ExamGecko
Login
Home / Amazon / DVA-C01 / List of questions
Ask Question

Amazon DVA-C01 Practice Test - Questions Answers, Page 25

List of questions

Question 241

Report
Export
Collapse

An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?

Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
Deploy an application in each audited account with its own role. Have Account A authenticate with the application
Deploy an application in each audited account with its own role. Have Account A authenticate with the application
Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
Suggested answer: A

Explanation:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

asked 16/09/2024
Avadhesh Dubey
32 questions

Question 242

Report
Export
Collapse

A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered. Which option would enable DynamoDB table updates to trigger the Lambda function?

Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
Configure event source mapping for the Lambda function
Configure event source mapping for the Lambda function
Map an Amazon SNS topic to the DynamoDB streams
Map an Amazon SNS topic to the DynamoDB streams
increase the maximum execution time (timeout) setting of the Lambda function
increase the maximum execution time (timeout) setting of the Lambda function
Suggested answer: B

Explanation:

https://docs.aws.amazon.com/en_us/amazondynamodb/latest/developerguide/Streams.Lambda.Tutorial.htmlCreate an event source mapping to tell Lambda to send records from your stream to a Lambdafunction. You can create multiple event source mappings to process the same data with multipleLambda functions, or process items from multiple streams with a single function.

asked 16/09/2024
James Pridemore
37 questions

Question 243

Report
Export
Collapse

A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:

Amazon DVA-C01 image Question 243 4001 09162024005626000000

The Developer needs to create/delete branches.

Which specific IAM permissions need to be added, based on the principle of least privilege?

“codecommit:CreateBranch”“codecommit:DeleteBranch”
“codecommit:CreateBranch”“codecommit:DeleteBranch”
“codecommit:Put*”
“codecommit:Put*”
“codecommit:Update*”
“codecommit:Update*”
“codecommit:*”
“codecommit:*”
Suggested answer: A

Explanation:

https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-permissionsreference.html#aa-branches https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-iam-identitybased-access-control.html

asked 16/09/2024
Jacquezz Shorter
23 questions

Question 244

Report
Export
Collapse

A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards.

Which approach will meet these requirements?

Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
Use AWS Data Pipeline to automate the movement and transformation of data
Use AWS Data Pipeline to automate the movement and transformation of data
Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
Suggested answer: D

Explanation:

https://aws.amazon.com/streaming-data/

asked 16/09/2024
Gokul Kalaiselvi Loganathan
47 questions

Question 245

Report
Export
Collapse

A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds. How should a Developer instrument the code so that the requirement can be met?

Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
Suggested answer: B

Explanation:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#highresolution-metrics

asked 16/09/2024
Marco Romani
37 questions

Question 246

Report
Export
Collapse

A Developer wants to upload data to Amazon S3 and must encrypt the data in transit.

Which of the following solutions will accomplish this task? (Choose two.)

Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint
Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint
Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key
Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key
Set up Server-Side Encryption with AWS KMS-Managed Keys
Set up Server-Side Encryption with AWS KMS-Managed Keys
Transfer the data over an SSL connection
Transfer the data over an SSL connection
Set up Server-Side Encryption with S3-Managed Keys
Set up Server-Side Encryption with S3-Managed Keys
Suggested answer: B, D

Explanation:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

asked 16/09/2024
Luyanda Hatta
34 questions

Question 247

Report
Export
Collapse

A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was updated and needs to be redeployed. What file does the Developer need to update to push that change through CodeDeploy?

dockerrun.aws.json
dockerrun.aws.json
buildspec.yml
buildspec.yml
appspec.yml
appspec.yml
ebextensions.config
ebextensions.config
Suggested answer: C

Explanation:

https://docs.aws.amazon.com/codedeploy/latest/userguide/application-revisions-push.html

asked 16/09/2024
Ramesh K
42 questions

Question 248

Report
Export
Collapse

An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code. What combination of AWS services can be used to accomplish this? (Choose two.)

AWS Certificate Manager (ACM)
AWS Certificate Manager (ACM)
AWS Systems Manager Parameter Store
AWS Systems Manager Parameter Store
AWS Trusted Advisor
AWS Trusted Advisor
AWS KMS
AWS KMS
Amazon GuardDuty
Amazon GuardDuty
Suggested answer: B, D

Explanation:

https://docs.aws.amazon.com/kms/latest/developerguide/services-parameter-store.html

asked 16/09/2024
Ronald de Groot
40 questions

Question 249

Report
Export
Collapse

A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose two.)

CacheHitCount
CacheHitCount
IntegrationLatency
IntegrationLatency
CacheMissCount
CacheMissCount
Latency
Latency
Count
Count
Suggested answer: B, C

Explanation:

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-metrics-anddimensions.html

asked 16/09/2024
Patrick Cheung
37 questions

Question 250

Report
Export
Collapse

A Developer is working on an application that handles 10MB documents that contain highly-sensitive dat a. The application will use AWS KMS to perform client-side encryption. What steps must be followed?

Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data
Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data
Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data
Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.htmlGenerateDataKey API: Generates a unique data key. This operation returns a plaintext copy of the data key and a copy that is encrypted under a customer master key (CMK) that you specify. You canuse the plaintext key to encrypt your data outside of KMS and store the encrypted data key with the encrypted data.

asked 16/09/2024
Floran Pikaar
29 questions
Total 608 questions
Go to page: of 61
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline. How can these requirements be met?
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company I up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement?
A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username “TeamMemberX”, the snippet of the IAM policy looks like this: Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers
You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?
A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account. How can the Developer address this issue?
A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements?
A developer has written the following 1AM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?