Amazon DVA-C01 Online Practice Questions and Exam Preparation

Amazon DVA-C01 Online Questions & Answers

• Question 531:

  A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.

  Which solution meets these requirements?

  A. Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.

  B. Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.

  C. Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.

  D. Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

  Correct Answer: B

• Question 532:

  A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises source control management (SCM) system to Amazon EventBridge (Amazon CloudWatch Events). The company has configured an EventBridge (CloudWatch Events) rule to listen for the events and to control application deployment in a central AWS account. The company needs to receive the same events across multiple receiver AWS accounts.

  How can a developer meet these requirements without changing the configuration of the SCM system?

  A. Deploy the API Gateway REST API to all the required AWS accounts. Use the same custom domain name for all the gateway endpoints so that a single SCM webhook can be used for all events from all accounts.

  B. Deploy the API Gateway REST API to all the receiver AWS accounts. Create as many SCM webhooks as the number of AWS accounts.

  C. Grant permission to the central AWS account for EventBridge (CloudWatch Events) to access the receiver AWS accounts. Add an EventBridge (CloudWatch Events) event bus on the receiver AWS accounts as the targets to the existing EventBridge (CloudWatch Events) rule.

  D. Convert the API Gateway type from REST API to HTTP API.

  Correct Answer: C

• Question 533:

  A developer is creating an application for a company. The application needs to read the file doc.txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company's security team requires the principle of least privilege to be applied to the application's IAM policy.

  Which IAM policy statement will meet these security requirements?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 534:

  A software company must ensure that documents that are uploaded by users are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company wants to avoid client-side encryption and does not want to manage the security infrastructure. In addition, the company wants control over the keys that are used for encryption at rest.

  Which solution for encryption keys should a developer use to meet these requirements?

  A. Amazon S3 managed keys

  B. Application-level encryption with customer-provided encryption keys that are stored in an on-premises hardware security module (HSM)

  C. AWS Key Management Service (AWS KMS) customer managed keys

  D. IAM access keys

  Correct Answer: C

• Question 535:

  A developer has an application that makes batch requests directly to Amazon DynamoDB by using the BatchGetltem low-level API operation. The responses frequently return values in the UnprocessedKeys element.

  Which actions should the developer take to increase the resiliency of the application when the batch response includes values in UnprocessedKeys? (Choose two.)

  A. Retry the batch operation immediately.

  B. Retry the batch operation with exponential backoff and randomized delay.

  C. Update the application to use an AWS software development kit (AWS SDK) to make the requests.

  D. Increase the provisioned read capacity of the DynamoDB tables that the operation accesses.

  E. Increase the provisioned write capacity of the DynamoDB tables that the operation accesses.

  Correct Answer: AC

• Question 536:

  A developer wants to use React to build a web and mobile application. The application will be hosted on AWS. The application must authenticate users and then allow users to store and retrieve files that they own. The developer wants to use Facebook for authentication.

  Which CLI will MOST accelerate the development and deployment of this application on AWS?

  A. AWS CLI

  B. AWS Amplify CLI

  C. AWS Serverless Application Model (AWS SAM) CLI

  D. Amazon Elastic Container Service (Amazon ECS) CLI

  Correct Answer: B

• Question 537:

  A developer is troubleshooting a new AWS Lambda function. The function should run automatically each time a new object is uploaded to an Amazon S3 bucket. However, the developer finds that all calls failed before they reached the application code inside the function.

  Which of the following is a possible reason for this failure?

  A. The function resource policy does not allow access from Amazon S3.

  B. The function execution role does not allow access from Amazon S3.

  C. The function execution role does not allow access to Amazon S3.

  D. The IAM user does not have access to Amazon S3.

  Correct Answer: C

• Question 538:

  A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs.

  What is the reason that no filtered results are being returned?

  A. A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC

  B. CloudWatch Logs only publishes metric data for events that happen after the filter is created

  C. The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results

  D. Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket

  Correct Answer: B

  https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringLogData.html

• Question 539:

  Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records.

  What is the reason for the duplicates?

  A. The Lambda function did not advance the Kinesis stream pointer to the next record after the error.

  B. The Lambda event source used asynchronous invocation, resulting in duplicate records.

  C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

  D. The Lambda function is not keeping up with the amount of data coming from the stream.

  Correct Answer: A

  https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html

• Question 540:

  An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the chnages in the rate of data flow, the "hot" shard is resharded.

  Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?

  A. 12

  B. 6

  C. 4

  D. 1

  Correct Answer: B

  Typically, when you use the KCL, you should ensure that the number of instances does not exceed the number of shards (except for failure standby purposes). Each shard is processed by exactly one KCL worker and has exactly one corresponding record processor, so you never need multiple instances to process one shard. However, one worker can process any number of shards, so it's fine if the number of shards exceeds the number of instances. https:// docs.aws.amazon.com/streams/latest/dev/kinesis-record-processor-scaling.html