ExamGecko
Login
Home / Amazon / DVA-C01 / List of questions
Ask Question

Amazon DVA-C01 Practice Test - Questions Answers, Page 32

List of questions

Question 311

Report
Export
Collapse

A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table named Pll in Account

An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.Which combination of additional steps should developers take to access the table1? (Select TWO )
An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.Which combination of additional steps should developers take to access the table1? (Select TWO )
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Include the AssumeRole API in the application code logic to obtain credentials to access the Pll table.
Include the AssumeRole API in the application code logic to obtain credentials to access the Pll table.
Include the Gets ess ionToken API in the application code logic to obtain credentials to access the Pll table
Include the Gets ess ionToken API in the application code logic to obtain credentials to access the Pll table
Suggested answer: A, D
asked 16/09/2024
William Hanna
30 questions

Question 312

Report
Export
Collapse

A developer is working on an AWS Lambda function that accesses Amazon DynamoDB The Lambda function must retrieve an item and update some of its attributes. or create the item if it does not exist The Lambda function has access to the primary key.

Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

dynaracdb:DeleteItem dynamodb:GetItem dynamcdb:Putltem
dynaracdb:DeleteItem dynamodb:GetItem dynamcdb:Putltem
dynamodb:Updateltem dynamcdb:Getltem dynamodb:DescribeTable
dynamodb:Updateltem dynamcdb:Getltem dynamodb:DescribeTable
dynamcdb:GetRecords dynamcdb:Putltem dynamodb:updateTable
dynamcdb:GetRecords dynamcdb:Putltem dynamodb:updateTable
dynamodb:Updateltem dynamodb:Getltem dynamodb:Putltem
dynamodb:Updateltem dynamodb:Getltem dynamodb:Putltem
Suggested answer: C

Explanation:

Reference: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html

asked 16/09/2024
Stephen McMahon
33 questions

Question 313

Report
Export
Collapse

A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch. the developer found that on average one message per minute is posted on this queue. What can be done to reduce Amazon SQS costs for this application?

Increase the Amazon SQS queue polling timeout
Increase the Amazon SQS queue polling timeout
Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue
Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue
Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
Suggested answer: A
asked 16/09/2024
Arkadius Thoma
46 questions

Question 314

Report
Export
Collapse

A development team is designing a mobile app that requires multi-factor authentication Which steps should be taken to achieve this? (Select TWO)

Use Amazon Cognito to create a user pool and create users in the user pool
Use Amazon Cognito to create a user pool and create users in the user pool
Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code
Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code
Enable multi-factor authentication for the Amazon Cognito user pool
Enable multi-factor authentication for the Amazon Cognito user pool
Use AWS IAM to create IAM users
Use AWS IAM to create IAM users
Enable multi-factor authentication for the users created in AWS IAM.
Enable multi-factor authentication for the users created in AWS IAM.
Suggested answer: A, C
asked 16/09/2024
Maria Lilian Tongson
41 questions

Question 315

Report
Export
Collapse

A developer is writing an application in AWS Lambda To simplify testing and deployments, the developer needs the database connection string to be easily changed without modifying the Lambda code. How can this requirement be met?

Store the connection string as a secret in AWS Secrets Manager
Store the connection string as a secret in AWS Secrets Manager
Store the connection string in an IAM user account.
Store the connection string in an IAM user account.
Store the connection string in AWS KMS
Store the connection string in AWS KMS
Store the connection string as a Lambda layer.
Store the connection string as a Lambda layer.
Suggested answer: A
asked 16/09/2024
shvoal gerama
32 questions

Question 316

Report
Export
Collapse

A developer must ensure that the IAM credentials used by an application in Amazon EC2 are not misused or compromised What should the developer use to keep user credentials secure?

Environment variables
Environment variables
AWS credentials file
AWS credentials file
Instance profile credentials
Instance profile credentials
Command line options
Command line options
Suggested answer: C
asked 16/09/2024
Jelle Kamp
41 questions

Question 317

Report
Export
Collapse

A developer is storing sensitive data generated by an application in Amazon S3. The developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom. Which encryption option will meet these requirements?

Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with AWS KMS managed keys (SSE-KMS)
Server-side encryption with AWS KMS managed keys (SSE-KMS)
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with self-managed keys
Server-side encryption with self-managed keys
Suggested answer: B
asked 16/09/2024
ISRAEL PEREZ GARCIA
34 questions

Question 318

Report
Export
Collapse

A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1 000 transactions per second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes.

What is the MOST cost-effective solution?

Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days
Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days
Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days
Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
Suggested answer: C

Explanation:

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-requestidentification.html

asked 16/09/2024
Marian Mateev
38 questions

Question 319

Report
Export
Collapse

A company is developing an application that will be accessed through the Amazon API Gateway REST API Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.

How can a developer meet these requirements'?

Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool
Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool
Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer m API Gateway
Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer m API Gateway
Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token
Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token
Create an IAM user for each API user, attach an invoke permissions policy to the API. and use an IAM authorizer in API Gateway.
Create an IAM user for each API user, attach an invoke permissions policy to the API. and use an IAM authorizer in API Gateway.
Suggested answer: C

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopesapi-gateway/

asked 16/09/2024
Gianni Masaracchia
43 questions

Question 320

Report
Export
Collapse

A company has an application where reading objects from Amazon S3 is based on the type of user The user types are registered user and guest user The company has 25.000 users and is growing Information is pulled from an S3 bucket depending on the user type.

Which approaches are recommended to provide access to both user types? (Select TWO.)

Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects
Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects
Use S3 bucket policies to restrict read access to specific IAM users
Use S3 bucket policies to restrict read access to specific IAM users
Use Amazon Cognito to provide access using authenticated and unauthenticated roles
Use Amazon Cognito to provide access using authenticated and unauthenticated roles
Create a new IAM user for each user and grant read access.
Create a new IAM user for each user and grant read access.
Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role
Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role
Suggested answer: B, C
asked 16/09/2024
Matthew Cole
36 questions
Total 608 questions
Go to page: of 61
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline. How can these requirements be met?
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company I up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in. What is the MOST operationally efficient solution that meets this requirement?
A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username “TeamMemberX”, the snippet of the IAM policy looks like this: Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers
You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?
A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account. How can the Developer address this issue?
A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements?
A developer has written the following 1AM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?