What are the steps to using the AWS CLI to launch a templatized serverless application?
A. Use AWS CloudFormation get-template then CloudFormation execute-change-set.
B. Use AWS CloudFormation validate-template then CloudFormation create-change-set.
C. Use AWS CloudFormation package then CloudFormation deploy.
D. Use AWS CloudFormation create-stack then CloudFormation update-stack.
Amazon S3 has the following structure: S3://BUCKET/FOLDERNAME/FILENAME.zip
Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?
A. Prefix folder names with user id; for example, s3://BUCKET/2013-FOLDERNAME/FILENAME.zip
B. Prefix file names with timestamps; for example, s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00- FILENAME.zip
C. Prefix file names with random hex hashes; for example, s3://BUCKET/FOLDERNAME/23a6- FILENAME.zip
D. Prefix folder names with random hex hashes; for example, s3://BUCKET/23a6-FOLDERNAME/ FILENAME.zip
A company requires objects that are stored in Amazon S3 to be encrypted The company is currently using server-side encryption with AWS KMS managed encryption keys (SSE-KMS) A developer needs to optimize the cost-effectiveness of the encryption mechanism without negatively affecting performance
What should the developer do to meet these requirements?
A. Change the encryption type to customer-provided keys.
B. Configure the SJ bucket to use an S3 Bucket Key for SSE-KMS
C. Use S3 bucket policies to limit the principals who can create objects
D. Use a custom policy to limit the number of AWS KMS calls that are allowed
A company has an application that uses Amazon Cognito user pools as an identity provider. The company must secure access to user records. The company I up multi-factor authentication (MFA). The company also wants to send a login activity notification by email every time a user logs in.
What is the MOST operationally efficient solution that meets this requirement?
A. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon API Gateway to invoke the function. Call the API from the client side when login confirmation is received.
B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Add an Amazon Cognito post authentication Lambda trigger for the function.
C. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send the email notification. Create an Amazon CloudWatch Logs log subscription filter to invoke the function based on the login status.
D. Configure Amazon Cognito to stream all logs to Amazon Kinesis Data Firehose. Create an AWS Lambda function to process the streamed logs and it send the email notification based on the login status of each user.
A company is concerned that a malicious user could deploy unauthorized changes to the code for an AWS Lambda function. What can a developer do to ensure that only trusted code is deployed to Lambda?
A. Turn on the trusted code option in AWS CodeDeploy. Add the CodeDeploy digital certificate to the Lambda package before deploying the package to Lambda
B. Define the code signing configuration in the Lambda console Use AWS Signer to digitally sign the Lambda package before deploying the package to Lambda
C. Link Lambda to AWS Key Management Service (AWS KMS) in the Lambda console. Use AWS KMS to digitally sign the Lambda package before deploying the package to Lambda.
D. Set the KmsKeyArn property of the Lambda function to the Amazon Resource Name (ARN) of a trusted key before deploying the package to Lambda.
A developer is building a web and mobile application for two types of users regular users and guest users regular users are required to log in, but guest users do not log in Users should see only their data regardless of whether they
authenticate Users need AWS credentials before they can access AWS resources.
What is the MOST secure solution that the developer can implement to allow access for guest users?
A. Use an Amazon Cognito credentials provider to issue temporary credentials that are linked to an unauthenticated role that has access to the required resources.
B. Set up an IAM user that has permissions to the required resources. Hardcode the 1AM credentials in the web and mobile application
C. Generate temporary keys that are stored in AWS Key Management Service (AWS KMS) Use the temporary keys to access the required resources
D. Generate temporary credentials. Store the temporary credentials in AWS Secrets Manager Use the temporary credentials to access the required resources
A developer is designing a serverless application for an ecommerce website. An Amazon API Gateway API exposes..... user operations. The website features shopping carts for the users. The shopping carts must be stored for extended..... the front-end application.
The load on the application will vary significantly based on the time of day and the promotional sales that are offered..... scale automatically to meet these changing demands.
Which solution will meet these requirements?
A. Store the data objects on an Amazon RDS DB instance. Cache the data objects in memory by using Amazon ElastiCache.
B. Store the data objects on Amazon EC2 instances behind an Application Load Balancer. Use session affinity (sticky sessions) for each user's shopping cart.
C. Store the data objects in Amazon S3 buckets. Cache the data objects by using Amazon CloudFront with the maximum TTL.
D. Store the data objects in Amazon DynamoDB tables. Cache the data objects by using DynamoDB Accelerator (DAX).
A developer is migrating a legacy monolithic application to AWS and wants to convert the application's internal processes to microservices The application's internal processes communicate through internal asynchronous messaging Occasionally messages need to be reprocessed by multiple microservices.
How should the developer migrate the application's internal messaging to AWS to meet these requirements?
A. Use Amazon Simple Queue Service (Amazon SQS) queues to communicate messages between the microservices
B. Use Amazon API Gateway to provide REST interfaces between the microservices
C. Use Amazon Kinesis Data Streams to communicate messages between the microservices
D. Use Amazon API Gateway to provide WebSocket APIs between the microservices.
A company's security policies require all database passwords to be rotated every 30 days The company uses different database platforms, including Amazon Aurora databases and proprietary NoSQL document databases, for different applications A developer needs to implement a solution for password rotation.
Which solution will meet these requirements?
A. Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Secrets Manager Configure Secrets Manager to rotate the password by using the Lambda function
B. Encrypt the existing password with AWS Key Management Service (AWS KMS) Export the existing password Generate a random password with AWS KMS Use the AWS KMS password renewal feature to replace the existing password with the new password.
C. Create an AWS Lambda rotation function that has appropriate IAM permissions Store the password in AWS Systems Manager Parameter Store Configure Parameter Store to rotate the password by using the Lambda function
D. Integrate AWS Systems Manager Parameter Store with a Key Management Interoperability Protocol (KMIP)-compliant third-party secret manager to enable third-party database password rotation on AWS
A developer designed an application on an Amazon EC2 instance. The application makes API requests to objects in an Amazon S3 bucket. Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Select TWO.)
A. Create an IAM user that has permissions to the S3 bucket. Add the user to an 1AM group.
B. Create an IAM role that has permissions to the S3 bucket.
C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
D. Create an IAM role that has permissions to the S3 bucket. Assign the role to an 1AM group.
E. Store the credentials of the 1AM user in the environment variables on the EC2 instance.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DVA-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.