AWS Certified Developer - Associate DVA-C02 v1.0

Page:    1 / 24   
Exam contains 357 questions

A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).
Which solution will meet this requirement?

  • A. Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.
  • B. Set the x-amz-server-side-encryption header when invoking the PutObject API operation.
  • C. Provide the encryption key in the HTTP header of every request.
  • D. Apply TLS to encrypt the traffic to the S3 bucket.


Answer : B

A developer needs to perform geographic load testing of an API. The developer must deploy resources to multiple AWS Regions to support the load testing of the API.
How can the developer meet these requirements without additional application code?

  • A. Create and deploy an AWS Lambda function in each desired Region. Configure the Lambda function to create a stack from an AWS CloudFormation template in that Region when the function is invoked.
  • B. Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI create-stack-set command to create a stack set in the desired Regions.
  • C. Create an AWS Systems Manager document that defines the resources. Use the document to create the resources in the desired Regions.
  • D. Create an AWS CloudFormation template that defines the load test resources. Use the AWS CLI deploy command to create a stack from the template in each Region.


Answer : B

A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.
How should the developer configure the custom domain for the application?

  • A. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS A record for the custom domain.
  • B. Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.
  • C. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the API. Create a DNS CNAME record for the custom domain.
  • D. Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.


Answer : B

A developer is creating a template that uses AWS CloudFormation to deploy an application. The application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda.
Which AWS service or tool should the developer use to define serverless resources in YAML?

  • A. CloudFormation serverless intrinsic functions
  • B. AWS Elastic Beanstalk
  • C. AWS Serverless Application Model (AWS SAM)
  • D. AWS Cloud Development Kit (AWS CDK)


Answer : C

A developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket.
Which set of steps would be necessary to achieve this?

  • A. Create an event with Amazon EventBridge that will monitor the S3 bucket and then insert the records into DynamoDB.
  • B. Configure an S3 event to invoke an AWS Lambda function that inserts records into DynamoDB.
  • C. Create an AWS Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.
  • D. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.


Answer : B

A development team maintains a web application by using a single AWS CloudFormation template. The template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template to deploy the Cloud Formation stack to different environments.
During a recent application deployment, a developer caused the primary development database to be dropped and recreated. The result of this incident was a loss of data. The team needs to avoid accidental database deletion in the future.
Which solutions will meet these requirements? (Choose two.)

  • A. Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.
  • B. Update the CloudFormation stack policy to prevent updates to the database.
  • C. Modify the database to use a Multi-AZ deployment.
  • D. Create a CloudFormation stack set for the web application and database deployments.
  • E. Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.


Answer : AD

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

  • A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.
  • B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.
  • C. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.
  • D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.


Answer : A

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

  • A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
  • B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
  • C. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
  • D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.


Answer : B

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-effectively?

  • A. Amazon S3 with encrypted files prefixed with “config”
  • B. AWS Secrets Manager secrets with a tag that is named SecretString
  • C. AWS Systems Manager Parameter Store SecureString parameters
  • D. CloudFormation NoEcho parameters


Answer : C

A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambda function that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a private subnet in company's VPC. The VPC is named VPC1. The data is relational in nature. The Lambda function needs to access the data securely.
Which solution will meet these requirements?

  • A. Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.
  • B. Create and launch a Lambda function in a new public subnet that is in a new VPC named VPC2. Create a peering connection between VPC1 and VPC2.
  • C. Create the Lambda function. Configure VPC1 access for the function. Assign a security group named SG1 to the Lambda function. Assign a second security group named SG2 to the database. Add an inbound rule to SG1 to allow TCP traffic from Port 3306.
  • D. Export the data from the Aurora database to Amazon S3. Create and launch a Lambda function in VPC1. Configure the Lambda function query the data from Amazon S3.


Answer : B

A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.
Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)

  • A. CacheHitCount
  • B. IntegrationLatency
  • C. CacheMissCount
  • D. Latency
  • E. Count


Answer : BD

A development team wants to build a continuous integration/continuous delivery (CI/CD) pipeline. The team is using AWS CodePipeline to automate the code build and deployment. The team wants to store the program code to prepare for the CI/CD pipeline.
Which AWS service should the team use to store the program code?

  • A. AWS CodeDeploy
  • B. AWS CodeArtifact
  • C. AWS CodeCommit
  • D. Amazon CodeGuru


Answer : C

A developer is designing an AWS Lambda function that creates temporary files that are less than 10 MB during invocation. The temporary files will be accessed and modified multiple times during invocation. The developer has no need to save or retrieve these files in the future.
Where should the temporary files be stored?

  • A. the /tmp directory
  • B. Amazon Elastic File System (Amazon EFS)
  • C. Amazon Elastic Block Store (Amazon EBS)
  • D. Amazon S3


Answer : A

A developer is designing a serverless application with two AWS Lambda functions to process photos. One Lambda function stores objects in an Amazon S3 bucket and stores the associated metadata in an Amazon DynamoDB table. The other Lambda function fetches the objects from the S3 bucket by using the metadata from the DynamoDB table. Both Lambda functions use the same Python library to perform complex computations and are approaching the quota for the maximum size of zipped deployment packages.
What should the developer do to reduce the size of the Lambda deployment packages with the LEAST operational overhead?

  • A. Package each Python library in its own .zip file archive. Deploy each Lambda function with its own copy of the library.
  • B. Create a Lambda layer with the required Python library. Use the Lambda layer in both Lambda functions.
  • C. Combine the two Lambda functions into one Lambda function. Deploy the Lambda function as a single .zip file archive.
  • D. Download the Python library to an S3 bucket. Program the Lambda functions to reference the object URLs.


Answer : B

A developer is writing an AWS Lambda function. The developer wants to log key events that occur while the Lambda function runs. The developer wants to include a unique identifier to associate the events with a specific function invocation. The developer adds the following code to the Lambda function:

Which solution will meet this requirement?

  • A. Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to standard output.
  • B. Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to a file.
  • C. Obtain the request identifier from the AWS request ID field in the event object. Configure the application to write logs to standard output.
  • D. Obtain the request identifier from the AWS request ID field in the context object. Configure the application to write logs to a file.


Answer : D

Page:    1 / 24   
Exam contains 357 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy