Amazon AWS Certified Developer - Associate DVA-C01
Prev

There are 237 results

Next
#181 (Accuracy: 100% / 4 votes)
A developer is building various microservices for an application that will run on Amazon EC2 instances. The developer needs to monitor the end-to-end view of the requests between the microservices and debug any issues in the various microservices.

What should the developer do to accomplish these tasks?
  • A. Use Amazon CloudWatch to aggregate the microservices' logs and metrics, and build the monitoring dashboard.
  • B. Use AWS CloudTrail to aggregate the microservices' logs and metrics, and build the monitoring dashboard.
  • C. Use the AWS X-Ray SDK to add instrumentation in all the microservices, and monitor using the X-Ray service map.
  • D. Use AWS Health to monitor the health of all the microservices.
#182 (Accuracy: 100% / 3 votes)
A company uses the AWS SDK for JavaScript in the Browser to build a web application and then hosts the application on Amazon S3. The company wants the application to support 10,000 users concurrently. The company selects Amazon DynamoDB to store user preferences in a table. There is a requirement to uniquely identify users at any scale.

Which solution will meet these requirements?
  • A. Create a user cookie. Attach an 1AM role to the S3 bucket that hosts the application.
  • B. Deploy an Amazon CloudFront distribution with an origin access identity (OAI) to access the S3 bucket.
  • C. Configure and use Amazon Cognito. Access DynamoDB with the authenticated users.
  • D. Create an IAM user for each user. Use fine-grained access control on the DynamoDB table to control access.
#183 (Accuracy: 100% / 4 votes)
A developer uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to store data in Amazon S3. The developer needs to decrypt and download the encrypted objects by using the GetObject API call.

What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?
  • A. The S3 object key only
  • B. The S3 object key and the encryption key
  • C. The S3 object key and the Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) key
  • D. The S3 object key and a randomly salted Hash-based Message Authentication Code (HMAC) value of the encryption key
#184 (Accuracy: 100% / 4 votes)
A company is running its website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. A developer needs to secure the internet-facing connection with HTTPS. The developer uses AWS Certificate Manager (ACM) to issue an X.509 certificate.

What should the developer do to secure the connection?
  • A. Configure the ALB to use the X.509 certificate by using the AWS Management Console.
  • B. Configure each EC2 instance to use the same X.509 certificate by using the AWS Management Console.
  • C. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure each EC2 instance to use the same X.509 certificate from the S3 bucket.
  • D. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure the ALB to use the X.509 certificate from the S3 bucket.
#185 (Accuracy: 93% / 7 votes)
A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application.

The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices.

Which solution will meet these requirements MOST cost-effectively?
  • A. Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.
  • B. Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.
  • C. Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.
  • D. Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.
#186 (Accuracy: 100% / 4 votes)
A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets.

To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts.

What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?
  • A. Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket.
  • B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket.
  • C. Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.
  • D. Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request.
#187 (Accuracy: 100% / 6 votes)
A business intelligence application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. Application-level audits require a searchable log of all API calls from users to the application. The application’s developers must store the logs centrally on AWS.

Which solution will meet these requirements?
  • A. Install the Amazon CloudWatch agent on the Amazon EC2 host that runs Fargate.
  • B. Configure the awslogs log driver in the ECS task definition.
  • C. Configure AWS CloudTrail for the ECS containers.
  • D. Install the ECS logs collector on the ECS hosts.
#188 (Accuracy: 100% / 3 votes)
A developer is creating an AWS Lambda function to process streaming data from an Amazon Kinesis data stream. When the Lambda function parses the data and encounters a malformed record from the stream, the Lambda function exits with an error.

The developer is observing duplicate records downstream from the function. When the developer uses a different client to examine the Kinesis data stream output, no duplicate records are visible in the stream.

What is the reason for the duplicate records?
  • A. The Lambda function did not advance the Kinesis data stream pointer to the next record after the error.
  • B. The Lambda event source used asynchronous invocation.
  • C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.
  • D. The Lambda function did not keep up with the amount of data that was coming from the Kinesis data stream.
#189 (Accuracy: 100% / 4 votes)
A company's developer is creating an application that uses Amazon API Gateway. The company wants to ensure that only users in the Sales department can use the application. The users authenticate to the application by using federated credentials from a third-party identity provider (ldP) through Amazon Cognito. The developer has set up an attribute mapping to map an attribute that is named Department and to pass the attribute to a custom AWS Lambda authorizer.

To test the access limitation, the developer sets their department to Engineering in the IdP and attempts to log in to the application. The developer is denied access. The developer then updates their department to Sales in the IdP and attempts to log in. Again, the developer is denied access. The developer checks the logs and discovers that access is being denied because the developer's access token has a department value of Engineering.

Which of the following is a possible reason that the developer’s department is still being reported as Engineering instead of Sales?
  • A. Authorization caching is enabled in the custom Lambda authorizer.
  • B. Authorization caching is enabled on the Amazon Cognito user pool.
  • C. The IAM role for the custom Lambda authorizer does not have a Department tag.
  • D. The IAM role for the Amazon Cognito user pool does not have a Department tag.
#190 (Accuracy: 100% / 4 votes)
A government agency deploys a REST application on AWS. The agency integrates the application with AWS Lambda. The agency accesses the application through Amazon API Gateway. The agency has the following policies:

• Number versions to manage the deployment of all Lambda functions to production
• Create a PROD alias to point to each function
• Reference the PROD aliases in the production stages of API Gateway

One Lambda function contains the environment variables that are used to externalize connection parameters. The PROD alias points to version 10 of the Lambda function. A developer needs to update the connection parameters and ensure that the updated Lambda function is available on production.

Which solution will meet these requirements?
  • A. Update the environment variable values on version 10 of the Lambda function. Do not change the PROD alias.
  • B. Update the environment variable values on version 10 of the Lambda function. Save the changes to create version 11. Update the PROD alias so that it points to version 11.
  • C. Update the environment variable values on the SLATEST version. Do not change the PROD alias
  • D. Update the environment variable values on the SLATEST version. Publish SLATEST to create version 11 of the Lambda function. Update the PROD alias so that it points to version 11.