11.11 Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

DVA-C02 AWS Certified Developer - Associate Questions and Answers

Questions 4

A developer compiles an AWS Lambda function and packages the result as a .zip file. The developer uses the Functions page on the Lambda console to attempt to upload the local packaged .zip file. When pushing the package to Lambda, the console returns the following error:

Which solutions can the developer use to publish the code? (Select TWO.)

Options:

A.

Upload the package to Amazon S3. Use the Functions page on the Lambda console to upload the package from the S3 location.

B.

Create an AWS Support ticket to increase the maximum package size.

C.

Use the update-function-code AWS CLI command. Pass the -publish parameter.

D.

Repackage the Lambda function as a Docker container image. Upload the image to Amazon Elastic Container Registry {Amazon ECR). Create a new Lambda function by using the Lambda console. Reference the image that is deployed to Amazon ECR.

E.

Sign the .zip file digitally. Create a new Lambda function by using the Lambda console. Update the configuration of the new Lambda function to include the Amazon Resource Name (ARN) of the code signing configuration.

Buy Now
Questions 5

A developer is modifying an existing AWS Lambda function White checking the code the developer notices hardcoded parameter various for an Amazon RDS for SQL Server user name password database host and port. There also are hardcoded parameter values for an Amazon DynamoOB table. an Amazon S3 bucket, and an Amazon Simple Notification Service (Amazon SNS) topic.

The developer wants to securely store the parameter values outside the code m an encrypted format and wants to turn on rotation for the credentials. The developer also wants to be able to reuse the parameter values from other applications and to update the parameter values without modifying code.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create encrypted Lambda environment variables for the DynamoDB table, S3 bucket and SNS topic.

B.

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create Secure String parameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3 bucket and SNS topic.

C.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password, database, host and port. Create encrypted Lambda environment variables for me DynamoDB table, S3 bucket, and SNS topic. Create a Lambda function and set the logic for the credentials rotation task Schedule the credentials rotation task in Amazon EventBridge.

D.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password database, host, and port. Store the DynamoDB table. S3 bucket, and SNS topic in Amazon S3 Create a Lambda function and set the logic for the credentials rotation Invoke the Lambda function on a schedule.

Buy Now
Questions 6

A team is developing an application that is deployed on Amazon EC2 instances. During testing, the team receives an error. The EC2 instances are unable to access an Amazon S3 bucket.

Which steps should the team take to troubleshoot this issue? (Select TWO.)

Options:

A.

Check whether the policy that is assigned to the JAM role that is attached to the EC2 instances grants access to Amazon S3.

B.

Check the S3 bucket policy to validate the access permissions for the S3 bucket.

C.

Check whether the policy that is assigned to the 1AM user that is attached to the EC2 instances grants access to Amazon S3.

D.

Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3 bucket.

E.

Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3.

Buy Now
Questions 7

A developer is writing an application that will retrieve sensitive data from a third-party system. The application will format the data into a PDF file. The PDF file could be more than 1 MB. The application will encrypt the data to disk by using AWS Key Management Service (AWS KMS). The application will decrypt the file when a user requests to download it. The retrieval and formatting portions of the application are complete.

The developer needs to use the GenerateDataKey API to encrypt the PDF file so that the PDF file can be decrypted later. The developer needs to use an AWS KMS symmetric customer managed key for encryption.

Which solutions will meet these requirements?

Options:

A.

Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.

B.

Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.

C.

Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API

D.

Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API

Buy Now
Questions 8

A developer maintains applications that store several secrets in AWS Secrets Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.

What should the developer do to meet these requirements?

Options:

A.

Configure an AWS CloudTrail log file delivery to an Amazon S3 bucket. Create an Amazon CloudWatch alarm for the GetSecretValue. Secrets Manager API operation requests

B.

Create a secrets manager-secret-unused AWS Config managed rule. Create an Amazon EventBridge rule to Initiate notification when the AWS Config managed rule is met.

C.

Deactivate the applications secrets and monitor the applications error logs temporarily.

D.

Configure AWS X-Ray for the applications. Create a sampling rule lo match the GetSecretValue Secrets Manager API operation requests.

Buy Now
Questions 9

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.

Which AWS service or tool should the developer use to define serverless resources in YAML?

Options:

A.

CloudFormation serverless intrinsic functions

B.

AWS Elastic Beanstalk

C.

AWS Serverless Application Model (AWS SAM)

D.

AWS Cloud Development Kit (AWS CDK)

Buy Now
Questions 10

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?

Options:

A.

Sam local invoke

B.

Sam local generate-event

C.

Sam local start-lambda

D.

Sam local start-api

Buy Now
Questions 11

A company wants to automate part of its deployment process. A developer needs to automate the process of checking for and deleting unused resources that supported previously deployed stacks but that are no longer used.

The company has a central application that uses the AWS Cloud Development Kit (AWS CDK) to manage all deployment stacks. The stacks are spread out across multiple accounts. The developer’s solution must integrate as seamlessly as possible within the current deployment process.

Which solution will meet these requirements with the LEAST amount of configuration?

Options:

A.

In the central AWS CDK application, write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CloudPormation template from a JSON file. Use the template to attach the function code to an AWS Lambda function and lo invoke the Lambda function when the deployment slack runs.

B.

In the central AWS CDK application. write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CDK custom resource Use the custom resource to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.

C.

In the central AWS CDK, write a handler function m the code that uses AWS SDK calls to check for and delete unused resources. Create an API in AWS Amplify Use the API to attach the function code to an AWS Lambda function and to invoke the Lambda function when the deployment stack runs.

D.

In the AWS Lambda console write a handler function in the code that uses AWS SDK calls to check for and delete unused resources. Create an AWS CDK custom resource. Use the custom resource to import the Lambda function into the stack and to Invoke the Lambda function when the deployment stack runs.

Buy Now
Questions 12

A developer must use multi-factor authentication (MFA) to access data in an Amazon S3 bucket that is in another AWS account. Which AWS Security Token Service (AWS STS) API operation should the developer use with the MFA information to meet this requirement?

Options:

A.

AssumeRoleWithWebidentity

B.

GetFederationToken

C.

AssumeRoleWithSAML

D.

AssumeRole

Buy Now
Questions 13

A development learn has an Amazon API Gateway REST API that is backed by an AWS Lambda function.

Users have reported performance issues for the Lambda function. The development team identified the source of the issues as a cold start of the Lambda function. The development team needs to reduce the time needed for the Lambda function to initialize.

Which solution will meet this requirement?

Options:

A.

Change the Lambda concurrency lo reserved concurrency.

B.

Increase the timeout of the Lambda function.

C.

Increase the memory allocation of the Lambda function.

D.

Configure provisioned concurrency for the Lambda function.

Buy Now
Questions 14

A developer is creating an application that will be deployed on IoT devices. The application will send data to a RESTful API that is deployed as an AWS Lambda function. The application will assign each API request a unique identifier. The volume of API requests from the application can randomly increase at any given time of day.

During periods of request throttling, the application might need to retry requests. The API must be able to handle duplicate requests without inconsistencies or data loss.

Which solution will meet these requirements?

Options:

A.

Create an Amazon RDS for MySQL DB instance. Store the unique identifier for each request in a database table. Modify the Lambda function to check the table for the identifier before processing the request.

B.

Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to check the table for the identifier before processing the request.

C.

Create an Amazon DynamoDB table. Store the unique identifier for each request in the table. Modify the Lambda function to return a client error response when the function receives a duplicate request.

D.

Create an Amazon ElastiCache for Memcached instance. Store the unique identifier for each request in the cache. Modify the Lambda function to check the cache for the identifier before processing the request.

Buy Now
Questions 15

A developer is updating an Amazon API Gateway REST API to have a mock endpoint. The developer wants to update the integration request mapping template so the endpoint will respond to mock integration requests with specific HTTP status codes based on various conditions.

Options:

A.

{ if( $input.params(‘integration’) == "mock" ) "statusCode": 404 else "statusCode": 500 end }

B.

{ if( $input.params('scope') == "internal" ) "statusCode": 200 else "statusCode": 500 end }

C.

{ if( $input.path("integration") ) "statusCode": 200 else "statusCode":404 end }

D.

{ if( $context.integration.status ) "statusCode": 200 else "statusCode": 500 end }

Buy Now
Questions 16

A developer needs to use a code template to create an automated deployment of an application onto Amazon EC2 instances. The template must be configured to repeat deployment, installation, and updates of resources for the application. The template must be able to create identical environments and roll back to previous versions.

Which solution will meet these requirements?

Options:

A.

Use AWS Amplify for automatic deployment templates. Use a traffic-splitting deployment to copy any deployments. Modify any resources created by Amplify, if necessary.

B.

Use AWS CodeBuild for automatic deployment. Upload the required AppSpec file template. Save the appspec.yml file in the root directory folder of the revision. Specify the deployment group that includes the EC2 instances for the deployment.

C.

Use AWS CloudFormation to create an infrastructure template in JSON format to deploy the EC2 instances. Use Cloud Formation helper scripts to install the necessary software and to start the application. Call the scripts directly from the template.

D.

Use AWS AppSync to deploy the application. Upload the template as a GraphQL schema. Specify the EC2 instances for deployment of the application. Use resolvers as a version control mechanism and to make any updates to the deployments.

Buy Now
Questions 17

A developer is working on a web application that uses Amazon DynamoDB as its data store The application has two DynamoDB tables one table that is named artists and one table that is named songs The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key

The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance.

Which solution will meet these requirements'?

Options:

A.

Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.

B.

Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table

C.

Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.

D.

Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.

Buy Now
Questions 18

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments

B.

Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.

C.

Configure the environment variables in the application code Use different names for each environment type

D.

Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret

Buy Now
Questions 19

An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below:

Which techniques will help mitigate this exception? (Choose two.)

Options:

A.

Implement retries with exponential backoff.

B.

Use a PutRecord API instead of PutRecords.

C.

Reduce the frequency and/or size of the requests.

D.

Use Amazon SNS instead of Kinesis.

E.

Reduce the number of KCL consumers.

Buy Now
Questions 20

A developer is working on an ecommerce website The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available

How can the developer update the application to meet these requirements with MINIMUM changes?

Options:

A.

Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch

B.

Set up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch Dashboards

C.

Scale down the application to one larger EC2 instance where only one instance is recording logs

D.

Install the unified Amazon CloudWatch agent on the EC2 instances Configure the agent to push the application logs to CloudWatch

Buy Now
Questions 21

A developer is writing a serverless application that requires an AWS Lambda function to be invoked every 10 minutes.

What is an automated and serverless way to invoke the function?

Options:

A.

Deploy an Amazon EC2 instance based on Linux, and edit its /etc/confab file by adding a command to periodically invoke the lambda function

B.

Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

C.

Create an Amazon EventBridge rule that runs on a regular schedule to invoke the Lambda function.

D.

Create an Amazon Simple Notification Service (Amazon SNS) topic that has a subscription to the Lambda function with a 600-second timer.

Buy Now
Questions 22

A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company Limit the ability to download a premier content file in the S3 Bucket to paid subscribers only?

Options:

A.

Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B.

Generate a pre-signed object URL for the premier content file when a pad subscriber requests a download.

C.

Add a Docket policy that requires multi-factor authentication for request to access the S3 bucket objects.

D.

Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Buy Now
Questions 23

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

Options:

A.

Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.

B.

Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.

C.

Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

D.

Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

Buy Now
Questions 24

A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket.

Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)

Options:

A.

Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances

B.

Create an 1AM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances

C.

Modify the application to use the S3 GeneratePresignedUrl API call

D.

Modify the application to use the S3 GetObject API call and to return the object handle to the user

E.

Modify the application to delegate requests to the S3 bucket.

Buy Now
Questions 25

A company is building an application for stock trading. The application needs sub-millisecond latency for processing trade requests. The company uses Amazon DynamoDB to store all the trading data that is used to process each trading request A development team performs load testing on the application and finds that the data retrieval time is higher than expected. The development team needs a solution that reduces the data retrieval time with the least possible effort.

Which solution meets these requirements'?

Options:

A.

Add local secondary indexes (LSis) for the trading data.

B.

Store the trading data m Amazon S3 and use S3 Transfer Acceleration.

C.

Add retries with exponential back off for DynamoDB queries.

D.

Use DynamoDB Accelerator (DAX) to cache the trading data.

Buy Now
Questions 26

A company had an Amazon RDS for MySQL DB instance that was named mysql-db. The DB instance was deleted within the past 90 days. A developer needs to find which 1AM user or role deleted the DB instance in the AWS environment. Which solution will provide this information?

Options:

A.

Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is DeleteDBInstance. Inspect each event.

B.

Retrieve the Amazon CloudWatch log events from the most recent log stream within the rds/mysql-db log group. Inspect the log events.

C.

Retrieve the AWS X-Ray trace summaries. Filter by services with the name mysql-db. Inspect the ErrorRootCauses values within each summary.

D.

Retrieve the AWS Systems Manager deletions inventory Filter the inventory by deletions that have a TypeName value of RDS. Inspect the deletion details.

Buy Now
Questions 27

A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs reach production.

Which solution should the developer implement to meet these requirements?

Options:

A.

Run the amplify add test command in the Amplify CLI.

B.

Create unit tests in the application. Deploy the unit tests by using the amplify push command in the Amplify CLI.

C.

Add a test phase to the amplify.yml build settings for the application.

D.

Add a test phase to the aws-exports.js file for the application.

Buy Now
Questions 28

A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage.

How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?

Options:

A.

Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

B.

Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

C.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.

D.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

Buy Now
Questions 29

When a developer tries to run an AWS Code Build project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters.

What is the recommended solution?

Options:

A.

Add the export LC-_ALL" on _ US, tuft" command to the pre _ build section to ensure POSIX Localization.

B.

Use Amazon Cognate to store key-value pairs for large numbers of environment variables

C.

Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables

D.

Use AWS Systems Manager Parameter Store to store large numbers ot environment variables

Buy Now
Questions 30

A developer is using AWS CodeDeploy to launch an application onto Amazon EC2 instances. The application deployment fails during testing. The developer notices an IAM_ROLE_PERMISSIONS error code in Amazon CloudWatch logs.

What should the developer do to resolve the error?

Options:

A.

Ensure that the deployment group is using the correct role name for the CodeDeploy service role.

B.

Attach the AWSCodeDeployRoleECS policy to the CodeDeploy service role.

C.

Attach the AWSCodeDeployRole policy to the CodeDeploy service role.

D.

Ensure the CodeDeploy agent is installed and running on all instances in the deployment group.

Buy Now
Questions 31

A developer is creating an AWS Lambda function that needs network access to private resources in a VPC.

Options:

A.

Attach the Lambda function to the VPC through private subnets. Create a security group that allows network access to the private resources. Associate the security group with the Lambda function.

B.

Configure the Lambda function to route traffic through a VPN connection. Create a security group that allows network access to the private resources. Associate the security group with the Lambda function.

C.

Configure a VPC endpoint connection for the Lambda function. Set up the VPC endpoint to route traffic through a NAT gateway.

D.

Configure an AWS PrivateLink endpoint for the private resources. Configure the Lambda function to reference the PrivateLink endpoint.

Buy Now
Questions 32

A developer at a company recently created a serverless application to process and show data from business reports. The application's user interface (UI) allows users to select and start processing the files. The Ul displays a message when the result is available to view. The application uses AWS Step Functions with AWS Lambda functions to process the files. The developer used Amazon API Gateway and Lambda functions to create an API to support the UI.

The company's Ul team reports that the request to process a file is often returning timeout errors because of the see or complexity of the files. The Ul team wants the API to provide an immediate response so that the Ul can deploy a message while the files are being processed. The backend process that is invoked by the API needs to send an email message when the report processing is complete.

What should the developer do to configure the API to meet these requirements?

Options:

A.

Change the API Gateway route to add an X-Amz-Invocation-Type header win a sialic value of 'Event' in the integration request Deploy the API Gateway stage to apply the changes.

B.

Change the configuration of the Lambda function that implements the request to process a file. Configure the maximum age of the event so that the Lambda function will ion asynchronously.

C.

Change the API Gateway timeout value to match the Lambda function ominous value. Deploy the API Gateway stage to apply the changes.

D.

Change the API Gateway route to add an X-Amz-Target header with a static value of 'A sync' in the integration request Deploy me API Gateway stage to apply the changes.

Buy Now
Questions 33

A developer has been asked to create an AWS Lambda function that is invoked any time updates are made to items in an Amazon DynamoDB table. The function has been created and appropriate permissions have been added to the Lambda execution role Amazon DynamoDB streams have been enabled for the table, but the function 15 still not being invoked.

Which option would enable DynamoDB table updates to invoke the Lambda function?

Options:

A.

Change the StreamViewType parameter value to NEW_AND_OLOJMAGES for the DynamoDB table.

B.

Configure event source mapping for the Lambda function.

C.

Map an Amazon Simple Notification Service (Amazon SNS) topic to the DynamoDB streams.

D.

Increase the maximum runtime (timeout) setting of the Lambda function.

Buy Now
Questions 34

A developer is designing an event-driven architecture. An AWS Lambda function that processes data needs to push processed data to a subset of four consumer Lambda functions. The data must be routed based on the value of one field in the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create an Amazon Simple Queue Service {Amazon SQS) queue and even! source mapping for each consumer Lambda function. Add message routing logic to the data-processing Lambda function.

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add message filtering logic to each consumer Lambda function. Subscribe the data-processing Lambda function to the SNS topic.

C.

Create a separate Amazon Simple Notification Service (Amazon SNS) topic and subscription for each consumer Lambda function. Add message routing logic to the data-processing Lambda function to publish to the appropriate topic.

D.

Create a single Amazon Simple Notification Service {Amazon SNS) topic. Subscribe the four consumer Lambda functions to the topic. Add SNS subscription filter policies to each subscription. Configure the data-processing Lambda function to publish to the topic.

Buy Now
Questions 35

A developer is deploying an AWS Lambda function The developer wants the ability to return to older versions of the function quickly and seamlessly.

How can the developer achieve this goal with the LEAST operational overhead?

Options:

A.

Use AWS OpsWorks to perform blue/green deployments.

B.

Use a function alias with different versions.

C.

Maintain deployment packages for older versions in Amazon S3.

D.

Use AWS CodePipeline for deployments and rollbacks.

Buy Now
Questions 36

A company built an online event platform For each event the company organizes quizzes and generates leaderboards that are based on the quiz scores. The company stores the leaderboard data in Amazon DynamoDB and retains the data for 30 days after an event is complete The company then uses a scheduled job to delete the old leaderboard data

The DynamoDB table is configured with a fixed write capacity. During the months when many events occur, the DynamoDB write API requests are throttled when the scheduled delete job runs.

A developer must create a long-term solution that deletes the old leaderboard data and optimizes write throughput

Which solution meets these requirements?

Options:

A.

Configure a TTL attribute for the leaderboard data

B.

Use DynamoDB Streams to schedule and delete the leaderboard data

C.

Use AWS Step Functions to schedule and delete the leaderboard data.

D.

Set a higher write capacity when the scheduled delete job runs

Buy Now
Questions 37

A company has an application that runs across multiple AWS Regions. The application is experiencing performance issues at irregular intervals. A developer must use AWS X-Ray to implement distributed tracing for the application to troubleshoot the root cause of the performance issues.

What should the developer do to meet this requirement?

Options:

A.

Use the X-Ray console to add annotations for AWS services and user-defined services

B.

Use Region annotation that X-Ray adds automatically for AWS services Add Region annotation for user-defined services

C.

Use the X-Ray daemon to add annotations for AWS services and user-defined services

D.

Use Region annotation that X-Ray adds automatically for user-defined services Configure X-Ray to add Region annotation for AWS services

Buy Now
Questions 38

A developer migrated a legacy application to an AWS Lambda function. The function uses a third-party service to pull data with a series of API calls at the end of each month. The function than processes the data to generate the monthly reports. The function has Been working with no issues so far.

The third-party service recently issued a restriction to allow a feed number to API calls each minute and each day. If the API calls exceed the limit tor each minute or each day, then the service will produce errors. The API also provides the minute limit and daily limit in the response header. This restriction might extend the overall process to multiple days because the process is consuming more API calls than the available limit.

What is the MOST operationally efficient way to refactor the server less application to accommodate this change?

Options:

A.

Use an AWS Step Functions State machine to monitor API failures. Use the Wait state to delay calling the Lambda function.

B.

Use an Amazon Simple Queue Service (Amazon SQS) queue to hold the API calls. Configure the Lambda function to poll the queue within the API threshold limits.

C.

Use an Amazon CloudWatch Logs metric to count the number of API calls. Configure an Amazon CloudWatch alarm flat slops the currently running instance of the Lambda function when the metric exceeds the API threshold limits.

D.

Use Amazon Kinesis Data Firehose to batch me API calls and deliver them to an Amazon S3 bucket win an event notification to invoke the Lambda function.

Buy Now
Questions 39

A developer is migrating some features from a legacy monolithic application to use AWS Lambda functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB cluster are deployed in the same AWS Region in the same AWS account.

The developer needs to ensure that the Lambda functions can securely access the DB cluster without crossing the public internet.

Which solution will meet these requirements?

Options:

A.

Configure the DB cluster's public access setting to Yes.

B.

Configure an Amazon RDS database proxy for the Lambda functions.

C.

Configure a NAT gateway and a security group for the Lambda functions.

D.

Configure the VPC, subnets, and a security group for the Lambda functions.

Buy Now
Questions 40

A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.

The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.

Which solution will meet these requirements MOST securely?

Options:

A.

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

B.

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

C.

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

D.

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Buy Now
Questions 41

A developer is implementing a serverless application by using AWS CloudFormation to provision Amazon S3 web hosting. Amazon API Gateway, and AWS Lambda functions. The Lambda function source code is zipped and uploaded to an S3 bucket. The S3 object key of the zipped source code is specified in the Lambda resource in the CloudFormation template.

The developer notices that there are no changes in the Lambda function every time the CloudFormation stack is updated.

How can the developer resolve this issue?

Options:

A.

Create a new Lambda function alias before updating the CloudFormation stack.

B.

Change the S3 object key or the S3 version in the CloudFormation template before updating the CloudFormation stack.

C.

Upload the zipped source code to another S3 bucket before updating the CloudFormation stack.

D.

Associate a code signing configuration with the Lambda function before updating the CloudFormation stack.

Buy Now
Questions 42

A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /Imp storage on an AWS Lambda function.

How should the developer encrypt this data?

Options:

A.

Enable Amazon EBS volume encryption with an AWS KMS key in the Lambda function configuration so that all storage attached to the Lambda function is encrypted.

B.

Set up the Lambda function with a role and key policy to access an AWS KMS key. Use the key to generate a data key used to encrypt all data prior to writing to Amp storage.

C.

Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp.

D.

Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function.

Buy Now
Questions 43

A developer deployed an application to an Amazon EC2 instance The application needs to know the public IPv4 address of the instance

How can the application find this information?

Options:

A.

Query the instance metadata from http./M69.254.169.254. latestmeta-data/.

B.

Query the instance user data from http '169 254.169 254. latest/user-data/

C.

Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/meta-data/ami/.

D.

Check the hosts file of the operating system

Buy Now
Questions 44

A developer is using AWS Step Functions to automate a workflow The workflow defines each step as an AWS Lambda function task The developer notices that runs of the Step Functions state machine fail in the GetResource task with either an UlegalArgumentException error or a TooManyRequestsException error

The developer wants the state machine to stop running when the state machine encounters an UlegalArgumentException error. The state machine needs to retry the GetResource task one additional time after 10 seconds if the state machine encounters a TooManyRequestsException error. If the second attempt fails, the developer wants the state machine to stop running.

How can the developer implement the Lambda retry functionality without adding unnecessary complexity to the state machine'?

Options:

A.

Add a Delay task after the GetResource task. Add a catcher to the GetResource task. Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be the Delay task Configure the Delay task to wait for an interval of 10 seconds Configure the next step to be the GetResource task.

B.

Add a catcher to the GetResource task Configure the catcher with an error type of TooManyRequestsException. an interval of 10 seconds, and a maximum attempts value of 1. Configure the next step to be the GetResource task.

C.

Add a retrier to the GetResource task Configure the retrier with an error type of TooManyRequestsException, an interval of 10 seconds, and a maximum attempts value of 1.

D.

Duplicate the GetResource task Rename the new GetResource task to TryAgain Add a catcher to the original GetResource task Configure the catcher with an error type of TooManyRequestsException. Configure the next step to be TryAgain.

Buy Now
Questions 45

A company has an application that is deployed on AWS Elastic Beanstalk. The application generates user-specific PDFs and stores the PDFs in an Amazon S3 bucket. The application then uses Amazon Simple Email Service (Amazon SES) to send the PDFs by email to subscribers.

Users no longer access the PDFs 90 days after the PDFs are generated. The S3 bucket is not versioned and contains many obsolete PDFs.

A developer must reduce the number of files in the S3 bucket by removing PDFs that are older than 90 days.

Which solution will meet this requirement with the LEAST development effort?

Options:

A.

Update the application code. In the code, add a rule to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

B.

Create an AWS Lambda function. Program the Lambda function to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

C.

Create an S3 Lifecycle rule for the S3 bucket to expire objects after 90 days.

D.

Partition the S3 objects with a // key prefix. Create an AWS Lambda function to remove objects that have prefixes that have reached the expiration date.

Buy Now
Questions 46

An application interacts with Amazon Aurora to store and track customer information. The primary database is set up with multiple read replicas for improving the performance of the read queries. However, one of the Aurora replicas is receiving most or all of the traffic, while the other Aurora replica remains idle.

How can this issue be resolved?

Options:

A.

Disable application-level DNS caching.

B.

Enable application-level DNS caching.

C.

Enable application pooling.

D.

Disable application pooling.

Buy Now
Questions 47

A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.

Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)

Options:

A.

Retry the batch operation immediately.

B.

Retry the batch operation with exponential backoff and randomized delay.

C.

Update the application to use an AWS software development kit (AWS SDK) to make the requests.

D.

Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

E.

Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

Buy Now
Questions 48

A developer is building an application that gives users the ability to view bank account from multiple sources in a single dashboard. The developer has automated the process to retrieve API credentials for these sources. The process invokes an AWS Lambda function that is associated with an AWS CloudFormation cotton resource.

The developer wants a solution that will store the API credentials with minimal operational overhead.

When solution will meet these requirements?

Options:

A.

Add an AWS Secrets Manager GenerateSecretString resource to the CloudFormation template. Set the value to reference new credentials to the Cloudformation resource.

B.

Use the AWS SDK ssm PutParameter operation in the Lambda function from the existing, custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set ma parameter type to SecureString.

C.

Add an AWS Systems Manager Parameter Store resource to the CloudFormation template. Set the CloudFormation resource value to reference the new credentials Set the resource NoEcho attribute to true.

D.

Use the AWS SDK ssm PutParameter operation in the Lambda function from the existing custom resources to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter NoEcho attribute to true.

Buy Now
Questions 49

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

Options:

A.

Attach the existing 1AM policy to the Lambda function.

B.

Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function

C.

Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.

D.

Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function

Buy Now
Questions 50

A company offers a business-to-business software service that runs on dedicated infrastructure deployed in each customer's AWS account. Before a feature release, the company needs to run integration tests on real AWS test infrastructure. The test infrastructure consists of Amazon EC2 instances and an Amazon RDS database.

A developer must set up a continuous delivery process that will provision the test infrastructure across the different AWS accounts. The developer then must run the integration tests.

Which solution will meet these requirements with the LEAST administrative effort?

Options:

A.

Use AWS CodeDeploy with AWS CloudFormation StackSets to deploy the infrastructure. Use Amazon CodeGuru to run the tests.

B.

Use AWS CodePipeline with AWS CloudFormation StackSets to deploy the infrastructure. Use AWS CodeBuild to run the tests.

C.

Use AWS CodePipeline with AWS CloudFormation change sets to deploy the infrastructure. Use a CloudFormation custom resource to run the tests.

D.

Use AWS Serverless Application Model (AWS SAM) templates with AWS CloudFormation change sets to deploy the infrastructure. Use AWS CodeDeploy to run the tests.

Buy Now
Questions 51

A developer is troubleshooting a three-tier application, which is deployed on Amazon EC2 instances. There is a connectivity problem between the application servers and the database servers.

Which AWS services or tools should be used to identify the faulty component? (Select TWO.)

Options:

A.

AWS CloudTrail

B.

AWS Trusted Advisor

C.

Amazon VPC Flow Logs

D.

Network access control lists

E.

AWS Config rules

Buy Now
Questions 52

A developer is creating an AWS Lambda function that needs credentials to connect to an Amazon RDS for MySQL database. An Amazon S3 bucket currently stores the credentials. The developer needs to improve the existing solution by implementing credential rotation and secure storage. The developer also needs to provide integration with the Lambda function.

Which solution should the developer use to store and retrieve the credentials with the LEAST management overhead?

Options:

A.

Store the credentials in AWS Systems Manager Parameter Store. Select the database that the parameter will access. Use the default AWS Key Management Service (AWS KMS) key to encrypt the parameter. Enable automatic rotation for the parameter. Use the parameter from Parameter Store on the Lambda function to connect to the database.

B.

Encrypt the credentials with the default AWS Key Management Service (AWS KMS) key. Store the credentials as environment variables for the Lambda function. Create a second Lambda function to generate new credentials and to rotate the credentials by updating the environment variables of the first Lambda function. Invoke the second Lambda function by using an Amazon EventBridge rule that runs on a schedule. Update the database to use the new c

C.

Store the credentials in AWS Secrets Manager. Set the secret type to Credentials for Amazon RDS database. Select the database that the secret will access. Use the default AWS Key Management Service (AWS KMS) key to encrypt the secret. Enable automatic rotation for the secret. Use the secret from Secrets Manager on the Lambda function to connect to the database.

D.

Encrypt the credentials by using AWS Key Management Service (AWS KMS). Store the credentials in an Amazon DynamoDB table. Create a second Lambda function to rotate the credentials. Invoke the second Lambda function by using an Amazon EventBridge rule that runs on a schedule. Update the DynamoDB table. Update the database to use the generated credentials. Retrieve the credentials from DynamoDB with the first Lambda function. Connect to the d

Buy Now
Questions 53

A developer wants to add request validation to a production environment Amazon API Gateway API. The developer needs to test the changes

before the API is deployed to the production environment. For the test, the developer will send test requests to the API through a testing tool.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Export the existing API to an OpenAPI file. Create a new API. Import the OpenAPI file. Modify the new API to add request validation. Perform the tests. Modify the existing API to add request validation. Deploy the existing API to production.

B.

Modify the existing API to add request validation. Deploy the updated API to a new API Gateway stage. Perform the tests. Deploy the updated API to the API Gateway production stage.

C.

Create a new API. Add the necessary resources and methods, including new request validation. Perform the tests. Modify the existing API to add request validation. Deploy the existing API to production.

D.

Clone the existing API. Modify the new API to add request validation. Perform the tests. Modify the existing API to add request validation. Deploy the existing API to production.

Buy Now
Questions 54

A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed tor analysis in a nightly batch. The system analysts do not want to wait until the next day to view the processed data and have asked to have it available in near-real time.

Which application architecture pattern would enable the data to be processed as it is received?

Options:

A.

Event driven

B.

Client-server d riven

C.

Fan-out driven

D.

Schedule driven

Buy Now
Questions 55

A developer uses AWS CloudFormation to deploy an Amazon API Gateway API and an AWS Step Functions state machine The state machine must reference the API Gateway API after the CloudFormation template is deployed The developer needs a solution that uses the state machine to reference the API Gateway endpoint.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Configure the CloudFormation template to reference the API endpoint in the DefinitionSubstitutions property for the AWS StepFunctions StateMachme resource.

B.

Configure the CloudFormation template to store the API endpoint in an environment variable for the AWS::StepFunctions::StateMachine resourc Configure the state machine to reference the environment variable

C.

Configure the CloudFormation template to store the API endpoint in a standard AWS: SecretsManager Secret resource Configure the state machine to reference the resource

D.

Configure the CloudFormation template to store the API endpoint in a standard AWS::AppConfig;:ConfigurationProfile resource Configure the state machine to reference

the resource.

Buy Now
Questions 56

A developer designed an application on an Amazon EC2 instance The application makes API requests to objects in an Amazon S3 bucket

Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Select TWO.)

Options:

A.

Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group

B.

Create an IAM role that has permissions to the S3 bucket

C.

Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.

D.

Create an 1AM role that has permissions to the S3 bucket Assign the role to an 1AM group

E.

Store the credentials of the IAM user in the environment variables on the EC2 instance

Buy Now
Questions 57

A company needs to set up secure database credentials for all its AWS Cloud resources. The company's resources include Amazon RDS DB instances Amazon DocumentDB clusters and Amazon Aurora DB instances. The company's security policy mandates that database credentials be encrypted at rest and rotated at a regular interval.

Which solution will meet these requirements MOST securely?

Options:

A.

Set up IAM database authentication for token-based access. Generate user tokens to provide centralized access to RDS DB instances. Amazon DocumentDB clusters and Aurora DB instances.

B.

Create parameters for the database credentials in AWS Systems Manager Parameter Store Set the Type parameter to Secure Sting. Set up automatic rotation on the parameters.

C.

Store the database access credentials as an encrypted Amazon S3 object in an S3 bucket Block all public access on the S3 bucket. Use S3 server-side encryption to set up automatic rotation on the encryption key.

D.

Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console. Create secrets for the database credentials in Secrets Manager Set up secrets rotation on a schedule.

Buy Now
Questions 58

A developer creates a static website for their department The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket

The developer notices users can access the root URL and specific pages but cannot access directories without specifying a file name. For example, /products/index.html works, but /products returns an error The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly.

Which solution will meet these requirements'?

Options:

A.

Update the CloudFront distribution's settings to index.html as the default root object is set

B.

Update the Amazon S3 bucket settings and enable static website hosting. Specify index html as the Index document Update the S3 bucket policy to enable access. Update the CloudFront distribution's origin to use the S3 website endpoint

C.

Create a CloudFront function that examines the request URL and appends index.html when directories are being accessed Add the function as a viewer request CloudFront function to the CloudFront distribution's behavior.

D.

Create a custom error response on the CloudFront distribution with the HTTP error code set to the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP response code to the HTTP 200 OK response code

Buy Now
Questions 59

A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.

Which approach should the company take to allow the application to interact with Amazon S3?

Options:

A.

Create an 1AM role that has administrative access to AWS. Attach the role to the EC2 instance.

B.

Create an 1AM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

C.

Create an 1AM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

D.

Create an 1AM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Buy Now
Questions 60

A developer is creating an application that uses an Amazon DynamoDB table. The developer needs to develop code that reads all records that were added to the table during the previous day. creates HTML reports, and pushes the reports into third-party storage. The item size varies from 1 KB to 4 KB, and the index structure is defined with the date. The developer needs to minimize the read capacity that the application requires from the DynamoDB table.

Which DynamoDB API operation should the developer use in the code to meet these requirements?

Options:

A.

Query

B.

Scan

C.

BatchGetltem

D.

Getltem

Buy Now
Questions 61

A mobile app stores blog posts in an Amazon DynacnoDB table Millions of posts are added every day and each post represents a single item in the table. The mobile app requires only recent posts. Any post that is older than 48 hours can be removed.

What is the MOST cost-effective way to delete posts that are older man 48 hours?

Options:

A.

For each item add a new attribute of type String that has a timestamp that is set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are order than 48 hours by using the Balch Write ltem API operation. Schedule a cron job on an Amazon EC2 instance once an hour to start the script.

B.

For each item add a new attribute of type. String that has a timestamp that its set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are Oder than 48 hours by using the Batch Write item API operating. Place the script in a container image. Schedule an Amazon Elastic Container Service (Amazon ECS) task on AWS Far gate that invokes the container every 5 minutes.

C.

For each item, add a new attribute of type Date that has a timestamp that is set to 48 hours after the blog post creation time. Create a global secondary index (GSI) that uses the new attribute as a sort key. Create an AWS Lambda function that references the GSI and removes expired items by using the Batch Write item API operation Schedule me function with an Amazon CloudWatch event every minute.

D.

For each item add a new attribute of type. Number that has timestamp that is set to 48 hours after the blog post. creation time Configure the DynamoDB table with a TTL that references the new attribute.

Buy Now
Questions 62

An developer is building a serverless application by using the AWS Serverless Application Model (AWS SAM). The developer is currently testing the application in a development environment. When the application is nearly finsihed, the developer will need to set up additional testing and staging environments for a quality assurance team.

The developer wants to use a feature of the AWS SAM to set up deployments to multiple environments.

Which solution will meet these requirements with the LEAST development effort?

Options:

A.

Add a configuration file in TOML format to group configuration entries to every environment. Add a table for each testing and staging environment. Deploy updates to the environments by using the sam deploy command and the --config-env flag that corresponds to the each environment.

B.

Create additional AWS SAM templates for each testing and staging environment. Write a custom shell script that uses the sam deploy command and the --template-file flag to deploy updates to the environments.

C.

Create one AWS SAM configuration file that has default parameters. Perform updates to the testing and staging environments by using the —parameter-overrides flag in the AWS SAM CLI and the parameters that the updates will override.

D.

Use the existing AWS SAM template. Add additional parameters to configure specific attributes for the serverless function and database table resources that are in each environment. Deploy updates to the testing and staging environments by using the sam deploy command.

Buy Now
Questions 63

A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.

Which solution meets these requirements?

Options:

A.

Add the permissions to an 1AM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.

B.

Add the permissions inline to an 1AM group. Attach the group to the EC2 instance profile.

C.

Add the permissions to an 1AM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.

D.

Add the permissions to an 1AM policy. Use 1AM web identity federation to access the S3 bucket with the policy.

Buy Now
Questions 64

An application runs on multiple EC2 instances behind an ELB.

Where is the session data best written so that it can be served reliably across multiple requests?

Options:

A.

Write data to Amazon ElastiCache

B.

Write data to Amazon Elastic Block Store

C.

Write data to Amazon EC2 instance Store

D.

Wide data to the root filesystem

Buy Now
Questions 65

A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution The external library is a collection of files with a total size of 100 MB The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create a Lambda layer to store the external library Configure the Lambda function to use the layer

B.

Create an Amazon S3 bucket Upload the external library into the S3 bucket. Mount the S3 bucket folder in the Lambda function Import the library by using the proper folder in the mount point.

C.

Load the external library to the Lambda function's /tmp directory during deployment of the Lambda package. Import the library from the /tmp directory.

D.

Create an Amazon Elastic File System (Amazon EFS) volume. Upload the external library to the EFS volume Mount the EFS volume in the Lambda function. Import the library by using the proper folder in the mount point.

Buy Now
Questions 66

A company has an application that stores data in Amazon RDS instances. The application periodically experiences surges of high traffic that cause performance problems.

During periods of peak traffic, a developer notices a reduction in query speed in all database queries.

The team's technical lead determines that a multi-threaded and scalable caching solution should be used to offload the heavy read traffic. The solution needs to improve performance.

Which solution will meet these requirements with the LEAST complexity?

Options:

A.

Use Amazon ElastiCache for Memcached to offload read requests from the main database.

B.

Replicate the data to Amazon DynamoDB. Set up a DynamoDB Accelerator (DAX) cluster.

C.

Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance. Offload read requests from the main database to the standby instance.

D.

Use Amazon ElastiCache for Redis to offload read requests from the main database.

Buy Now
Questions 67

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key. the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

Options:

A.

The createDeploymer.t method must be called so the API can be redeployed to include the newly created API key.

B.

The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key

C.

The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D.

The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Buy Now
Questions 68

An 1AM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the 1AM access key and secret access key, which allow full administrative access.

Given that multiple modes of 1AM access are present for this EC2 instance, which of the following is correct?

Options:

A.

The EC2 instance will only be able to list the S3 buckets.

B.

The EC2 instance will only be able to list the contents of one S3 bucket at a time.

C.

The EC2 instance will be able to perform all actions on any S3 bucket.

D.

The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Buy Now
Questions 69

A developer is writing unit tests tor a new application that will be deployed on AWS. The developer wants to validate all pull requests with unit tests and merge the code with the main branch only when all tests pass

The developer stores the code in AWS CodeCommit and sets up AWS CodeBuild to run the unit tests. The developer creates an AWS Lambda function to start the CodeBuild task. The developer needs to identify the CodeCommit events in an Amazon EventBridge event that can invoke the Lambda function when a pull request is created or updated.

Which CodeCommit event will meet these requirements?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 70

A company has multiple Amazon VPC endpoints in the same VPC. A developer needs configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.

Which solution will meet these requirements?

Options:

A.

Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws SourceVpce value in the StringNotEquals condition.

B.

Create a single S3 bucket policy that has the aws SourceVpc value and in the StingNotEquals condition to use VPC ID.

C.

Create a single S3 bucket policy that the multiple aws SourceVpce value and in the SringNotEquals condton to use vpce.

D.

Create a single S3 bucket policy that has multiple aws sourceVpce value in the StingNotEquale condition. Repeat for all the VPC endpoint IDs.

Buy Now
Questions 71

A developer is configuring an applications deployment environment in AWS CodePipeine. The application code is stored in a GitHub repository. The developer wants to ensure that the repository package's unit tests run in the new deployment environment. The deployment has already set the pipeline's source provider to GitHub and has specified the repository and branch to use in the deployment.

When combination of steps should the developer take next to meet these requirements with the least the LEAST overhead' (Select TWO).

Options:

A.

Create an AWS CodeCommt project. Add the repository package's build and test commands to the protects buildspec

B.

Create an AWS CodeBuid project. Add the repository package's build and test commands to the projects buildspec

C.

Create an AWS CodeDeploy protect. Add the repository package's build and test commands to the project's buildspec

D.

Add an action to the source stage. Specify the newly created project as the action provider. Specify the build attract as the actions input artifact.

E.

Add a new stage to the pipeline alter the source stage. Add an action to the new stage. Speedy the newly created protect as the action provider. Specify the source artifact as the action's input artifact.

Buy Now
Questions 72

A company built a new application in the AWS Cloud. The company automated the bootstrapping of new resources with an Auto Scaling group by using AWS Cloudf-ormation templates. The bootstrap scripts contain sensitive data.

The company needs a solution that is integrated with CloudFormation to manage the sensitive data in the bootstrap scripts.

Which solution will meet these requirements in the MOST secure way?

Options:

A.

Put the sensitive data into a CloudFormation parameter. Encrypt the CloudFormation templates by using an AWS Key Management Service (AWS KMS) key.

B.

Put the sensitive data into an Amazon S3 bucket Update the CloudFormation templates to download the object from Amazon S3 during bootslrap.

C.

Put the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter. Update the CloudFormation templates to use dynamic references to specify template values.

D.

Put the sensitive data into Amazon Elastic File System (Amazon EPS) Enforce EFS encryption after file system creation. Update the CloudFormation templates to retrieve data from Amazon EFS.

Buy Now
Questions 73

A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon

Elastic Block Store (Amazon EBS) volumes for storing data. The Amazon EBS volumes will be created at time of initial deployment. The

application will process sensitive information. All of the data must be encrypted. The solution should not impact the application's performance.

Which solution will meet these requirements?

Options:

A.

Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.

B.

Configure the application to write all data to an encrypted Amazon S3 bucket.

C.

Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.

D.

Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.

Buy Now
Questions 74

An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application. Which HTTP header should the developer use for this analysis?

Options:

A.

The X-Forwarded-Proto header

B.

The X-F Forwarded-Host header

C.

