ExamGecko
Search Search Login
Home Home / Amazon / DVA-C02

Amazon DVA-C02 Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer is building an application that gives users the ability to view bank account from multiple sources in a single dashboard. The developer has automated the process to retrieve API credentials for these sources. The process invokes an AWS Lambda function that is associated with an AWS CloudFormation cotton resource. The developer wants a solution that will store the API credentials with minimal operational overhead. When solution will meet these requirements?
A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for me configuration. The developer wants to receive notifications. Before the configuration expires. Which solution will meet these requirements with the LEAST operational overhead?
A company needs to distribute firmware updates to its customers around the world. Which service will allow easy and secure control of the access to the downloads at the lowest cost?
An application that is deployed to Amazon EC2 is using Amazon DynamoDB. The app cation calls the DynamoDB REST API Periodically the application receives a ProvisionedThroughputExceededException error when the application writes to a DynamoDB table. Which solutions will mitigate this error MOST cost-effectively^ (Select TWO)
A company uses an AWS Lambda function to transfer files from an Amazon S3 bucket to the company's SFTP server. The Lambda function connects to the SFTP server by using credentials such as username and password. The company uses Lambda environment variables to store these credentials. A developer needs to implement encrypted username and password credentials. Which solution will meet these requirements?
A developer deployed an application to an Amazon EC2 instance The application needs to know the public IPv4 address of the instance How can the application find this information?
A developer is working on a Python application that runs on Amazon EC2 instances. The developer wants to enable tracing of application requests to debug performance issues in the code. Which combination of actions should the developer take to achieve this goal? (Select TWO)
A developer is building a new application on AWS. The application uses an AWS Lambda function that retrieves information from an Amazon DynamoDB table. The developer hard coded the DynamoDB table name into the Lambda function code. The table name might change over time. The developer does not want to modify the Lambda code if the table name changes. Which solution will meet these requirements MOST efficiently?
A developer is creating a stock trading application. The developer needs a solution to send text messages to application users to confirmation when a trade has been completed. The solution must deliver messages in the order a user makes stock trades. The solution must not send duplicate messages. Which solution will meet these requirements?
A company has an application that is deployed on AWS Elastic Beanstalk. The application generates user-specific PDFs and stores the PDFs in an Amazon S3 bucket. The application then uses Amazon Simple Email Service (Amazon SES) to send the PDFs by email to subscribers. Users no longer access the PDFs 90 days after the PDFs are generated. The S3 bucket is not versioned and contains many obsolete PDFs. A developer must reduce the number of files in the S3 bucket by removing PDFs that are older than 90 days. Which solution will meet this requirement with the LEAST development effort?

Question 151

Report
Export
Collapse

A company needs to deploy all its cloud resources by using AWS CloudFormation templates A developer must create an Amazon Simple Notification Service (Amazon SNS) automatic notification to help enforce this rule. The developer creates an SNS topic and subscribes the email address of the company's security team to the SNS topic.

The security team must receive a notification immediately if an 1AM role is created without the use of CloudFormation.

Which solution will meet this requirement?

A.
Create an AWS Lambda function to filter events from CloudTrail if a role was created without CloudFormation Configure the Lambda function to publish to the SNS topic. Create an Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
A.
Create an AWS Lambda function to filter events from CloudTrail if a role was created without CloudFormation Configure the Lambda function to publish to the SNS topic. Create an Amazon EventBridge schedule to invoke the Lambda function every 15 minutes
Answers
B.
Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) to filter events from CloudTrail if a role was created without CloudFormation Configure the Fargate task to publish to the SNS topic Create an Amazon EventBridge schedule to run the Fargate task every 15 minutes
B.
Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) to filter events from CloudTrail if a role was created without CloudFormation Configure the Fargate task to publish to the SNS topic Create an Amazon EventBridge schedule to run the Fargate task every 15 minutes
Answers
C.
Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail if a role was created without CloudFormation. Configure the script to publish to the SNS topic. Create a cron job to run the script on the EC2 instance every 15 minutes.
C.
Launch an Amazon EC2 instance that includes a script to filter events from CloudTrail if a role was created without CloudFormation. Configure the script to publish to the SNS topic. Create a cron job to run the script on the EC2 instance every 15 minutes.
Answers
D.
Create an Amazon EventBridge rule to filter events from CloudTrail if a role was created without CloudFormation Specify the SNS topic as the target of the EventBridge rule.
D.
Create an Amazon EventBridge rule to filter events from CloudTrail if a role was created without CloudFormation Specify the SNS topic as the target of the EventBridge rule.
Answers
Suggested answer: D

