Quiz IT certification exam

Question 1

A company has many microservices that are comprised of AWS Lambda functions. Multiple teams within the company split ownership of the microservices.

An application reads configuration values from environment variables that are contained in the Lambda functions. During a security audit, the company discovers that some of the environment variables contain sensitive information.

The company's security policy requires each team to have full control over the rotation of AWS KMS keys that the team uses for its respective microservices.

Become a Premium Member for full access

Unlock Premium Member

Accepted Answer

Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:Decrypt permission to the Lambda function execution roles.

Answer

Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:Decrypt permissions to the Lambda function execution roles.

Answer

Create customer managed keys for all Lambda functions. Use the new customer managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.

Answer

Create AWS managed keys for all Lambda functions. Use the new AWS managed keys to encrypt the environment variables. Add kms:CreateGrant permission and kms:Encrypt permission to the Lambda function execution roles.

Question 2

A company has a serverless application that uses Amazon API Gateway and AWS Lambda functions to expose a RESTful API. The company uses a continuous integration and continuous delivery (CI/CD) workflow to deploy the application to multiple environments. The company wants to implement automated integration tests after deployment.A developer needs to set up the necessary infrastructure and processes to automate the deployment and integration tests for the serverless application.

Accepted Answer

Use AWS CodePipeline to create a CI/CD pipeline. Configure API Gateway stages to represent each application environment. Use AWS CloudFormation templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

Answer

Configure API Gateway stages to represent each application environment. Use AWS SAM templates to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

Answer

Configure API Gateway stages to represent each application environment. Use AWS CloudFormation to manage the infrastructure for the Lambda functions and API resources. Use AWS CodeBuild to implement automated deployment tests to validate the deployments in each stage.

Answer

Use AWS CloudFormation to create and deploy the application infrastructure in each application environment. Use the AWS CLI to invoke Lambda functions to perform deployment tests after each deployment.

Question 3

A company needs to package and deploy an application that uses AWS Lambda to compress and decompress video clips. The application uses a video codec library that is larger than 250 MB. The application uses the library to compress the videos before storage and to decompress the videos upon retrieval.

Accepted Answer

Create two Lambda functions. Build one container image that contains code to handle video compression and a second image that contains video decompression code. Add the codec library to both images. Upload the images to Amazon ECR. Use the containers to create the Lambda functions.

Answer

Create one Lambda function. Upload one zip file that contains code to handle video compression and decompression to the function. Include the codec library in the zip file.

Answer

Create two Lambda functions. Upload one zip file that contains code to handle video compression to one function. Upload a second zip file that contains code for video decompression to the second function. Include the codec library in both zip files.

Answer

Create two Lambda functions. Upload one zip file that contains code to handle video compression to one function. Upload a second zip file that contains code for video decompression to the second function. Create one Lambda layer for the codec library. Add the layer to both functions.

Question 4

A developer needs to give a new application the ability to retrieve configuration data.The application must be able to retrieve new configuration data values without the need to redeploy the application code. If the application becomes unhealthy because of a bad configuration change, the developer must be able to automatically revert the configuration change to the previous value.

Accepted Answer

Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up CloudWatch Application Signals to roll back any bad configuration changes.

Answer

Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule that has remediation actions to track changes in the application and to roll back any bad configuration changes.

Answer

Use AWS Secrets Manager to manage and store the configuration data. Integrate Secrets Manager with a custom AWS Config rule. Attach a custom AWS Systems Manager document to the rule that automatically rolls back any bad configuration changes.

Answer

Use AWS AppConfig to manage and store the configuration data. Integrate AWS AppConfig with Amazon CloudWatch to monitor changes to the application. Set up an alarm to automatically roll back any bad configuration changes.

Question 5

A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation.Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call?

Accepted Answer

'Condition': { 'ForAllValues:StringEquals': { 'dynamodb:LeadingKeys': ['${www.amazon.com:user_id}'], 'dynamodb:Attributes': ['user_name'] } }

Answer

'Condition': { 'ForAllValues:StringEquals': { 'dynamodb:LeadingKeys': ['${www.amazon.com:user_name}'], 'dynamodb:Attributes': ['user_id'] } }

Answer

'Condition': { 'ForAllValues:StringEquals': { 'dynamodb:LeadingKeys': ['${www.amazon.com:user_id}'], 'dynamodb:Attributes': ['user_name', 'user_id'] } }

Answer

'Condition': { 'ForAllValues:StringEquals': { 'dynamodb:LeadingKeys': ['${www.amazon.com:user_name}'], 'dynamodb:Attributes': ['username', 'userid'] } }

Question 6

A developer is migrating a containerized application from an on-premises environment to the AWS Cloud. The developer is using the AWS CDK to provision a container in Amazon ECS on AWS Fargate. The container is behind an Application Load Balancer (ALB).When the developer deploys the stack, the deployment fails because the ALB fails health checks. The developer needs to resolve the failed health checks.Which solutions will meet this requirement? (Select TWO.)

Accepted Answer

Confirm that the target group port matches the port mappings in the ECS task definition.

Accepted Answer

Confirm that the ALB listener on the mapped port has a default action that forwards to the correct target group.

Answer

Confirm that the capacity providers for the container have been provisioned and are properly sized.

Answer

Confirm that a hosted zone associated with the ALB matches a hosted zone that is referenced in the ECS task definition.

Answer

Confirm that the ALB listener on the mapped port has a default action that redirects to the application's health check path endpoint.

Question 7

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application.Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

Accepted Answer

json Copy code { 'Version': '2012-10-17', 'Statement': [ { 'Sid': 'statement1', 'Effect': 'Allow', 'Action': ['s3:GetObject', 's3:PutObject'], 'Resource': ['arn:aws:s3:::companybucket'] } ] }

Answer

json Copy code { 'Version': '2012-10-17', 'Statement': [ { 'Sid': 'statement1', 'Effect': 'Allow', 'Action': ['s3:GetObject', 's3:PutObject', 's3:DeleteObject'], 'Resource': ['arn:aws:s3:::companybucket'] } ] }

Answer

json Copy code { 'Version': '2012-10-17', 'Statement': [ { 'Sid': 'statement1', 'Effect': 'Allow', 'Action': ['s3:CreateBucket', 's3:GetBucketLocation'], 'Resource': 'arn:aws:s3:::companybucket' } ] }

Answer

json Copy code { 'Version': '2012-10-17', 'Statement': [ { 'Sid': 'statement1', 'Effect': 'Allow', 'Action': ['s3:GetObject', 's3:PutObject', 's3:DeleteObject', 's3:PutObjectRetention'], 'Resource': 'arn:aws:s3:::companybucket' } ] }

Question 8

A company runs an AWS CodeBuild project on medium-sized Amazon EC2 instances. The company wants to cost optimize the project and reduce the provisioning time.

Accepted Answer

Set up Amazon S3 caching for the CodeBuild project.

Answer

Configure the project to run on a CodeBuild reserved capacity fleet.

Answer

Select AWS Lambda as the compute mode for the CodeBuild project.

Answer

Configure the project to run on a CodeBuild on-demand fleet.

Question 9

A developer needs to set up an API to provide access to an application and its resources. The developer has a TLS certificate. The developer must have the ability to change the default base URL of the API to a custom domain name. The API users are distributed globally. The solution must minimize API latency.

Accepted Answer

Create an Amazon API Gateway REST API. Use the edge-optimized endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.

Answer

Create an Amazon CloudFront distribution that uses an AWS Lambda@Edge function to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.

Answer

Create an Amazon API Gateway REST API. Use the private endpoint type. Import the TLS certificate into AWS Certificate Manager. Create a custom domain name for the REST API. Route traffic to the custom domain name. Disable the default endpoint for the REST API.

Answer

Create an Amazon CloudFront distribution that uses CloudFront Functions to process API requests. Import the TLS certificate into AWS Certificate Manager and CloudFront. Add the custom domain name as an alias resource record set that is for the CloudFront distribution.

Question 10

A developer used the AWS SDK to create an application that aggregates and produces log records for 10 services. The application delivers data to an Amazon Kinesis Data Streams stream.Each record contains a log message with a service name, creation timestamp, and other log information. The stream has 15 shards in provisioned capacity mode. The stream uses service name as the partition key.The developer notices that when all the services are producing logs, ProvisionedThroughputExceededException errors occur during PutRecord requests. The stream metrics show that the write capacity the applications use is below the provisioned capacity.

Accepted Answer

Change the partition key from service name to creation timestamp.

Answer

Change the capacity mode from provisioned to on-demand.

Answer

Double the number of shards until the throttling errors stop occurring.

Answer

Use a separate Kinesis stream for each service to generate the logs.

Question 11

A development team is creating a serverless application that uses AWS Lambda functions. The team wants to streamline a testing workflow by sharing test events across multiple developers within the same AWS account. The team wants to ensure all developers can use consistent test events without compromising security.

Accepted Answer

Export test events as JSON files. Store the files in an Amazon S3 bucket. Configure granular IAM permissions to allow the developers to access the S3 bucket.

Answer

Store test events in an Amazon DynamoDB table. Create an AWS Lambda function to retrieve shared test events for the developers.

Answer

Configure test events to be shareable. Configure granular IAM permissions to allow the developers to access shared test events.

Answer

Set up a Git repository to store test events. Provide the developers with access to the repository.

Question 12

A developer needs to export the contents of several Amazon DynamoDB tables into Amazon S3 buckets to comply with company data regulations. The developer uses the AWS CLI to run commands to export from each table to the proper S3 bucket. The developer sets up AWS credentials correctly and grants resources appropriate permissions. However, the exports of some tables fail.What should the developer do to resolve this issue?

Accepted Answer

Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

Answer

Ensure that point-in-time recovery is enabled on the DynamoDB tables.

Answer

Ensure that DynamoDB streaming is enabled for the tables.

Answer

Ensure that DynamoDB Accelerator (DAX) is enabled.

Question 13

A developer is creating an application that must be able to generate API responses without backend integrations. Multiple internal teams need to work with the API while the application is still in development.Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Create an Amazon API Gateway REST API. Enable mock integration on the method of the API resource.

Answer

Create an Amazon API Gateway REST API. Set up a proxy resource that has the HTTP proxy integration type.

Answer

Create an Amazon API Gateway HTTP API. Provision a VPC link, and set up a private integration on the API to connect to a VPC.

Answer

Create an Amazon API Gateway HTTP API. Enable mock integration on the method of the API resource.

Question 14

A company wants to use AWS AppConfig to gradually deploy a new feature to 15% of users to test the feature before a full deployment.Which solution will meet this requirement with the LEAST operational overhead?

Accepted Answer

Create an AWS AppConfig feature flag. Define a variant for the new feature, and create a rule to target 15% of users.

Answer

Set up a custom script within the application to randomly select 15% of users. Assign a flag for the new feature to the selected users.

Answer

Create separate AWS AppConfig feature flags for both groups of users. Configure the flags to target 15% of users.

Answer

Use AWS AppConfig to create a feature flag without variants. Implement a custom traffic splitting mechanism in the application code.

Question 15

A company has a serverless application that uses an Amazon API Gateway API to invoke an AWS Lambda function. A developer creates a fix for a defect in the Lambda function code. The developer wants to deploy this fix to the production environment. To test the changes, the developer needs to send 10% of the live production traffic to the updated Lambda function version.

Accepted Answer

Publish a new version of the Lambda function that contains the updated code.

Accepted Answer

Create an alias for the Lambda function. Configure weighted routing on the alias. Specify a 10% weight for the new Lambda function version.

Answer

Set up a new stage in API Gateway with a new Lambda function version. Enable weighted routing in API Gateway stages.

Answer

Set up a routing policy on a Network Load Balancer. Configure 10% of the traffic to go to the new Lambda function version.

Answer

Set up a weighted routing policy by using Amazon Route 53. Configure 10% of the traffic to go to the new Lambda function version.

Question 16

A developer is building an application to process a stream of customer orders. The application sends processed orders to an Amazon Aurora MySQL database. The application needs to process the orders in batches.The developer needs to configure a workflow that ensures each record is processed before the application sends each order to the database.

Accepted Answer

Use Amazon Kinesis Data Streams to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 300.

Answer

Use Amazon SQS to stream the orders. Use an AWS Lambda function to process the orders. Configure an event source mapping for the Lambda function, and set the MaximumBatchingWindowInSeconds setting to 0.

Answer

Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to stream the orders. Use an Amazon EC2 instance to process the orders. Configure an event source mapping for the EC2 instance, and increase the payload size limit to 36 MB.

Answer

Use Amazon DynamoDB Streams to stream the orders. Use an Amazon ECS cluster on AWS Fargate to process the orders. Configure an event source mapping for the cluster, and set the BatchSize setting to 1.

Question 17

A social media company is designing a platform that allows users to upload data, which is stored in Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that only the company can decrypt the uploaded content using an asymmetric encryption key. The data must always be encrypted in transit and at rest.

Accepted Answer

Use client-side encryption with a customer-managed encryption key to encrypt the data.

Answer

Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the data.

Answer

Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the data.

Answer

Use client-side encryption with a data key to encrypt the data.

Question 18

A developer is building an application that stores objects in an Amazon S3 bucket. The bucket does not have versioning enabled. The objects are accessed rarely after 1 week. However, the objects must be immediately available at all times. The developer wants to optimize storage costs for the S3 bucket.Which solution will meet this requirement?

Accepted Answer

Create an S3 Lifecycle rule to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days.

Answer

Create an S3 Lifecycle rule to expire objects after 7 days.

Answer

Create an S3 Lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after 7 days.

Answer

Create an S3 Lifecycle rule to delete objects that have delete markers.

Question 19

A company created an application to consume and process data. The application uses Amazon SQS and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly. The company needs to clear these messages to prevent the queue from becoming blocked. A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis. What is the MOST operationally efficient solution that meets these requirements?

Accepted Answer

Create a new SQS queue. Set the new queue as a dead-letter queue for the application queue. Configure the Maximum Receives setting.

Answer

Configure Amazon CloudWatch Logs to save the error messages to a separate log stream.

Answer

Change the SQS queue to a FIFO queue. Configure the message retention period to 0 seconds.

Answer

Configure an Amazon CloudWatch alarm for Lambda function errors. Publish messages to an Amazon SNS topic to notify administrator users.

Question 20

A developer created an AWS Lambda function to process data in an application. The function pulls large objects from an Amazon S3 bucket, processes the data, and loads the processed data into a second S3 bucket. Application users have reported slow response times. The developer checks the logs and finds that Lambda function invocations run much slower than expected. The function itself is simple and has a small deployment package. The function initializes quickly. The developer needs to improve the performance of the application. Which solution will meet this requirement with the LEAST operational overhead?

Accepted Answer

Configure the function to use ephemeral storage. Upload the objects and process data in the /tmp directory.

Answer

Store the data in an Amazon EFS file system. Mount the file system to a local directory in the function.

Answer

Create an Amazon EventBridge rule to schedule invocations of the function every minute.

Answer

Create a Lambda layer to package the function dependencies. Add the layer to the function.

Question 21

A developer is creating a microservices application that runs across multiple compute environments. The application must securely access secrets that are stored in AWS Secrets Manager with minimal network latency. The developer wants a solution that reduces the number of direct calls to Secrets Manager and simplifies secrets management across environments. Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Install the Secrets Manager Agent in each compute environment. Configure the agent to cache secrets locally. Securely retrieve the secrets from Secrets Manager as needed.

Answer

Create a custom script that retrieves secrets directly from Secrets Manager and caches the secrets in a local database for each compute environment.

Answer

Implement lazy loading logic in the application to fetch secrets directly from Secrets Manager and to cache the secrets in Redis.

Answer

Store the secrets in an Amazon S3 bucket. Retrieve and load the secrets as environment variables during application startup for each compute environment.

Question 22

A company has an application that is based on Amazon EC2. The company provides API access to the application through Amazon API Gateway and uses Amazon DynamoDB to store the application's data. A developer is investigating performance issues that are affecting the application. During peak usage, the application is overwhelmed by a large number of identical data read requests that come through APIs. What is the MOST operationally efficient way for the developer to improve the application's performance?

Accepted Answer

Use DynamoDB Accelerator (DAX) to cache database responses.

Answer

Configure Amazon EC2 Auto Scaling policies to meet fluctuating demand.

Answer

Enable API Gateway caching to cache API responses.

Answer

Use Amazon ElastiCache to cache application responses.

Question 23

A banking company is building an application for users to create accounts, view balances, and review recent transactions. The company integrated an Amazon API Gateway REST API with AWS Lambda functions. The company wants to deploy a new version of a Lambda function that gives customers the ability to view their balances. The new version of the function displays customer transaction insights. The company wants to test the new version with a small group of users before deciding whether to make the feature available for all users. Which solution will meet these requirements with the LEAST disruption to users?

Accepted Answer

Create a canary deployment for the REST API. Gradually increase traffic to the new version of the function. Revert traffic to the old version if issues are detected.

Answer

Redeploy the REST API stage to use the new version of the function. If issues are detected, update the REST API to point to the previous version of the function.

Answer

Deploy the new version of the function to a new stage in the REST API. Route traffic to the new stage. If the new version fails, route traffic to the original stage.

Answer

Create a new REST API stage for the new version of the function. Create a weighted alias record set in Amazon Route 53 to distribute traffic between the original stage and the new stage.

Question 24

A developer is receiving an intermittent ProvisionedThroughputExceededException error from an application that is based on Amazon DynamoDB. According to the Amazon CloudWatch metrics for the table, the application is not exceeding the provisioned throughput. What could be the cause of the issue?

Accepted Answer

The application is exceeding capacity on a particular hash key.

Answer

The DynamoDB table storage size is larger than the provisioned size.

Answer

The DynamoDB table is exceeding the provisioned scaling operations.

Answer

The application is exceeding capacity on a particular sort key.

Question 25

A company uses more than 100 AWS Lambda functions to handle application services. One Lambda function is critical and must always run successfully. The company notices that occasionally, the critical Lambda function does not initiate. The company investigates the issue and discovers instances of the Lambda TooManyRequestsException: Rate Exceeded error in Amazon CloudWatch logs. Upon further review of the logs, the company notices that some of the non-critical functions run properly while the critical function fails. A developer must resolve the errors and ensure that the critical Lambda function runs successfully. Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Configure reserved concurrency for the critical Lambda function. Set reserved concurrent executions to the appropriate level.

Answer

Configure provisioned concurrency for the critical Lambda function. Set provisioned concurrent executions to the appropriate level.

Answer

Configure CloudWatch alarms for TooManyRequestsException errors. Add the critical Lambda function as an alarm state change action to invoke the critical function again after a failure.

Answer

Configure CloudWatch alarms for TooManyRequestsException errors. Add Amazon EventBridge as an action for the alarm state change. Use EventBridge to invoke the critical function again after a failure.

Question 26

A developer wants to use an AWS AppSync API to invoke AWS Lambda functions to return data. Some of the Lambda functions perform long-running processes. The AWS AppSync API needs to return responses immediately.Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Configure the Lambda functions to be AWS AppSync data sources. Use Event mode for asynchronous Lambda invocation.

Answer

Increase the timeout setting for the Lambda functions to accommodate longer processing times.

Answer

Set up an Amazon SQS queue. Configure AWS AppSync to send messages to the SQS queue. Configure a Lambda function event source mapping to poll the queue.

Answer

Enable caching, and increase the duration of the AWS AppSync cache TTL.

Question 27

A company has an application that uses an AWS Lambda function to process customer orders. The company notices that the application processes some orders more than once.A developer needs to update the application to prevent duplicate processing.Which solution will meet this requirement with the LEAST implementation effort?

Accepted Answer

Implement a de-duplication mechanism that uses Amazon DynamoDB as the control database. Configure the Lambda function to check for the existence of a unique identifier before processing each event.

Answer

Create a custom Amazon ECS task to perform idempotency checks. Use AWS Step Functions to integrate the ECS task with the Lambda function.

Answer

Configure the Lambda function to retry failed invocations. Implement a retry mechanism that has a fixed delay between attempts to handle duplicate events.

Answer

Use Amazon Athena to query processed events to identify duplicate records. Add processing logic to the Lambda function to handle the duplication scenarios that the query identifies.

Question 28

A developer is working on an ecommerce application that stores data in an Amazon RDS for MySQL cluster The developer needs to implement a caching layer for the application to retrieve information about the most viewed products.Which solution will meet these requirements?

Accepted Answer

Create an Amazon ElastiCache (Redis OSS) cluster. Update the application code to use the ElastiCache (Redis OSS) cluster endpoint.

Answer

Edit the RDS for MySQL cluster by adding a cache node. Configure the cache endpoint instead of the duster endpoint in the application.

Answer

Create an Amazon DynamoDB Accelerator (DAX) cluster in front of the RDS for MySQL cluster. Configure the application to connect to the DAX endpoint instead of the RDS endpoint.

Answer

Configure the RDS for MySQL cluster to add a standby instance in a different Availability Zone. Configure the application to read the data from the standby instance.

Question 29

A developer is building various microservices for an application that will run on Amazon EC2 instances. The developer needs to monitor the end-to-end view of the requests between the microservices and debug any issues in the various microservices.What should the developer do to accomplish these tasks?

Accepted Answer

Use the AWS X-Ray SDK to add instrumentation in all the microservices, and monitor using the X-Ray service map.

Answer

Use Amazon CloudWatch to aggregate the microservices' logs and metrics, and build the monitoring dashboard.

Answer

Use AWS CloudTrail to aggregate the microservices' logs and metrics, and build the monitoring dashboard.

Answer

Use AWS Health to monitor the health of all the microservices.

Question 30

A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS KMS keys, which can be rotated on demand.Which combination of steps will meet these requirements? (Select TWO.)

Accepted Answer

Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.

Accepted Answer

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.

Answer

Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.

Answer

Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key

Answer

Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.

Question 31

An ecommerce startup is preparing for an annual sales event. As the traffic to the company's application increases, the development team wants to be notified when the Amazon EC2 instance's CPU utilization exceeds 80%.Which solution will meet this requirement?

Accepted Answer

Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

Answer

Create a custom AWS CloudTrail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

Answer

Create a cron job on the EC2 instance that invokes the --describe-instance-information command on the host instance every 15 minutes and sends the results to an Amazon SNS topic.

Answer

Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%.

Question 32

A developer is automating a new application deployment with AWS SAM. The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects.How should the developer configure AWS SAM to grant the necessary read permission to the S3 bucket?

Accepted Answer

Add the S3ReadPolicy template to the Lambda function's execution role.

Answer

Reference a second Lambda authorizer function.

Answer

Add a custom S3 bucket policy to the Lambda function.

Answer

Create an Amazon SQS topic for only S3 object reads. Reference the topic in the template.

Question 33

A developer is working on an app for a company that uses an Amazon DynamoDB table named Orders to store customer orders. The table uses OrderlD as the partition key and there is no sort key. The table contains more than 100,000 records. The developer needs to add a functionality that will retrieve all Orders records that contain an OrderSource attribute with the MobileApp value.Which solution will improve the user experience in the MOST efficient way?

Accepted Answer

Create a global secondary index (GSI) with OrderSource as the partition key. Perform a Query operation by using MobileApp as the key.

Answer

Perform a Scan operation on the Orders table. Provide a QueryFilter condition to filter to only the items where the OrderSource attribute is equal to the MobileApp value.

Answer

Create a local secondary index (LSI) with OrderSource as the partition key. Perform a Query operation by using MobileApp as the key.

Answer

Create a global secondary index (GSI) with OrderSource as the sort key. Perform a Query operation by using MobileApp as the key.

Question 34

A company is building a serverless application on AWS. The application uses Amazon API Gateway and AWS Lambda. The company wants to deploy the application to its development, test, and production environments.Which solution will meet these requirements with the LEAST development effort?

Accepted Answer

Use API Gateway stage variables and create Lambda aliases to reference environment-specific resources.

Answer

Use Amazon ECS to deploy the application to the environments.

Answer

Duplicate the code for each environment. Deploy the code to a separate API Gateway stage.

Answer

Use AWS Elastic Beanstalk to deploy the application to the environments.

Question 35

A company runs applications on Amazon EKS containers. The company sends application logs from the containers to an Amazon CloudWatch Logs log group. The company needs to process log data in real time based on a specific error in the application logs. Which combination of steps will meet these requirements? (Select TWO.)

Accepted Answer

Create a subscription filter on the log group that has a filter pattern.

Accepted Answer

Create an AWS Lambda function to process the logs.

Answer

Create an Amazon SNS topic that has a subscription filter policy.

Answer

Set up an Amazon CloudWatch agent operator to manage the trace collection daemon in Amazon EKS.

Answer

Create an Amazon EventBridge rule to invoke the AWS Lambda function on a schedule.