The X-Forwarded-For header

D.

The X-Forwarded-Port header

Buy Now
Questions 75

A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code.

Which combination of actions should the developer take to achieve this goal? (Select TWO)

Options:

A.

Install the Amazon CloudWatch agent on the EC2 instances.

B.

Install the AWS X-Ray daemon on the EC2 instances.

C.

Configure the application to write JSON-formatted togs to /var/log/cloudwatch.

D.

Configure the application to write trace data to /Var/log-/xray.

E.

Install and configure the AWS X-Ray SDK for Python in the application.

Buy Now
Questions 76

An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.

Which option will meet these requirements with the HIGHEST level of security?

Options:

A.

Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).

B.

Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.

C.

Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.

D.

Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Buy Now
Questions 77

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

Options:

A.

Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B.

Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C.

Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D.

Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Buy Now
Questions 78

A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have caching enabled in API Gateway. Customers need a way to invalidate the cache for each API when they test the API.

What should a developer do to give customers the ability to invalidate the API cache?

Options:

A.

Ask the customers to use AWS credentials to call the InvalidateCache API operation.

B.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to send a request that contains the HTTP header when they make an API call.

C.

Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API operation.

D.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to add the INVALIDATE_CACHE query string parameter when they make an API call.

Buy Now
Questions 79

A developer needs to migrate an online retail application to AWS to handle an anticipated increase in traffic. The application currently runs on two servers: one server for the web application and another server for the database. The web server renders webpages and manages session state in memory. The database server hosts a MySQL database that contains order details. When traffic to the application is heavy, the memory usage for the web server approaches 100% and the application slows down considerably.

The developer has found that most of the memory increase and performance decrease is related to the load of managing additional user sessions. For the web server migration, the developer will use Amazon EC2 instances with an Auto Scaling group behind an Application Load Balancer.

Which additional set of changes should the developer make to the application to improve the application's performance?

Options:

A.

Use an EC2 instance to host the MySQL database. Store the session data and the application data in the MySQL database.

B.

Use Amazon ElastiCache for Memcached to store and manage the session data. Use an Amazon RDS for MySQL DB instance to store the application data.

C.

Use Amazon ElastiCache for Memcached to store and manage the session data and the application data.

D.

Use the EC2 instance store to manage the session data. Use an Amazon RDS for MySQL DB instance to store the application data.

Buy Now
Questions 80

A company receives food orders from multiple partners. The company has a microservices application that uses Amazon API Gateway APIs with AWS Lambda integration. Each partner sends orders by calling a customized API that is exposed through API Gateway. The API call invokes a shared Lambda function to process the orders.

Partners need to be notified after the Lambda function processes the orders. Each partner must receive updates for only the partner's own orders. The company wants to add new partners in the future with the fewest code changes possible.

Which solution will meet these requirements in the MOST scalable way?

Options:

A.

Create a different Amazon Simple Notification Service (Amazon SNS) topic for each partner. Configure the Lambda function to publish messages for each partner to the partner's SNS topic.

B.

Create a different Lambda function for each partner. Configure the Lambda function to notify each partner's service endpoint directly.

C.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure the Lambda function to publish messages with specific attributes to the SNS topic. Subscribe each partner to the SNS topic. Apply the appropriate filter policy to the topic subscriptions.

D.

Create one Amazon Simple Notification Service (Amazon SNS) topic. Subscribe all partners to the SNS topic.

Buy Now
Questions 81

A developer wants to deploy a new version of an AWS Elastic Beanstalk application. During deployment the application must maintain full capacity and avoid service interruption. Additionally, the developer must minimize the cost of additional resources that support the deployment.

Which deployment method should the developer use to meet these requirements?

Options:

A.

All at once

B.

Rolling with additional batch

C.

Bluegreen

D.

Immutable

Buy Now
Questions 82

A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.

Which actions should the developer take to increase the processing speed? (Choose two.)

Options:

A.

Increase the number of shards of the Kinesis data stream.

B.

Decrease the timeout of the Lambda function.

C.

Increase the memory that is allocated to the Lambda function.

D.

Decrease the number of shards of the Kinesis data stream.

E.

Increase the timeout of the Lambda function.

Buy Now
Questions 83

A company launched an online portal to announce a new product that the company will release in 6 months. The portal requests that users enter an email address to receive communications about the product. The company needs to create a REST API that will store the email addresses in Amazon DynamoDB.

A developer has created an AWS Lambda function that can store the email addresses. The developer will deploy the Lambda function by using the AWS Serverless Application Model (AWS SAM). The developer must provide access to the Lambda function over HTTP.

Which solutions will meet these requirements with the LEAST additional configuration? (Select TWO.)

Options:

A.

Expose the Lambda function by using function URLs.

B.

Expose the Lambda function by using a Gateway Load Balancer.

C.

Expose the Lambda function by using a Network Load Balancer.

D.

Expose the Lambda function by using AWS Global Accelerator

E.

Expose the Lambda function by using Amazon API Gateway.

Buy Now
Questions 84

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.

How should the developer configure the custom domain for the application?

Options:

A.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.

B.

Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

C.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.

D.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Buy Now
Questions 85

When using the AWS Encryption SDK how does the developer keep track of the data encryption keys used to encrypt data?

Options:

A.

The developer must manually keep Hack of the data encryption keys used for each data object.

B.

The SDK encrypts the data encryption key and stores it (encrypted) as part of the resumed ophertext.

C.

The SDK stores the data encryption keys automaticity in Amazon S3.

D.

The data encryption key is stored m the user data for the EC2 instance.

Buy Now
Questions 86

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.

What is the MOST operationally efficient solution that meets this requirement?

Options:

A.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D.

Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Buy Now
Questions 87

A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses 1AM permissions to restrict access to the S3 bucket. The customers can access only their own files.

Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.

Which solution will meet these requirements?

Options:

A.

Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false.

B.

Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read.

C.

Add an 1AM policy to the 1AM users to enforce the usage of the AWS SDK.

D.

Add an 1AM policy to the 1AM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read.

Buy Now
Exam Code: DVA-C02
Exam Name: AWS Certified Developer - Associate
Last Update: Nov 14, 2024
Questions: 292
DVA-C02 pdf

DVA-C02 PDF

$24  $80
DVA-C02 Engine

DVA-C02 Testing Engine

$28.5  $95
DVA-C02 PDF + Engine

DVA-C02 PDF + Testing Engine

$39  $130