Amazon AWS Certified Developer - Associate DVA-C01
Prev

There are 237 results

Next
#61 (Accuracy: 100% / 2 votes)
A developer is setting up the deployment of application stacks to new test environments by using the AWS Cloud Development Kit (AWS CDK). The application contains the code for several AWS Lambda functions that will be deployed as assets. Each Lambda function is defined by using the AWS CDK Lambda construct library.

The developer has already successfully deployed the application stacks to the alpha environment in the first account by using the AWS CDK CLI’s cdk deploy command. The developer is preparing to deploy to the beta environment in a second account for the first time. The developer makes no significant changes to the CDK code between deployments, but the initial deployment in the second account is unsuccessful and returns a NoSuchBucket error.

Which command should the developer run before redeployment to resolve this error?
  • A. cdk synth
  • B. cdk bootstrap
  • C. cdk init
  • D. cdk destroy
#62 (Accuracy: 100% / 3 votes)
A company has hundreds of AWS Lambda functions that the company's QA team needs to test by using the Lambda function URLs. A developer needs to configure the authentication of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda functions by using the public URLs.

Which solution will meet these requirements?
  • A. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to create an IAM identity-based policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.
  • B. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.
  • C. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to loop on the Lambda functions to create an IAM identity-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group's Amazon Resource Name (ARN).
  • D. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to loop on the Lambda functions to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group's Amazon Resource Name (ARN).
#63 (Accuracy: 90% / 14 votes)
A developer is deploying an application that will store files in an Amazon S3 bucket. The files must be encrypted at rest. The developer wants to automatically replicate the files to an S3 bucket in a different AWS Region for disaster recovery.
How can the developer accomplish this task with the LEAST amount of configuration?
  • A. Encrypt the files by using server-side encryption with S3 managed encryption keys (SSE-S3). Enable S3 bucket replication.
  • B. Encrypt the files by using server-side encryption (SSE) with an AWS Key Management Service (AWS KMS) customer master key (CMK). Enable S3 bucket replication.
  • C. Use the s3 sync command to sync the files to the S3 bucket in the other Region.
  • D. Configure an S3 Lifecycle configuration to automatically transfer files to the S3 bucket in the other Region.
#64 (Accuracy: 100% / 7 votes)
A developer is debugging an AWS Lambda function behind an Amazon API Gateway. Whenever the API Gateway endpoint is called, HTTP status code 200 is returned even though AWS Lambda is recording a 4xx error.
What change needs to be made to return a proper error code through the API Gateway?
  • A. Enable CORS in the API Gateway method settings
  • B. Use a Lambda proxy integration to return HTTP codes and headers
  • C. Enable API Gateway error pass-through.
  • D. Return the value in the header x-Amzn-ErrorType.
#65 (Accuracy: 95% / 13 votes)
A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client- side encryption.
What steps must be followed?
  • A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter
  • B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data
  • C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data
  • D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data
#66 (Accuracy: 100% / 2 votes)
A developer has an application that is composed of many different AWS Lambda functions. The Lambda functions all use some of the same dependencies. To avoid security issues, the developer is constantly updating the dependencies of all of the Lambda functions. The result is duplicated effort for each function.

How can the developer keep the dependencies of the Lambda functions up to date with the LEAST additional complexity?
  • A. Define a maintenance window for the Lambda functions to ensure that the functions get updated copies of the dependencies.
  • B. Upgrade the Lambda functions to the most recent runtime version.
  • C. Define a Lambda layer that contains all of the shared dependencies.
  • D. Use an AWS CodeCommit repository to host the dependencies in a centralized location.
#67 (Accuracy: 100% / 4 votes)
A developer wants to reduce risk when deploying a new version of an existing AWS Lambda function. To test the Lambda function, the developer needs to split the traffic between the existing version and the new version of the Lambda function.

Which solution will meet these requirements?
  • A. Configure a weighted routing policy in Amazon Route 53. Associate the versions of the Lambda function with the weighted routing policy.
  • B. Create a function alias. Configure the alias to split the traffic between the two versions of the Lambda function.
  • C. Create an Application Load Balancer (ALB) that uses the Lambda function as a target. Configure the ALB to split the traffic between the two versions of the Lambda function.
  • D. Create the new version of the Lambda function as a Lambda layer on the existing version. Configure the function to split the traffic between the two layers.
#68 (Accuracy: 100% / 3 votes)
A company is running its application on the most recent generation of hare metal Amazon EC2 instances. A developer is adding a low-latency computation feature to the application. The feature depends on highly sensitive personally identifiable information (PII). When computation occurs on unencrypted data, the feature needs to run in an isolated environment that provides CPU and memory isolation.

Which solution will meet these requirements?
  • A. Build and deploy the feature on the original EC2 instance store.
  • B. Add the now feature in the original application. Deploy the application on a Dedicated Host.
  • C. Package the now feature and deploy the now feature on AWS Lambda. Use AWS Key Management Service (AWS KMS) to encrypt and decrypt the PII.
  • D. Build and deploy the now feature as part of the original application. Run the feature on AWS Nitro Enclaves.
#69 (Accuracy: 100% / 2 votes)
A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will invoke the Lambda function when an object is uploaded into an S3 bucket. The Lambda function will process the object and produce some analytic results that will be recorded into a file. Each processed object will also generate a log entry that will be recorded into a file.

Other Lambda functions, AWS services, and on-premises resources must have access to the result files and log file. Each log entry must also be appended to the same shared log file. The developer needs a solution that can share files and append results into an existing file.

Which solution should the developer use to meet these requirements?
  • A. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in Lambda. Store the result files and log file in the mount point. Append the log entries to the log file.
  • B. Create an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled volume. Attach the EBS volume to all Lambda functions. Update the Lambda function code to download the log file, append the log entries, and upload the modified log file to Amazon EBS.
  • C. Create a reference to the /tmp local directory. Store the result files and log file by using the directory reference. Append the log entry to the log file.
  • D. Create a reference to the /opt storage directory. Store the result files and log file by using the directory reference. Append the log entry to the log file.
#70 (Accuracy: 100% / 2 votes)
A development team is working on a mobile app that allows users to upload pictures to Amazon S3. The team expects the app will be used by hundreds of thousands of users during a single event simultaneously. Once the pictures are uploaded, the backend service will scan and parse the pictures for inappropriate content.

Which approach is the MOST resilient way to achieve this goal, which also smooths out temporary volume spikes for the backend service?
  • A. Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploaded pictures are detected, the Lambda function will scan and parse them.
  • B. Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event source to trigger an AWS Lambda function. In the Lambda function, scan and parse the picture.
  • C. When the user uploads a picture. invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda function to scan and parse the picture.
  • D. Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected, invoke an AWS Lambda function to scan and parse it.