Explanation:

EventBridge (formerly CloudWatch Events) is the ideal service for real-time event monitoring.

CloudTrail logs IAM role creation.

EventBridge rules can filter CloudTrail events and trigger SNS notifications instantly.

Question 152

Report
Export
Collapse

A developer is working on a web application that uses Amazon DynamoDB as its data store The application has two DynamoDB tables one table that is named artists and one table that is named songs The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key

The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance.

Which solution will meet these requirements'?

A.
Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.
A.
Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.
Answers
B.
Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table
B.
Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table
Answers
C.
Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.
C.
Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.
Answers
D.
Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.
D.
Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.
Answers
Suggested answer: A

Explanation:

Scenario:Application needs to fetch songs and artists efficiently in a single operation.

BatchGetItem:This DynamoDB operation retrieves multiple items across different tables based on their primary keys in a single request.

Optimized for Request Batching:This approach reduces network traffic compared to performing multiple queries individually.

Data Modeling:Thesongstable is designed appropriately for this access pattern usingartistNameas the sort key.

Amazon DynamoDB BatchGetItem:https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_BatchGetItem.ht

Question 153

Report
Export
Collapse

A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment

Which solution will meet these requirements in the MOST operationally efficient way?

A.
Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments
A.
Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments
Answers
B.
Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.
B.
Create a new parameter version in AWS Systems Manager Parameter Store for each environment Store the environment-specific credentials in the parameter version.
Answers
C.
Configure the environment variables in the application code Use different names for each environment type
C.
Configure the environment variables in the application code Use different names for each environment type
Answers
D.
Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret
D.
Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret
Answers
Suggested answer: D

Explanation:

Secrets Management:AWS Secrets Manager is designed specifically for storing and managing sensitive credentials.

Environment Isolation:Creating separate secrets for each environment (development, staging, etc.) ensures clear separation and prevents accidental leaks.

Automatic Rotation:Secrets Manager provides built-in rotation capabilities, enhancing security posture.

AWS Secrets Manager:https://aws.amazon.com/secrets-manager/

Secrets Manager Rotation:https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html

Question 154

Report
Export
Collapse

A company's developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values

When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.

Which solution will meet these requirements with the LEAST development effort?

A.
Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
A.
Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
Answers
B.
Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table
B.
Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table
Answers
C.
Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table
C.
Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table
Answers
D.
Modify the CloudFormation stack policy to deny updates on Parameter Store parameters
D.
Modify the CloudFormation stack policy to deny updates on Parameter Store parameters
Answers
Suggested answer: A

Explanation:

Problem: CloudFormation updates reset Parameter Store parameters, disrupting application behavior.

Deletion Policy: CloudFormation has a deletion policy that controls resource behavior when a stack is deleted or updated. The 'Retain' policy instructs CloudFormation to preserve a resource's current state.

Least Development Effort: This solution involves a simple CloudFormation template modification, requiring minimal code changes.

CloudFormation Deletion Policies:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html

Question 155

Report
Export
Collapse

A company has built an AWS Lambda function to convert large image files into output files that can be used in a third-party viewer application The company recently added a new module to the function to improve the output of the generated files However, the new module has increased the bundle size and has increased the time that is needed to deploy changes to the function code.

How can a developer increase the speed of the Lambda function deployment?

A.
Use AWS CodeDeploy to deploy the function code
A.
Use AWS CodeDeploy to deploy the function code
Answers
B.
Use Lambda layers to package and load dependencies.
B.
Use Lambda layers to package and load dependencies.
Answers
C.
Increase the memory size of the function.
C.
Increase the memory size of the function.
Answers
D.
Use Amazon S3 to host the function dependencies
D.
Use Amazon S3 to host the function dependencies
Answers
Suggested answer: B

Explanation:

Problem: Large bundle size increases Lambda deployment time.

Lambda Layers: Layers let you package dependencies separately from your function code. This optimizes the deployment package, making updates faster.

Modularization: Breaking down dependencies into layers improves code organization and reusability.

AWS Lambda Layers:https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html

Question 156

Report
Export
Collapse

A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing and production A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints.

Which solution will meet this requirement?

A.
Store the third-party service endpoints in Lambda layers that correspond to the stage
A.
Store the third-party service endpoints in Lambda layers that correspond to the stage
Answers
B.
Store the third-party service endpoints in API Gateway stage variables that correspond to the stage
B.
Store the third-party service endpoints in API Gateway stage variables that correspond to the stage
Answers
C.
Encode the third-party service endpoints as query parameters in the API Gateway request URL.
C.
Encode the third-party service endpoints as query parameters in the API Gateway request URL.
Answers
D.
Store the third-party service endpoint for each environment in AWS AppConfig
D.
Store the third-party service endpoint for each environment in AWS AppConfig
Answers
Suggested answer: B

Explanation:

API Gateway Stage Variables: These are designed for configuring dynamic values for your APIs in different deployment stages (dev, test, prod). Here's how to use them for third-party endpoints:

In the API Gateway console,access the 'Stages' section of your API.

For each stage,create a stage variable named something likethirdPartyEndpoint.

Set the value of this variable to the actual endpoint URL for that specific environment.

When configuring API requests within your API Gateway method,reference this endpoint using${stageVariables.thirdPartyEndpoint}.

Why Stage Variables Excel Here:

Environment Isolation:This approach keeps the endpoint configuration specific to each deployment stage,ensuring the right endpoints are used during development,testing,and production cycles.

Ease of Management:You manage the endpoints directly through the API Gateway console without additional infrastructure.

Amazon API Gateway Stage Variables:https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html

Question 157

Report
Export
Collapse

A developer is investigating an issue in part of a company's application. In the application messages are sent to an Amazon Simple Queue Service (Amazon SQS) queue The AWS Lambda function polls messages from the SQS queue and sends email messages by using Amazon Simple Email Service (Amazon SES) Users have been receiving duplicate email messages during periods of high traffic.

Which reasons could explain the duplicate email messages? (Select TWO.)

A.
Standard SQS queues support at-least-once message delivery
A.
Standard SQS queues support at-least-once message delivery
Answers
B.
Standard SQS queues support exactly-once processing, so the duplicate email messages are because of user error.
B.
Standard SQS queues support exactly-once processing, so the duplicate email messages are because of user error.
Answers
C.
Amazon SES has the DomainKeys Identified Mail (DKIM) authentication incorrectly configured
C.
Amazon SES has the DomainKeys Identified Mail (DKIM) authentication incorrectly configured
Answers
D.
The SQS queue's visibility timeout is lower than or the same as the Lambda function's timeout.
D.
The SQS queue's visibility timeout is lower than or the same as the Lambda function's timeout.
Answers
E.
The Amazon SES bounce rate metric is too high.
E.
The Amazon SES bounce rate metric is too high.
Answers
Suggested answer: A

Explanation:

SQS Delivery Behavior:Standard SQS queues guarantee at-least-once delivery, meaning messages may be processed more than once. This can lead to duplicate emails in this scenario.

Visibility Timeout:If the visibility timeout on the SQS queue is too short, a message might become visible for another consumer before the first Lambda function finishes processing it. This can also lead to duplicates.

Amazon SQS Delivery Semantics:[invalid URL removed]

Amazon SQS Visibility Timeout:https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html

Question 158

Report
Export
Collapse

A company is building a new application that runs on AWS and uses Amazon API Gateway to expose APIs Teams of developers are working on separate components of the application in parallel The company wants to publish an API without an integrated backend so that teams that depend on the application backend can continue the development work before the API backend development is complete.

Which solution will meet these requirements?

A.
Create API Gateway resources and set the integration type value to MOCK Configure the method integration request and integration response to associate a response with an HTTP status code Create an API Gateway stage and deploy the API.
A.
Create API Gateway resources and set the integration type value to MOCK Configure the method integration request and integration response to associate a response with an HTTP status code Create an API Gateway stage and deploy the API.
Answers
B.
Create an AWS Lambda function that returns mocked responses and various HTTP status codes. Create API Gateway resources and set the integration type value to AWS_PROXY Deploy the API.
B.
Create an AWS Lambda function that returns mocked responses and various HTTP status codes. Create API Gateway resources and set the integration type value to AWS_PROXY Deploy the API.
Answers
C.
Create an EC2 application that returns mocked HTTP responses Create API Gateway resources and set the integration type value to AWS Create an API Gateway stage and deploy the API.
C.
Create an EC2 application that returns mocked HTTP responses Create API Gateway resources and set the integration type value to AWS Create an API Gateway stage and deploy the API.
Answers
D.
Create API Gateway resources and set the integration type value set to HTTP_PROXY. Add mapping templates and deploy the API. Create an AWS Lambda layer that returns various HTTP status codes Associate the Lambda layer with the API deployment
D.
Create API Gateway resources and set the integration type value set to HTTP_PROXY. Add mapping templates and deploy the API. Create an AWS Lambda layer that returns various HTTP status codes Associate the Lambda layer with the API deployment
Answers
Suggested answer: A

Explanation:

API Gateway Mocking:This feature is built for decoupling development dependencies. Here's the process:

Create resources and methods in your API Gateway.

Set the integration type to 'MOCK'.

Define Integration Responses, mapping HTTP status codes to desired mocked responses (JSON, etc.).

Deployment and Use:

Create a deployment stage for the API.

Frontend teams can call this API and get the mocked responses without a real backend.

Mocking API Gateway APIs:https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-mock-integration.html

Question 159

Report
Export
Collapse

A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket.

Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)

A.
Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances
A.
Create an EC2 instance profile and role with an appropriate policy Associate the role with the EC2 instances
Answers
B.
Create an 1AM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances
B.
Create an 1AM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances
Answers
C.
Modify the application to use the S3 GeneratePresignedUrl API call
C.
Modify the application to use the S3 GeneratePresignedUrl API call
Answers
D.
Modify the application to use the S3 GetObject API call and to return the object handle to the user
D.
Modify the application to use the S3 GetObject API call and to return the object handle to the user
Answers
E.
Modify the application to delegate requests to the S3 bucket.
E.
Modify the application to delegate requests to the S3 bucket.
Answers
Suggested answer: A, C

Explanation:

IAM Roles for EC2 (A):The most secure way to provide AWS permissions from EC2.

Create a role with a policy allowings3:GetObjecton the specific bucket.

Attach the role to an instance profile and associate that profile with your instances.

Pre-signed URLs (C):Temporary, authenticated URLs for specific S3 actions.

Modify the app to use the AWS SDK to callGeneratePresignedUrl.

Embed these URLs when a user is properly logged in, allowing download access.

IAM Roles for EC2:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

Generating Presigned URLs:https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.htm

Question 160

Report
Export
Collapse

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

A.
Attach the existing 1AM policy to the Lambda function.
A.
Attach the existing 1AM policy to the Lambda function.
Answers
B.
Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function
B.
Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function
Answers
C.
Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
C.
Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
Answers
D.
Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function
D.
Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function
Answers
Suggested answer: B

Explanation:

Principle of Least Privilege:Granting specific permissions through an IAM role is more secure than directly attaching policies to a function or using root user credentials.

IAM Roles for Lambda:Designed to provide temporary credentials to Lambda functions, enhancing security.

Reusability:The existing IAM policy ensures the correct S3 and DynamoDB access is granted.

IAM Roles for Lambda Documentation:https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

IAM Best Practices:https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Total 292 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms