Amazon DVA-C02 Practice Test - Questions Answers, Page 16
List of questions
Question 151
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs to deploy all its cloud resources by using AWS CloudFormation templates A developer must create an Amazon Simple Notification Service (Amazon SNS) automatic notification to help enforce this rule. The developer creates an SNS topic and subscribes the email address of the company's security team to the SNS topic.
The security team must receive a notification immediately if an 1AM role is created without the use of CloudFormation.
Which solution will meet this requirement?
Explanation:
EventBridge (formerly CloudWatch Events) is the ideal service for real-time event monitoring.
CloudTrail logs IAM role creation.
EventBridge rules can filter CloudTrail events and trigger SNS notifications instantly.
Question 152
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A developer is working on a web application that uses Amazon DynamoDB as its data store The application has two DynamoDB tables one table that is named artists and one table that is named songs The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key
The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance.
Which solution will meet these requirements'?
Explanation:
Scenario:Application needs to fetch songs and artists efficiently in a single operation.
BatchGetItem:This DynamoDB operation retrieves multiple items across different tables based on their primary keys in a single request.
Optimized for Request Batching:This approach reduces network traffic compared to performing multiple queries individually.
Data Modeling:Thesongstable is designed appropriately for this access pattern usingartistNameas the sort key.
Amazon DynamoDB BatchGetItem:https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_BatchGetItem.ht
Question 153
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A data visualization company wants to strengthen the security of its core applications The applications are deployed on AWS across its development staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials The sensitive credentials need to be automatically rotated Aversion of the sensitive credentials need to be stored for each environment
Which solution will meet these requirements in the MOST operationally efficient way?
Explanation:
Secrets Management:AWS Secrets Manager is designed specifically for storing and managing sensitive credentials.
Environment Isolation:Creating separate secrets for each environment (development, staging, etc.) ensures clear separation and prevents accidental leaks.
Automatic Rotation:Secrets Manager provides built-in rotation capabilities, enhancing security posture.
AWS Secrets Manager:https://aws.amazon.com/secrets-manager/
Secrets Manager Rotation:https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
Question 154
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company's developer has deployed an application in AWS by using AWS CloudFormation The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values
When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.
Which solution will meet these requirements with the LEAST development effort?
Explanation:
Problem: CloudFormation updates reset Parameter Store parameters, disrupting application behavior.
Deletion Policy: CloudFormation has a deletion policy that controls resource behavior when a stack is deleted or updated. The 'Retain' policy instructs CloudFormation to preserve a resource's current state.
Least Development Effort: This solution involves a simple CloudFormation template modification, requiring minimal code changes.
CloudFormation Deletion Policies:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html
Question 155
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has built an AWS Lambda function to convert large image files into output files that can be used in a third-party viewer application The company recently added a new module to the function to improve the output of the generated files However, the new module has increased the bundle size and has increased the time that is needed to deploy changes to the function code.
How can a developer increase the speed of the Lambda function deployment?
Explanation:
Problem: Large bundle size increases Lambda deployment time.
Lambda Layers: Layers let you package dependencies separately from your function code. This optimizes the deployment package, making updates faster.
Modularization: Breaking down dependencies into layers improves code organization and reusability.
AWS Lambda Layers:https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
Question 156
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing and production A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints.
Which solution will meet this requirement?
Explanation:
API Gateway Stage Variables: These are designed for configuring dynamic values for your APIs in different deployment stages (dev, test, prod). Here's how to use them for third-party endpoints:
In the API Gateway console,access the 'Stages' section of your API.
For each stage,create a stage variable named something likethirdPartyEndpoint.
Set the value of this variable to the actual endpoint URL for that specific environment.
When configuring API requests within your API Gateway method,reference this endpoint using${stageVariables.thirdPartyEndpoint}.
Why Stage Variables Excel Here:
Environment Isolation:This approach keeps the endpoint configuration specific to each deployment stage,ensuring the right endpoints are used during development,testing,and production cycles.
Ease of Management:You manage the endpoints directly through the API Gateway console without additional infrastructure.
Amazon API Gateway Stage Variables:https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html
Question 157
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A developer is investigating an issue in part of a company's application. In the application messages are sent to an Amazon Simple Queue Service (Amazon SQS) queue The AWS Lambda function polls messages from the SQS queue and sends email messages by using Amazon Simple Email Service (Amazon SES) Users have been receiving duplicate email messages during periods of high traffic.
Which reasons could explain the duplicate email messages? (Select TWO.)
Explanation:
SQS Delivery Behavior:Standard SQS queues guarantee at-least-once delivery, meaning messages may be processed more than once. This can lead to duplicate emails in this scenario.
Visibility Timeout:If the visibility timeout on the SQS queue is too short, a message might become visible for another consumer before the first Lambda function finishes processing it. This can also lead to duplicates.
Amazon SQS Delivery Semantics:[invalid URL removed]
Amazon SQS Visibility Timeout:https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html
Question 158
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is building a new application that runs on AWS and uses Amazon API Gateway to expose APIs Teams of developers are working on separate components of the application in parallel The company wants to publish an API without an integrated backend so that teams that depend on the application backend can continue the development work before the API backend development is complete.
Which solution will meet these requirements?
Explanation:
API Gateway Mocking:This feature is built for decoupling development dependencies. Here's the process:
Create resources and methods in your API Gateway.
Set the integration type to 'MOCK'.
Define Integration Responses, mapping HTTP status codes to desired mocked responses (JSON, etc.).
Deployment and Use:
Create a deployment stage for the API.
Frontend teams can call this API and get the mocked responses without a real backend.
Mocking API Gateway APIs:https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-mock-integration.html
Question 159
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has an application that is hosted on Amazon EC2 instances The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket A developer turns on S3 Block Public Access for the S3 bucket After this change, users report errors when they attempt to download objects The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket.
Which combination of steps will meet these requirements in the MOST secure way? (Select TWO.)
Explanation:
IAM Roles for EC2 (A):The most secure way to provide AWS permissions from EC2.
Create a role with a policy allowings3:GetObjecton the specific bucket.
Attach the role to an instance profile and associate that profile with your instances.
Pre-signed URLs (C):Temporary, authenticated URLs for specific S3 actions.
Modify the app to use the AWS SDK to callGeneratePresignedUrl.
Embed these URLs when a user is properly logged in, allowing download access.
IAM Roles for EC2:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Generating Presigned URLs:https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.htm
Question 160
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists
What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?
Explanation:
Principle of Least Privilege:Granting specific permissions through an IAM role is more secure than directly attaching policies to a function or using root user credentials.
IAM Roles for Lambda:Designed to provide temporary credentials to Lambda functions, enhancing security.
Reusability:The existing IAM policy ensures the correct S3 and DynamoDB access is granted.
IAM Roles for Lambda Documentation:https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
IAM Best Practices:https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Question