazon CloudWatch and adding AWS CloudTrail filters to monitor database performance will incur additional operational overhead and cost. Amazon CloudWatch is a service that collects monitoring and operational data in the form of logs, metrics, and events. AWS CloudTrail is a service that records AWS API calls for your account and delivers log files to you. These services are useful for monitoring performance trends and auditing activities, but they are not necessary for monitoring latency in real time. Option B is not optimal because installing Oracle Statspack and enabling the performance statistics feature will require manual intervention and configuration on the RDS for Oracle DB instance. Oracle Statspack is a tool that collects, stores, and displays performance data for Oracle Database. The performance statistics feature is an option that enables Statspack to collect additional statistics such as wait events, latches, SQL statements, segments, rollback segments, etc. These tools are useful for performance tuning and troubleshooting, but they are not as easy to use as RDS Performance Insights and Enhanced Monitoring. Option D is not relevant because creating a new DB parameter group that includes the AllocatedStorage, DBInstanceClassMemory, and DBInstanceVCPU variables will not help monitor the latency of the database. A DB parameter group is a collection of DB engine configuration values that define how a DB instance operates. The AllocatedStorage parameter specifies the allocated storage size in gibibytes (GiB). The DBInstanceClassMemory parameter specifies the amount of memory available to an instance class in bytes. The DBInstanceVCPU parameter specifies the number of virtual CPUs available to an instance class. These parameters are used to configure the capacity and performance of a DB instance, but they do not provide any monitoring or metrics information. Enabling RDS Performance Insights alone will not provide enough information about the OS-level metrics such as CPU utilization or memory usage.

Explanation from Amazon documents:Amazon Aurora PostgreSQL supports IAM authentication, which is a method of using AWS Identity and Access Management (IAM) to manage database access. IAM authentication allows you to use IAM users and roles to control who can access your Aurora PostgreSQL DB cluster, instead of using a traditional database username and password. IAM authentication also provides more security by using temporary credentials that are automatically rotated.To enable IAM authentication on an existing Aurora PostgreSQL DB cluster, the database specialist needs to do the following :Modify the DB cluster settings to enable IAM database authentication. This can be done using the AWS Management Console, the AWS CLI, or the RDS API.Create IAM and database credentials for each user who needs access to the DB cluster. The IAM credentials consist of an access key ID and a secret access key. The database credentials consist of a database username and an optional password. The IAM credentials and the database username must match.Distribute the IAM and database credentials to the appropriate users. The users must keep their credentials secure and not share them with anyone else.Run the generate-db-auth-token command with the user names to generate a temporary password for the users. This command is part of the AWS CLI and it generates an authentication token that is valid for 15 minutes. The authentication token is a string that has the same format as a password. The users can use this token as their password when they connect to the DB cluster using a SQL client.Therefore, option B is the correct solution to establish the credentials for the users to use to log in to the DB cluster. Option A is incorrect because adding the users' IAM credentials to the Aurora cluster parameter group is not necessary or possible. A cluster parameter group is a collection of DB engine configuration values that define how a DB cluster operates. Option C is incorrect because adding the users' IAM credentials to the default credential profile and using the AWS Management Console to access the DB cluster is not supported or secure. The default credential profile is a file that stores your AWS credentials for use by AWS CLI or SDKs. The AWS Management Console does not allow you to connect to an Aurora PostgreSQL DB cluster using IAM authentication. Option D is incorrect because using an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint is not supported or secure. AWS STS is a service that enables you to request temporary, limited-privilege credentials for IAM users or federated users. The DB cluster API endpoint is an endpoint that allows you to perform administrative actions on your DB cluster using RDS API calls.

Explanation from Amazon documents:Amazon ElastiCache for Redis is a fully managed in-memory data store that supports Redis, an open source, key-value database. Amazon ElastiCache for Redis provides several features to enhance the performance, availability, scalability, and security of your Redis data, such as cluster mode, global datastore, replication groups, snapshots, and encryption.A global datastore is a feature that allows you to create a cross-Region read replica of your ElastiCache for Redis cluster. A global datastore consists of a primary cluster that is replicated across up to two other Regions as secondary clusters. A global datastore provides low-latency reads and high availability for your Redis data across Regions. A global datastore also supports encryption of cross-Region data transfers using AWS Key Management Service (AWS KMS).To create a global datastore in ElastiCache for Redis, you need to do the following:Create a primary cluster in one Region. You can use an existing cluster or create a new one. The cluster must have cluster mode enabled and use Redis engine version 5.0.6 or later.Create a global datastore and add the primary cluster to it. You can use the AWS Management Console, the AWS CLI, or the ElastiCache API to create a global datastore.Create one or two secondary clusters in other Regions and add them to the global datastore. The secondary clusters must have the same specifications as the primary cluster, such as node type, number of shards, and number of replicas per shard.Enable encryption in transit and at rest for the primary and secondary clusters. Specify a customer master key (CMK) from AWS KMS for each cluster.By creating a global datastore in ElastiCache for Redis and creating replica clusters in two other Regions, the database administrator can develop a caching solution that will be available across Regions and include low-latency replication and failover capabilities for DR. This solution will also meet the security requirement of encrypting cross-Region data transfers using AWS KMS. This solution will also require the least amount of operational effort, as it does not involve any data migration or manual intervention.Therefore, option B is the correct solution to meet the requirements. Option A is not optimal because enabling cluster mode in ElastiCache for Redis and creating multiple clusters across Regions will not provide cross-Region replication or failover capabilities. Using AWS DMS to replicate the cache data by using AWS DMS will incur additional time and cost, and may not support encryption of cross-Region data transfers. Option C is not optimal because disabling cluster mode in ElastiCache for Redis and creating multiple replication groups across Regions will not provide cross-Region replication or failover capabilities. Using AWS DMS to replicate the cache data will incur additional time and cost, and may not support encryption of cross-Region data transfers. Option D is not optimal because creating a snapshot of ElastiCache for Redis in the primary Region and copying it to the failover Region will not provide low-latency replication or high availability for the Redis data across Regions. Using the snapshot to restore the cluster from the failover Region when DR is required will involve manual intervention and downtime.

Create a new AWS Key Management Service (AWS KMS)Explanation from Amazon documents:Amazon Redshift supports encryption at rest using AWS Key Management Service (AWS KMS) customer master keys (CMKs). To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.Option A is incorrect because you cannot copy a CMK from one Region to another. You can only import key material from an external source into a CMK in a specific Region. Option C is incorrect because it involves unnecessary steps of copying snapshots to S3 buckets and using S3 Cross-Region Replication. Option D is incorrect because it is not possible to create a CMK with the same private key as another CMK in a different Region. You can only use customer-supplied key material to create a CMK with a specific key ID in a specific Region.

Use time range, measure name, and dimensions in the WHEREExplanation from Amazon documents:Amazon Timestream is a serverless time series database service that allows you to store and analyze time series data at any scale. To optimize the cost of queries, you should use the following best practices1:Include only the measure and dimension names essential to query. Adding extraneous columns will increase data scans and therefore will also increase the query cost.Include a time range in the WHERE clause of your query. For example, if you only need the last one hour of data in your dataset, include a time predicate such as time > ago (1h).Include the measure names in the WHERE clause of the query when a query accesses a subset of measures in a table.Option B follows these best practices, while option A does not. Option C is incorrect because canceling a query can save on cost if the query will not return the desired results1. Option D is irrelevant because exponential backoff is a technique to handle throttling errors, not to optimize query costs2.

Amazon Timestream is a serverless time series database service that allows you to store and analyze time series data at any scale1.It is well suited for gaming applications that generate high volumes of data from player events, such as scores, achievements, and actions2.Amazon ElastiCache for Redis is a fully managed in-memory data store that provides fast and scalable performance for applications that need sub-millisecond latency3. It can be used as a cache layer to store frequently accessed data, such as leaderboard results, and reduce the load on the database. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. It can be used to process the data from Amazon Timestream and store the leaderboard results in Amazon ElastiCache for Redis. Amazon EventBridge is a serverless event bus service that makes it easy to connect your applications with data from a variety of sources. It can be used to create a scheduled event that triggers the Lambda function once every minute, ensuring that the leaderboard data is updated regularly. The game server can then query the Redis cluster for the leaderboard data, which will be no more than 1 minute old.

Option B is incorrect because Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It is not designed for time series data, which requires efficient ingestion, compression, and querying of high-volume data streams. Option C is incorrect because Amazon Aurora is a relational database that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It is not optimized for time series data, which requires specialized indexing and partitioning techniques. Option D is incorrect because Amazon Neptune is a graph database that supports property graph and RDF models. It is not suitable for time series data, which requires high ingestion rates and temporal queries.

According to the Amazon Redshift documentation1, you can enable database encryption for your clusters to help protect data at rest. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.