Question 36

A company uses an AWS Lambda function to perform natural language processing (NLP) tasks. The company has attached a Lambda layer to the function. The Lambda layer contain scientific libraries that the function uses during processing.The company added a large, pre-trained text-classification model to the Lambda layer. The addition increased the size of the Lambda layer to 8.7 GB. After the addition and a recent deployment, the Lambda function returned a RequestEntityTooLargeException error.The company needs to update the Lambda function with a high-performing and portable solution to decrease the initialization time for the function.Which solution will meet these requirements?

Accepted Answer

Create a Docker container that includes the scientific libraries and the pre-trained model. Update the Lambda function to use the container image.

Answer

Store the large pre-trained model in an Amazon S3 bucket. Use the AWS SDK to access the model.

Answer

Create an Amazon EFS file system to store the large pre-trained model. Mount the file system to an Amazon EC2 instance. Configure the Lambda function to use the EFS file system.

Answer

Split the components of the Lambda layer into five new Lambda layers. Zip the new layers, and attach the layers to the Lambda function. Update the function code to use the new layers.

Question 37

A company operates a media streaming platform that delivers on-demand video content to users from around the world. User requests flow through an Amazon CloudFront distribution, an Amazon API Gateway REST API, AWS Lambda functions, and Amazon DynamoDB tables.Some users have reported intermittent buffering issues and delays when users try to start a video stream. The company needs to investigate the issues to discover the underlying cause.Which solution will meet this requirement?

Accepted Answer

Enable AWS X-Ray tracing for the REST API, Lambda functions, and DynamoDB tables. Analyze the service map to identify any performance bottlenecks or errors.

Answer

Enable logging in API Gateway. Ensure that each Lambda function is configured to send logs to Amazon CloudWatch. Use CloudWatch Logs Insights to query the log data.

Answer

Use AWS Config to review details of any recent configuration changes to AWS resources in the application that could result in increased latency for users.

Answer

Use AWS CloudTrail to track AWS resources in all AWS Regions. Stream CloudTrail data to an Amazon CloudWatch Logs log group. Enable CloudTrail Insights. Set up Amazon SN5 notifications if unusual API activity is detected.

Question 38

A company needs to develop a proof of concept for a web service application. The application will show the weather forecast for one of the company's office locations. The application will provide a REST endpoint that clients can call. Where possible, the application should use caching features provided by AWS to limit the number of requests to the backend service. The application backend will receive a small amount of traffic only during testing.Which approach should the developer take to provide the REST endpoint MOST cost-effectively?

Accepted Answer

Create an AWS Lambda function by using AWS SAM. Expose the Lambda functionality by using Amazon API Gateway.

Answer

Create a container image. Deploy the container image by using Amazon EKS. Expose the functionality by using Amazon API Gateway.

Answer

Create a container image. Deploy the container image by using Amazon ECS. Expose the functionality by using Amazon API Gateway.

Answer

Create a microservices application. Deploy the application to AWS Elastic Beanstalk. Expose the AWS Lambda functionality by using an Application Load Balancer.

Question 39

A developer uses AWS IAM Identity Center to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation.What is the MOST likely cause of the developer's access issue?

Accepted Answer

The credentials from the IAM Identity Center federated role have expired.

Answer

The access permissions to the developer's AWS CLI binary file have changed.

Answer

The permission set that is assumed by IAM Identity Center does not have the necessary permissions to complete the API call.

Answer

The developer is attempting to make API calls to the incorrect AWS account.

Question 40

A real-time messaging application uses Amazon API Gateway WebSocket APIs with backend HTTP service. A developer needs to build a feature in the application to identify a client that keeps connecting to and disconnecting from the WebSocket connection. The developer also needs the ability to remove the clientWhich combination of changes should the developer make to the application to meet these requirements? (Select TWO.)

Accepted Answer

Add code to track the client status in Amazon ElastiCache in the backend service.

Accepted Answer

Implement $connect and $disconnect routes in the backend service.

Answer

Switch to HTTP APIs in the backend service.

Answer

Switch to REST APIs in the backend service.

Answer

Use the callback URL to disconnect the client from the backend service.

Amazon DVA-C02 Practice Test 9

Amazon DVA-C02 Practice Tests

Amazon DVA-C02 Practice Test 9

Question

Amazon DVA-C02 Practice Tests

Practice Tests