Amazon AWS Certified Developer - Associate DVA-C02
Prev

There are 313 results

Next
#91 (Accuracy: 100% / 6 votes)
When using the AWS Encryption SDK, how does the developer keep track of the data encryption keys used to encrypt data?
  • A. The developer must manually keep track of the data encryption keys used for each data object.
  • B. The SDK encrypts the data encryption key and stores it (encrypted) as part of the returned ciphertext.
  • C. The SDK stores the data encryption keys automatically in Amazon S3.
  • D. The data encryption key is stored in the Userdata for the EC2 instance.
#92 (Accuracy: 100% / 6 votes)
A company is preparing to migrate an application to the company's first AWS environment. Before this migration, a developer is creating a proof-of-concept application to validate a model for building and deploying container-based applications on AWS.

Which combination of steps should the developer take to deploy the containerized proof-of-concept application with the LEAST operational effort? (Choose two.)
  • A. Package the application into a .zip file by using a command line tool. Upload the package to Amazon S3.
  • B. Package the application into a container image by using the Docker CLI. Upload the image to Amazon Elastic Container Registry (Amazon ECR).
  • C. Deploy the application to an Amazon EC2 instance by using AWS CodeDeploy.
  • D. Deploy the application to Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate.
  • E. Deploy the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.
#93 (Accuracy: 100% / 3 votes)
A company runs an application on Amazon EC2 instances. The EC2 instances open connections to an Amazon RDS for SQL Server database. A developer needs to store and access the credentials and wants to automatically rotate the credentials. The developer does not want to store the credentials for the database in the code.

Which solution will meet these requirements in the MOST secure way?
  • A. Create an IAM role that has permissions to access the database. Attach the IAM role to the EC2 instances.
  • B. Store the credentials as secrets in AWS Secrets Manager. Create an AWS Lambda function to update the secrets and the database. Retrieve the credentials from Secrets Manager as needed.
  • C. Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance launch template to download the credentials from Amazon S3 as the instance launches. Create an AWS Lambda function to update the secrets and the database.
  • D. Store the credentials in an Amazon DynamoDB table. Configure an Amazon CloudWatch Events rule to invoke an AWS Lambda function to periodically update the secrets and database.
#94 (Accuracy: 100% / 3 votes)
A company requires that all applications running on Amazon EC2 use IAM roles to gain access to AWS services. A developer is modifying an application that currently relies on IAM user access keys stored in environment variables to access Amazon DynamoDB tables using boto, the AWS SDK for Python.

The developer associated a role with the same permissions as the IAM user to the EC2 instance, then deleted the IAM user. When the application was restarted, the AWS AccessDeniedException messages started appearing in the application logs. The developer was able to use their personal account on the server to run DynamoDB API commands using the AWS CLI.

What is the MOST likely cause of the exception?
  • A. IAM policies might take a few minutes to propagate to resources.
  • B. Disabled environment variable credentials are still being used by the application.
  • C. The AWS SDK does not support credentials obtained using an instance role.
  • D. The instance’s security group does not allow access to http://169.254.169.254.
#95 (Accuracy: 100% / 4 votes)
A developer has AWS Lambda functions that need to access a company's internal data science libraries and reference data. Separate teams manage the libraries and the data. The teams must be able to update and upload new data independently. The Lambda functions are connected to the company's central VPC.

Which solution will provide the Lambda functions with access to the libraries and data?
  • A. Attach an Amazon Elastic Block Store (Amazon EBS) volume to the Lambda functions by using EBS Multi-Attach in the central VPC. Update the Lambda function execution roles to give the functions to access the EBS volume. Update the Lambda function code to reference the files in the EBS volume.
  • B. Compress the libraries and reference data in a Lambda /tmp folder. Update the Lambda function code to reference the files in the /tmp folder.
  • C. Set up an Amazon Elastic File System (Amazon EFS) file system with mount targets in the central VPConfigure the Lambda functions to mount the EFS file system. Update the Lambda function execution roles to give the functions to access the EFS file system.
  • D. Set up an Amazon FSx for Windows File Server file system with mount targets in the central VPC. Configure the Lambda functions to mount the Amazon FSx file system. Update the Lambda function execution roles to give the functions to access the Amazon FSx file system.
#96 (Accuracy: 100% / 4 votes)
A company needs to set up secure database credentials for all its AWS Cloud resources. The company’s resources include Amazon RDS DB instances, Amazon DocumentDB clusters, and Amazon Aurora DB instances. The company’s security policy mandates that database credentials be encrypted at rest and rotated at a regular interval.

Which solution will meet these requirements MOST securely?
  • A. Set up IAM database authentication for token-based access. Generate user tokens to provide centralized access to RDS DB instances, Amazon DocumentDB clusters, and Aurora DB instances.
  • B. Create parameters for the database credentials in AWS Systems Manager Parameter Store. Set the Type parameter to SecureString. Set up automatic rotation on the parameters.
  • C. Store the database access credentials as an encrypted Amazon S3 object in an S3 bucket. Block all public access on the S3 bucket. Use S3 server-side encryption to set up automatic rotation on the encryption key.
  • D. Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console. Create secrets for the database credentials in Secrets Manager. Set up secrets rotation on a schedule.
#97 (Accuracy: 100% / 6 votes)
A developer is creating an AWS Lambda function. The Lambda function needs an external library to connect to a third-party solution. The external library is a collection of files with a total size of 100 MB. The developer needs to make the external library available to the Lambda execution environment and reduce the Lambda package space.

Which solution will meet these requirements with the LEAST operational overhead?
  • A. Create a Lambda layer to store the external library. Configure the Lambda function to use the layer.
  • B. Create an Amazon S3 bucket. Upload the external library into the S3 bucket. Mount the S3 bucket folder in the Lambda function. Import the library by using the proper folder in the mount point.
  • C. Load the external library to the Lambda function's /tmp directory during deployment of the Lambda package. Import the library from the /tmp directory.
  • D. Create an Amazon Elastic File System (Amazon EFS) volume. Upload the external library to the EFS volume. Mount the EFS volume in the Lambda function. Import the library by using the proper folder in the mount point.
#98 (Accuracy: 100% / 2 votes)
A company has a development team that uses AWS CodeCommit for version control. The development team has CodeCommit repositories in multiple AWS accounts. The team is expanding to include developers who work in various locations.

The company must ensure that the developers have secure access to the repositories.

Which solution will meet these requirements in the MOST operationally efficient way?
  • A. Configure IAM roles for each developer and grant access individually.
  • B. Configure permission sets in AWS IAM Identity Center to grant access to the accounts.
  • C. Share AWS access keys with the development team for direct repository access.
  • D. Use public SSH keys for authentication to the CodeCommit repositories.
#99 (Accuracy: 100% / 2 votes)
A company hosts its application in the us-west-1 Region. The company wants to add redundancy in the us-east-1 Region.

The application secrets are stored in AWS Secrets Manager in us-west-1. A developer needs to replicate the secrets to us-east-1.

Which solution will meet this requirement?
  • A. Configure secret replication for each secret. Add us-east-1 as a replication Region. Choose an AWS Key Management Service (AWS KMS) key in us-east-1 to encrypt the replicated secrets.
  • B. Create a new secret in us-east-1 for each secret. Configure secret replication in us-east-1. Set the source to be the corresponding secret in us-west-1. Choose an AWS Key Management Service (AWS KMS) key in us-west-1 to encrypt the replicated secrets.
  • C. Create a replication rule for each secret. Set us-east-1 as the destination Region. Configure the rule to run during secret rotation. Choose an AWS Key Management Service (AWS KMS) key in us-east-1 to encrypt the replicated secrets.
  • D. Create a Secrets Manager lifecycle rule to replicate each secret to a new Amazon S3 bucket in us-west-1. Configure an S3 replication rule to replicate the secrets to us-east-1.
#100 (Accuracy: 100% / 2 votes)
A developer is designing a fault-tolerant environment where client sessions will be saved.

How can the developer ensure that no sessions are lost if an Amazon EC2 instance fails?
  • A. Use sticky sessions with an Elastic Load Balancer target group.
  • B. Use Amazon SQS to save session data.
  • C. Use Amazon DynamoDB to perform scalable session handling.
  • D. Use Elastic Load Balancer connection draining to stop sending requests to failing instances.