ExamGecko
Search Search Login
Home Home / Amazon / DVA-C01

Amazon DVA-C01 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?
A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements?
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to:
A company is migrating a web application from on premises to AWS. The company needs to move session storage from the application code to a shared service as part of the migration. The session storage data must be encrypted at rest. Which AWS services meet these requirements? (Choose two.)
A developer has written the following 1AM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers
An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file. How should the Developer code the application?
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?

Question 311

Report
Export
Collapse

A company stores all personally identifiable information (Pll) in an Amazon DynamoDB table named Pll in Account

A.
An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.Which combination of additional steps should developers take to access the table1? (Select TWO )
A.
An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll table and made Account B a trusted entity.Which combination of additional steps should developers take to access the table1? (Select TWO )
Answers
B.
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role
B.
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role
Answers
C.
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
C.
Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Answers
D.
Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
D.
Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
Answers
E.
Include the AssumeRole API in the application code logic to obtain credentials to access the Pll table.
E.
Include the AssumeRole API in the application code logic to obtain credentials to access the Pll table.
Answers
F.
Include the Gets ess ionToken API in the application code logic to obtain credentials to access the Pll table
F.
Include the Gets ess ionToken API in the application code logic to obtain credentials to access the Pll table
Answers
Suggested answer: A, D

Question 312

Report
Export
Collapse

A developer is working on an AWS Lambda function that accesses Amazon DynamoDB The Lambda function must retrieve an item and update some of its attributes. or create the item if it does not exist The Lambda function has access to the primary key.

Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

A.
dynaracdb:DeleteItem dynamodb:GetItem dynamcdb:Putltem
A.
dynaracdb:DeleteItem dynamodb:GetItem dynamcdb:Putltem
Answers
B.
dynamodb:Updateltem dynamcdb:Getltem dynamodb:DescribeTable
B.
dynamodb:Updateltem dynamcdb:Getltem dynamodb:DescribeTable
Answers
C.
dynamcdb:GetRecords dynamcdb:Putltem dynamodb:updateTable
C.
dynamcdb:GetRecords dynamcdb:Putltem dynamodb:updateTable
Answers
D.
dynamodb:Updateltem dynamodb:Getltem dynamodb:Putltem
D.
dynamodb:Updateltem dynamodb:Getltem dynamodb:Putltem
Answers
Suggested answer: C

Explanation:

Reference: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/DynamoDB.html

Question 313

Report
Export
Collapse

A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch. the developer found that on average one message per minute is posted on this queue. What can be done to reduce Amazon SQS costs for this application?

A.
Increase the Amazon SQS queue polling timeout
A.
Increase the Amazon SQS queue polling timeout
Answers
B.
Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
B.
Scale down the Amazon SQS queue to the appropriate size for low traffic demand.
Answers
C.
Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue
C.
Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue
Answers
D.
Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
D.
Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue.
Answers
Suggested answer: A

Question 314

Report
Export
Collapse

A development team is designing a mobile app that requires multi-factor authentication Which steps should be taken to achieve this? (Select TWO)

A.
Use Amazon Cognito to create a user pool and create users in the user pool
A.
Use Amazon Cognito to create a user pool and create users in the user pool
Answers
B.
Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code
B.
Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code
Answers
C.
Enable multi-factor authentication for the Amazon Cognito user pool
C.
Enable multi-factor authentication for the Amazon Cognito user pool
Answers
D.
Use AWS IAM to create IAM users
D.
Use AWS IAM to create IAM users
Answers
E.
Enable multi-factor authentication for the users created in AWS IAM.
E.
Enable multi-factor authentication for the users created in AWS IAM.
Answers
Suggested answer: A, C

Question 315

Report
Export
Collapse

A developer is writing an application in AWS Lambda To simplify testing and deployments, the developer needs the database connection string to be easily changed without modifying the Lambda code. How can this requirement be met?

A.
Store the connection string as a secret in AWS Secrets Manager
A.
Store the connection string as a secret in AWS Secrets Manager
Answers
B.
Store the connection string in an IAM user account.
B.
Store the connection string in an IAM user account.
Answers
C.
Store the connection string in AWS KMS
C.
Store the connection string in AWS KMS
Answers
D.
Store the connection string as a Lambda layer.
D.
Store the connection string as a Lambda layer.
Answers
Suggested answer: A

Question 316

Report
Export
Collapse

A developer must ensure that the IAM credentials used by an application in Amazon EC2 are not misused or compromised What should the developer use to keep user credentials secure?

A.
Environment variables
A.
Environment variables
Answers
B.
AWS credentials file
B.
AWS credentials file
Answers
C.
Instance profile credentials
C.
Instance profile credentials
Answers
D.
Command line options
D.
Command line options
Answers
Suggested answer: C

Question 317

Report
Export
Collapse

A developer is storing sensitive data generated by an application in Amazon S3. The developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom. Which encryption option will meet these requirements?

A.
Server-side encryption with Amazon S3 managed keys (SSE-S3)
A.
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Answers
B.
Server-side encryption with AWS KMS managed keys (SSE-KMS)
B.
Server-side encryption with AWS KMS managed keys (SSE-KMS)
Answers
C.
Server-side encryption with customer-provided keys (SSE-C)
C.
Server-side encryption with customer-provided keys (SSE-C)
Answers
D.
Server-side encryption with self-managed keys
D.
Server-side encryption with self-managed keys
Answers
Suggested answer: B

Question 318

Report
Export
Collapse

A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1 000 transactions per second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes.

What is the MOST cost-effective solution?

A.
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days
A.
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days
Answers
B.
Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days
B.
Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days
Answers
C.
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days
C.
Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days
Answers
D.
Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
D.
Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-requestidentification.html

Question 319

Report
Export
Collapse

A company is developing an application that will be accessed through the Amazon API Gateway REST API Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.

How can a developer meet these requirements'?

A.
Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool
A.
Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool
Answers
B.
Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer m API Gateway
B.
Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer m API Gateway
Answers
C.
Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token
C.
Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token
Answers
D.
Create an IAM user for each API user, attach an invoke permissions policy to the API. and use an IAM authorizer in API Gateway.
D.
Create an IAM user for each API user, attach an invoke permissions policy to the API. and use an IAM authorizer in API Gateway.
Answers
Suggested answer: C

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopesapi-gateway/

Question 320

Report
Export
Collapse

A company has an application where reading objects from Amazon S3 is based on the type of user The user types are registered user and guest user The company has 25.000 users and is growing Information is pulled from an S3 bucket depending on the user type.

Which approaches are recommended to provide access to both user types? (Select TWO.)

A.
Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects
A.
Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects
Answers
B.
Use S3 bucket policies to restrict read access to specific IAM users
B.
Use S3 bucket policies to restrict read access to specific IAM users
Answers
C.
Use Amazon Cognito to provide access using authenticated and unauthenticated roles
C.
Use Amazon Cognito to provide access using authenticated and unauthenticated roles
Answers
D.
Create a new IAM user for each user and grant read access.
D.
Create a new IAM user for each user and grant read access.
Answers
E.
Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role
E.
Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role
Answers
Suggested answer: B, C
Total 608 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms