Pass DVA-C02 Exam to Get Amazon Certification

Category:

Comments:

0 Comments

Post Date:

May 8, 2023

The DVA-C02 exam is hot, and passing it requires a deep understanding of Amazon solutions. Practicing with Amazon DVA-C02 dumps questions can help you reinforce your knowledge and increase your chances of passing the exam. DVA-C02 dumps are available to help you prepare for the DVA-C02 exam. Using DVA-C02 exam dumps questions is one effective way to supplement your study plan and increase your chances of success on exam day. Test free AWS Certified Associate DVA-C02 exam dumps below.

Page 1 of 7

1. Which of the following AWS services can be used to add user sign-up and sign-in functionality to your application?

Amazon Cognito

AWS IAM

AWS Directory Service

All of the above

2. For a deployment using AWS Code Deploy, what is the run order of the hooks for in-place deployments?

BeforeInstall -> ApplicationStop -> ApplicationStart -> AfterInstall

ApplicationStop -> BeforeInstall -> AfterInstall -> ApplicationStart

BeforeInstall -> ApplicationStop -> ValidateService -> ApplicationStart

ApplicationStop -> BeforeInstall -> ValidateService -> ApplicationStart

3. An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.

What is the MOST secure way to resolve this issue?

Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.

Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.

Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.

Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

4. An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyze patterns for the client IP addresses that use the application.

Which HTTP header should the developer use for this analysis?

The X-Forwarded-Proto header

The X-F Forwarded-Host header

The X-Forwarded-For header

The X-Forwarded-Port header

5. A company has an application that stores data in Amazon RDS instances. The application periodically experiences surges of high traffic that cause performance problems.

During periods of peak traffic, a developer notices a reduction in query speed in all database queries.

The team's technical lead determines that a multi-threaded and scalable caching solution should be used to offload the heavy read traffic. The solution needs to improve performance.

Which solution will meet these requirements with the LEAST complexity?

Use Amazon ElastiCache for Memcached to offload read requests from the main database.

Replicate the data to Amazon DynamoD

Set up a DynamoDB Accelerator (DAX) cluster.

Configure the Amazon RDS instances to use Multi-AZ deployment with one standby instance. Offload read requests from the main database to the standby instance.

Use Amazon ElastiCache for Redis to offload read requests from the main database.

6. A developer creates a static website for their department. The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront. The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket

The developer notices users can access the root URL and specific pages but cannot access directories

without specifying a file name. For example, /products/index.html works, but /products returns an error. The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly.

Which solution will meet these requirements?

Update the CloudFront distribution's settings to index.html as the default root object is set

Update the Amazon S3 bucket settings and enable static website hosting. Specify index html as the Index document Update the S3 bucket policy to enable access. Update the CloudFront distribution's origin to use the S3 website endpoint

Create a CloudFront function that examines the request URL and appends index.html when directories are being accessed Add the function as a viewer request CloudFront function to the CloudFront distribution's behavior.

Create a custom error response on the CloudFront distribution with the HTTP error code set to the HTTP 404 Not Found response code and the response page path to /index html Set the HTTP response code to the HTTP 200 OK response code

7. A developer is incorporating AWS X-Ray into an application that handles personal identifiable information (PII). The application is hosted on Amazon EC2 instances. The application trace messages include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes outside of the EC2 instances.

Which solution will meet these requirements?

Manually instrument the X-Ray SDK in the application code.

Use the X-Ray auto-instrumentation agent.

Use Amazon Macie to detect and hide PI

Call the X-Ray API from AWS Lambda.

Use AWS Distro for Open Telemetry.

8. An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the developer wants to examine the logs of the Lambda function code for errors.

Based on this system configuration, where would the developer find the logs?

Amazon S3

AWS CloudTrail

Amazon CloudWatch

Amazon DynamoDB

9. Which AWS service would you use to orchestrate microservices that include both containerized and serverless components?

AWS Elastic Beanstalk

AWS ECS and AWS Fargate

AWS Step Functions

Amazon EKS

10. A company is building a new application that runs on AWS and uses Amazon API Gateway to expose APIs Teams of developers are working on separate components of the application in parallel. The company wants to publish an API without an integrated backend so that teams that depend on the application backend can continue the development work before the API backend development is complete.

Which solution will meet these requirements?

Create API Gateway resources and set the integration type value to MOCK Configure the method integration request and integration response to associate a response with an HTTP status code Create an API Gateway stage and deploy the AP

Create an AWS Lambda function that returns mocked responses and various HTTP status codes. Create API Gateway resources and set the integration type value to AWS_PROXY Deploy the AP

Create an EC2 application that returns mocked HTTP responses Create API Gateway resources and set the integration type value to AWS Create an API Gateway stage and deploy the AP

Create API Gateway resources and set the integration type value set to HTTP_PROX

Add mapping templates and deploy the AP

Create an AWS Lambda layer that returns various HTTP status codes Associate the Lambda layer with the API deployment

Page 2 of 7

11. A developer supports an application that accesses data in an Amazon DynamoDB table. One of the item attributes is expirationDate in the timestamp format. The application uses this attribute to find items, archive them, and remove them from the table based on the timestamp value

The application will be decommissioned soon, and the developer must find another way to implement this functionality. The developer needs a solution that will require the least amount of code to write.

Which solution will meet these requirements?

Enable TTL on the expirationDate attribute in the table. Create a DynamoDB stream. Create an AWS Lambda function to process the deleted items. Create a DynamoDB trigger for the Lambda function.

Create two AWS Lambda functions one to delete the items and one to process the items Create a DynamoDB stream Use the Deleteltem API operation to delete the items based on the expirationDate attribute Use the GetRecords API operation to get the items from the DynamoDB stream and process them

Create two AWS Lambda functions, one to delete the items and one to process the items. Create an Amazon EventBndge scheduled rule to invoke the Lambda Functions Use the Deleteltem API operation to delete the items based on the expirationDate attribute. Use the GetRecords API operation to get the items from the DynamoDB table and process them.

Enable TTL on the expirationDate attribute in the table Specify an Amazon Simple Queue Service (Amazon SQS> dead-letter queue as the target to delete the items Create an AWS Lambda function to process the items

12. A developer maintains applications that store several secrets in AWS Secrets Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.

What should the developer do to meet these requirements?

Configure an AWS CloudTrail log file delivery to an Amazon S3 bucket. Create an Amazon CloudWatch alarm for the GetSecretValue. Secrets Manager API operation requests

Create a secrets manager-secret-unused AWS Config managed rule. Create an Amazon EventBridge rule to Initiate notification when the AWS Config managed rule is met.

Deactivate the applications secrets and monitor the applications error logs temporarily.

Configure AWS X-Ray for the applications. Create a sampling rule lo match the GetSecretValue Secrets Manager API operation requests.

13. A developer is creating an application that will give users the ability to store photos from their cellphones in the cloud. The application needs to support tens of thousands of users. The application uses an Amazon API Gateway REST API that is integrated with AWS Lambda functions to process the photos. The application stores details about the photos in Amazon DynamoDB.

Users need to create an account to access the application. In the application, users must be able to upload photos and retrieve previously uploaded photos. The photos will range in size from 300 KB to 5 MB.

Which solution will meet these requirements with the LEAST operational overhead?

Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the AP

Use the Lambda function to store the photos and details in the DynamoDB table. Retrieve previously uploaded photos directly from the DynamoDB table.

Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the AP

Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as part of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

Create an IAM user for each user of the application during the sign-up process. Use IAM authentication to access the API Gateway AP

Create a users table in DynamoD

Use the table to manage user accounts. Create a Lambda authorizer that validates user credentials against the users table. Integrate the Lambda authorizer with API Gateway to control access to the AP

Use the Lambda function to store the photos in Amazon S3. Store the object's S3 key as par of the photo details in the DynamoDB table. Retrieve previously uploaded photos by querying DynamoDB for the S3 key.

14. A company needs to harden its container images before the images are in a running state. The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that orchestrates a continuous integration and continuous delivery (CI/CD) workflow.

Dynamic application security testing occurs in the final stage of the pipeline after a new image is deployed to a development namespace in the EKS cluster. A developer needs to place an analysis stage before this deployment to analyze the container image earlier in the CI/CD pipeline.

Which solution will meet these requirements with the MOST operational efficiency?

Build the container image and run the docker scan command locally. Mitigate any findings before pushing changes to the source code repository. Write a pre-commit hook that enforces the use of this workflow before commit.

Create a new CodePipeline stage that occurs after the container image is built. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.

Create a new CodePipeline stage that occurs after source code has been retrieved from its repository. Run a security scanner on the latest revision of the source code. Fail the pipeline if there are findings.

Add an action to the deployment stage of the pipeline so that the action occurs before the deployment to the EKS cluster. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.

15. A developer is troubleshooting an application mat uses Amazon DynamoDB in the uswest-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy.

When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

Modify the IAM policy resource to be "arn aws dynamo* us-west-2 account-id table/*"

Modify the IAM policy to include the dynamodb * action

Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.

Create a trust relationship between the role and dynamodb Amazonas com.

16. What AWS service is primarily used for collecting and processing large streams of data records in real-time?

AWS Lambda

Amazon Kinesis

Amazon Redshift

Amazon SNS, Amazon SQS

17. A company has an ecommerce application. To track product reviews, the company's development

team uses an Amazon DynamoDB table.

Every record includes the following

• A Review ID a 16-digrt universally unique identifier (UUID)

• A Product ID and User ID 16 digit UUlDs that reference other tables

• A Product Rating on a scale of 1-5

• An optional comment from the user

The table partition key is the Review ID. The most performed query against the table is to find the 10 reviews with the highest rating for a given product.

Which index will provide the FASTEST response for this query"?

A global secondary index (GSl) with Product ID as the partition key and Product Rating as the sort key

A global secondary index (GSl) with Product ID as the partition key and Review ID as the sort key

A local secondary index (LSI) with Product ID as the partition key and Product Rating as the sort key

A local secondary index (LSI) with Review ID as the partition key and Product ID as the sort key

18. A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.

Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.

Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

19. A developer is creating a new REST API by using Amazon API Gateway and AWS Lambd

a. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment.

The developer wants to make the REST API available for testing by using API Gateway locally.

Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?

Sam local invoke

Sam local generate-event

Sam local start-lambda

Sam local start-api

20. A company wants to share information with a third party. The third party has an HTTP API endpoint that the company can use to share the information. The company has the required API key to access the HTTP API.

The company needs a way to manage the API key by using code. The integration of the API key with the application code cannot affect application performance.

Which solution will meet these requirements MOST securely?

Store the API credentials in AWS Secrets Manager. Retrieve the API credentials at runtime by using the AWS SD

Use the credentials to make the API call.

Store the API credentials in a local code variable. Push the code to a secure Git repository. Use the local code variable at runtime to make the API call.

Store the API credentials as an object in a private Amazon S3 bucket. Restrict access to the S3 object by using IAM policies. Retrieve the API credentials at runtime by using the AWS SD

Use the credentials to make the API call.

Store the API credentials in an Amazon DynamoDB table. Restrict access to the table by using resource-based policies. Retrieve the API credentials at runtime by using the AWS SD

Use the credentials to make the API call.

Page 3 of 7

21. A company has multiple Amazon VPC endpoints in the same VPC. A developer needs configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.

Which solution will meet these requirements?

Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws SourceVpce value in the StringNotEquals condition.

Create a single S3 bucket policy that has the aws SourceVpc value and in the StingNotEquals condition to use VPC I

Create a single S3 bucket policy that the multiple aws SourceVpce value and in the SringNotEquals condton to use vpce.

Create a single S3 bucket policy that has multiple aws sourceVpce value in the StingNotEquale condition. Repeat for all the VPC endpoint IDs.

22. A developer is creating an AWS Lambda function that searches for items from an Amazon DynamoDB table that contains customer contact information-. The DynamoDB table items have the customer's email_address as the partition key and additional properties such as customer_type, name, and job_tltle.

The Lambda function runs whenever a user types a new character into the customer_type text input. The developer wants the search to return partial matches of all the email_address property of a particular customer_type. The developer does not want to recreate the DynamoDB table.

What should the developer do to meet these requirements?

Add a global secondary index (GSI) to the DynamoDB table with customer_type as the partition key and email_address as the sort key Perform a query operation on the GSI by using the begvns_wth key condition expression With the emad_address property

Add a global secondary index (GSI) to the DynamoDB table With ernail_address as the partition key and customer_type as the sort key Perform a query operation on the GSI by using the begins_wtth key condition expression With the emal_address property.

Add a local secondary index (LSI) to the DynamoDB table With customer_type as the partition key and email_address as the sort key Perform a query operation on the LSI by using the begins_wlth key condition expression With the email_address property

Add a local secondary Index (LSI) to the DynamoDB table With job_tltle as the partition key and emad_address as the sort key Perform a query operation on the LSI by using the begins_wrth key condition expression With the email_address property

23. In AWS, what is the best practice for deploying an application across multiple Availability Zones?

Use Elastic Load Balancing

Deploy in a single zone and replicate to others manually

Use Amazon RDS multi-AZ deployments

All of the above

24. A company is developing an ecommerce application that uses Amazon API Gateway APIs. The application uses AWS Lambda as a backend. The company needs to test the code in a dedicated, monitored test environment before the company releases the code to the production environment.

When solution will meet these requirements?

Use a single stage in API Gateway. Create a Lambda function for each environment. Configure API clients to send a query parameter that indicates the endowment and the specific lambda function.

Use multiple stages in API Gateway. Create a single Lambda function for all environments. Add different code blocks for different environments in the Lambda function based on Lambda environments variables.

Use multiple stages in API Gateway. Create a Lambda function for each environment. Configure API Gateway stage variables to route traffic to the Lambda function in different environments.

Use a single stage in API Gateway. Configure a API client to send a query parameter that indicated the environment. Add different code blocks tor afferent environments in the Lambda Junction to match the value of the query parameter.

25. When using Amazon DynamoDB, what feature automatically adjusts throughput capacity in response to dynamically changing workloads?

DynamoDB Accelerator (DAX)

Auto Scaling

Global Tables

On-Demand Capacity

26. A developer is writing a serverless application that requires an AWS Lambda function to be invoked every 10 minutes.

What is an automated and serverless way to invoke the function?

Deploy an Amazon EC2 instance based on Linux, and edit its /etc/confab file by adding a command to periodically invoke the lambda function

Configure an environment variable named PERIOD for the Lambda function. Set the value to 600.

Create an Amazon EventBridge rule that runs on a regular schedule to invoke the Lambda function.

Create an Amazon Simple Notification Service (Amazon SNS) topic that has a subscription to the Lambda function with a 600-second timer.

27. A developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit.

Which of the following API Gateway metrics in Amazon CloudWatch can help the developer troubleshoot the issue? (Choose two.)

CacheHitCount

IntegrationLatency

CacheMissCount

Latency

Count

28. A developer is modifying an existing AWS Lambda function White checking the code the developer notices hardcoded parameter various for an Amazon RDS for SQL Server user name password database host and port. There also are hardcoded parameter values for an Amazon DynamoOB table. an Amazon S3 bucket, and an Amazon Simple Notification Service (Amazon SNS) topic.

The developer wants to securely store the parameter values outside the code m an encrypted format and wants to turn on rotation for the credentials. The developer also wants to be able to reuse the parameter values from other applications and to update the parameter values without modifying code.

Which solution will meet these requirements with the LEAST operational overhead?

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create encrypted Lambda environment variables for the DynamoDB table, S3 bucket and SNS topic.

Create an RDS database secret in AWS Secrets Manager. Set the user name password, database, host and port. Turn on secret rotation. Create Secure String parameters in AWS Systems Manager Parameter Store for the DynamoDB table, S3 bucket and SNS topic.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password, database, host and port. Create encrypted Lambda environment variables for me DynamoDB table, S3 bucket, and SNS topic. Create a Lambda function and set the logic for the credentials rotation task Schedule the credentials rotation task in Amazon EventBridge.

Create RDS database parameters in AWS Systems Manager Parameter. Store for the user name password database, host, and port. Store the DynamoDB table. S3 bucket, and SNS topic in Amazon S3 Create a Lambda function and set the logic for the credentials rotation Invoke the Lambda function on a schedule.

29. An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.

Which option will meet these requirements with the HIGHEST level of security?

Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).

Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.

Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.

Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

30. A company is building a micro services app1 cation that consists of many AWS Lambda functions. The development team wants to use AWS Serverless Application Model (AWS SAM) templates to automatically test the Lambda functions. The development team plans to test a small percentage of traffic that is directed to new updates before the team commits to a full deployment of the application.

Which combination of steps will meet these requirements in the MOST operationally efficient way? (Select TWO.)

Use AWS SAM CLI commands in AWS CodeDeploy lo invoke the Lambda functions lo lest the deployment

Declare the EventlnvokeConfig on the Lambda functions in the AWS SAM templates with OnSuccess and OnFailure configurations.

Enable gradual deployments through AWS SAM templates.

Set the deployment preference type to Canary10Percen130Minutes Use hooks to test the deployment.

Set the deployment preference type to Linear10PefcentEvery10Minutes Use hooks to test the deployment.

Page 4 of 7

31. A company uses Amazon API Gateway to expose a set of APIs to customers. The APIs have caching enabled in API Gateway. Customers need a way to invalidate the cache for each API when they test the API.

What should a developer do to give customers the ability to invalidate the API cache?

Ask the customers to use AWS credentials to call the InvalidateCache API operation.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the AP

Ask the customers to send a request that contains the HTTP header when they make an API call.

Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API operation.

Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the AP

Ask the customers to add the INVALIDATE_CACHE query string parameter when they make an API call.

32. A developer is working on an ecommerce platform that communicates with several third-party payment processing APIs. The third-party payment services do not provide a test environment.

The developer needs to validate the ecommerce platform's integration with the third-party payment processing APIs. The developer must test the API integration code without invoking the third-party payment processing APIs.

Which solution will meet these requirements?

Set up an Amazon API Gateway REST API with a gateway response configured for status code 200 Add response templates that contain sample responses captured from the real third-party AP

Set up an AWS AppSync GraphQL API with a data source configured for each third-party API Specify an integration type of Mock Configure integration responses by using sample responses captured from the real third-party AP

Create an AWS Lambda function for each third-party AP

Embed responses captured from the real third-party AP

Configure Amazon Route 53 Resolver with an inbound endpoint for each Lambda function's Amazon Resource Name (ARN).

Set up an Amazon API Gateway REST API for each third-party API Specify an integration request type of Mock Configure integration responses by using sample responses captured from the real third-party API

33. A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same AWS Region as the S3 bucket an AWS CloudPormation template that runs for each account will deploy the Lambda function.

What is the MOST secure way to allow CloudFormaton to access the Lambda Code in the S3 bucket?

Grant the CloudFormation service role the S3 ListBucket and GetObject permissions. Add a bucket policy to Amazon S3 with the principal of "AWS" (account numbers)

Grant the CloudFormation service row the S3 GetObfect permission. Add a Bucket policy to Amazon S3 with the principal of "'"

Use a service-based link to grant the Lambda function the S3 ListBucket and GetObject permissions by explicitly adding the S3 bucket's account number in the resource.

Use a service-based link to grant the Lambda function the S3 GetObject permission Add a resource of "** to allow access to the S3 bucket.

34. When using the AWS Encryption SDK how does the developer keep track of the data encryption keys used to encrypt data?

The developer must manually keep Hack of the data encryption keys used for each data object.

The SDK encrypts the data encryption key and stores it (encrypted) as part of the resumed ophertext.

The SDK stores the data encryption keys automaticity in Amazon S3.

The data encryption key is stored m the user data for the EC2 instance.

35. A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream. The company recently observed slow processing of the records. A developer notices that the iterator age metric for the function is increasing and that the Lambda run duration is constantly above normal.

Which actions should the developer take to increase the processing speed? (Choose two.)

Increase the number of shards of the Kinesis data stream.

Decrease the timeout of the Lambda function.

Increase the memory that is allocated to the Lambda function.

Decrease the number of shards of the Kinesis data stream.

Increase the timeout of the Lambda function.

36. A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetItem low-level API operation. The responses frequently return values in the UnprocessedKeys element.

Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)

Retry the batch operation immediately.

Retry the batch operation with exponential backoff and randomized delay.

Update the application to use an AWS software development kit (AWS SDK) to make the requests.

Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

37. A developer is working on a web application that uses Amazon DynamoDB as its data store. The application has two DynamoDB tables one table that is named artists and one table that is named songs. The artists table has artistName as the partition key. The songs table has songName as the partition key and artistName as the sort key

The table usage patterns include the retrieval of multiple songs and artists in a single database operation from the webpage. The developer needs a way to retrieve this information with minimal network traffic and optimal application performance.

Which solution will meet these requirements?

Perform a BatchGetltem operation that returns items from the two tables. Use the list of songName artistName keys for the songs table and the list of artistName key for the artists table.

Create a local secondary index (LSI) on the songs table that uses artistName as the partition key Perform a query operation for each artistName on the songs table that filters by the list of songName Perform a query operation for each artistName on the artists table

Perform a BatchGetltem operation on the songs table that uses the songName/artistName keys. Perform a BatchGetltem operation on the artists table that uses artistName as the key.

Perform a Scan operation on each table that filters by the list of songName/artistName for the songs table and the list of artistName in the artists table.

38. A company hosts its application on AWS. The application runs on an Amazon Elastic Container Service (Amazon ECS) cluster that uses AWS Fargate. The cluster runs behind an Application Load Balancer. The application stores data in an Amazon Aurora database A developer encrypts and manages database credentials inside the application

The company wants to use a more secure credential storage method and implement periodic credential rotation.

Which solution will meet these requirements with the LEAST operational overhead?

Migrate the secret credentials to Amazon RDS parameter groups. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key Turn on secret rotation. Use 1AM policies and roles to grant AWS KMS permissions to access Amazon RD

Migrate the credentials to AWS Systems Manager Parameter Store. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use 1AM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager

Migrate the credentials to ECS Fargate environment variables. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key Turn on secret rotation. Use 1AM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.

Migrate the credentials to AWS Secrets Manager. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key Turn on secret rotation Use 1AM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager by using keys.

39. A developer is deploying an AWS Lambda function. The developer wants the ability to return to older versions of the function quickly and seamlessly.

How can the developer achieve this goal with the LEAST operational overhead?

Use AWS OpsWorks to perform blue/green deployments.

Use a function alias with different versions.

Maintain deployment packages for older versions in Amazon S3.

Use AWS CodePipeline for deployments and rollbacks.

40. A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).

Which solution will meet this requirement?

Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.

Set the x-amz-server-side-encryption header when invoking the PutObject API operation.

Provide the encryption key in the HTTP header of every request.

Apply TLS to encrypt the traffic to the S3 bucket.

Page 5 of 7

41. A company wants to deploy and maintain static websites on AWS. Each website's source code is hosted in one of several version control systems, including AWS CodeCommit, Bitbucket, and GitHub. The company wants to implement phased releases by using development, staging, user acceptance testing, and production environments in the AWS Cloud. Deployments to each environment must be started by code merges on the relevant Git branch. The company wants to use HTTPS for all data exchange. The company needs a solution that does not require servers to run continuously.

Which solution will meet these requirements with the LEAST operational overhead?

Host each website by using AWS Amplify with a serverless backend. Conned the repository branches that correspond to each of the desired environments. Start deployments by merging code changes to a desired branch.

Host each website in AWS Elastic Beanstalk with multiple environments. Use the EB CLI to link each repository branch. Integrate AWS CodePipeline to automate deployments from version control code merges.

Host each website in different Amazon S3 buckets for each environment. Configure AWS CodePipeline to pull source code from version control. Add an AWS CodeBuild stage to copy source code to Amazon S3.

Host each website on its own Amazon EC2 instance. Write a custom deployment script to bundle each website's static assets. Copy the assets to Amazon EC2. Set up a workflow to run the script when code is merged.

42. An application runs on multiple EC2 instances behind an ELB.

Where is the session data best written so that it can be served reliably across multiple requests?

Write data to Amazon ElastiCache

Write data to Amazon Elastic Block Store

Write data to Amazon EC2 instance Store

Wide data to the root filesystem

43. A developer has been asked to create an AWS Lambda function that is invoked any time updates are made to items in an Amazon DynamoDB table. The function has been created and appropriate permissions have been added to the Lambda execution role Amazon DynamoDB streams have been enabled for the table, but the function 15 still not being invoked.

Which option would enable DynamoDB table updates to invoke the Lambda function?

Change the StreamViewType parameter value to NEW_AND_OLOJMAGES for the DynamoDB table.

Configure event source mapping for the Lambda function.

Map an Amazon Simple Notification Service (Amazon SNS) topic to the DynamoDB streams.

Increase the maximum runtime (timeout) setting of the Lambda function.

44. A development team maintains a web application by using a single AWS CloudFormation template. The template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template to deploy the Cloud Formation stack to different environments.

During a recent application deployment, a developer caused the primary development database to be dropped and recreated. The result of this incident was a loss of data. The team needs to avoid accidental database deletion in the future.

Which solutions will meet these requirements? (Choose two.)

Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.

Update the CloudFormation stack policy to prevent updates to the database.

Modify the database to use a Multi-AZ deployment.

Create a CloudFormation stack set for the web application and database deployments.

Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

45. An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct 1AM policy already exists

What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

Attach the existing 1AM policy to the Lambda function.

Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function

Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.

Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function

46. A company runs an application on AWS. The application uses an AWS Lambda function that is configured with an Amazon Simple Queue Service (Amazon SQS) queue called high priority queue as the event source A developer is updating the Lambda function with another SQS queue called low priority queue as the event source. The Lambda function must always read up to 10 simultaneous messages from the high priority queue before processing messages from low priority queue. The Lambda function must be limited to 100 simultaneous invocations.

Which solution will meet these requirements?

Set the event source mapping batch size to 10 for the high priority queue and to 90 for the low priority queue

Set the delivery delay to 0 seconds for the high priority queue and to 10 seconds for the low priority queue

Set the event source mapping maximum concurrency to 10 for the high priority queue and to 90 for the low priority queue

Set the event source mapping batch window to 10 for the high priority queue and to 90 for the low priority queue

47. For compliance monitoring, what AWS service allows you to audit changes to AWS resources?

AWS Config

Amazon CloudWatch

AWS CloudTrail

AWS IAM

48. A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance

How can the application find this information?

Query the instance metadata from http./M69.254.169.254. latestmeta-data/.

Query the instance user data from http '169 254.169 254. latest/user-data/

Query the Amazon Machine Image (AMI) information from http://169.254.169.254/latest/meta-data/ami/.

Check the hosts file of the operating system

49. A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.

Which solution will meet these requirements MOST cost-effectively?

Amazon S3 with encrypted files prefixed with “config”

AWS Secrets Manager secrets with a tag that is named SecretString

AWS Systems Manager Parameter Store SecureString parameters

CloudFormation NoEcho parameters

50. A company runs a batch processing application by using AWS Lambda functions and Amazon API Gateway APIs with deployment stages for development, user acceptance testing and production A development team needs to configure the APIs in the deployment stages to connect to third-party service endpoints.

Which solution will meet this requirement?

Store the third-party service endpoints in Lambda layers that correspond to the stage

Store the third-party service endpoints in API Gateway stage variables that correspond to the stage

Encode the third-party service endpoints as query parameters in the API Gateway request UR

Store the third-party service endpoint for each environment in AWS AppConfig

Page 6 of 7

51. A developer is testing an application that invokes an AWS Lambda function asynchronously. During the testing phase the Lambda function fails to process after two retries.

How can the developer troubleshoot the failure?

Configure AWS CloudTrail logging to investigate the invocation failures.

Configure Dead Letter Queues by sending events to Amazon SQS for investigation.

Configure Amazon Simple Workflow Service to process any direct unprocessed events.

Configure AWS Config to process any direct unprocessed events.

52. A company is using AWS CioudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application.

What is the MOST operationally efficient solution that meets these requirements?

Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.

Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.

Use a cron daemon on the application s host to generate and rotate the password.

Use an AWS Secrets Manager resource to generate and rotate the password.

53. An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Select TWO)

Use AWS KMS t0 encrypt traffic between cloudFront and the web application.

Set the Origin Protocol Policy to "HTTPS Only".

Set the Origin’s HTTP Port to 443.

Set the Viewer Protocol Policy to "HTTPS Only" or Redirect HTTP to HTTPS"

Enable the CloudFront option Restrict Viewer Access.

54. A company is migrating an on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads. The company wants to refactor the code to achieve optimum read performance for queries.

Which solution will meet this requirement with LEAST current and future effort?

Use a multi-AZ Amazon RDS deployment. Increase the number of connections that the code makes to the database or increase the connection pool size if a connection pool is in use.

Use a multi-AZ Amazon RDS deployment. Modify the code so that queries access the secondary RDS instance.

Deploy Amazon RDS with one or more read replicas. Modify the application code so that queries use the URL for the read replicas.

Use open source replication software to create a copy of the MySQL database on an Amazon EC2 instance. Modify the application code so that queries use the IP address of the EC2 instance.

55. A developer needs to build an AWS CloudFormation template that self-populates the AWS Region variable that deploys the CloudFormation template

What is the MOST operationally efficient way to determine the Region in which the template is being deployed?

Use the AWS:.Region pseudo parameter

Require the Region as a CloudFormation parameter

Find the Region from the AWS::Stackld pseudo parameter by using the Fn::Split intrinsic function

Dynamically import the Region by referencing the relevant parameter in AWS Systems Manager Parameter Store

56. A company has built an AWS Lambda function to convert large image files into output files that can be used in a third-party viewer application. The company recently added a new module to the function to improve the output of the generated files However, the new module has increased the bundle size and has increased the time that is needed to deploy changes to the function code.

How can a developer increase the speed of the Lambda function deployment?

Use AWS CodeDeploy to deploy the function code

Use Lambda layers to package and load dependencies.

Increase the memory size of the function.

Use Amazon S3 to host the function dependencies

57. A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI). The company uses AWS CloudFormation to provision the application. The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region

An attempt to create the AWS CloudFormation stack in us-west-1 fails. An error message states that the AMI ID does not exist. A developer must resolve this error with a solution that uses the least amount of operational overhead

Which solution meets these requirements?

Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AM

Relaunch the stack for both Regions.

Copy the custom AMI from us-east-1 to us-west-1. Update the AWS CloudFormation template for us-west-1 to refer to AMI ID for the copied AMI Relaunch the stack

Build the custom AMI in us-west-1 Create a new AWS CloudFormation template to launch the stack in us-west-1 with the new AMI ID

Manually deploy the application outside AWS CloudFormation in us-west-1.

58. Users are reporting errors in an application. The application consists of several micro services that are deployed on Amazon Elastic Container Serves (Amazon ECS) with AWS Fargate.

When combination of steps should a developer take to fix the errors? (Select TWO)

Deploy AWS X-Ray as a sidecar container to the micro services. Update the task role policy to allow access to me X -Ray AP

Deploy AWS X-Ray as a daemon set to the Fargate cluster. Update the service role policy to allow access to the X-Ray AP

Instrument the application by using the AWS X-Ray SD

Update the application to use the Put-XrayTrace API call to communicate with the X-Ray AP

Instrument the application by using the AWS X-Ray SD

Update the application to communicate with the X-Ray daemon.

Instrument the ECS task to send the stout and spider- output to Amazon CloudWatch Logs. Update the task role policy to allow the cloudwatch Putlogs action.

59. A developer is creating an application that will store personal health information (PHI). The PHI needs to be encrypted at all times. An encrypted Amazon RDS for MySQL DB instance is storing the data. The developer wants to increase the performance of the application by caching frequently accessed data while adding the ability to sort or rank the cached datasets.

Which solution will meet these requirements?

Create an Amazon ElastiCache for Redis instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

Create an Amazon ElastiCache for Memcached instance. Enable encryption of data in transit and at rest. Store frequently accessed data in the cache.

Create an Amazon RDS for MySQL read replica. Connect to the read replica by using SS

Configure the read replica to store frequently accessed data.

Create an Amazon DynamoDB table and a DynamoDB Accelerator (DAX) cluster for the table. Store frequently accessed data in the DynamoDB table.

60. When a developer tries to run an AWS Code Build project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters.

What is the recommended solution?

Add the export LC-_ALL" on _ US, tuft" command to the pre _ build section to ensure POSIX Localization.

Use Amazon Cognate to store key-value pairs for large numbers of environment variables

Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables

Use AWS Systems Manager Parameter Store to store large numbers ot environment variables

Page 7 of 7

61. A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon Elastic Block Store (Amazon EBS) volumes for storing data. The Amazon EBS volumes will be created at time of initial deployment. The application will process sensitive information. All of the data must be encrypted. The solution should not impact the application's performance.

Which solution will meet these requirements?

Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.

Configure the application to write all data to an encrypted Amazon S3 bucket.

Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.

Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.

62. A developer is creating an application that includes an Amazon API Gateway REST API in the us-east-2 Region. The developer wants to use Amazon CloudFront and a custom domain name for the API. The developer has acquired an SSL/TLS certificate for the domain from a third-party provider.

How should the developer configure the custom domain for the application?

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the AP

Create a DNS A record for the custom domain.

Import the SSL/TLS certificate into CloudFront. Create a DNS CNAME record for the custom domain.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region as the AP

Create a DNS CNAME record for the custom domain.

Import the SSL/TLS certificate into AWS Certificate Manager (ACM) in the us-east-1 Region. Create a DNS CNAME record for the custom domain.

63. A developer needs to store configuration variables for an application. The developer needs to set an expiration date and time for me configuration. The developer wants to receive notifications. Before the configuration expires.

Which solution will meet these requirements with the LEAST operational overhead?

Create a standard parameter in AWS Systems Manager Parameter Store Set Expiation and Expiration Notification policy types.

Create a standard parameter in AWS Systems Manager Parameter Store Create an AWS Lambda function to expire the configuration and to send Amazon Simple Notification Service (Amazon SNS) notifications.

Create an advanced parameter in AWS Systems Manager Parameter Store Set Expiration and Expiration Notification policy types.

Create an advanced parameter in AWS Systems Manager Parameter Store Create an Amazon EC2 instance with a corn job to expire the configuration and to send notifications.

TAGS:

DVA-C02, DVA-C02 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

Amazon Free Dumps

Get DVA-C02 Dumps Full Version

Q&As: 198
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Pass DVA-C02 Exam to Get Amazon Certification

Related

Posts

Prepare SOA-C02 Exam with Using SOA-C02 Dump Questions

Online MLS-C01 Exam Dumps Help You Build Confidence

Test Online CLF-C02 Dumps Questions to Be Certified

Good DAS-C01 Exam Dumps Save Your Preparation Time

About Us

EMAIL

Services

Opening Hours