New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

DVA-C02 AWS Certified Developer - Associate Questions and Answers

Questions 4

A developer is planning to migrate on-premises company data to Amazon S3. The data must be encrypted, and the encryption Keys must support automate annual rotation. The company must use AWS Key Management Service (AWS KMS) to encrypt the data.

When type of keys should the developer use to meet these requirements?

Options:

A.

Amazon S3 managed keys

B.

Symmetric customer managed keys with key material that is generated by AWS

C.

Asymmetric customer managed keys with key material that generated by AWS

D.

Symmetric customer managed keys with imported key material

Buy Now
Questions 5

A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.

Which approach should the company take to allow the application to interact with Amazon S3?

Options:

A.

Create an 1AM role that has administrative access to AWS. Attach the role to the EC2 instance.

B.

Create an 1AM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

C.

Create an 1AM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

D.

Create an 1AM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Buy Now
Questions 6

A developer is designing an AWS Lambda function that creates temporary files that are less than 10 MB during invocation. The temporary files will be accessed and modified multiple times during invocation. The developer has no need to save or retrieve these files in the future.

Where should the temporary files be stored?

Options:

A.

the /tmp directory

B.

Amazon Elastic File System (Amazon EFS)

C.

Amazon Elastic Block Store (Amazon EBS)

D.

Amazon S3

Buy Now
Questions 7

A developer wants to store information about movies. Each movie has a title, release year, and genre. The movie information also can include additional properties about the cast and production crew. This additional information is inconsistent across movies. For example, one movie might have an assistant director, and another movie might have an animal trainer.

The developer needs to implement a solution to support the following use cases:

For a given title and release year, get all details about the movie that has that title and release year.

For a given title, get all details about all movies that have that title.

For a given genre, get all details about all movies in that genre.

Which data store configuration will meet these requirements?

Options:

A.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the title as the partition key and the release year as the sort key. Create a global secondary index that uses the genre as the partition key and the title as the sort key.

B.

Create an Amazon DynamoDB table. Configure the table with a primary key that consists of the genre as the partition key and the release year as the sort key. Create a global secondary index that uses the title as the partition key.

C.

On an Amazon RDS DB instance, create a table that contains columns for title, release year, and genre. Configure the title as the primary key.

D.

On an Amazon RDS DB instance, create a table where the primary key is the title and all other data is encoded into JSON format as one additional column.

Buy Now
Questions 8

A developer needs to use a code template to create an automated deployment of an application onto Amazon EC2 instances. The template must be configured to repeat deployment, installation, and updates of resources for the application. The template must be able to create identical environments and roll back to previous versions.

Which solution will meet these requirements?

Options:

A.

Use AWS Amplify for automatic deployment templates. Use a traffic-splitting deployment to copy any deployments. Modify any resources created by Amplify, if necessary.

B.

Use AWS CodeBuild for automatic deployment. Upload the required AppSpec file template. Save the appspec.yml file in the root directory folder of the revision. Specify the deployment group that includes the EC2 instances for the deployment.

C.

Use AWS CloudFormation to create an infrastructure template in JSON format to deploy the EC2 instances. Use Cloud Formation helper scripts to install the necessary software and to start the application. Call the scripts directly from the template.

D.

Use AWS AppSync to deploy the application. Upload the template as a GraphQL schema. Specify the EC2 instances for deployment of the application. Use resolvers as a version control mechanism and to make any updates to the deployments.

Buy Now
Questions 9

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key. the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

Options:

A.

The createDeploymer.t method must be called so the API can be redeployed to include the newly created API key.

B.

The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key

C.

The importApiKeys method must be called to import all newly created API keys into the current stage of the API.

D.

The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Buy Now
Questions 10

A company needs to distribute firmware updates to its customers around the world.

Which service will allow easy and secure control of the access to the downloads at the lowest cost?

Options:

A.

Use Amazon CloudFront with signed URLs for Amazon S3.

B.

Create a dedicated Amazon CloudFront Distribution for each customer.

C.

Use Amazon CloudFront with AWS Lambda@Edge.

D.

Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.

Buy Now
Questions 11

A developer is designing a fault-tolerant environment where client sessions will be saved.

How can the developer ensure that no sessions are lost if an Amazon EC2 instance fails?

Options:

A.

Use sticky sessions with an Elastic Load Balancer target group.

B.

Use Amazon SOS to save session data.

C.

Use Amazon DynamoDB to perform scalable session handling.

D.

Use Elastic Load Balancer connection draining to stop sending requests to failing instances.

Buy Now
Questions 12

A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.

The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.

Which solution will meet these requirements MOST securely?

Options:

A.

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

B.

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

C.

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

D.

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SDK. Use the credentials to make the API call.

Buy Now
Questions 13

A developer has created an AWS Lambda function that makes queries to an Amazon Aurora MySQL DB instance. When the developer performs a test the OB instance shows an error for too many connections.

Which solution will meet these requirements with the LEAST operational effort?

Options:

A.

Create a read replica for the DB instance Query the replica DB instance instead of the primary DB instance.

B.

Migrate the data lo an Amazon DynamoDB database.

C.

Configure the Amazon Aurora MySQL DB instance tor Multi-AZ deployment.

D.

Create a proxy in Amazon RDS Proxy Query the proxy instead of the DB instance.

Buy Now
Questions 14

A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node.js application.

To minimize these bugs, the developer wants to implement automated testing of Lambda functions in an environment that closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (CI/CD) pipeline before the AWS Cloud Development Kit (AWS CDK) deployment.

Which solution will meet these requirements?

Options:

A.

Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response. Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run the test scripts.

B.

Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda documentation. Invoke the handler function by using a unit testing framework. Check the response. Document how to run the unit testing framework for the other developers on the team. Update the CI/CD pipeline to run the unit testing framework.

C.

Install the AWS Serverless Application Model (AWS SAM) CLI tool. Use the sam local generate-event command to generate sample events for the automated tests. Create automated test scripts that use the sam local invoke command to invoke the Lambda functions. Check the response. Document the test scripts for the other developers on the team. Update the CI/CD pipeline to run the test scripts.

D.

Create sample events based on the Lambda documentation. Create a Docker container from the Node.js base image to invoke the Lambda functions. Check the response. Document how to run the Docker container for the other developers on the team. Update the CllCD pipeline to run the Docker container.

Buy Now
Questions 15

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.

How should the developer configure the custom domain for the application?

Options:

A.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.

B.

Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

C.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.

D.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

Buy Now
Questions 16

A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for me configuration. The developer wants to receive notifications. Before the configuration expires. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create a standard parameter in AWS Systems Manager Parameter Store Set Expiation and Expiration Notification policy types.

B.

Create a standard parameter in AWS Systems Manager Parameter Store Create an AWS Lambda function to expire the configuration and to send Amazon Simple Notification Service (Amazon SNS) notifications.

C.

Create an advanced parameter in AWS Systems Manager Parameter Store Set Expiration and Expiration Notification policy types.

D.

Create an advanced parameter in AWS Systems Manager Parameter Store Create an Amazon EC2 instance with a corn job to expire the configuration and to send notifications.

Buy Now
Questions 17

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.

What is the MOST secure way to resolve this issue?

Options:

A.

Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.

B.

Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.

C.

Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.

D.

Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

Buy Now
Questions 18

A company is offering APIs as a service over the internet to provide unauthenticated read access to statistical information that is updated daily. The company uses Amazon API Gateway and AWS Lambda to develop the APIs. The service has become popular, and the company wants to enhance the responsiveness of the APIs.

Which action can help the company achieve this goal?

Options:

A.

Enable API caching in API Gateway.

B.

Configure API Gateway to use an interface VPC endpoint.

C.

Enable cross-origin resource sharing (CORS) for the APIs.

D.

Configure usage plans and API keys in API Gateway.

Buy Now
Questions 19

A developer is working on an ecommerce website The developer wants to review server logs without logging in to each of the application servers individually. The website runs on multiple Amazon EC2 instances, is written in Python, and needs to be highly available

How can the developer update the application to meet these requirements with MINIMUM changes?

Options:

A.

Rewrite the application to be cloud native and to run on AWS Lambda, where the logs can be reviewed in Amazon CloudWatch

B.

Set up centralized logging by using Amazon OpenSearch Service, Logstash, and OpenSearch Dashboards

C.

Scale down the application to one larger EC2 instance where only one instance is recording logs

D.

Install the unified Amazon CloudWatch agent on the EC2 instances Configure the agent to push the application logs to CloudWatch

Buy Now
Questions 20

A company developed an API application on AWS by using Amazon CloudFront. Amazon API Gateway, and AWS Lambda. The API has a minimum of four requests every second A developer notices that many API users run the same query by using the POST method. The developer wants to cache the POST request to optimize the API resources.

Which solution will meet these requirements'?

Options:

A.

Configure the CloudFront cache Update the application to return cached content based upon the default request headers.

B.

Override the cache method in me selected stage of API Gateway Select the POST method.

C.

Save the latest request response in Lambda /tmp directory Update the Lambda function to check the /tmp directory

D.

Save the latest request m AWS Systems Manager Parameter Store Modify the Lambda function to take the latest request response from Parameter Store

Buy Now
Questions 21

A team is developing an application that is deployed on Amazon EC2 instances. During testing, the team receives an error. The EC2 instances are unable to access an Amazon S3 bucket.

Which steps should the team take to troubleshoot this issue? (Select TWO.)

Options:

A.

Check whether the policy that is assigned to the JAM role that is attached to the EC2 instances grants access to Amazon S3.

B.

Check the S3 bucket policy to validate the access permissions for the S3 bucket.

C.

Check whether the policy that is assigned to the 1AM user that is attached to the EC2 instances grants access to Amazon S3.

D.

Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3 bucket.

E.

Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3.

Buy Now
Questions 22

A company has an application that stores data in Amazon RDS instances. The application periodically experiences surges of high traffic that cause performance problems.

During periods of peak traffic, a developer notices a reduction in query speed in all database queries.

The team's technical lead determines that a multi-threaded and scalable caching solution should be used to offload the heavy read traffic. The solution needs to improve performance.

Which solution will meet these requirements with the LEAST complexity?

Options:

A.

Use Amazon ElastiCache for Memcached to offload read requests from the main database.

B.

Replicate the data to Amazon DynamoDB. Set up a DynamoDB Accelerator (DAX) cluster.

C.

Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance. Offload read requests from the main database to the standby instance.

D.

Use Amazon ElastiCache for Redis to offload read requests from the main database.

Buy Now
Questions 23

A developer maintains applications that store several secrets in AWS Secrets Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.

What should the developer do to meet these requirements?

Options:

A.

Configure an AWS CloudTrail log file delivery to an Amazon S3 bucket. Create an Amazon CloudWatch alarm for the GetSecretValue. Secrets Manager API operation requests

B.

Create a secrets manager-secret-unused AWS Config managed rule. Create an Amazon EventBridge rule to Initiate notification when the AWS Config managed rule is met.

C.

Deactivate the applications secrets and monitor the applications error logs temporarily.

D.

Configure AWS X-Ray for the applications. Create a sampling rule lo match the GetSecretValue Secrets Manager API operation requests.

Buy Now
Questions 24

A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted.

How can the developer expand the application to run in the destination Region while meeting the encryption requirement?

Options:

A.

Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

B.

Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

C.

Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

D.

Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.

Buy Now
Questions 25

A developer is storing sensitive data generated by an application in Amazon S3. The developer wants to encrypt the data at rest. A company policy requires an audit trail of when the AWS Key Management Service (AWS KMS) key was used and by whom.

Which encryption option will meet these requirements?

Options:

A.

Server-side encryption with Amazon S3 managed keys (SSE-S3)

B.

Server-side encryption with AWS KMS managed keys (SSE-KMS}

C.

Server-side encryption with customer-provided keys (SSE-C)

D.

Server-side encryption with self-managed keys

Buy Now
Questions 26

A developer is deploying an AWS Lambda function The developer wants the ability to return to older versions of the function quickly and seamlessly.

How can the developer achieve this goal with the LEAST operational overhead?

Options:

A.

Use AWS OpsWorks to perform blue/green deployments.

B.

Use a function alias with different versions.

C.

Maintain deployment packages for older versions in Amazon S3.

D.

Use AWS CodePipeline for deployments and rollbacks.

Buy Now
Questions 27

A development learn has an Amazon API Gateway REST API that is backed by an AWS Lambda function.

Users have reported performance issues for the Lambda function. The development team identified the source of the issues as a cold start of the Lambda function. The development team needs to reduce the time needed for the Lambda function to initialize.

