An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table. The correct IAM policy already exists. What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?
A. Attach the existing IAM policy to the Lambda function.
B. Create an IAM role for the Lambda function. Attach the existing IAM policy to the role. Attach the role to the Lambda function.
C. Create an IAM user with programmatic access. Attach the existing IAM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
D. Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function.
A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.
Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)
A. Restrict viewer access by using signed URLs.
B. Set the Origin Protocol Policy setting to Match Viewer.
C. Enable field-level encryption.
D. Enable automatic object compression.
E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
A developer is troubleshooting connectivity issues between an AWS Lambda function and an Amazon EC2 instance that runs Amazon Linux 2. The Lambda function and the EC2 instance cannot communicate with each other even though the Lambda function is configured to access resources in the EC2 instance's subnet.
How can the developer inspect the network traffic between the Lambda function and the EC2 instance?
A. Inspect the VPC flow logs for network activity.
B. Use the traceroute command on the EC2 instance to check connectivity.
C. Analyze the Amazon CloudWatch metrics for network traffic.
D. Use the telnet command on the EC2 instance to check connectivity.
A developer is building a new application that uses an Amazon DynamoDB table. The specification states that all items that are older than 48 hours must be removed. Which solution will meet this requirement?
A. Create a new attribute that has the Number data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.
B. Create a new attribute that has the String data type. Add a local secondary index (LSI) for this attribute, and enable TTL with an expiration of 48 hours. In the application code, set the value of this attribute to the current timestamp for each new item that is being inserted.
C. Create a new attribute that has the Number data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.
D. Create a new attribute that has the String data type. Enable TTL on the DynamoDB table for this attribute. In the application code, set the value of this attribute to the current timestamp plus 48 hours for each new item that is being inserted.
A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a new AWS Lambda function. The Lambda function runs complex code. The developer wants to test the Lambda function with more CPU power. What should the developer do to meet this requirement?
A. Increase the runtime engine version.
B. Increase the timeout.
C. Increase the number of Lambda layers.
D. Increase the memory.
A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket. What is the MOST secure way to give the application the ability to write files to the S3 bucket?
A. Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user authentication within the client-side application.
B. Create a new IAM policy and a corresponding IAM user with permissions to write to the S3 bucket. Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads.
C. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket. Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL.
D. Generate a new IAM key and a corresponding secret by using the AWS account root user credentials. Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads.
A microservices application is deployed across multiple containers in Amazon Elastic Container Service (Amazon ECS). To improve performance, a developer wants to capture trace information between the microservices and visualize the microservices architecture.
Which solution will meet these requirements?
A. Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application.
B. Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the microservices.
C. Install the AWS X-Ray daemon on each of the ECS instances.
D. Configure AWS CloudTrail data events to capture the traffic between the microservices.
A developer is automating a new application deployment with AWS Serverless Application Model (AWS SAM). The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects.
How should the developer configure AWS SAM to grant the necessary read privilege to the S3 bucket?
A. Reference a second Lambda authorizer function.
B. Add a custom S3 bucket policy to the Lambda function.
C. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads. Reference the topic in the template.
D. Add the S3ReadPolicy template to the Lambda function's execution role.
A company requires all data that is stored in Amazon DynamoDB tables to be encrypted at rest with keys that are managed by the company. How can a developer meet these requirements WITHOUT changing the application?
A. Use the AWS Encryption SDK to encrypt items before insertion.
B. Enable table-level encryption with an AWS managed customer master key (CMK).
C. Use AWS Certificate Manager (ACM) to create one certificate for each DynamoDB table.
D. Import key material in DynamoDB, and enable table-level encryption.
A developer is attempting to use the Amazon S3 PutObject API operation to upload an object to an S3 bucket that has default encryption enabled. The developer receives a 400 Bad Request error. What is the most likely cause of this error?
A. The API operation cannot access the encryption key.
B. The HTTP Content-Length header is missing.
C. The object exceeds the maximum object size that is allowed.
D. The S3 bucket exceeds the maximum storage capacity that is allowed.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DVA-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.