Amazon DVA-C02 Practice Test - Questions Answers, Page 26
Question list
List of questions
Related questions
A developer is designing a fault-tolerant environment where client sessions will be saved.
How can the developer ensure that no sessions are lost if an Amazon EC2 instance fails?
Use sticky sessions with an Elastic Load Balancer target group.
Use Amazon SOS to save session data.
Use Amazon DynamoDB to perform scalable session handling.
Use Elastic Load Balancer connection draining to stop sending requests to failing instances.
A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.
Which approach should the company take to allow the application to interact with Amazon S3?
Create an 1AM role that has administrative access to AWS. Attach the role to the EC2 instance.
Create an 1AM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
Create an 1AM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.
Create an 1AM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated.
Which solution will meet these requirements?
Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.
Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.
Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.
Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.
A company is building an application to accept data from customers. The data must be encrypted at rest and in transit.
The application uses an Amazon API Gateway API that resolves to AWS Lambda functions. The Lambda functions store the data in an Amazon Aurora MySQL DB cluster. The application worked properly during testing.
A developer configured an Amazon CloudFront distribution with field-level encryption that uses an AWS Key Management Service (AWS KMS) key. After the configuration of the distribution, the application behaved unexpectedly. All the data in the database changed from plaintext to ciphertext.
The developer must ensure that the data is not stored in the database as the ciphertext from the CloudFront field-level encryption.
Which solution will meet this requirement?
Change the CloudFront Viewer protocol policy from 'HTTP and HTTPS' to 'HTTPS only.'
Add a Lambda function that uses the KMS key to decrypt the data fields before saving the data to the database.
Enable encryption on the DB cluster by using the same KMS key that is used in CloudFront.
Request and deploy a new SSL certificate to use with the CloudFront distribution.
A developer is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of the EC2 instances, logging all requests to a log file.
The developer wants to capture the client public IP addresses. The developer analyzes the log files and notices only the IP address of the ALB.
What must the developer do to capture the client public IP addresses in the log file?
Add a Host header to the HTTP server log configuration file.
Install the Amazon CloudWatch Logs agent on each EC2 instance. Configure the agent to write to the log file.
Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file.
Add an X-Forwarded-For header to the HTTP server log configuration file.
A developer is creating an application that uses an AWS Lambda function to transform and load data from an Amazon S3 bucket. When the developer tests the application, the developer finds that some invocations of the Lambda function are slower than others.
The developer needs to update the Lambda function to have predictable invocation durations that run with low latency. Any initialization activities, such as loading libraries and instantiating clients, must run during allocation time rather than during actual function invocations.
Which combination of steps will meet these requirements? (Select TWO.)
Create a schedule group in Amazon EventBridge Scheduler to invoke the Lambda function.
Configure provisioned concurrency for the Lambda function to have the necessary number of execution environments.
Use the SLATEST version of the Lambda function.
Configure reserved concurrency for the Lambda function to have the necessary number of execution environments.
Deploy changes, and publish a new version of the Lambda function.
A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.
How can the developer meet these requirements?
Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.
Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.
Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.
Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.
A developer is implementing a serverless application by using AWS CloudFormation to provision Amazon S3 web hosting. Amazon API Gateway, and AWS Lambda functions. The Lambda function source code is zipped and uploaded to an S3 bucket. The S3 object key of the zipped source code is specified in the Lambda resource in the CloudFormation template.
The developer notices that there are no changes in the Lambda function every time the CloudFormation stack is updated.
How can the developer resolve this issue?
Create a new Lambda function alias before updating the CloudFormation stack.
Change the S3 object key or the S3 version in the CloudFormation template before updating the CloudFormation stack.
Upload the zipped source code to another S3 bucket before updating the CloudFormation stack.
Associate a code signing configuration with the Lambda function before updating the CloudFormation stack.
An application interacts with Amazon Aurora to store and track customer information. The primary database is set up with multiple read replicas for improving the performance of the read queries. However, one of the Aurora replicas is receiving most or all of the traffic, while the other Aurora replica remains idle.
How can this issue be resolved?
Disable application-level DNS caching.
Enable application-level DNS caching.
Enable application pooling.
Disable application pooling.
A company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the developer incorporate unit tests as part of CI/CD pipelines?
Create a separate CodePipeline pipeline to run unit tests.
Update the AWS CodeBuild build specification to include a phase for running unit tests.
Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.
Create a testing branch in a git repository for the pipelines to run unit tests.
Question