Which solution will meet this requirement?

Options:

A.

Change the Lambda concurrency lo reserved concurrency.

B.

Increase the timeout of the Lambda function.

C.

Increase the memory allocation of the Lambda function.

D.

Configure provisioned concurrency for the Lambda function.

Buy Now
Questions 28

A developer is troubleshooting an application mat uses Amazon DynamoDB in the uswest-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars The EC2 instance has an attached IAM role that contains the following IAM policy.

When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

Options:

A.

Modify the IAM policy resource to be "arn aws dynamo* us-west-2 account-id table/*"

B.

Modify the IAM policy to include the dynamodb * action

C.

Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.

D.

Create a trust relationship between the role and dynamodb Amazonas com.

Questions 29

An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below:

Which techniques will help mitigate this exception? (Choose two.)

Options:

A.

Implement retries with exponential backoff.

B.

Use a PutRecord API instead of PutRecords.

C.

Reduce the frequency and/or size of the requests.

D.

Use Amazon SNS instead of Kinesis.

E.

Reduce the number of KCL consumers.

Buy Now
Questions 30

A developer is preparing to begin development of a new version of an application. The previous version of the application is deployed in a production environment. The developer needs to deploy fixes and updates to the current version during the development of the new version of the application. The code for the new version of the application is stored in AWS CodeCommit.

Which solution will meet these requirements?

Options:

A.

From the main branch, create a feature branch for production bug fixes. Create a second feature branch from the main branch for development of the new version.

B.

Create a Git tag of the code that is currently deployed in production. Create a Git tag for the development of the new version. Push the two tags to the CodeCommit repository.

C.

From the main branch, create a branch of the code that is currently deployed in production. Apply an IAM policy that ensures no other other users can push or merge to the branch.

D.

Create a new CodeCommit repository for development of the new version of the application. Create a Git tag for the development of the new version.

Buy Now
Questions 31

A company has an application that is deployed on AWS Elastic Beanstalk. The application generates user-specific PDFs and stores the PDFs in an Amazon S3 bucket. The application then uses Amazon Simple Email Service (Amazon SES) to send the PDFs by email to subscribers.

Users no longer access the PDFs 90 days after the PDFs are generated. The S3 bucket is not versioned and contains many obsolete PDFs.

A developer must reduce the number of files in the S3 bucket by removing PDFs that are older than 90 days.

Which solution will meet this requirement with the LEAST development effort?

Options:

A.

Update the application code. In the code, add a rule to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

B.

Create an AWS Lambda function. Program the Lambda function to scan all the objects in the S3 bucket every day and to delete objects after 90 days.

C.

Create an S3 Lifecycle rule for the S3 bucket to expire objects after 90 days.

D.

Partition the S3 objects with a // key prefix. Create an AWS Lambda function to remove objects that have prefixes that have reached the expiration date.

Buy Now
Questions 32

A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)

Options:

A.

CacheHitCount

B.

IntegrationLatency

C.

CacheMissCount

D.

Latency

E.

Count

Buy Now
Questions 33

A company runs an application on AWS The application stores data in an Amazon DynamoDB table Some queries are taking a long time to run These slow queries involve an attribute that is not the table's partition key or sort key

The amount of data that the application stores in the DynamoDB table is expected to increase significantly. A developer must increase the performance of the queries.

Which solution will meet these requirements'?

Options:

A.

Increase the page size for each request by setting the Limit parameter to be higher than the default value Configure the application to retry any request that exceeds the provisioned throughput.

B.

Create a global secondary index (GSI). Set query attribute to be the partition key of the index

C.

Perform a parallel scan operation by issuing individual scan requests in the parameters specify the segment for the scan requests and the total number of segments for the parallel scan.

D.

Turn on read capacity auto scaling for the DynamoDB table. Increase the maximum read capacity units (RCUs).

Buy Now
Questions 34

A developer is creating a stock trading application. The developer needs a solution to send text messages to application users to confirmation when a trade has been completed.

The solution must deliver messages in the order a user makes stock trades. The solution must not send duplicate messages.

Which solution will meet these requirements?

Options:

A.

Configure the application to publish messages to an Amazon Data Firehose delivery stream. Configure the delivery stream to have a destination of each user's mobile phone number that is passed in the trade confirmation message.

B.

Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Use the SendMessageln API call to send the trade confirmation messages to the queue. Use the SendMessageOut API to send the messages to users by using the information provided in the trade confirmation message.

C.

Configure a pipe in Amazon EventBridge Pipes. Connect the application to the pipe as a source. Configure the pipe to use each user's mobile phone number as a target. Configure the pipe to send incoming events to the users.

D.

Create an Amazon Simple Notification Service (SNS) FIFO topic. Configure the application to use the AWS SDK to publish notifications to the SNS topic to send SMS messages to the users.

Buy Now
Questions 35

A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have caching enabled in API Gateway. Customers need a way to invalidate the cache for each API when they test the API.

What should a developer do to give customers the ability to invalidate the API cache?

Options:

A.

Ask the customers to use AWS credentials to call the InvalidateCache API operation.

B.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to send a request that contains the HTTP header when they make an API call.

C.

Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API operation.

D.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to add the INVALIDATE_CACHE query string parameter when they make an API call.

Buy Now
Questions 36

A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials.

Which solution will handle the database credentials MOST securely?

Options:

A.

Retrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an AWS Lambda function to rotate the credentials.

B.

Retrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store. Configure Parameter Store for automatic rotation.

C.

Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret. Configure Secrets Manager for automatic

rotation.

D.

Retrieve the credentials from an environment variable that contains the connection string in plaintext. Configure an Amazon EventBridge event to rotate the credentials.

Buy Now
Questions 37

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

Options:

A.

Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.

B.

Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.

C.

Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.

D.

Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Buy Now
Questions 38

A company has an application that runs as a series of AWS Lambda functions. Each Lambda function receives data from an Amazon Simple Notification Service (Amazon SNS) topic and writes the data to an Amazon Aurora DB instance.

To comply with an information security policy, the company must ensure that the Lambda functions all use a single securely encrypted database connection string to access Aurora.

Which solution will meet these requirements'?

Options:

A.

Use IAM database authentication for Aurora to enable secure database connections for ail the Lambda functions.

B.

Store the credentials and read the credentials from an encrypted Amazon RDS DB instance.

C.

Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.

D.

Use Lambda environment variables with a shared AWS Key Management Service (AWS KMS) key for encryption.

Buy Now
Questions 39

A company is using the AWS Serverless Application Model (AWS SAM) to develop a social media application. A developer needs a quick way to test AWS Lambda functions locally by using test event payloads. The developer needs the structure of these test event payloads to match the actual events that AWS services create.

Options:

A.

Create shareable test Lambda events. Use these test Lambda events for local testing.

B.

Store manually created test event payloads locally. Use the sam local invoke command with the file path to the payloads.

C.

Store manually created test event payloads in an Amazon S3 bucket. Use the sam local invoke command with the S3 path to the payloads.

D.

Use the sam local generate-event command to create test payloads for local testing.

Buy Now
Questions 40

A developer is building an ecommerce application that uses multiple AWS Lambda functions. Each function performs a specific step in a customer order workflow, such as order processing and inventory management.

The developer must ensure that the Lambda functions run in a specific order.

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.

Configure an Amazon Simple Queue Service (Amazon SQS) queue to contain messages about each step a function must perform. Configure the Lambda functions to run sequentially based on the order of messages in the SQS queue.

B.

Configure an Amazon Simple Notification Service (Amazon SNS) topic to contain notifications about each step a function must perform. Subscribe the Lambda functions to the SNS topic. Use subscription filters based on the step each function must perform.

C.

Configure an AWS Step Functions state machine to invoke the Lambda functions in a specific order.

D.

Configure Amazon EventBridge Scheduler schedules to invoke the Lambda functions in a specific order.

Buy Now
Questions 41

In a move toward using microservices, a company's management team has asked all development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.

What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?

Options:

A.

Use AWS Glue to perform frequent ETL updates from the Accounts database to the Payments database.

B.

Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.

C.

Use Amazon Data Firehose to deliver all changes from the Accounts database to the Payments database.

D.

Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.

Buy Now
Questions 42

A company's developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values

When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.

Which solution will meet these requirements with the LEAST development effort?

Options:

A.

Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.

B.

Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table

C.

Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table

D.

Modify the CloudFormation stack policy to deny updates on Parameter Store parameters

Buy Now
Questions 43

A developer is building a serverless application by using AWS Serverless Application Model (AWS SAM) on multiple AWS Lambda functions.

When the application is deployed, the developer wants to shift 10% of the traffic to the new deployment of the application for the first 10 minutes after deployment. If there are no issues, all traffic must switch over to the new version.

Which change to the AWS SAM template will meet these requirements?

Options:

A.

Set the Deployment Preference Type to Canary10Percent10Minutes. Set the AutoPublishAlias property to the Lambda alias.

B.

Set the Deployment Preference Type to LinearlOPercentEvery10Minutes. Set AutoPubIishAIias property to the Lambda alias.

C.

Set the Deployment Preference Type to CanaryIOPercentIOMinutes. Set the PreTraffic and PostTraffic properties to the Lambda alias.

D.

Set the Deployment Preference Type to LinearlOPercentEveryIOMinutes. Set PreTraffic and Post Traffic properties to the Lambda alias.

Buy Now
Questions 44

An online food company provides an Amazon API Gateway HTTP API 1o receive orders for partners. The API is integrated with an AWS Lambda function. The Lambda function stores the orders in an Amazon DynamoDB table.

The company expects to onboard additional partners Some to me panthers require additional Lambda function to receive orders. The company has created an Amazon S3 bucket. The company needs 10 store all orders and updates m the S3 bucket for future analysis

How can the developer ensure that an orders and updates are stored to Amazon S3 with the LEAST development effort?

Options:

A.

Create a new Lambda function and a new API Gateway API endpoint. Configure the new Lambda function to write to the S3 bucket. Modify the original Lambda function to post updates to the new API endpoint.

B.

Use Amazon Kinesis Data Streams to create a new data stream. Modify the Lambda function to publish orders to the oats stream Configure in data stream to write to the S3 bucket.

C.

Enable DynamoDB Streams on me DynamoOB table. Create a new lambda function. Associate the stream's Amazon Resource Name (ARN) with the Lambda Function Configure the Lambda function to write to the S3 bucket as records appear in the table’s stream.

D.

Modify the Lambda function to punish to a new Amazon. Simple Lambda function receives orders. Subscribe a new Lambda function to the topic. Configure the new Lambda function to write to the S3 bucket as updates come through the topic.

Buy Now
Questions 45

A company runs an ecommerce application on AWS. The application stores data in an Amazon Aurora database.

A developer is adding a caching layer to the application. The caching strategy must ensure that the application always uses the most recent value for each data item.

Which caching strategy will meet these requirements?

Options:

A.

Implement a TTL strategy for every item that is saved in the cache.

B.

Implement a write-through strategy for every item that is created and updated.

C.

Implement a lazy loading strategy for every item that is loaded.

D.

Implement a read-through strategy for every item that is loaded.

Buy Now
Questions 46

A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company Limit the ability to download a premier content file in the S3 Bucket to paid subscribers only?

Options:

A.

Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

B.

Generate a pre-signed object URL for the premier content file when a pad subscriber requests a download.

C.

Add a Docket policy that requires multi-factor authentication for request to access the S3 bucket objects.

D.

Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Buy Now
Questions 47

A company has an AWS Step Functions state machine named myStateMachine. The company configured a service role for Step Functions. The developer must ensure that only the myStateMachine state machine can assume the service role.

Options:

A.

"Condition": { "ArnLike": { "aws

":"arn:aws:states:ap-south-1:111111111111:stateMachine

" } }

B.

"Condition": { "ArnLike": { "aws

":"arn:aws:states:ap-south-1:*:stateMachine

" } }

Buy Now
Questions 48

A developer has observed an increase in bugs in the AWS Lambda functions that a development team has deployed in its Node is application. To minimize these bugs, the developer wants to impendent automated testing of Lambda functions in an environment that Closely simulates the Lambda environment.

The developer needs to give other developers the ability to run the tests locally. The developer also needs to integrate the tests into the team's continuous integration and continuous delivery (Ct/CO) pipeline before the AWS Cloud Development Kit (AWS COK) deployment.

Which solution will meet these requirements?

Options:

A.

Create sample events based on the Lambda documentation. Create automated test scripts that use the cdk local invoke command to invoke the Lambda functions. Check the response Document the test scripts for the other developers on the team Update the CI/CD pipeline to run the test scripts.

B.

Install a unit testing framework that reproduces the Lambda execution environment. Create sample events based on the Lambda Documentation Invoke the handler function by using a unit testing framework. Check the response Document how to run the unit testing framework for the other developers on the team. Update the OCD pipeline to run the unit testing framework.

C.

Install the AWS Serverless Application Model (AWS SAW) CLI tool Use the Sam local generate-event command to generate sample events for me automated tests. Create automated test scripts that use the Sam local invoke command to invoke the Lambda functions. Check the response Document the test scripts tor the other developers on the team Update the CI/CD pipeline to run the test scripts.

D.

Create sample events based on the Lambda documentation. Create a Docker container from the Node is base image to invoke the Lambda functions. Check the response Document how to run the Docker container for the more developers on the team update the CI/CD pipeline to run the Docker container.

Buy Now
Questions 49

A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage.

How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?

Options:

A.

Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.

B.

Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.

C.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call.

D.

Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

Buy Now
Questions 50

A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda function is configured in VPC mode and needs to connect to an existing Amazon RDS for SOL Server DB instance. The DB instance is deployed in a private subnet and accepts connections by using port 1433.

When the developer tests the function, the function reports an error when it tries to connect to the database.

Which combination of steps should the developer take to diagnose this issue? (Select TWO.)

Options:

A.

Check that the function's security group has outbound access on port 1433 to the DB instance's security group. Check that the DB instance's security group has inbound access on port 1433 from the function's security group.

B.

Check that the function's security group has Inbound access on port 1433 from the DB Instance's security group. Check that the DB instance's security group has outbound access on port 1433 to the function's security group.

C.

Check that the VPC is set up for a NAT gateway. Check that the DB instance has the public access option turned on.

D.

Check that the function's execution role permissions include rds:DescribeDBInstances, rds: ModifyDB Instance, and rds:DescribeDBSecurityGroups for the DB instance.

E.

Check that the function's execution rote permissions include ec2: CreateNetworklnterface. ec2: DescribeNetworklnterfaces. and ec2: DeleteNetworklnterface.

Buy Now
Questions 51

A company has an application that runs across multiple AWS Regions. The application is experiencing performance issues at irregular intervals. A developer must use AWS X-Ray to implement distributed tracing for the application to troubleshoot the root cause of the performance issues.

What should the developer do to meet this requirement?

Options:

A.

Use the X-Ray console to add annotations for AWS services and user-defined services

B.

Use Region annotation that X-Ray adds automatically for AWS services Add Region annotation for user-defined services

C.

Use the X-Ray daemon to add annotations for AWS services and user-defined services

D.

Use Region annotation that X-Ray adds automatically for user-defined services Configure X-Ray to add Region annotation for AWS services

Buy Now
Questions 52

A developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning. In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.

How can the developer accomplish this?

Options:

A.

Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

B.

Download the CloudWatch agent to the on-premises server. Configure the agent to use IAM user credentials with permissions for CloudWatch.

C.

Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D.

Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.

Buy Now
Questions 53

A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.

How should the developer retrieve the variables with the FEWEST application changes?

Options:

A.

Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

B.

Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

C.

Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.

D.

Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

Buy Now
Questions 54

A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.

The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error.

The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure.

Which solution will meet these requirements?

Options:

A.

Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior's settings unchanged.

B.

Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to *, and make viewer access restricted. Change the default cache behavior's path pattern to the path of the login page, and make viewer access unrestricted.

C.

Add a second origin as a failover origin to the default cache behavior. Point the failover origin to the S3 bucket. Set the path pattern for the primary origin to *, and make viewer access restricted. Set the path pattern for the failover origin to the path of the login page, and make viewer access unrestricted.

D.

Add a bucket policy to the S3 bucket to allow read access. Set the resource on the policy to the Amazon Resource Name (ARN) of the login page object in the S3 bucket. Add a CloudFront function to the default cache behavior to redirect unauthorized requests to the login page's S3 URL.

Buy Now
Questions 55

An online sales company is developing a serverless application that runs on AWS. The application uses an AWS Lambda function that calculates order success rates and stores the data in an Amazon DynamoDB table. A developer wants an efficient way to invoke the Lambda function every 15 minutes.

Which solution will meet this requirement with the LEAST development effort?

Options:

A.

Create an Amazon EventBridge rule that has a rate expression that will run the rule every 15 minutes. Add the Lambda function as the target of the EventBridge rule.

B.

Create an AWS Systems Manager document that has a script that will invoke the Lambda function on Amazon EC2. Use a Systems Manager Run Command task to run the shell script every 15 minutes.

C.

Create an AWS Step Functions state machine. Configure the state machine to invoke the Lambda function execution role at a specified interval by using a Wait state. Set the interval to 15 minutes.

D.

Provision a small Amazon EC2 instance. Set up a cron job that invokes the Lambda function every 15 minutes.

Buy Now
Questions 56

An 1AM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the 1AM access key and secret access key, which allow full administrative access.

Given that multiple modes of 1AM access are present for this EC2 instance, which of the following is correct?

Options:

A.

The EC2 instance will only be able to list the S3 buckets.

B.

The EC2 instance will only be able to list the contents of one S3 bucket at a time.

C.

The EC2 instance will be able to perform all actions on any S3 bucket.

D.

The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Buy Now
Questions 57

A company is using Amazon API Gateway to invoke a new AWS Lambda function The company has Lambda function versions in its PROD and DEV environments. In each environment, there is a Lambda function alias pointing to the corresponding Lambda function version API Gateway has one stage that is configured to point at the PROD alias

The company wants to configure API Gateway to enable the PROD and DEV Lambda function versions to be simultaneously and distinctly available

Which solution will meet these requirements?

Options:

A.

Enable a Lambda authorizer for the Lambda function alias in API Gateway Republish PROD and create a new stage for DEV Create API Gateway stage variables for the PROD and DEV stages. Point each stage variable to the PROD Lambda authorizer to the DEV Lambda authorizer.

B.

Set up a gateway response in API Gateway for the Lambda function alias. Republish PROD and create a new stage for DEV. Create gateway responses in API Gateway for PROD and DEV Lambda aliases

C.

Use an environment variable for the Lambda function alias in API Gateway. Republish PROD and create a new stage for development. Create API gateway environment variables for PROD and DEV stages. Point each stage variable to the PROD Lambda function alias to the DEV Lambda function alias.

D.

Use an API Gateway stage variable to configure the Lambda function alias Republish PROD and create a new stage for development Create API Gateway stage variables for PROD and DEV stages Point each stage variable to the PROD Lambda function alias and to the DEV Lambda function alias

Buy Now
Questions 58

A company is expanding the compatibility of its photo-snaring mobile app to hundreds of additional devices with unique screen dimensions and resolutions. Photos are stored in Amazon S3 in their original format and resolution. The company uses an Amazon CloudFront distribution to serve the photos The app includes the dimension and resolution of the display as GET parameters with every request.

A developer needs to implement a solution that optimizes the photos that are served to each device to reduce load time and increase photo quality.

Which solution will meet these requirements MOST cost-effective?

Options:

A.

Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Create a dynamic CloudFront origin that automatically maps the request of each device to the corresponding photo variant.

B.

Use S3 Batch Operations to invoke an AWS Lambda function to create new variants of the photos with the required dimensions and resolutions. Create a Lambda@Edge function to route requests to the corresponding photo vacant by using request headers.

C.

Create a Lambda@Edge function that optimizes the photos upon request and returns the photos as a response. Change the CloudFront TTL cache policy to the maximum value possible.

D.

Create a Lambda@Edge function that optimizes the photos upon request and returns the photos as a response. In the same function store a copy of the processed photos on Amazon S3 for subsequent requests.

Buy Now
Questions 59

A developer is troubleshooting an application in an integration environment. In the application, an Amazon Simple Queue Service (Amazon SQS) queue consumes messages and then an AWS Lambda function processes the messages. The Lambda function transforms the messages and makes an API call to a third-party service.

There has been an increase in application usage. The third-party API frequently returns an HTTP 429 Too Many Requests error message. The error message prevents a significant number of messages from being processed successfully.

How can the developer resolve this issue?

Options:

A.

Increase the SQS event source's batch size setting.

B.

Configure provisioned concurrency for the Lambda function based on the third-party API's documented rate limits.

C.

Increase the retry attempts and maximum event age in the Lambda function's asynchronous configuration.

D.

Configure maximum concurrency on the SQS event source based on the third-party service's documented rate limits.

Buy Now
Questions 60

A company has a web application that is hosted on Amazon EC2 instances The EC2 instances are configured to stream logs to Amazon CloudWatch Logs The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification when the number of application error messages exceeds a defined threshold within a 5-minute period

Which solution will meet these requirements?

Options:

A.

Rewrite the application code to stream application logs to Amazon SNS Configure an SNS topic to send a notification when the number of errors exceeds the defined threshold within a 5-minute period

B.

Configure a subscription filter on the CloudWatch Logs log group. Configure the filter to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

C.

Install and configure the Amazon Inspector agent on the EC2 instances to monitor for errors Configure Amazon Inspector to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period

D.

Create a CloudWatch metric filter to match the application error pattern in the log data. Set up a CloudWatch alarm based on the new custom metric. Configure the alarm to send an SNS notification when the number of errors exceeds the defined threshold within a 5-minute period.

Buy Now
Questions 61

A company is building an application to accept data from customers. The data must be encrypted at rest and in transit.

The application uses an Amazon API Gateway API that resolves to AWS Lambda functions. The Lambda functions store the data in an Amazon Aurora MySQL DB cluster. The application worked properly during testing.

A developer configured an Amazon CloudFront distribution with field-level encryption that uses an AWS Key Management Service (AWS KMS) key. After the configuration of the distribution, the application behaved unexpectedly. All the data in the database changed from plaintext to ciphertext.

The developer must ensure that the data is not stored in the database as the ciphertext from the CloudFront field-level encryption.

Which solution will meet this requirement?

Options:

A.

Change the CloudFront Viewer protocol policy from "HTTP and HTTPS" to "HTTPS only."

B.

Add a Lambda function that uses the KMS key to decrypt the data fields before saving the data to the database.

C.

Enable encryption on the DB cluster by using the same KMS key that is used in CloudFront.

D.

Request and deploy a new SSL certificate to use with the CloudFront distribution.

Buy Now
Questions 62

A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.

Which actions should the developer take to increase the processing speed? (Choose two.)

Options:

A.

Increase the number of shards of the Kinesis data stream.

B.

Decrease the timeout of the Lambda function.

C.

Increase the memory that is allocated to the Lambda function.

D.

Decrease the number of shards of the Kinesis data stream.

E.

Increase the timeout of the Lambda function.

Buy Now
Questions 63

A company is building a serverless application that uses AWS Lambda functions. The company needs to create a set of test events to test Lambda functions in a development environment. The test events will be created once and then will be used by all the developers in an 1AM developer group. The test events must be editable by any of the 1AM users in the 1AM developer group.

Which solution will meet these requirements?

Options:

A.

Create and store the test events in Amazon S3 as JSON objects. Allow S3 bucket access to all 1AM users.

B.

Create the test events. Configure the event sharing settings to make the test events shareable.

C.

Create and store the test events in Amazon DynamoDB. Allow access to DynamoDB by using 1AM roles.

D.

Create the test events. Configure the event sharing settings to make the test events private.

Buy Now
Questions 64

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

Options:

A.

Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.

B.

Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.

C.

Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

D.

Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

Buy Now
Questions 65

A developer maintains a critical business application that uses Amazon DynamoDB as the primary data store The DynamoDB table contains millions of documents and receives 30-60 requests each minute The developer needs to perform processing in near-real time on the documents when they are added or updated in the DynamoDB table

How can the developer implement this feature with the LEAST amount of change to the existing application code?

Options:

A.

Set up a cron job on an Amazon EC2 instance Run a script every hour to query the table for changes and process the documents

B.

Enable a DynamoDB stream on the table Invoke an AWS Lambda function to process the documents.

C.

Update the application to send a PutEvents request to Amazon EventBridge. Create an EventBridge rule to invoke an AWS Lambda function to process the documents.

D.

Update the application to synchronously process the documents directly after the DynamoDB write

Buy Now
Questions 66

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Amazon S3 with encrypted files prefixed with “config”

B.

AWS Secrets Manager secrets with a tag that is named SecretString

C.

AWS Systems Manager Parameter Store SecureString parameters

D.

CloudFormation NoEcho parameters

Buy Now
Questions 67

An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Select TWO)

Options:

A.

Use AWS KMS t0 encrypt traffic between cloudFront and the web application.

B.

Set the Origin Protocol Policy to "HTTPS Only".

C.

Set the Origin’s HTTP Port to 443.

D.

Set the Viewer Protocol Policy to "HTTPS Only" or Redirect HTTP to HTTPS"

E.

Enable the CloudFront option Restrict Viewer Access.

Buy Now
Questions 68

A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.

A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.

What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

Options:

A.

Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.

B.

Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.

C.

Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.

D.

Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

Buy Now
Questions 69

A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed tor analysis in a nightly batch. The system analysts do not want to wait until the next day to view the processed data and have asked to have it available in near-real time.

Which application architecture pattern would enable the data to be processed as it is received?

Options:

A.

Event driven

B.

Client-server d riven

C.

Fan-out driven

D.

Schedule driven

Buy Now
Questions 70

A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company has set up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.

What is the MOST operationally efficient solution that meets this requirement?

Options:

A.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway API to invoke the function. Call the API from the client side when login confirmation is received.

B.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.

C.

Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.

D.

Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and to send the email notification based on the login status of each user.

Buy Now
Questions 71

A company is working on a new serverless application. A developer needs to find an automated way to deploy AWS Lambda functions and the dependent Infrastructure with minimum coding effort. The application also needs to be reliable.

Which method will meet these requirements with the LEAST operational overhead?

Options:

A.

Build the application by using shell scripts to create .zip files for each Lambda function. Manually upload the .zip files to the AWS Management Console.

B.

Build the application by using the AWS Serverless Application Model (AWS SAM). Use a continuous integration and continuous delivery (CI/CD) pipeline and the SAM CLI to deploy the Lambda functions.

C.

Build the application by using shell scripts to create .zip files for each Lambda function. Upload the .zip files. Deploy the .zip files as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.

D.

Build a container for each Lambda function. Store the container images in AWS CodeArtifact. Deploy the containers as Lambda functions by using the AWS CLI in a continuous integration and continuous delivery (CI/CD) pipeline.

Buy Now
Questions 72

A team of developed is using an AWS CodePipeline pipeline as a continuous integration and continuous delivery (CI/CD) mechanism for a web application. A developer has written unit tests to programmatically test the functionality of the application code. The unit tests produce a test report that shows the results of each individual check. The developer now wants to run these tests automatically during the CI/CD process.

Options:

A.

Write a Git pre-commit hook that runs the test before every commit. Ensure that each developer who is working on the project has the pre-commit hook instated locally. Review the test report and resolve any issues before pushing changes to AWS CodeCommit.

B.

Add a new stage to the pipeline. Use AWS CodeBuild as the provider. Add the new stage after the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage if any test does not pass. Use the test reports feature of Codebuild to integrate the report with the CodoBuild console. View the test results in CodeBuild Resolve any issues.

C.

Add a new stage to the pipeline. Use AWS CodeBuild at the provider. Add the new stage before the stage that deploys code revisions to the test environment. Write a buildspec that fails the CodeBuild stage it any test does not pass. Use the test reports feature of CodeBuild to integrate the report with the CodeBuild console. View the test results in codeBuild Resolve any issues.

D.

Add a new stage to the pipeline. Use Jenkins as the provider. Configure CodePipeline to use Jenkins to run the unit tests. Write a Jenkinsfile that fails the stage if any test does not pass. Use the test report plugin for Jenkins to integrate the repot with the Jenkins dashboard. View the test results in Jenkins. Resolve any issues.

Buy Now
Questions 73

An application runs on multiple EC2 instances behind an ELB.

Where is the session data best written so that it can be served reliably across multiple requests?

Options:

A.

Write data to Amazon ElastiCache

B.

Write data to Amazon Elastic Block Store

C.

Write data to Amazon EC2 instance Store

D.

Wide data to the root filesystem

Buy Now
Questions 74

A development team wants to build a continuous integration/continuous delivery (CI/CD) pipeline. The team is using AWS CodePipeline to automate the code build and deployment. The team wants to store the program code to prepare for the CI/CD pipeline.

Which AWS service should the team use to store the program code?

Options:

A.

AWS CodeDeploy

B.

AWS CodeArtifact

C.

AWS CodeCommit

D.

Amazon CodeGuru

Buy Now
Questions 75

A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated.

Which solution will meet these requirements?

Options:

A.

Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.

B.

Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.

C.

Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.

D.

Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.

Buy Now
Questions 76

For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?

Options:

A.

BeforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall

B.

ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart

C.

BeforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart

D.

ApplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart

Buy Now
Questions 77

A company launched an online portal to announce a new product that the company will release in 6 months. The portal requests that users enter an email address to receive communications about the product. The company needs to create a REST API that will store the email addresses in Amazon DynamoDB.

A developer has created an AWS Lambda function that can store the email addresses. The developer will deploy the Lambda function by using the AWS Serverless Application Model (AWS SAM). The developer must provide access to the Lambda function over HTTP.

Which solutions will meet these requirements with the LEAST additional configuration? (Select TWO.)

Options:

A.

Expose the Lambda function by using function URLs.

B.

Expose the Lambda function by using a Gateway Load Balancer.

C.

Expose the Lambda function by using a Network Load Balancer.

D.

Expose the Lambda function by using AWS Global Accelerator

E.

Expose the Lambda function by using Amazon API Gateway.

Buy Now
Questions 78

A company is developing a serverless application by using AWS Lambda functions. One of the Lambda functions needs to access an Amazon RDS DB instance. The DB instance is in a private subnet inside a VPC.

The company creates a role that includes the necessary permissions to access the DB instance. The company then assigns the role to the Lambda function. A developer must take additional action to give the Lambda function access to the DB instance.

What should the developer do to meet these requirements?

Options:

A.

Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function.

B.

Set up an AWS Direct Connect connection between the Lambda function and the DB instance.

C.

Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance.

D.

Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

Buy Now
Questions 79

A developer has created a large AWS Lambda function. Deployment of the function Is failing because of an InvalidParameterValueException error. The error message indicates that the unzipped size of the function exceeds the maximum supported value.

Which actions can the developer take to resolve this error? (Select TWO.)

Options:

A.

Submit a quota increase request to AWS Support to increase the function to the required size.

B.

Use a compression algorithm that is more efficient than ZIP.

C.

Break up the function into multiple smaller functions.

D.

Zip the .zip file twice to compress the file more.

E.

Move common libraries, function dependencies, and custom runtimes into Lambda layers.

Buy Now
Questions 80

A company has a web application that contains an Amazon API Gateway REST API. A developer has created an AWS CloudFormation template for the initial deployment of the application. The developer has deployed the application successfully as part of an AWS CodePipeline continuous integration and continuous delivery (CI/CD) process. All resources and methods are available through the deployed stage endpoint.

The CloudFormation template contains the following resource types:

• AWS::ApiGateway::RestApi

• AWS::ApiGateway::Resource

• AWS::ApiGateway::Method

• AWS:ApiGateway::Stage

• AWS::ApiGateway:;Deployment

The developer adds a new resource to the REST API with additional methods and redeploys the template. CloudFormation reports that the deployment is successful and that the stack is in the UPDATE_COMPLETE state. However, calls to all new methods are returning 404 (Not Found) errors.

What should the developer do to make the new methods available?

Options:

A.

Specify the disable-rollback option during the update-stack operation.

B.

Unset the Cloud Forma lion stack failure options.

C.

Add an AWS CodeBuild stage lo CodePipeline to run the aws apigateway create-deployment AWS CLI command.

D.

Add an action to CodePipeline to run the aws cloudfront create-invalidation AWS CLI command.

Buy Now
Questions 81

A web application is using Amazon Kinesis Data Streams for clickstream data that may not be consumed for up to 12 hours.

How can the developer implement encryption at rest for data within the Kinesis Data Streams?

Options:

A.

Enable SSL connections to Kinesis.

B.

Use Amazon Kinesis Consumer Library.

C.

Encrypt the data once it is at rest with a Lambda function.

D.

Enable server-side encryption in Kinesis Data Streams.

Buy Now
Questions 82

A company has a social media application that receives large amounts of traffic User posts and interactions are continuously updated in an Amazon RDS database The data changes frequently, and the data types can be complex The application must serve read requests with minimal latency

The application's current architecture struggles to deliver these rapid data updates efficiently The company needs a solution to improve the application's performance.

Which solution will meet these requirements'?

Options:

A.

Use Amazon DynamoDB Accelerator (DAX) in front of the RDS database to provide a caching layer for the high volume of rapidly changing data

B.

Set up Amazon S3 Transfer Acceleration on the RDS database to enhance the speed of data transfer from the databases to the application.

C.

Add an Amazon CloudFront distribution in front of the RDS database to provide a caching layer for the high volume of rapidly changing data

D.

Create an Amazon ElastiCache for Redis cluster. Update the application code to use a write-through caching strategy and read the data from Redis.

Buy Now
Questions 83

A developer is modifying an existing AWS Lambda function White checking the code the developer notices hardcoded parameter various for an Amazon RDS for SQL Server user name password database host and port. There also are hardcoded parameter values for an Amazon DynamoOB table. an Amazon S3 bucket, and an Amazon Simple Notification Service (Amazon SNS) topic.

The developer wants to securely store the parameter values outside the code m an encrypted format and wants to turn on rotation for the credentials. The developer also wants to be able to reuse the parameter values from other applications and to update the parameter values without modifying code.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create encrypted Lambda environment variables for the DynamoDB table, S3 bucket and SNS topic.

B.

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create Secure String parameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3 bucket and SNS topic.

C.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password, database, host and port. Create encrypted Lambda environment variables for me DynamoDB table, S3 bucket, and SNS topic. Create a Lambda function and set the logic for the credentials rotation task Schedule the credentials rotation task in Amazon EventBridge.

D.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password database, host, and port. Store the DynamoDB table. S3 bucket, and SNS topic in Amazon S3 Create a Lambda function and set the logic for the credentials rotation Invoke the Lambda function on a schedule.

Buy Now
Questions 84

A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards. Which caching strategy will meet these requirements?

Options:

A.

A read-through cache

B.

A write-behind cache

C.

A lazy-loading cache

D.

A write-through cache

Buy Now
Questions 85

A company has an existing application that has hardcoded database credentials A developer needs to modify the existing application The application is deployed in two AWS Regions with an active-passive failover configuration to meet company’s disaster recovery strategy

The developer needs a solution to store the credentials outside the code. The solution must comply With the company's disaster recovery strategy

Which solution Will meet these requirements in the MOST secure way?

Options:

A.

Store the credentials in AWS Secrets Manager in the primary Region. Enable secret replication to the secondary Region Update the application to use the Amazon Resource Name (ARN) based on the Region.

B.

Store credentials in AWS Systems Manager Parameter Store in the primary Region. Enable parameter replication to the secondary Region. Update the application to use the Amazon Resource Name (ARN) based on the Region.

C.

Store credentials in a config file. Upload the config file to an S3 bucket in me primary Region. Enable Cross-Region Replication (CRR) to an S3 bucket in the secondary region. Update the application to access the config file from the S3 bucket based on the Region.

D.

Store credentials in a config file. Upload the config file to an Amazon Elastic File System (Amazon EFS) file system. Update the application to use the Amazon EFS file system Regional endpoints to access the config file in the primary and secondary Regions.

Buy Now
Questions 86

A developer is using an AWS Lambda function to generate avatars for profile pictures that are uploaded to an Amazon S3 bucket. The Lambda function is automatically invoked for profile pictures that are saved under the /original/ S3 prefix. The developer notices that some pictures cause the Lambda function to time out. The developer wants to implement a fallback mechanism by using another Lambda function that resizes the profile picture.

Which solution will meet these requirements with the LEAST development effort?

Options:

A.

Set the image resize Lambda function as a destination of the avatar generator Lambda function for the events that fail processing.

B.

Create an Amazon Simple Queue Service (Amazon SQS) queue. Set the SQS queue as a destination with an on failure condition for the avatar generator Lambda function. Configure the image resize Lambda function to poll from the SQS queue.

C.

Create an AWS Step Functions state machine that invokes the avatar generator Lambda function and uses the image resize Lambda function as a fallback. Create an Amazon EventBridge rule that matches events from the S3 bucket to invoke the state machine.

D.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Set the SNS topic as a destination with an on failure condition for the avatar generator Lambda function. Subscribe the image resize Lambda function to the SNS topic.

Buy Now
Exam Code: DVA-C02
Exam Name: AWS Certified Developer - Associate
Last Update: Dec 22, 2024
Questions: 292

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99