ExamGecko
Search Search Login
Home Home / Amazon / DVA-C01

Amazon DVA-C01 Practice Test - Questions Answers, Page 55

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to:
A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements?
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers
A company is migrating a web application from on premises to AWS. The company needs to move session storage from the application code to a shared service as part of the migration. The session storage data must be encrypted at rest. Which AWS services meet these requirements? (Choose two.)
A developer has written the following 1AM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?
A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards. Which caching strategy will meet these requirements?

Question 541

Report
Export
Collapse

A developer has an application container, an AWS Lambda function, and an Amazon Simple Queue Sen/ice (Amazon SOS) queue. The Lambda function uses the SOS queue as an event source. The Lambda function makes a call to a third-party machine learning API when the function is invoked.

The response from the third-party API can take up to 60 seconds to return. the Lambda function's timeout value is currently 65 seconds. The developer has noticed that the Lambda function sometimes processes duplicate messages from the SOS queue.

What should the developer do to ensure that the Lambda function does not process duplicate messages?

A.
Configure the Lambda function with a larger amount of memory.
A.
Configure the Lambda function with a larger amount of memory.
Answers
B.
Configure an increase in the Lambda function's timeout value.
B.
Configure an increase in the Lambda function's timeout value.
Answers
C.
Configure the SOS queue's delivery delay value to be greater than the maximum time it takes to call the third-party API.
C.
Configure the SOS queue's delivery delay value to be greater than the maximum time it takes to call the third-party API.
Answers
D.
Configure the SOS queue's visibility timeout value to be greater than the maximum time it takes to call the third-party API.
D.
Configure the SOS queue's visibility timeout value to be greater than the maximum time it takes to call the third-party API.
Answers
Suggested answer: A

Question 542

Report
Export
Collapse

An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application.

Which HTTP header should the developer use for this analysis?

A.
The X-Forwarded-Proto header
A.
The X-Forwarded-Proto header
Answers
B.
The X-Forwarded-Host header
B.
The X-Forwarded-Host header
Answers
C.
The X-Forwarded-For header
C.
The X-Forwarded-For header
Answers
D.
The X-Forwarded-Port header
D.
The X-Forwarded-Port header
Answers
Suggested answer: C

Explanation:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

Question 543

Report
Export
Collapse

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket.

Which solution will meet this requirement with the LEAST application disruption?

A.
Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.
A.
Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.
Answers
B.
Add the permission to the role so that the change will take effect automatically.
B.
Add the permission to the role so that the change will take effect automatically.
Answers
C.
Add the permission to the role. Hibernate and restart the existing EC2 instance.
C.
Add the permission to the role. Hibernate and restart the existing EC2 instance.
Answers
D.
Add the permission to the S3 bucket. Restart the EC2 instance.
D.
Add the permission to the S3 bucket. Restart the EC2 instance.
Answers
Suggested answer: B

Question 544

Report
Export
Collapse

\ developer is designing a serverless application for a game in which users register and log in through a web browser. The application makes requests on behalf of users to a set of AWS Lambda functions that un behind an Amazon API Gateway HTTP API. rhe developer needs to implement a solution to register and log in users on the application's sign-in page. The solution must minimize operational overhead and must minimize ongoing management of user identities. Which solution will meet these requirements?

A.
Create Amazon Cognito user pools for external social identity providers. Configure 1AM roles for the identity pools.
A.
Create Amazon Cognito user pools for external social identity providers. Configure 1AM roles for the identity pools.
Answers
B.
Program the sign-in page to create users' 1AM groups with the 1AM roles attached to the groups.
B.
Program the sign-in page to create users' 1AM groups with the 1AM roles attached to the groups.
Answers
C.
Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS.
C.
Create an Amazon RDS for SQL Server DB instance to store the users and manage the permissions to the backend resources in AWS.
Answers
D.
Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached 1AM policy.
D.
Configure the sign-in page to register and store the users and their passwords in an Amazon DynamoDB table with an attached 1AM policy.
Answers
Suggested answer: A

Question 545

Report
Export
Collapse

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct 1AM policy already exists. What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

A.
Attach the existing IAM policy to the Lambda function.
A.
Attach the existing IAM policy to the Lambda function.
Answers
B.
Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.
B.
Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.
Answers
C.
Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
C.
Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
Answers
D.
Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.
D.
Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.
Answers
Suggested answer: B

Question 546

Report
Export
Collapse

A company is using Amazon Cognito user pools for sign-up and login functionality for a web application. The company is using Amazon RDS for the application's data persistence and is using Amazon API Gateway and AWS Lambda for the application's API functionality. Users must provide their first name, last name, email address, and phone number to sign up. All API endpoints have a Cognito user pool authorizer to guard against unauthenticated requests. A developer wants to show a personalized welcome screen to users after they log in. The welcome screen needs to show the user's first name and the user's previous login date. According to company policy. developers who work on the web application cannot store any personally identifiable information in RDS instances.

Which solution should the developer implement to meet these requirements?

A.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the sub claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.
A.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the sub claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.
Answers
B.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the sub claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.
B.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the sub claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.
Answers
C.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the iss claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.
C.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the identity token in the Authorization header of the request. Extract the user name from the given_name claim and the user's universally unique identifier (UUID) from the iss claim inside the identity token. Use the UUID as the key to store and retrieve the previous login information from the database.
Answers
D.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given name claim and the user's universally unique identifier (UUID) from the iss claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.
D.
After successful login, submit a Cognito request for user tokens. When redirecting to the welcome screen, provide the access token in the Authorization header of the request. Extract the user name from the given name claim and the user's universally unique identifier (UUID) from the iss claim inside the access token. Use the UUID as the key to store and retrieve the previous login information from the database.
Answers
Suggested answer: C

Question 547

Report
Export
Collapse

A banking application processes thousands of transactions each second. Each transaction payload must have end-to-end encryption. The application encrypts each transaction locally by using the AWS Key Management Service (AWS KMS) GenerateDataKey operation. A developer is testing the application and receives a Throttling Except ion error. Which actions are best practices to resolve this error? (Select TWO.)

A.
Use the LocalCryptoMaterialsCache feature of the AWS Encryption SDK encryption library.
A.
Use the LocalCryptoMaterialsCache feature of the AWS Encryption SDK encryption library.
Answers
B.
Call the AWS KMS Encrypt operation directly to allow AWS KMS to encrypt the data.
B.
Call the AWS KMS Encrypt operation directly to allow AWS KMS to encrypt the data.
Answers
C.
Create a case in the AWS Support Center to increase the quota for the account.
C.
Create a case in the AWS Support Center to increase the quota for the account.
Answers
D.
Use Amazon Simple Queue Service (Amazon SQS) to queue the requests to AWS KMS.
D.
Use Amazon Simple Queue Service (Amazon SQS) to queue the requests to AWS KMS.
Answers
E.
Switch to an AWS KMS custom key store.
E.
Switch to an AWS KMS custom key store.
Answers
Suggested answer: A, C

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/kms-throttlingexception-error/

Question 548

Report
Export
Collapse

A developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following:

• Average item size: 10 KB

• Item reads each second: 10 strongly consistent

• Item writes each second: 2 transactional

Which read and write capacity cost-effectively meets these requirements?

A.
Read 10; write 2
A.
Read 10; write 2
Answers
B.
Read 30; write 40
B.
Read 30; write 40
Answers
C.
Use on-demand scaling
C.
Use on-demand scaling
Answers
D.
Read 300; write 400
D.
Read 300; write 400
Answers
Suggested answer: B

Question 549

Report
Export
Collapse

A developer is building a three-tier application with an Application Load Balancer (ALB). Amazon EC2 instances, and Amazon RDS. There is an alias record in Amazon Route 53 that points to the ALB. When Ihe developer tries to access the ALB from a laptop, the request times out.

Which logs should the developer investigate to verify that the request is reaching the AWS network?

A.
VPC Flow Logs
A.
VPC Flow Logs
Answers
B.
Amazon Route 53 logs
B.
Amazon Route 53 logs
Answers
C.
AWS Systems Manager Agent logs
C.
AWS Systems Manager Agent logs
Answers
D.
Amazon CloudWatch agent logs
D.
Amazon CloudWatch agent logs
Answers
Suggested answer: A

Question 550

Report
Export
Collapse

A developer is working on an application that is deployed on an Amazon EC2 instance. The application needs to transfer a file to an Amazon S3 bucket. What should the developer do to authenticate the application's access to the S3 bucket in the MOST secure way?

A.
Create an access key for an IAM user. Store the access key in the application's environment variables.
A.
Create an access key for an IAM user. Store the access key in the application's environment variables.
Answers
B.
Create an IAM role. Create an access key for the role. Store the access key in the application's environment variables.
B.
Create an IAM role. Create an access key for the role. Store the access key in the application's environment variables.
Answers
C.
Associate an IAM role with the EC2 instance. Use the instance metadata service to retrieve the credentials.
C.
Associate an IAM role with the EC2 instance. Use the instance metadata service to retrieve the credentials.
Answers
D.
Configure a bucket policy for the S3 bucket. Allow access from the EC2 instance ID in the bucket policy.
D.
Configure a bucket policy for the S3 bucket. Allow access from the EC2 instance ID in the bucket policy.
Answers
Suggested answer: B
Total 608 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms